5. Packages :: 01 DNS and DHCP
Does this install with our errors?
Does this run with our errors?
Does this assign IP addresses correctly?
Does dns get updated with new dhcp leases?
Generic DHCP
yum install dhcp
Create leases file and create dhcpd files
touch /var/lib/dhcpd/dhcpd.leases
/bin/rm /etc/sysconfig/dhcpd
echo "# Command line options here">>/etc/sysconfig/dhcpd
echo "DHCPDARGS=eth0">>/etc/sysconfig/dhcpd
cat /etc/sysconfig/dhcpd
The main configuration file
emacs /etc/dhcpd.conf
authoritative;
ddns-update-style interim;
ignore client-updates;
ddns-updates on;
ddns-domainname "changeME.co.nz.";
ddns-rev-domainname "in-addr.arpa.";
update-static-leases on;
allow client-updates;
key DHCP_UPDATER {
algorithm hmac-md5;
secret "0fiRxx7fU//AnWD79BkjyVr7ST5CwaWx3feCXC2g03BlCPpsxADOHcNIHOX+7Mfa03Wz4Guoe5vbqMuJwlRVnQ==";
};
zone changeME.co.nz. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
# ChangeME Internal
zone 20.168.192.in-addr.arpa. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
# ChangeME, Masterton
subnet 192.168.20.0 netmask 255.255.255.0 {
authoritative;
range 192.168.20.50 192.168.20.150;
option subnet-mask 255.255.255.0;
option nis-domain "changeME.co.nz";
option domain-name "changeME.co.nz";
option domain-name-servers 192.168.20.1;
option broadcast-address 192.168.20.255;
option routers 192.168.20.1;
option time-offset 43200; # NZ Standard Time
default-lease-time 86400;
max-lease-time 172800;
}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
# staff
group {
host someuser {
hardware ethernet 00:0b:cd:b2:2d:b1;
fixed-address 192.168.20.87;
}
}
Do not use the various keys set out in this page, generate your own random ones.
Start on a reboot.
/etc/rc.d/init.d/dhcpd start
chmod 700 /etc/rc.d/init.d/dhcpd
chown 0.0 /etc/rc.d/init.d/dhcpd
/sbin/chkconfig --add dhcpd
/sbin/chkconfig --level 345 dhcpd on
DNS Setup
Yum installs
yum install bind bind-chroot bind-libs bind-utils caching-nameserver
File Configurations
/var/named/chroot/etc/rndc.key
cd /var/named/chroot/etc
rndc-confgen > rndc.key
chown root:named rndc.keycat rndc.key
emacs /etc/resolv.conf
emacs /etc/resolv.conf
nameserver 127.0.0.1
emacs /etc/host.conf
emacs /etc/host.conf
# Tells resolver to consult the /etc/hosts file first and, if that fails, to
# query the name server listed in the /etc/resolv.conf file
order hosts,bind
/etc/named.conf
ll /var/named/chroot/etc/named.conf /etc/named.conf
touch /var/named/chroot/etc/named.conf
ormv /etc/named.conf /var/named/chroot/etc/named.conf
ln -s /var/named/chroot/etc/named.conf /etc/named.conf
emacs /var/named/chroot/etc/named.conf
Standard File
// named.conf for Red Hat caching-nameserver
//key "rndckey" {
algorithm hmac-md5;
secret "xm0bg6sFXsJloFJKctMgKr6Tc0aVR3vnLXX2cxjjbTvcKE9qcFXop3KQYMAJ";
};// the key for this was generated previous above. Use was what generated not this example.
