1 <?xml version="1.0" encoding="iso-8859-1"?>
2 <!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
8 <title>DNS and DHCP Configuration Guide</title>
11 <title>Features and Benefits</title>
14 There are few subjects in the UNIX world that might raise as much contention as
15 Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP).
16 Not all opinions held for or against particular implementations of DNS and DHCP
21 We live in a modern age where many information technology users demand mobility
22 and freedom. Microsoft Windows users in particular expect to be able to plug their
23 notebook computer into a network port and have things <quote>just work.</quote>
27 UNIX administrators have a point. Many of the normative practices in the Microsoft
28 Windows world at best border on bad practice from a security perspective.
29 Microsoft Windows networking protocols allow workstations to arbitrarily register
30 themselves on a network. Windows 2000 Active Directory registers entries in the DNS name space
31 that are equally perplexing to UNIX administrators. Welcome to the new world!
36 <indexterm><primary>ISC</primary><secondary>DNS</secondary></indexterm>
37 <indexterm><primary>ISC</primary><secondary>DHCP</secondary></indexterm>
38 The purpose of this chapter is to demonstrate the configuration of the Internet
39 Software Consortium (ISC) DNS and DHCP servers to provide dynamic services that are
40 compatible with their equivalents in the Microsoft Windows 2000 Server products.
44 The purpose of this chapter is to provide no more than a working example of
45 configuration files for both DNS and DHCP servers. The examples used match
46 configuration examples used elsewhere in this document.
50 This chapter explicitly does not provide a tutorial, nor does it pretend to be
51 a reference guide on DNS and DHCP, as this is well beyond the scope and intent
52 of this document as a whole. Anyone who wants more detailed reference materials
53 on DNS or DHCP should visit the ISC Web sites at <ulink noescape="1" url="http://www.isc.org">
54 http://www.isc.org</ulink>. Those wanting a written text might also be interested
55 in the O'Reilly publications on these two subjects.
61 <title>Example Configuration</title>
64 The domain name system is to the Internet what water is to life. By it nearly all
65 information resources (host names) are resolved to their Internet protocol (IP) address.
66 Windows networking tried hard to avoid the complexities of DNS, but alas, DNS won.
67 <indexterm><primary>WINS</primary></indexterm>
68 The alternative to DNS, the Windows Internet Name Service (WINS) an artifact of
69 NetBIOS networking over the TCP/IP protocols, has demonstrated scalability problems as
70 well as a flat non-hierarchical name space that became unmanageable as the size and
71 complexity of information technology networks grew.
75 WINS is a Microsoft implementation of the RFC1001/1002 NetBIOS Name Service (NBNS).
76 It allows NetBIOS clients (like Microsoft Windows Machines) to register an arbitrary
77 machine name that the administrator or user has chosen together with the IP
78 address that the machine has been given. Through the use of WINS, network client machines
79 could resolve machine names to their IP address.
83 The demand for an alternative to the limitations of NetBIOS networking finally drove
84 Microsoft to use DNS and Active Directory. Microsoft's new implementation attempts
85 to use DNS in a manner similar to the way that WINS is used for NetBIOS networking.
86 Both WINS and Microsoft DNS rely on dynamic name registration.
90 Microsoft Windows clients can perform dynamic name registration to the DNS server
91 on start-up. Alternately, where DHCP is used to assign workstation IP addresses,
92 it is possible to register host names and their IP address by the DHCP server as
93 soon as a client acknowledges an IP address lease. Lastly, Microsoft DNS can resolve
94 hostnames via Microsoft WINS.
98 The following configurations demonstrate a simple insecure Dynamic DNS server and
99 a simple DHCP server that matches the DNS configuration.
103 <title>Dynamic DNS</title>
106 <indexterm><primary>DNS</primary><secondary>Dynamic</secondary></indexterm>
107 The example DNS configuration is for a private network in the IP address
108 space for network 192.168.1.0/24. The private class network address space
109 is set forth in RFC1918.
