source: trunk-3.0/docs/htmldocs/Samba3-HOWTO/DNSDHCP.html@ 101

Last change on this file since 101 was 44, checked in by Paul Smedley, 18 years ago

Update source to 3.0.25b
File size: 13.4 KB
Line 
1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 47. DNS and DHCP Configuration Guide</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.71.0"><link rel="start" href="index.html" title="The Official Samba-3 HOWTO and Reference Guide"><link rel="up" href="Appendix.html" title="Part VI. Reference Section"><link rel="prev" href="ch46.html" title="Chapter 46. Samba Support"><link rel="next" href="gpl.html" title="Appendix A. GNU General Public License"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 47. DNS and DHCP Configuration Guide</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch46.html">Prev</a> </td><th width="60%" align="center">Part VI. Reference Section</th><td width="20%" align="right"> <a accesskey="n" href="gpl.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="DNSDHCP"></a>Chapter 47. DNS and DHCP Configuration Guide</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><code class="email">&lt;<a href="mailto:jht@samba.org">jht@samba.org</a>&gt;</code></p></div></div></div></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="DNSDHCP.html#id446930">Features and Benefits</a></span></dt><dt><span class="sect1"><a href="DNSDHCP.html#id447090">Example Configuration</a></span></dt><dd><dl><dt><span class="sect2"><a href="DNSDHCP.html#id447166">Dynamic DNS</a></span></dt><dt><span class="sect2"><a href="DNSDHCP.html#DHCP">DHCP Server</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id446930"></a>Features and Benefits</h2></div></div></div><p>
2<a class="indexterm" name="id446938"></a>
3<a class="indexterm" name="id446947"></a>
4There are few subjects in the UNIX world that might raise as much contention as
5Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP).
6Not all opinions held for or against particular implementations of DNS and DHCP
7are valid.
8</p><p>
9We live in a modern age where many information technology users demand mobility
10and freedom. Microsoft Windows users in particular expect to be able to plug their
11notebook computer into a network port and have things &#8220;<span class="quote">just work.</span>&#8221;
12</p><p>
13<a class="indexterm" name="id446970"></a>
14UNIX administrators have a point. Many of the normative practices in the Microsoft
15Windows world at best border on bad practice from a security perspective.
16Microsoft Windows networking protocols allow workstations to arbitrarily register
17themselves on a network. Windows 2000 Active Directory registers entries in the DNS namespace
18that are equally perplexing to UNIX administrators. Welcome to the new world!
19</p><p>
20<a class="indexterm" name="id446983"></a>
21<a class="indexterm" name="id446992"></a>
22<a class="indexterm" name="id447001"></a>
23The purpose of this chapter is to demonstrate the configuration of the Internet
24Software Consortium (ISC) DNS and DHCP servers to provide dynamic services that are
25compatible with their equivalents in the Microsoft Windows 2000 Server products.
26</p><p>
27This chapter provides no more than a working example of configuration files for both DNS and DHCP servers. The
28examples used match configuration examples used elsewhere in this document.
29</p><p>
30<a class="indexterm" name="id447021"></a>
31<a class="indexterm" name="id447027"></a>
32<a class="indexterm" name="id447034"></a>
33This chapter explicitly does not provide a tutorial, nor does it pretend to be a reference guide on DNS and
34DHCP, as this is well beyond the scope and intent of this document as a whole. Anyone who wants more detailed
35reference materials on DNS or DHCP should visit the ISC Web site at <a href="http://www.isc.org" target="_top"> http://www.isc.org</a>. Those wanting a written text might also be interested
36in the O'Reilly publications on DNS, see the <a href="http://www.oreilly.com/catalog/dns/index.htm" target="_top">O'Reilly</a> web site, and the <a href="http://www.bind9.net/books-dhcp" target="_top">BIND9.NET</a> web site for details.
37The books are:
38</p><div class="orderedlist"><ol type="1"><li><p>DNS and BIND, By Cricket Liu, Paul Albitz, ISBN: 1-56592-010-4</p></li><li><p>DNS &amp; Bind Cookbook, By Cricket Liu, ISBN: 0-596-00410-9</p></li><li><p>The DHCP Handbook (2nd Edition), By: Ralph Droms, Ted Lemon, ISBN 0-672-32327-3</p></li></ol></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id447090"></a>Example Configuration</h2></div></div></div><p>
39<a class="indexterm" name="id447098"></a>
40<a class="indexterm" name="id447104"></a>
41The DNS is to the Internet what water is to life. Nearly all information resources (host names) are resolved
42to their Internet protocol (IP) addresses through DNS. Windows networking tried hard to avoid the
43complexities of DNS, but alas, DNS won. <a class="indexterm" name="id447113"></a> The alternative to
44DNS, the Windows Internet Name Service (WINS) an artifact of NetBIOS networking over the TCP/IP
45protocols has demonstrated scalability problems as well as a flat, nonhierarchical namespace that
46became unmanageable as the size and complexity of information technology networks grew.
