1
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�48.�DNS and DHCP Configuration Guide</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="The Official Samba 3.4.x HOWTO and Reference Guide"><link rel="up" href="Appendix.html" title="Part�VI.�Reference Section"><link rel="prev" href="ch47.html" title="Chapter�47.�Samba Support"><link rel="next" href="apa.html" title="Appendix�A.� GNU General Public License version 3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�48.�DNS and DHCP Configuration Guide</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch47.html">Prev</a>�</td><th width="60%" align="center">Part�VI.�Reference Section</th><td width="20%" align="right">�<a accesskey="n" href="apa.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="DNSDHCP"></a>Chapter�48.�DNS and DHCP Configuration Guide</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="orgname">Samba Team</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email"><<a class="email" href="mailto:jht@samba.org">jht@samba.org</a>></code></p></div></div></div></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="DNSDHCP.html#id2692858">Features and Benefits</a></span></dt><dt><span class="sect1"><a href="DNSDHCP.html#id2693042">Example Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="DNSDHCP.html#id2693133">Dynamic DNS</a></span></dt><dt><span class="sect2"><a href="DNSDHCP.html#DHCP">DHCP Server</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2692858"></a>Features and Benefits</h2></div></div></div><p>
2
<a class="indexterm" name="id2692866"></a>
3
<a class="indexterm" name="id2692876"></a>
4
There are few subjects in the UNIX world that might raise as much contention as
5
Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP).
6
Not all opinions held for or against particular implementations of DNS and DHCP
9
We live in a modern age where many information technology users demand mobility
10
and freedom. Microsoft Windows users in particular expect to be able to plug their
11
notebook computer into a network port and have things “<span class="quote">just work.</span>”
13
<a class="indexterm" name="id2692902"></a>
14
UNIX administrators have a point. Many of the normative practices in the Microsoft
15
Windows world at best border on bad practice from a security perspective.
16
Microsoft Windows networking protocols allow workstations to arbitrarily register
17
themselves on a network. Windows 2000 Active Directory registers entries in the DNS namespace
18
that are equally perplexing to UNIX administrators. Welcome to the new world!
20
<a class="indexterm" name="id2692919"></a>
21
<a class="indexterm" name="id2692928"></a>
22
<a class="indexterm" name="id2692937"></a>
23
The purpose of this chapter is to demonstrate the configuration of the Internet
24
Software Consortium (ISC) DNS and DHCP servers to provide dynamic services that are
25
compatible with their equivalents in the Microsoft Windows 2000 Server products.
27
This chapter provides no more than a working example of configuration files for both DNS and DHCP servers. The
28
examples used match configuration examples used elsewhere in this document.
30
<a class="indexterm" name="id2692960"></a>
31
<a class="indexterm" name="id2692967"></a>
32
<a class="indexterm" name="id2692974"></a>
33
This chapter explicitly does not provide a tutorial, nor does it pretend to be a reference guide on DNS and
34
DHCP, as this is well beyond the scope and intent of this document as a whole. Anyone who wants more detailed
35
reference materials on DNS or DHCP should visit the ISC Web site at <a class="ulink" href="http://www.isc.org" target="_top"> http://www.isc.org</a>. Those wanting a written text might also be interested
36
in the O'Reilly publications on DNS, see the <a class="ulink" href="http://www.oreilly.com/catalog/dns/index.htm" target="_top">O'Reilly</a> web site, and the <a class="ulink" href="http://www.bind9.net/books-dhcp" target="_top">BIND9.NET</a> web site for details.
38
</p><div class="orderedlist"><ol type="1"><li><p>DNS and BIND, By Cricket Liu, Paul Albitz, ISBN: 1-56592-010-4</p></li><li><p>DNS & Bind Cookbook, By Cricket Liu, ISBN: 0-596-00410-9</p></li><li><p>The DHCP Handbook (2nd Edition), By: Ralph Droms, Ted Lemon, ISBN 0-672-32327-3</p></li></ol></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2693042"></a>Example Configuration</h2></div></div></div><p>
39
<a class="indexterm" name="id2693050"></a>
40
<a class="indexterm" name="id2693056"></a>
41
The DNS is to the Internet what water is to life. Nearly all information resources (host names) are resolved
42
to their Internet protocol (IP) addresses through DNS. Windows networking tried hard to avoid the
43
complexities of DNS, but alas, DNS won. <a class="indexterm" name="id2693067"></a> The alternative to
44
DNS, the Windows Internet Name Service (WINS) an artifact of NetBIOS networking over the TCP/IP
45
protocols has demonstrated scalability problems as well as a flat, nonhierarchical namespace that
46
became unmanageable as the size and complexity of information technology networks grew.
48
<a class="indexterm" name="id2693088"></a>
49
<a class="indexterm" name="id2693095"></a>
50
WINS is a Microsoft implementation of the RFC1001/1002 NetBIOS Name Service (NBNS).
51
It allows NetBIOS clients (like Microsoft Windows machines) to register an arbitrary
52
machine name that the administrator or user has chosen together with the IP
53
address that the machine has been given. Through the use of WINS, network client machines
54
could resolve machine names to their IP address.
56
The demand for an alternative to the limitations of NetBIOS networking finally drove
57
Microsoft to use DNS and Active Directory. Microsoft's new implementation attempts
58
to use DNS in a manner similar to the way that WINS is used for NetBIOS networking.
59
Both WINS and Microsoft DNS rely on dynamic name registration.
