After a setup of Bind and DHCP, this section will let the DNS zone dynamically update when new DHCP clients get an IP lease.
Reference the previous posts at
Install DHCP Services on Ubuntu 10.04
Installing DNS Services on Ubuntu Server
1) Backup the Zone files
cp /etc/bind/zones/* /var/lib/bind/
2) Change the ownership of the copied files
chown -R bind:bind /var/lib/bind/
3) Create a shared secret key between DHCP and DNS so no one else can update the DNS zones.
dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER
You should see something like “Kdhcp_updater.+221+012129”
4) Cat the kdhcp private file and locate the “key=”. It will look something like this “012345+ABCD12345670ABCD==”
5) Copy the key so that it can be pasted into the config later.
6) Add the key to the bind config and specify the zones that can be updated.
7) Edit /etc/bind/named.conf.local and add the following
#Secret key for Updated from DHCP
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
# Paste in the generated key here. Should be in quotes
secret "PASTE KEY HERE";
};
zone "mydomain.local" {
type master;
# Writable File is in /var/lib instead of etc/bind/zones
file "/var/lib/bind/mydomain.local.db";
#Allow Updates from any service that has secret key in DHCP UPDATER
allow-update {key DHCP_UPDATER; };
};
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
# Writable File is in /var/lib instead of etc/bind/zones
file "/var/lib/bind/rev-192.168.1.db";
#Allow Updates from any service that has secret key in DHCP UPDATER
allow-update {key DHCP_UPDATER; };
};
8) Edit the /etc/dhcp3/dhcpd.conf IF you are on 12.04, Edit the /etc/dhcp/dhcpd.conf
9) Add/Edit the following items to the file
# Change update style to interim
ddns-update-style interim;
ignore client-updates; #overwrite client configured FQDNs
ddns-domainname "mydomain.local.";
ddns-rev-domainname "in-addr.arpa.";
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
#Paste in the generated key here. Should be in quotes
secret "<paste key here>";
};
zone mydomain.local. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
zone 1.168.192.in-addr.arpa. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
10) Tighten permissions on Config files. The config files have the secret key which we don’t want people reading so we remove READ rights from the files.
For 10.04
chmod o-r /etc/bind/named.conf.local chmod o-r /etc/dhcp3/dhcpd.conf
For 12.04
chmod o-r /etc/bind/named.conf.local chmod o-r /etc/dhcp/dhcpd.conf
11) Restart Services and test setup.
- Restart networking on any host
- Check DNS using “host <pc name>
- Check reverse using host <ip address>
12) Cleanup Files
- Remove key file “rm Kdhcp_updater.*”
- Remove old zone files “rm –R /etc/bind/zones”
Some “important” pointers
Database files being rewritten by bind
The dns database files are now being rewritten by the bind service. Always stop the bind service before making any changes to the database files, otherwise they might be overwritten by bind.
Examples of how to stop and start the bind service:
sudo /etc/init.d/bind9 stop sudo /etc/init.d/bind9 start
