| blob | 67a314257272b4dfcaee5cd77692feec40370336 |
1 <?xml version="1.0" encoding="iso-8859-1"?>
2 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
4 <!ENTITY % global_entities SYSTEM '../entities/global.entities'>
5 %global_entities;
6 ]>
7 <chapter id="DNSDHCP">
8 <chapterinfo>
9 &author.jht;
10 </chapterinfo>
12 <title>DNS and DHCP Configuration Guide</title>
14 <sect1>
15 <title>Features and Benefits</title>
17 <para>
18 There are few subjects in the UNIX world that might raise as much contention as
19 Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP).
20 Not all opinions held for or against particular implementations of DNS and DHCP
21 are valid.
22 </para>
24 <para>
25 We live in a modern age where many information technology users demand mobility
26 and freedom. Microsoft Windows users in particular expect to be able to plug their
27 notebook computer into a network port and have things <quote>just work.</quote>
28 </para>
30 <para>
31 UNIX administrators have a point. Many of the normative practices in the Microsoft
32 Windows world at best border on bad practice from a security perspective.
33 Microsoft Windows networking protocols allow workstations to arbitrarily register
34 themselves on a network. Windows 2000 Active Directory registers entries in the DNS name space
35 that are equally perplexing to UNIX administrators. Welcome to the new world!
36 </para>
39 <para>
40 <indexterm><primary>ISC</primary><secondary>DNS</secondary></indexterm>
41 <indexterm><primary>ISC</primary><secondary>DHCP</secondary></indexterm>
42 The purpose of this chapter is to demonstrate the configuration of the Internet
43 Software Consortium (ISC) DNS and DHCP servers to provide dynamic services that are
44 compatible with their equivalents in the Microsoft Windows 2000 Server products.
45 </para>
47 <para>
48 The purpose of this chapter is to provide no more than a working example of
49 configuration files for both DNS and DHCP servers. The examples used match
50 configuration examples used elsewhere in this document.
51 </para>
53 <para>
54 This chapter explicitly does not provide a tutorial, nor does it pretend to be
55 a reference guide on DNS and DHCP, as this is well beyond the scope and intent
56 of this document as a whole. Anyone who wants more detailed reference materials
57 on DNS or DHCP should visit the ISC Web sites at <ulink noescape="1" url="http://www.isc.org">
58 http://www.isc.org</ulink>. Those wanting a written text might also be interested
59 in the O'Reilly publications on these two subjects.
60 </para>
62 </sect1>
64 <sect1>
65 <title>Example Configuration</title>
67 <para>
68 The domain name system is to the Internet what water is to life. By it nearly all
69 information resources (host names) are resolved to their Internet protocol (IP) address.
70 Windows networking tried hard to avoid the complexities of DNS, but alas, DNS won.
71 <indexterm><primary>WINS</primary></indexterm>
72 The alternative to DNS, the Windows Internet Name Service (WINS) an artifact of
73 NetBIOS networking over the TCP/IP protocols, has demonstrated scalability problems as
74 well as a flat non-hierarchical name space that became unmanageable as the size and
75 complexity of information technology networks grew.
76 </para>
78 <para>
79 WINS is a Microsoft implementation of the RFC1001/1002 NetBIOS Name Service (NBNS).
80 It allows NetBIOS clients (like Microsoft Windows Machines) to register an arbitrary
81 machine name that the administrator or user has chosen together with the IP
82 address that the machine has been given. Through the use of WINS, network client machines
83 could resolve machine names to their IP address.
84 </para>
86 <para>
87 The demand for an alternative to the limitations of NetBIOS networking finally drove
88 Microsoft to use DNS and Active Directory. Microsoft's new implementation attempts
89 to use DNS in a manner similar to the way that WINS is used for NetBIOS networking.
90 Both WINS and Microsoft DNS rely on dynamic name registration.
91 </para>
93 <para>
94 Microsoft Windows clients can perform dynamic name registration to the DNS server
95 on start-up. Alternately, where DHCP is used to assign workstation IP addresses,
96 it is possible to register host names and their IP address by the DHCP server as
97 soon as a client acknowledges an IP address lease. Lastly, Microsoft DNS can resolve
98 hostnames via Microsoft WINS.
99 </para>
101 <para>
102 The following configurations demonstrate a simple insecure Dynamic DNS server and
103 a simple DHCP server that matches the DNS configuration.
104 </para>
106 <sect2>
107 <title>Dynamic DNS</title>
109 <para>
110 <indexterm><primary>DNS</primary><secondary>Dynamic</secondary></indexterm>
111 The example DNS configuration is for a private network in the IP address
112 space for network 192.168.1.0/24. The private class network address space
113 is set forth in RFC1918.
114 </para>
117 <para>
118 <indexterm><primary>BIND</primary></indexterm>
119 It is assumed that this network will be situated behind a secure firewall.
120 The files that follow work with ISC BIND version 9. BIND is the Berkeley
121 Internet Name Daemon. The following configuration files are offered:
122 </para>
124 <para>
125 The master configuration file <filename>/etc/named.conf</filename>
126 determines the location of all further configuration files used.
127 The location and name of this file is specified in the start-up script
128 that is part of the operating system.
129 <smbfile name="named.conf">
130 <programlisting>
131 # Quenya.Org configuration file
133 acl mynet {
134 192.168.1.0/24;
135 127.0.0.1;
136 };
138 options {
140 directory "/var/named";
141 listen-on-v6 { any; };
142 notify no;
143 forward first;
144 forwarders {
145 192.168.1.1;
146 };
147 auth-nxdomain yes;
148 multiple-cnames yes;
149 listen-on {
150 mynet;
151 };
152 };
154 # The following three zone definitions do not need any modification.
