1 <?xml version="1.0" encoding="iso-8859-1"?>
2 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
4 <!ENTITY % global_entities SYSTEM '../entities/global.entities'>
12 <title>DNS and DHCP Configuration Guide</title>
15 <title>Features and Benefits</title>
18 There are few subjects in the UNIX world that might raise as much contention as
19 Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP).
20 Not all opinions held for or against particular implementations of DNS and DHCP
25 We live in a modern age where many information technology users demand mobility
26 and freedom. Microsoft Windows users in particular expect to be able to plug their
27 notebook computer into a network port and have things <quote>just work.</quote>
31 UNIX administrators have a point. Many of the normative practices in the Microsoft
32 Windows world at best border on bad practice from a security perspective.
33 Microsoft Windows networking protocols allow workstations to arbitrarily register
34 themselves on a network. Windows 2000 Active Directory registers entries in the DNS name space
35 that are equally perplexing to UNIX administrators. Welcome to the new world!
40 <indexterm><primary>ISC</primary><secondary>DNS</secondary></indexterm>
41 <indexterm><primary>ISC</primary><secondary>DHCP</secondary></indexterm>
42 The purpose of this chapter is to demonstrate the configuration of the Internet
43 Software Consortium (ISC) DNS and DHCP servers to provide dynamic services that are
44 compatible with their equivalents in the Microsoft Windows 2000 Server products.
48 The purpose of this chapter is to provide no more than a working example of
49 configuration files for both DNS and DHCP servers. The examples used match
50 configuration examples used elsewhere in this document.
54 This chapter explicitly does not provide a tutorial, nor does it pretend to be
55 a reference guide on DNS and DHCP, as this is well beyond the scope and intent
56 of this document as a whole. Anyone who wants more detailed reference materials
57 on DNS or DHCP should visit the ISC Web sites at <ulink noescape="1" url="http://www.isc.org">
58 http://www.isc.org</ulink>. Those wanting a written text might also be interested
59 in the O'Reilly publications on these two subjects.
65 <title>Example Configuration</title>
68 The domain name system is to the Internet what water is to life. By it nearly all
69 information resources (host names) are resolved to their Internet protocol (IP) address.
70 Windows networking tried hard to avoid the complexities of DNS, but alas, DNS won.
71 <indexterm><primary>WINS</primary></indexterm>
72 The alternative to DNS, the Windows Internet Name Service (WINS) an artifact of
73 NetBIOS networking over the TCP/IP protocols, has demonstrated scalability problems as
74 well as a flat non-hierarchical name space that became unmanageable as the size and
75 complexity of information technology networks grew.
79 WINS is a Microsoft implementation of the RFC1001/1002 NetBIOS Name Service (NBNS).
80 It allows NetBIOS clients (like Microsoft Windows Machines) to register an arbitrary
81 machine name that the administrator or user has chosen together with the IP
82 address that the machine has been given. Through the use of WINS, network client machines
83 could resolve machine names to their IP address.
87 The demand for an alternative to the limitations of NetBIOS networking finally drove
88 Microsoft to use DNS and Active Directory. Microsoft's new implementation attempts
89 to use DNS in a manner similar to the way that WINS is used for NetBIOS networking.
90 Both WINS and Microsoft DNS rely on dynamic name registration.
94 Microsoft Windows clients can perform dynamic name registration to the DNS server
95 on start-up. Alternately, where DHCP is used to assign workstation IP addresses,
96 it is possible to register host names and their IP address by the DHCP server as
97 soon as a client acknowledges an IP address lease. Lastly, Microsoft DNS can resolve
98 hostnames via Microsoft WINS.
102 The following configurations demonstrate a simple insecure Dynamic DNS server and
103 a simple DHCP server that matches the DNS configuration.
107 <title>Dynamic DNS</title>
110 <indexterm><primary>DNS</primary><secondary>Dynamic</secondary></indexterm>
111 The example DNS configuration is for a private network in the IP address
112 space for network 192.168.1.0/24. The private class network address space
113 is set forth in RFC1918.
