Directory Service with LDAP [3]: Isc-DHCP-Server and Bind9

Hello friends!. Here we are with the third installment of the series, and today it will be dedicated to those who prefer or need the Bind9 as a Domain Name Server, and the Isc-DHCP-Server for the automatic assignment of IP addresses and other aspects.

In this case, we will configure both services so that the DHCP server updates the DNS server zones. Let's not confuse the service Dinamyc DOMain Nsoul Server with this solution, although it is customary to call it Dynamic DNS, since the DHCP server dynamically updates the DNS zones that are indicated.

Those who want to have a detailed guide on how to implement and configure a DNS, please visit How to install and configure a Primary Master DNS for a LAN in Debian 6.0 (I), or download the compendium Articles of installation and configuration of a DNS all in 1.

We recommend that you read the previous two parts of the series before continuing:

  • Directory Service with LDAP. Introduction.
  • Directory Service with LDAP [2]: NTP and dnsmasq.

On the other hand, in the WWW Village we find books, manuals, accompanying aids and other literature, on how is it done? to install and configure these services. We can also use the WebMin package for installation, configuration and administration of them and other services. It is an administration tool via web En Extremo Potente. Be careful when using it! 🙂 The application can be downloaded from here!.

Which one should I use: DNSMasq or DNS / DHCP?

Gentlemen, that selection is at the discretion of each. The DNSMasq is designed for small networks, although it must be taken into account that a network with 250 machines or less is considered small.

Always remember that in a network, there should only be one authoritative DHCP server.

Example network

Lan: 10.10.10.0/24
Dominio: amigos.cu
Servidor: mildap.amigos.cu
Sistema Operativo Servidor: Debian 6 "Squeeze
Dirección IP del servidor: 10.10.10.15
Cliente 1: debian7.amigos.cu
Cliente 2: raring.amigos.cu
Cliente 3: suse13.amigos.cu
Cliente 4: seven.amigos.cu

Let's install and configure the Bind9

Most of what we will write next is console commands, so going forward, we will use that style whenever possible. By the way, we save space. 🙂

Declaration of repositories, system update, and installation of Bind9:

~# nano /etc/apt/sources.list
# Minimum these repositories. We declare according to what we have. deb http: //myhost.mydomain/debian6/squeeze/ squeeze main contrib deb http: //myhost.mydomain/debian6/squeeze-security/ squeeze / updates main contrib deb http: //myhost.mydomain/debian6/squeeze-updates / squeeze-updates main contrib

: ~ # aptitude update
: ~ # aptitude upgrade

: ~ # aptitude install bind9 dnsutils

Let's configure and check every change:

: ~ # nano /etc/resolv.conf
search friends.cu nameserver 127.0.0.1 ------------------------------------------ -----
: ~ # nano /etc/bind/named.conf
acl mired {127.0.0.0/8; 10.10.10.0/24; }; include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; -----------------------------------------------
: ~ # named-checkconf -z
: ~ # service bind9 restart

: ~ # cat /etc/bind/rndc.key
key "rndc-key" {algorithm hmac-md5; secret "3nG8BU / IEe4lS189SV27ng =="; }; -----------------------------------------------
: ~ # nano /etc/bind/named.conf.options
options {directory "/ var / cache / bind"; // forwarders {// 0.0.0.0; //}; auth-nxdomain no; # conform to RFC1035 listen-on-v6 {any; }; allow-query {mired; }; }; key "rndc-key" {algorithm hmac-md5; secret "3nG8BU / IEe4lS189SV27ng =="; }; controls {inet 127.0.0.1 allow {localhost; 10.10.10.15; } keys {rndc-key; }; }; -----------------------------------------------

: ~ # named-checkconf -z
: ~ # service bind9 restart

------------------------------------------------
: ~ # nano /etc/bind/named.conf.local
zone "amigos.cu" {type master; file "amigos.cu.hosts"; allow-update {key "rndc-key"; }; }; zone "10.10.10.in-addr.arpa" {type master; file "10.10.10.rev"; allow-update {key "rndc-key"; }; }; -----------------------------------------------

: ~ # named-checkconf -z
: ~ # service bind9 restart

: ~ # cp /etc/bind/db.local /var/cache/bind/amigos.cu.hosts
-----------------------------------------------
: ~ # nano /var/cache/bind/amigos.cu.hosts
; ; BIND data file for local loopback interface; $ TTL 604800 @ IN SOA mildap.amigos.cu. root.mildap.amigos.cu. (2; Serial 604800; Refresh 86400; Retry 2419200; Expire 604800); Negative Cache TTL; @ IN NS mildap.amigos.cu. ; mildap IN A 10.10.10.15 gandalf IN A 10.10.10.1 miwww IN A 10.10.10.5 -------------------------------- -----------------

: ~ # named-checkzone friends.cu /var/cache/bind/amigos.cu.hosts
: ~ # service bind9 restart

: ~ # dig friends.cu ns
: ~ # dig friends.cu axfr

: ~ # cp /etc/bind/db.127 /var/cache/bind/10.10.10.rev
--------------------------------------
: ~ # nano /var/cache/bind/10.10.10.rev
; ; BIND reverse data file for local loopback interface; $ TTL 604800 @ IN SOA mildap.amigos.cu. root.mildap.amigos.cu. (1; Serial 604800; Refresh 86400; Retry 2419200; Expire 604800); Negative Cache TTL; @ IN NS mildap.amigos.cu. ; 15 IN PTR mildap.amigos.cu. 1 IN PTR gandalf.amigos.cu. 5 IN PTR miwww.amigos.cu. -------------------------------------------------- --------------------