155 # The first one defines localhost while the second defines the
156 # reverse lookup for localhost. The last zone "." is the
157 # definition of the root name servers.
159 zone "localhost" in {
160 type master;
161 file "localhost.zone";
162 };
164 zone "0.0.127.in-addr.arpa" in {
165 type master;
166 file "127.0.0.zone";
167 };
169 zone "." in {
170 type hint;
171 file "root.hint";
172 };
174 # You can insert further zone records for your own domains below.
176 zone "quenya.org" {
177 type master;
178 file "/var/named/quenya.org.hosts";
179 allow-query {
180 mynet;
181 };
182 allow-transfer {
183 mynet;
184 };
185 allow-update {
186 mynet;
187 };
188 };
190 zone "1.168.192.in-addr.arpa" {
191 type master;
192 file "/var/named/192.168.1.0.rev";
193 allow-query {
194 mynet;
195 };
196 allow-transfer {
197 mynet;
198 };
199 allow-update {
200 mynet;
201 };
202 };
203 </programlisting>
204 </smbfile>
205 </para>
207 <para>
208 The following files are all located in the directory <filename>/var/named</filename>.
209 This is the <filename>/var/named/localhost.zone</filename> file:
210 <smbfile name="localhost.zone">
211 <programlisting>
212 $TTL 1W
213 @ IN SOA @ root (
214 42 ; serial (d. adams)
215 2D ; refresh
216 4H ; retry
217 6W ; expiry
218 1W ) ; minimum
220 IN NS @
221 IN A 127.0.0.1
222 </programlisting>
223 </smbfile>
224 </para>
226 <para>
227 The <filename>/var/named/127.0.0.zone</filename> file:
228 <smbfile name="127.0.0.0.zone">
229 <programlisting>
230 $TTL 1W
231 @ IN SOA localhost. root.localhost. (
232 42 ; serial (d. adams)
233 2D ; refresh
234 4H ; retry
235 6W ; expiry
236 1W ) ; minimum
238 IN NS localhost.
239 1 IN PTR localhost.
240 </programlisting>
241 </smbfile>
242 </para>
244 <para>
245 The <filename>/var/named/quenya.org.host</filename> file:
246 <smbfile name="quenya.org.host">
247 <programlisting>
248 $ORIGIN .
249 $TTL 38400 ; 10 hours 40 minutes
250 quenya.org IN SOA marvel.quenya.org. root.quenya.org. (
251 2003021832 ; serial
252 10800 ; refresh (3 hours)
253 3600 ; retry (1 hour)
254 604800 ; expire (1 week)
255 38400 ; minimum (10 hours 40 minutes)
256 )
257 NS marvel.quenya.org.
258 MX 10 mail.quenya.org.
259 $ORIGIN quenya.org.
260 frodo A 192.168.1.1
261 marvel A 192.168.1.2
262 ;
263 mail CNAME marvel
264 www CNAME marvel
265 </programlisting>
266 </smbfile>
267 </para>
269 <para>
270 The <filename>/var/named/192.168.1.0.rev</filename> file:
271 <smbfile name="192.168.1.0.rev">
272 <programlisting>
273 $ORIGIN .
274 $TTL 38400 ; 10 hours 40 minutes
275 1.168.192.in-addr.arpa IN SOA marvel.quenya.org. root.quenya.org. (
276 2003021824 ; serial
277 10800 ; refresh (3 hours)
278 3600 ; retry (1 hour)
279 604800 ; expire (1 week)
280 38400 ; minimum (10 hours 40 minutes)
281 )
282 NS marvel.quenya.org.
283 $ORIGIN 1.168.192.in-addr.arpa.
284 1 PTR frodo.quenya.org.
285 2 PTR marvel.quenya.org.
286 </programlisting>
287 </smbfile>
288 </para>
290 <para>
291 The above were copied from a fully working system. All dynamically registered
292 entries have been removed. In addition to these files, BIND version 9 will
293 create for each of the dynamic registration files a file that has a
294 <filename>.jnl</filename> extension. Do not edit or tamper with the configuration
295 files or with the <filename>.jnl</filename> files that are created.
296 </para>
298 </sect2>
300 <sect2 id="DHCP">
301 <title>DHCP Server</title>
303 <para>
304 The following file is used with the ISC DHCP Server version 3.
305 The file is located in <filename>/etc/dhcpd.conf</filename>:
306 </para>
308 <para>
309 <smbfile name="dhcpd.conf">
310 <programlisting>
311 ddns-updates on;
312 ddns-domainname "quenya.org";
313 option ntp-servers 192.168.1.2;
314 ddns-update-style ad-hoc;
315 allow unknown-clients;
316 default-lease-time 86400;
317 max-lease-time 172800;
319 option domain-name "quenya.org";
320 option domain-name-servers 192.168.1.2;
321 option netbios-name-servers 192.168.1.2;
322 option netbios-dd-server 192.168.1.2;
323 option netbios-node-type 8;
325 subnet 192.168.1.0 netmask 255.255.255.0 {
326 range dynamic-bootp 192.168.1.60 192.168.1.254;
327 option subnet-mask 255.255.255.0;
328 option routers 192.168.1.2;
329 allow unknown-clients;
330 }
331 </programlisting>
332 </smbfile>
333 </para>
335 <para>
336 In the above example, IP addresses between 192.168.1.1 and 192.168.1.59 are
337 reserved for fixed address (commonly called <constant>hard-wired</constant>) IP addresses. The
338 addresses between 192.168.1.60 and 192.168.1.254 are allocated for dynamic use.
339 </para>
341 </sect2>
343 </sect1>
344 </chapter>