~zulcss/samba/server-dailies-3.4

<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�48.�DNS and DHCP Configuration Guide</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="The Official Samba 3.4.x HOWTO and Reference Guide"><link rel="up" href="Appendix.html" title="Part�VI.�Reference Section"><link rel="prev" href="ch47.html" title="Chapter�47.�Samba Support"><link rel="next" href="apa.html" title="Appendix�A.� GNU General Public License version 3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�48.�DNS and DHCP Configuration Guide</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch47.html">Prev</a>�</td><th width="60%" align="center">Part�VI.�Reference Section</th><td width="20%" align="right">�<a accesskey="n" href="apa.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="DNSDHCP"></a>Chapter�48.�DNS and DHCP Configuration Guide</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="orgname">Samba Team</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>></code></p></div></div></div></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="DNSDHCP.html#id2692858">Features and Benefits</a></span></dt><dt><span class="sect1"><a href="DNSDHCP.html#id2693042">Example Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="DNSDHCP.html#id2693133">Dynamic DNS</a></span></dt><dt><span class="sect2"><a href="DNSDHCP.html#DHCP">DHCP Server</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2692858"></a>Features and Benefits</h2></div></div></div><p>

There are few subjects in the UNIX world that might raise as much contention as

Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP).

Not all opinions held for or against particular implementations of DNS and DHCP

are valid.

</p><p>

We live in a modern age where many information technology users demand mobility

and freedom. Microsoft Windows users in particular expect to be able to plug their

notebook computer into a network port and have things “<span class="quote">just work.</span>”

</p><p>

UNIX administrators have a point. Many of the normative practices in the Microsoft

Windows world at best border on bad practice from a security perspective.

Microsoft Windows networking protocols allow workstations to arbitrarily register

themselves on a network. Windows 2000 Active Directory registers entries in the DNS namespace

that are equally perplexing to UNIX administrators. Welcome to the new world!

</p><p>

The purpose of this chapter is to demonstrate the configuration of the Internet

Software Consortium (ISC) DNS and DHCP servers to provide dynamic services that are

compatible with their equivalents in the Microsoft Windows 2000 Server products.

</p><p>

This chapter provides no more than a working example of configuration files for both DNS and DHCP servers. The

examples used match configuration examples used elsewhere in this document.

</p><p>

This chapter explicitly does not provide a tutorial, nor does it pretend to be a reference guide on DNS and

DHCP, as this is well beyond the scope and intent of this document as a whole. Anyone who wants more detailed

reference materials on DNS or DHCP should visit the ISC Web site at <a class="ulink" href="http://www.isc.org" target="_top"> http://www.isc.org</a>. Those wanting a written text might also be interested

in the O'Reilly publications on DNS, see the <a class="ulink" href="http://www.oreilly.com/catalog/dns/index.htm" target="_top">O'Reilly</a> web site, and the <a class="ulink" href="http://www.bind9.net/books-dhcp" target="_top">BIND9.NET</a> web site for details.

The books are:

</p><div class="orderedlist"><ol type="1"><li><p>DNS and BIND, By Cricket Liu, Paul Albitz, ISBN: 1-56592-010-4</p></li><li><p>DNS & Bind Cookbook, By Cricket Liu, ISBN: 0-596-00410-9</p></li><li><p>The DHCP Handbook (2nd Edition), By: Ralph Droms, Ted Lemon, ISBN 0-672-32327-3</p></li></ol></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2693042"></a>Example Configuration</h2></div></div></div><p>

The DNS is to the Internet what water is to life. Nearly all information resources (host names) are resolved

to their Internet protocol (IP) addresses through DNS. Windows networking tried hard to avoid the

complexities of DNS, but alas, DNS won. <a class="indexterm" name="id2693067"></a> The alternative to

DNS, the Windows Internet Name Service (WINS) an artifact of NetBIOS networking over the TCP/IP

protocols has demonstrated scalability problems as well as a flat, nonhierarchical namespace that

became unmanageable as the size and complexity of information technology networks grew.

</p><p>

WINS is a Microsoft implementation of the RFC1001/1002 NetBIOS Name Service (NBNS).

It allows NetBIOS clients (like Microsoft Windows machines) to register an arbitrary

machine name that the administrator or user has chosen together with the IP

address that the machine has been given. Through the use of WINS, network client machines

could resolve machine names to their IP address.

</p><p>

The demand for an alternative to the limitations of NetBIOS networking finally drove

Microsoft to use DNS and Active Directory. Microsoft's new implementation attempts

to use DNS in a manner similar to the way that WINS is used for NetBIOS networking.

Both WINS and Microsoft DNS rely on dynamic name registration.

</p><p>

Microsoft Windows clients can perform dynamic name registration to the DNS server

on startup. Alternatively, where DHCP is used to assign workstation IP addresses,

it is possible to register hostnames and their IP address by the DHCP server as

soon as a client acknowledges an IP address lease. Finally, Microsoft DNS can resolve

hostnames via Microsoft WINS.

</p><p>

The following configurations demonstrate a simple, insecure dynamic DNS server and

a simple DHCP server that matches the DNS configuration.

</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2693133"></a>Dynamic DNS</h3></div></div></div><p>

The example DNS configuration is for a private network in the IP address

space for network 192.168.1.0/24. The private class network address space

is set forth in RFC1918.

</p><p>

It is assumed that this network will be situated behind a secure firewall.

The files that follow work with ISC BIND version 9. BIND is the Berkeley

Internet Name Daemon.

</p><p>

The master configuration file <code class="filename">/etc/named.conf</code>

determines the location of all further configuration files used.

The location and name of this file is specified in the startup script

that is part of the operating system.