: ~ # named-checkzone 10.10.10.in-addr.arpa /var/cache/bind/10.10.10.rev
: ~ # named-checkconf -z
: ~ # named-checkconf -p
: ~ # service bind9 restart
===================================
If we do not have an Internet connection
====================================
: ~ # cp /etc/bind/db.root /etc/bind/db.root.original
: ~ # cp / dev / null /etc/bind/db.root

: ~ # named-checkconf -z
: ~ # named-checkconf -p
: ~ # service bind9 restart

: ~ # rndc reload
server reload successful

Let's install and configure the Isc-DHCP-Server

: ~ # aptitude install isc-dhcp-server
--------------------------------------
: ~ # nano / etc / default / isc-dhcp-server
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, eg "eth0 eth1".
INTERFACES = "eth1"
---------------------------------------

: ~ # cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.original
---------------------------------------
: ~ # nano /etc/dhcp/dhcpd.conf
key rndc-key {secret "3nG8BU / IEe4lS189SV27ng =="; algorithm hmac-md5; } server-identifier mildap.amigos.cu; ddns-update-style interim; ddns-updates on; ddns-domainname "amigos.cu"; ddns-rev-domainname "in-addr.arpa."; ignore client-updates; authoritative; option domain-name "amigos.cu"; option ntp-servers 10.10.10.15; zone amigos.cu. {primary 10.10.10.15; key rndc-key; } zone 10.10.10.in-addr.arpa. {primary 10.10.10.15; key rndc-key; } subnet 10.10.10.0 netmask 255.255.255.0 {option netbios-name-servers 10.10.10.15; option netbios-node-type 8; option domain-name-servers 10.10.10.15; option routers 10.10.10.1; range 10.10.10.200 10.10.10.250; } ------------------------------------------------- -

: ~ # service isc-dhcp-server start

Checks on a client

So far the two services work correctly. So let's do the checks from a client. In this case, we will take the client debian7.amigos.cu. We will connect to it using the protocol ssh:

root @ mildap: ~ # ssh debian7
root @ debian7's password: Linux debian7 3.2.0-4-686-pae # 1 SMP Debian 3.2.41-2 i686 [----]

root @ debian7: ~ # ifconfig
eth0 Link encap: Ethernet HWaddr 52: 54: 00: 8f: ee: f6 inet addr: 10.10.10.200 Bcast: 10.10.10.255 Mask: 255.255.255.0 [----]

root @ debian7: ~ # dig friends.cu axfr
[---] amigos.cu. 604800 IN SOA mildap.amigos.cu. root.mildap.amigos.cu. 3 604800 86400 2419200 604800 friends.cu. 604800 IN NS mildap.amigos.cu. debian7.amigos.cu. 21600 IN TXT "0047c481c633aee670d1f8874855f942e3" debian7.amigos.cu. 21600 IN A 10.10.10.200 gandalf.amigos.cu. 604800 IN A 10.10.10.1 mildap.amigos.cu. 604800 IN A 10.10.10.15 mi www.amigos.cu. 604800 IN A 10.10.10.5 amigos.cu. 604800 IN SOA mildap.amigos.cu. root.mildap.amigos.cu. 3 604800 86400 2419200 604800 ;; Query time: 5 msec ;; SERVER: 10.10.10.15 # 53 (10.10.10.15) ;; WHEN: Sun Feb 2 17:03:23 2014 ;; XFR size: 8 records (messages 1, bytes 258)

root @ debian7: ~ # dig 10.10.10.in-addr.arpa axfr
[----] 10.10.10.in-addr.arpa. 604800 IN SOA mildap.amigos.cu. root.mildap.amigos.cu. 2 604800 86400 2419200 604800 10.10.10.in-addr.arpa. 604800 IN NS mildap.amigos.cu. 1.10.10.10.in-addr.arpa. 604800 IN PTR gandalf.amigos.cu. 15.10.10.10.in-addr.arpa. 604800 IN PTR mildap.amigos.cu. 200.10.10.10.in-addr.arpa. 21600 IN PTR debian7.amigos.cu. 5.10.10.10.in-addr.arpa. 604800 IN PTR miwww.amigos.cu. 10.10.10.in-addr.arpa. 604800 IN SOA mildap.amigos.cu. root.mildap.amigos.cu. 2 604800 86400 2419200 604800 ;; Query time: 5 msec ;; SERVER: 10.10.10.15 # 53 (10.10.10.15) ;; WHEN: Sun Feb 2 17:04:42 2014 ;; XFR size: 7 records (messages 1, bytes 235)

And we can carry out as many checks as we want or need.

And that's all for today. The next installment will be Install and configure the OpenLDAP server. See you soon friends!


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

6 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   dhunter said

    And another post for bookmarks, you should consider publishing a Free Reach style pdf book. Slds.

    1.    federico said

      Thanks dhunter, but writing a book like the one by Maestro José Barrios Dueñas is out of my reach. That book, adjusted to the Debian form, I have followed and it is out of the ordinary. It takes a lot of knowledge and time to write something that comes close to you.

      You don't know how much work I spend on commenting with my super slow connection to the WWW Village. 🙂

      regards

  2.   federico said

    ... sorry, from Master Joel Barrios Dueñas. Yes now. I always get confused. The years. 🙂

  3.   eliotime3000 said

    Very good tutorial. And by the way, I'll be doing some experiments to be able to make a private F2P game server like Gunbound (precisely, almost all of Softnyx's) like this one, but on GNU / Linux >> http://hackzvip.obolog.com/video-tutorialcomo-crear-servidor-gunbound-season-2-565871

  4.   Jose Luis Gonzalez placeholder image said

    Very good contribution. I'll wait for Openldap ...

  5.   Julio C. Carballo said

    Very good friend I will try to propagate in a non-productive environment

    regards