114 <indexterm><primary>BIND</primary></indexterm>
115 It is assumed that this network will be situated behind a secure firewall.
116 The files that follow work with ISC BIND version 9. BIND is the Berkeley
117 Internet Name Daemon. The following configuration files are offered:
121 The master configuration file <filename>/etc/named.conf</filename>
122 determines the location of all further configuration files used.
123 The location and name of this file is specified in the start-up script
124 that is part of the operating system.
125 <smbfile name="named.conf">
127 # Quenya.Org configuration file
136 directory "/var/named";
137 listen-on-v6 { any; };
150 # The following three zone definitions do not need any modification.
151 # The first one defines localhost while the second defines the
152 # reverse lookup for localhost. The last zone "." is the
153 # definition of the root name servers.
155 zone "localhost" in {
157 file "localhost.zone";
160 zone "0.0.127.in-addr.arpa" in {
170 # You can insert further zone records for your own domains below.
174 file "/var/named/quenya.org.hosts";
186 zone "1.168.192.in-addr.arpa" {
188 file "/var/named/192.168.1.0.rev";
204 The following files are all located in the directory <filename>/var/named</filename>.
205 This is the <filename>/var/named/localhost.zone</filename> file:
206 <smbfile name="localhost.zone">
210 42 ; serial (d. adams)
223 The <filename>/var/named/127.0.0.zone</filename> file:
224 <smbfile name="127.0.0.0.zone">
227 @ IN SOA localhost. root.localhost. (
228 42 ; serial (d. adams)
241 The <filename>/var/named/quenya.org.host</filename> file:
242 <smbfile name="quenya.org.host">
245 $TTL 38400 ; 10 hours 40 minutes
246 quenya.org IN SOA marvel.quenya.org. root.quenya.org. (
248 10800 ; refresh (3 hours)
249 3600 ; retry (1 hour)
250 604800 ; expire (1 week)
251 38400 ; minimum (10 hours 40 minutes)
253 NS marvel.quenya.org.
254 MX 10 mail.quenya.org.
266 The <filename>/var/named/192.168.1.0.rev</filename> file:
267 <smbfile name="192.168.1.0.rev">
270 $TTL 38400 ; 10 hours 40 minutes
271 1.168.192.in-addr.arpa IN SOA marvel.quenya.org. root.quenya.org. (
273 10800 ; refresh (3 hours)
274 3600 ; retry (1 hour)
275 604800 ; expire (1 week)
276 38400 ; minimum (10 hours 40 minutes)
278 NS marvel.quenya.org.
279 $ORIGIN 1.168.192.in-addr.arpa.
280 1 PTR frodo.quenya.org.
281 2 PTR marvel.quenya.org.
287 The above were copied from a fully working system. All dynamically registered
288 entries have been removed. In addition to these files, BIND version 9 will
289 create for each of the dynamic registration files a file that has a
290 <filename>.jnl</filename> extension. Do not edit or tamper with the configuration
291 files or with the <filename>.jnl</filename> files that are created.
297 <title>DHCP Server</title>
300 The following file is used with the ISC DHCP Server version 3.
301 The file is located in <filename>/etc/dhcpd.conf</filename>:
305 <smbfile name="dhcpd.conf">
308 ddns-domainname "quenya.org";
309 option ntp-servers 192.168.1.2;
310 ddns-update-style ad-hoc;
311 allow unknown-clients;
312 default-lease-time 86400;
313 max-lease-time 172800;
315 option domain-name "quenya.org";
316 option domain-name-servers 192.168.1.2;
317 option netbios-name-servers 192.168.1.2;
318 option netbios-dd-server 192.168.1.2;
319 option netbios-node-type 8;
321 subnet 192.168.1.0 netmask 255.255.255.0 {
322 range dynamic-bootp 192.168.1.60 192.168.1.254;
323 option subnet-mask 255.255.255.0;
324 option routers 192.168.1.2;
325 allow unknown-clients;
332 In the above example, IP addresses between 192.168.1.1 and 192.168.1.59 are
333 reserved for fixed address (commonly called <constant>hard-wired</constant>) IP addresses. The
334 addresses between 192.168.1.60 and 192.168.1.254 are allocated for dynamic use.