</p><pre class="programlisting">

# Quenya.Org configuration file

acl mynet {

192.168.1.0/24;

127.0.0.1;

};

options {

directory "/var/named";

listen-on-v6 { any; };

notify no;

forward first;

forwarders {

192.168.1.1;

100

};

101

auth-nxdomain yes;

102

multiple-cnames yes;

103

listen-on {

104

mynet;

105

};

106

};

107

108

# The following three zone definitions do not need any modification.

109

# The first one defines localhost while the second defines the

110

# reverse lookup for localhost. The last zone "." is the

111

# definition of the root name servers.

112

113

zone "localhost" in {

114

type master;

115

file "localhost.zone";

116

};

117

118

zone "0.0.127.in-addr.arpa" in {

119

type master;

120

file "127.0.0.zone";

121

};

122

123

zone "." in {

124

type hint;

125

file "root.hint";

126

};

127

128

# You can insert further zone records for your own domains below.

129

130

zone "quenya.org" {

131

type master;

132

file "/var/named/quenya.org.hosts";

133

allow-query {

134

mynet;

135

};

136

allow-transfer {

137

mynet;

138

};

139

allow-update {

140

mynet;

141

};

142

};

143

144

zone "1.168.192.in-addr.arpa" {

145

type master;

146

file "/var/named/192.168.1.0.rev";

147

allow-query {

148

mynet;

149

};

150

allow-transfer {

151

mynet;

152

};

153

allow-update {

154

mynet;

155

};

156

};

157

</pre><p>

158

</p><p>

159

The following files are all located in the directory <code class="filename">/var/named</code>.

160

This is the <code class="filename">/var/named/localhost.zone</code> file:

161

</p><pre class="programlisting">

162

$TTL 1W

163

@ IN SOA @ root (

164

42 ; serial (d. adams)

165

2D ; refresh

166

4H ; retry

167

6W ; expiry

168

1W ) ; minimum

169

170

IN NS @

171

IN A 127.0.0.1

172

</pre><p>

173

</p><p>

174

The <code class="filename">/var/named/127.0.0.zone</code> file:

175

</p><pre class="programlisting">

176

$TTL 1W

177

@ IN SOA localhost. root.localhost. (

178

42 ; serial (d. adams)

179

2D ; refresh

180

4H ; retry

181

6W ; expiry

182

1W ) ; minimum

183

184

IN NS localhost.

185

1 IN PTR localhost.

186

</pre><p>

187

</p><p>

188

The <code class="filename">/var/named/quenya.org.host</code> file:

189

</p><pre class="programlisting">

190

$ORIGIN .

191

$TTL 38400 ; 10 hours 40 minutes

192

quenya.org IN SOA marvel.quenya.org. root.quenya.org. (

193

2003021832 ; serial

194

10800 ; refresh (3 hours)

195

3600 ; retry (1 hour)

196

604800 ; expire (1 week)

197

38400 ; minimum (10 hours 40 minutes)

198

)

199

NS marvel.quenya.org.

200

MX 10 mail.quenya.org.

201

$ORIGIN quenya.org.

202

frodo A 192.168.1.1

203

marvel A 192.168.1.2

204

;

205

mail CNAME marvel

206

www CNAME marvel

207

</pre><p>

208

</p><p>

209

The <code class="filename">/var/named/192.168.1.0.rev</code> file:

210

</p><pre class="programlisting">

211

$ORIGIN .

212

$TTL 38400 ; 10 hours 40 minutes

213

1.168.192.in-addr.arpa IN SOA marvel.quenya.org. root.quenya.org. (

214

2003021824 ; serial

215

10800 ; refresh (3 hours)

216

3600 ; retry (1 hour)

217

604800 ; expire (1 week)

218

38400 ; minimum (10 hours 40 minutes)

219

)

220

NS marvel.quenya.org.

221

$ORIGIN 1.168.192.in-addr.arpa.

222

1 PTR frodo.quenya.org.

223

2 PTR marvel.quenya.org.

224

</pre><p>

225

</p><p>

226

227

228

The configuration files shown here were copied from a fully working system. All dynamically registered

229

entries have been removed. In addition to these files, BIND version 9 will

230

create for each of the dynamic registration files a file that has a

231

<code class="filename">.jnl</code> extension. Do not edit or tamper with the configuration

232

files or with the <code class="filename">.jnl</code> files that are created.

233

</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="DHCP"></a>DHCP Server</h3></div></div></div><p>

234

The following file is used with the ISC DHCP Server version 3.

235

The file is located in <code class="filename">/etc/dhcpd.conf</code>:

236

</p><p>

237

</p><pre class="programlisting">

238

ddns-updates on;

239

ddns-domainname "quenya.org";

240

option ntp-servers 192.168.1.2;

241

ddns-update-style ad-hoc;

242

allow unknown-clients;

243

default-lease-time 86400;

244

max-lease-time 172800;

245

246

option domain-name "quenya.org";

247

option domain-name-servers 192.168.1.2;

248

option netbios-name-servers 192.168.1.2;

249

option netbios-dd-server 192.168.1.2;

250

option netbios-node-type 8;

251

252

subnet 192.168.1.0 netmask 255.255.255.0 {

253

range dynamic-bootp 192.168.1.60 192.168.1.254;

254

option subnet-mask 255.255.255.0;

255

option routers 192.168.1.2;

256

allow unknown-clients;

257

}

258

</pre><p>

259

</p><p>

260

In this example, IP addresses between 192.168.1.1 and 192.168.1.59 are

261

reserved for fixed-address (commonly called <code class="constant">hard-wired</code>) IP addresses. The

262

addresses between 192.168.1.60 and 192.168.1.254 are allocated for dynamic use.

263

</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch47.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="Appendix.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="apa.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�47.�Samba Support�</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">�Appendix�A.�

264

GNU General Public License version 3

265

</td></tr></table></div></body></html>