61
Microsoft Windows clients can perform dynamic name registration to the DNS server
62
on startup. Alternatively, where DHCP is used to assign workstation IP addresses,
63
it is possible to register hostnames and their IP address by the DHCP server as
64
soon as a client acknowledges an IP address lease. Finally, Microsoft DNS can resolve
65
hostnames via Microsoft WINS.
67
The following configurations demonstrate a simple, insecure dynamic DNS server and
68
a simple DHCP server that matches the DNS configuration.
69
</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2693133"></a>Dynamic DNS</h3></div></div></div><p>
70
<a class="indexterm" name="id2693140"></a>
71
The example DNS configuration is for a private network in the IP address
72
space for network 192.168.1.0/24. The private class network address space
73
is set forth in RFC1918.
75
<a class="indexterm" name="id2693156"></a>
76
It is assumed that this network will be situated behind a secure firewall.
77
The files that follow work with ISC BIND version 9. BIND is the Berkeley
80
The master configuration file <code class="filename">/etc/named.conf</code>
81
determines the location of all further configuration files used.
82
The location and name of this file is specified in the startup script
83
that is part of the operating system.
84
</p><pre class="programlisting">
85
# Quenya.Org configuration file
94
directory "/var/named";
95
listen-on-v6 { any; };
108
# The following three zone definitions do not need any modification.
109
# The first one defines localhost while the second defines the
110
# reverse lookup for localhost. The last zone "." is the
111
# definition of the root name servers.
113
zone "localhost" in {
115
file "localhost.zone";
118
zone "0.0.127.in-addr.arpa" in {
128
# You can insert further zone records for your own domains below.
132
file "/var/named/quenya.org.hosts";
144
zone "1.168.192.in-addr.arpa" {
146
file "/var/named/192.168.1.0.rev";
159
The following files are all located in the directory <code class="filename">/var/named</code>.
160
This is the <code class="filename">/var/named/localhost.zone</code> file:
161
</p><pre class="programlisting">
164
42 ; serial (d. adams)
174
The <code class="filename">/var/named/127.0.0.zone</code> file:
175
</p><pre class="programlisting">
177
@ IN SOA localhost. root.localhost. (
178
42 ; serial (d. adams)
188
The <code class="filename">/var/named/quenya.org.host</code> file:
189
</p><pre class="programlisting">
191
$TTL 38400 ; 10 hours 40 minutes
192
quenya.org IN SOA marvel.quenya.org. root.quenya.org. (
194
10800 ; refresh (3 hours)
195
3600 ; retry (1 hour)
196
604800 ; expire (1 week)
197
38400 ; minimum (10 hours 40 minutes)
199
NS marvel.quenya.org.
200
MX 10 mail.quenya.org.
209
The <code class="filename">/var/named/192.168.1.0.rev</code> file:
210
</p><pre class="programlisting">
212
$TTL 38400 ; 10 hours 40 minutes
213
1.168.192.in-addr.arpa IN SOA marvel.quenya.org. root.quenya.org. (
215
10800 ; refresh (3 hours)
216
3600 ; retry (1 hour)
217
604800 ; expire (1 week)
218
38400 ; minimum (10 hours 40 minutes)
220
NS marvel.quenya.org.
221
$ORIGIN 1.168.192.in-addr.arpa.
222
1 PTR frodo.quenya.org.
223
2 PTR marvel.quenya.org.
226
<a class="indexterm" name="id2693300"></a>
227
<a class="indexterm" name="id2693307"></a>
228
The configuration files shown here were copied from a fully working system. All dynamically registered
229
entries have been removed. In addition to these files, BIND version 9 will
230
create for each of the dynamic registration files a file that has a
231
<code class="filename">.jnl</code> extension. Do not edit or tamper with the configuration
232
files or with the <code class="filename">.jnl</code> files that are created.
233
</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="DHCP"></a>DHCP Server</h3></div></div></div><p>
234
The following file is used with the ISC DHCP Server version 3.
235
The file is located in <code class="filename">/etc/dhcpd.conf</code>:
237
</p><pre class="programlisting">
239
ddns-domainname "quenya.org";
240
option ntp-servers 192.168.1.2;
241
ddns-update-style ad-hoc;
242
allow unknown-clients;
243
default-lease-time 86400;
244
max-lease-time 172800;
246
option domain-name "quenya.org";
247
option domain-name-servers 192.168.1.2;
248
option netbios-name-servers 192.168.1.2;
249
option netbios-dd-server 192.168.1.2;
250
option netbios-node-type 8;
252
subnet 192.168.1.0 netmask 255.255.255.0 {
253
range dynamic-bootp 192.168.1.60 192.168.1.254;
254
option subnet-mask 255.255.255.0;
255
option routers 192.168.1.2;
256
allow unknown-clients;
260
In this example, IP addresses between 192.168.1.1 and 192.168.1.59 are
261
reserved for fixed-address (commonly called <code class="constant">hard-wired</code>) IP addresses. The
262
addresses between 192.168.1.60 and 192.168.1.254 are allocated for dynamic use.
263
</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch47.html">Prev</a>�</td><td width="20%" align="center"><a accesskey="u" href="Appendix.html">Up</a></td><td width="40%" align="right">�<a accesskey="n" href="apa.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter�47.�Samba Support�</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">�Appendix�A.�
264
GNU General Public License version 3
265
</td></tr></table></div></body></html>