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndckey"; };
inet 192.168.2.1 allow { 192.168.2.0/24; } keys { "rndckey"; };
};acl DHCP_UPDATER { 192.168.2.0; };
//IP range for DHCP clients
acl clients { 192.168.2.0/24; };
options {
listen-on port 53 {
192.168.2.1;
127.0.0.1;
};listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
pid-file "/var/run/named/named.pid";recursion yes;
allow-recursion {
127.0.0.1;
192.168.2.0/24;
};
version "REFUSED";statistics-file "/var/named/data/named_stats.txt";
// allow-recursion { clients; };
// allow-query { clients; };allow-query {
127.0.0.1;
192.168.2.0/24;
};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
};
server 192.168.2.1 {
keys { rndckey; };
};//
// a caching only nameserver config
//
key DHCP_UPDATER {
algorithm hmac-md5;
secret "VzJlQMcvEHBwLJHTz8h//3/yO50wOeKWpjFcSWYlsUapy4stkIr+LJxG9Eb8054U8bpafXc6bak8RrRz9X9U1Q==";
};zone "." IN {
type hint;
file "named.ca";
};zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};zone "localhost" IN {
type master;
file "localhost.zone";
// allow-update { none; };
allow-update { key DHCP_UPDATER; };
};zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
// allow-update { none; };
allow-update { key DHCP_UPDATER; };
};zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
// allow-update { none; };
allow-update { key DHCP_UPDATER; };
};zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
// allow-update { none; };
allow-update { key DHCP_UPDATER; };
};zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
// allow-update { none; };
allow-update { key DHCP_UPDATER; };
};zone "papakowhai.school.nz" {
type master;
file "papakowhai.school.nz.db";
allow-update { key DHCP_UPDATER; };
};zone "2.168.192.in-addr.arpa" IN {
type master;
file "2.168.192.in-addr.arpa";
allow-update { key DHCP_UPDATER; };
};
If these files do not install: localdomain.zone, localhost.zone, named.broadcast, named.ca, named.ip6.local, named.local, named.zero.
/bin/rm /var/named/chroot/var/named/localdomain.zone
/bin/cat << EOF >> /var/named/chroot/var/named/localdomain.zone
\$TTL 86400
@ IN SOA localhost root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost
localhost IN A 127.0.0.1
EOF
/bin/rm /var/named/chroot/var/named/localhost.zone
/bin/cat << EOF >> /var/named/chroot/var/named/localhost.zone
\$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS @
IN A 127.0.0.1
IN AAAA ::1EOF
/bin/rm /var/named/chroot/var/named/named.broadcast
/bin/cat << EOF >> /var/named/chroot/var/named/named.broadcast
\$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost.
EOF
/bin/rm /var/named/chroot/var/named/named.ca
/bin/cat << EOF >> /var/named/chroot/var/named/named.ca
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Feb 04, 2008
; related version of root zone: 2008020400
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803f:235
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
; End of File
EOF
/bin/rm /var/named/chroot/var/named/named.ip6.local
/bin/cat << EOF >> /var/named/chroot/var/named/named.ip6.local
\$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
EOF
/bin/rm /var/named/chroot/var/named/named.local
/bin/cat << EOF >> /var/named/chroot/var/named/named.local
\$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
EOF
/bin/rm /var/named/chroot/var/named/named.zero
/bin/cat << EOF >> /var/named/chroot/var/named/named.zero
\$TTL 86400
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost.EOF
somename.co.nz.db
$TTL 86400
@ IN SOA ai.net.nz. hostmaster.ai.net.nz. (
2010031901 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
; Name servers
IN NS mail.ai.net.nz.
; Mail server for this doimain
; Public Servers
@ IN A 202.174.161.35
mail IN A 192.168.20.3
www IN A 192.168.20.3
rsync IN A 202.174.163.172
backup IN A 202.174.163.172
fred IN A 202.174.163.1
cacti IN A 202.174.161.34
dagg IN A 202.174.172.1
trev IN A 202.174.161.39
wk IN A 202.174.161.33
ai.net.nz. IN TXT "v=spf1 a mx ~all"
20.168.192.in-addr.arpa
$TTL 864000
@ IN SOA aname.school.nz. hostmaster.aname.school.nz. (
2011071501
28800
3600
1209600
86400 )
IN NS aspera.aname.school.nz.
235.20.168.192.in-addr.arpa. IN PTR macserver.aname.school.nz.
254.20.168.192.in-addr.arpa. IN PTR aspera.aname.wairarapa.school.nz.
$GENERATE 1-234 $.20.168.192.IN-ADDR.ARPA. PTR ip-192-168-20-$.aname.wairarapa.school.nz.
$GENERATE 236-253 $.20.168.192.IN-ADDR.ARPA. PTR ip-192-168-20-$.aname.wairarapa.school.nz.
/etc/init.d/named start
chmod 700 /etc/rc.d/init.d/named
chown 0.0 /etc/rc.d/init.d/named
/sbin/chkconfig --add named
/sbin/chkconfig --level 345 named on
Next Page: Netstats