Setup DHCP and DNS for Dynamic DNS updates on Ubuntu Server

After a setup of Bind and DHCP, this section will let the DNS zone dynamically update when new DHCP clients get an IP lease.

Reference the previous posts at
Install DHCP Services on Ubuntu 10.04
Installing DNS Services on Ubuntu Server

1)      Backup the Zone files  

cp /etc/bind/zones/* /var/lib/bind/

2)      Change the ownership of the copied files

chown -R bind:bind /var/lib/bind/ 

3)      Create a shared secret key between DHCP and DNS so no one else can update the DNS zones. 

dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER

  You should see something like “Kdhcp_updater.+221+012129”

4)      Cat the kdhcp private file and locate the “key=”. It will look something like this “012345+ABCD12345670ABCD==”

5)      Copy the key so that it can be pasted into the config later.

6)      Add the key to the bind config and specify the zones that can be updated.

7)      Edit /etc/bind/named.conf.local and add the following

#Secret key for Updated from DHCP
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
# Paste in the generated key here.   Should be in quotes
       secret "PASTE KEY HERE";
}; 

zone "mydomain.local" {
type master;
# Writable File is in /var/lib instead of etc/bind/zones
        file "/var/lib/bind/mydomain.local.db";

#Allow Updates from any service that has secret key in DHCP UPDATER
   allow-update {key DHCP_UPDATER; };
};

zone "1.168.192.in-addr.arpa" {
type master;
notify no;

# Writable File is in /var/lib instead of etc/bind/zones
     file "/var/lib/bind/rev-192.168.1.db";

#Allow Updates from any service that has secret key in DHCP UPDATER
      allow-update {key DHCP_UPDATER; };
};

8)      Edit the /etc/dhcp3/dhcpd.conf IF you are on 12.04, Edit the /etc/dhcp/dhcpd.conf

9)      Add/Edit the following items to the file

# Change update style to interim
ddns-update-style  interim; 
 ignore client-updates;  #overwrite client configured FQDNs 
 ddns-domainname "mydomain.local."; 
 ddns-rev-domainname "in-addr.arpa."; 

 key DHCP_UPDATER { 
         algorithm HMAC-MD5.SIG-ALG.REG.INT; 

         #Paste in the generated key here.   Should be in quotes 
         secret "<paste key here>"; 
 }; 

 zone mydomain.local. { 
         primary 127.0.0.1; 
         key DHCP_UPDATER; 
 } 

 zone 1.168.192.in-addr.arpa. { 

         primary 127.0.0.1; 
         key DHCP_UPDATER; 
 }

10)   Tighten permissions on Config files.   The config files have the secret key which we don’t want people reading so we remove READ rights from the files.
For 10.04

chmod o-r /etc/bind/named.conf.local 
chmod o-r /etc/dhcp3/dhcpd.conf

For 12.04

chmod o-r /etc/bind/named.conf.local 
chmod o-r /etc/dhcp/dhcpd.conf

11)   Restart Services and test setup.

  1. Restart networking on any host
  2. Check DNS using “host <pc name>
  3. Check reverse using host <ip address>

12)   Cleanup Files

  1. Remove key file “rm Kdhcp_updater.*
  2. Remove old zone files “rm –R /etc/bind/zones

Some “important” pointers

Database files being rewritten by bind
The dns database files are now being rewritten by the bind service. Always stop the bind service before making any changes to the database files, otherwise they might be overwritten by bind.

Examples of how to stop and start the bind service:

sudo /etc/init.d/bind9 stop
sudo /etc/init.d/bind9 start
Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Solve : *
1 + 29 =