118 <indexterm><primary>BIND</primary></indexterm>
119 It is assumed that this network will be situated behind a secure firewall.
120 The files that follow work with ISC BIND version 9. BIND is the Berkeley
121 Internet Name Daemon. The following configuration files are offered:
125 The master configuration file <filename>/etc/named.conf</filename>
126 determines the location of all further configuration files used.
127 The location and name of this file is specified in the start-up script
128 that is part of the operating system.
129 <smbfile name="named.conf">
131 # Quenya.Org configuration file
140 directory "/var/named";
141 listen-on-v6 { any; };
154 # The following three zone definitions do not need any modification.
155 # The first one defines localhost while the second defines the
156 # reverse lookup for localhost. The last zone "." is the
157 # definition of the root name servers.
159 zone "localhost" in {
161 file "localhost.zone";
164 zone "0.0.127.in-addr.arpa" in {
174 # You can insert further zone records for your own domains below.
178 file "/var/named/quenya.org.hosts";
190 zone "1.168.192.in-addr.arpa" {
192 file "/var/named/192.168.1.0.rev";
208 The following files are all located in the directory <filename>/var/named</filename>.
209 This is the <filename>/var/named/localhost.zone</filename> file:
210 <smbfile name="localhost.zone">
214 42 ; serial (d. adams)
227 The <filename>/var/named/127.0.0.zone</filename> file:
228 <smbfile name="127.0.0.0.zone">
231 @ IN SOA localhost. root.localhost. (
232 42 ; serial (d. adams)
245 The <filename>/var/named/quenya.org.host</filename> file:
246 <smbfile name="quenya.org.host">
249 $TTL 38400 ; 10 hours 40 minutes
250 quenya.org IN SOA marvel.quenya.org. root.quenya.org. (
252 10800 ; refresh (3 hours)
253 3600 ; retry (1 hour)
254 604800 ; expire (1 week)
255 38400 ; minimum (10 hours 40 minutes)
257 NS marvel.quenya.org.
258 MX 10 mail.quenya.org.
270 The <filename>/var/named/192.168.1.0.rev</filename> file:
271 <smbfile name="192.168.1.0.rev">
274 $TTL 38400 ; 10 hours 40 minutes
275 1.168.192.in-addr.arpa IN SOA marvel.quenya.org. root.quenya.org. (
277 10800 ; refresh (3 hours)
278 3600 ; retry (1 hour)
279 604800 ; expire (1 week)
280 38400 ; minimum (10 hours 40 minutes)
282 NS marvel.quenya.org.
283 $ORIGIN 1.168.192.in-addr.arpa.
284 1 PTR frodo.quenya.org.
285 2 PTR marvel.quenya.org.
291 The above were copied from a fully working system. All dynamically registered
292 entries have been removed. In addition to these files, BIND version 9 will
293 create for each of the dynamic registration files a file that has a
294 <filename>.jnl</filename> extension. Do not edit or tamper with the configuration
295 files or with the <filename>.jnl</filename> files that are created.
301 <title>DHCP Server</title>
304 The following file is used with the ISC DHCP Server version 3.
305 The file is located in <filename>/etc/dhcpd.conf</filename>:
309 <smbfile name="dhcpd.conf">
312 ddns-domainname "quenya.org";
313 option ntp-servers 192.168.1.2;
314 ddns-update-style ad-hoc;
315 allow unknown-clients;
316 default-lease-time 86400;
317 max-lease-time 172800;
319 option domain-name "quenya.org";
320 option domain-name-servers 192.168.1.2;
321 option netbios-name-servers 192.168.1.2;
322 option netbios-dd-server 192.168.1.2;
323 option netbios-node-type 8;
325 subnet 192.168.1.0 netmask 255.255.255.0 {
326 range dynamic-bootp 192.168.1.60 192.168.1.254;
327 option subnet-mask 255.255.255.0;
328 option routers 192.168.1.2;
329 allow unknown-clients;
336 In the above example, IP addresses between 192.168.1.1 and 192.168.1.59 are
337 reserved for fixed address (commonly called <constant>hard-wired</constant>) IP addresses. The
338 addresses between 192.168.1.60 and 192.168.1.254 are allocated for dynamic use.