< Day Day Up > |
For networks that also support a Domain Name Server, dynamic allocation of IP addresses currently needs to address one major constraint: DHCP needs to sync with a DNS server. A DNS server is associating hostnames with particular IP addresses, whereas in the case of dynamic allocation, the DHCP server is randomly assigning its own IP addresses to different hosts. These may or may not be the same as the IP addresses that the DNS server expects to associate with a hostname. A solution to this problem is being developed, called Dynamic DNS. With Dynamic DNS, the DHCP server is able to automatically update the DNS server with the IP addresses the DHCP server has assigned to different hosts.
Note |
Alternatively, if you want to statically sync your DHCP and DNS servers with fixed addresses, you would configure DHCP to assign those fixed addresses to hosts. You can then have the DHCP server perform a DNS lookup to obtain the IP address it should assign, or you can manually assign the same IP address in the DHCP configuration file. Performing a DNS lookup has the advantage of specifying the IP address in one place, the DNS server. |
The 3.0 DHCP server has the ability to dynamically update BIND DNS server zone configuration files. As noted in Chapter 34, the DNS server has to enable dynamic updates for a zone file by specifying the allow-update option for it in the named.conf file. Furthermore, it is strongly encouraged that you use TSIG signature keys (see Chapter 34) to reference and authenticate the BIND and DHCP servers. Currently, DHCP uses the Interim DNS Update Scheme to perform dynamic DNS updates, replacing an earlier Ad-Hoc DNS Update Scheme. A finalized version will be implemented in future DHCP releases. You can find detailed information about dynamic DNS in the dhcpd.conf Man page.
Enabling the use of a TSIG key involves syncing configuration for both your DHCP and DNS servers. Both have to be configured to use the same key for the same domains. First, you need to create a shared secret TSIG signature key using dnssec-keygen, as described in Chapter 34. In the DNS server, you place TSIG key declarations and allow-update entries in the server's named.conf file, as shown in this example:
key mydhcpserver { algorithm HMAC-MD5; secret "ONQAfbBLnvWU9H8hRqq/WA=="; }; zone "mytrek.com" { type master; file "mytrek.com"; allow-update {key mydhcpserver;}; }; zone "1.168.192.IN-ADDR.ARPA" { type master; file "192.168.0"; allow-update {key mydhcpserver;}; };
In the DHCP server, you place a corresponding TSIG key declaration and allow-update entries in the server's dhcpd.conf file, as shown in this example. The key declaration has the same syntax as the DNS server. DHCP zone statements are then used to specify the IP address of the domain and the TSIG key to use. The domain names and IP addresses need to match exactly in the configuration files for both the DNS and DHCP servers. Unlike in the named.conf file, there are no quotes around the domain name or IP addresses in the dhcpd.conf file. In the dhcpd.conf file, the domain names and IP addresses used in the zone statement also need to end with a period, as they do in the DNS zone files. The key statement lists the key to use. Though the DHCP will try to determine the DNS servers to update, it is recommended that you explicitly identify them with a primary statement in a zone entry.
key mydhcpserver { algorithm HMAC-MD5; secret "ONQAfbBLnvWU9H8hRqq/WA=="; };
zone mytrek.com. { #DNS domain zone to update primary 192.168.0.1; #address of DNS server key mydhcpserver; #TSIG signature key }; zone 1.168.192.IN-ADDR.ARPA. { #domain PTR zone to update primary 192.168.0.1; #address of DNS server key mydhcpserver; # TSIG signature key };
To generate a fully qualified hostname to use in a DNS update, the DHCP server will normally use its own domain name and the hostname provided by a DHCP client (see the dhcpd.conf Man page for exceptions). Should you want to assign a specific hostname to a host, you can use the ddns-hostname statement to specify it in the host's hardware section. The domain name is specified in the domain-name option:
option domain-name "mytrek.com"
The DNS update capability can be turned on or off for all domains with the ddns-update- style statement. It is on by default. To turn off DNS updates for particular domains, you can use the ddns-updates statement. This is also on by default.
A simple DNS update configuration for a DHCP server in the dhcpd.conf file is shown here.
option routers 192.168.0.1; option subnet-mask 255.255.255.0; option domain-name "mytrek.com "; option domain-name-servers 192.168.0.1; key mydhcpserver { algorithm HMAC-MD5; secret "ONQAfbBLnvWU9H8hRqq/WA=="; }; subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.0.5 192.168.0.128; default-lease-time 21600; max-lease-time 43200; zone mytrek.com. { primary 192.168.0.1; key mydhcpserver; } zone 1.168.192.IN-ADDR.ARPA. { primary 192.168.0.1; key mydhcpserver; } }
< Day Day Up > |
This HTML Help has been published using the chm2web software. |