47</p><p>
48<a class="indexterm" name="id447132"></a>
49<a class="indexterm" name="id447138"></a>
50WINS is a Microsoft implementation of the RFC1001/1002 NetBIOS Name Service (NBNS).
51It allows NetBIOS clients (like Microsoft Windows machines) to register an arbitrary
52machine name that the administrator or user has chosen together with the IP
53address that the machine has been given. Through the use of WINS, network client machines
54could resolve machine names to their IP address.
55</p><p>
56The demand for an alternative to the limitations of NetBIOS networking finally drove
57Microsoft to use DNS and Active Directory. Microsoft's new implementation attempts
58to use DNS in a manner similar to the way that WINS is used for NetBIOS networking.
59Both WINS and Microsoft DNS rely on dynamic name registration.
60</p><p>
61Microsoft Windows clients can perform dynamic name registration to the DNS server
62on startup. Alternatively, where DHCP is used to assign workstation IP addresses,
63it is possible to register hostnames and their IP address by the DHCP server as
64soon as a client acknowledges an IP address lease. Finally, Microsoft DNS can resolve
65hostnames via Microsoft WINS.
66</p><p>
67The following configurations demonstrate a simple, insecure dynamic DNS server and
68a simple DHCP server that matches the DNS configuration.
69</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id447166"></a>Dynamic DNS</h3></div></div></div><p>
70 <a class="indexterm" name="id447174"></a>
71 The example DNS configuration is for a private network in the IP address
72 space for network 192.168.1.0/24. The private class network address space
73 is set forth in RFC1918.
74 </p><p>
75 <a class="indexterm" name="id447187"></a>
76 It is assumed that this network will be situated behind a secure firewall.
77 The files that follow work with ISC BIND version 9. BIND is the Berkeley
78 Internet Name Daemon.
79 </p><p>
80 The master configuration file <code class="filename">/etc/named.conf</code>
81 determines the location of all further configuration files used.
82 The location and name of this file is specified in the startup script
83 that is part of the operating system.
84</p><pre class="programlisting">
85# Quenya.Org configuration file
86
87acl mynet {
88 192.168.1.0/24;
89 127.0.0.1;
90};
91
92options {
93
94 directory "/var/named";
95 listen-on-v6 { any; };
96 notify no;
97 forward first;
98 forwarders {
99 192.168.1.1;
100 };
101 auth-nxdomain yes;
102 multiple-cnames yes;
103 listen-on {
104 mynet;
105 };
106};
107
108# The following three zone definitions do not need any modification.
109# The first one defines localhost while the second defines the
110# reverse lookup for localhost. The last zone "." is the
111# definition of the root name servers.
112
113zone "localhost" in {
114 type master;
115 file "localhost.zone";
116};
117
118zone "0.0.127.in-addr.arpa" in {
119 type master;
120 file "127.0.0.zone";
121};
122
123zone "." in {
124 type hint;
125 file "root.hint";
126};
127
128# You can insert further zone records for your own domains below.
129
130zone "quenya.org" {
131 type master;
132 file "/var/named/quenya.org.hosts";
133 allow-query {
134 mynet;
135 };
136 allow-transfer {
137 mynet;
138 };
139 allow-update {
140 mynet;
141 };
142 };
143
144zone "1.168.192.in-addr.arpa" {
145 type master;
146 file "/var/named/192.168.1.0.rev";
147 allow-query {
148 mynet;
149 };
150 allow-transfer {
151 mynet;
152 };
153 allow-update {
154 mynet;
155 };
156};
157</pre><p>
158 </p><p>
159 The following files are all located in the directory <code class="filename">/var/named</code>.
160 This is the <code class="filename">/var/named/localhost.zone</code> file:
161</p><pre class="programlisting">
162$TTL 1W
163@ IN SOA @ root (
164 42 ; serial (d. adams)
165 2D ; refresh
166 4H ; retry
167 6W ; expiry
168 1W ) ; minimum
169
170 IN NS @
171 IN A 127.0.0.1
172 </pre><p>
173 </p><p>
174 The <code class="filename">/var/named/127.0.0.zone</code> file:
175</p><pre class="programlisting">
176$TTL 1W
177@ IN SOA localhost. root.localhost. (
178 42 ; serial (d. adams)
179 2D ; refresh
180 4H ; retry
181 6W ; expiry
182 1W ) ; minimum
183
184 IN NS localhost.
1851 IN PTR localhost.
186</pre><p>
187 </p><p>
188 The <code class="filename">/var/named/quenya.org.host</code> file:
189</p><pre class="programlisting">
190$ORIGIN .
191$TTL 38400 ; 10 hours 40 minutes
192quenya.org IN SOA marvel.quenya.org. root.quenya.org. (
193 2003021832 ; serial
194 10800 ; refresh (3 hours)
195 3600 ; retry (1 hour)
196 604800 ; expire (1 week)
197 38400 ; minimum (10 hours 40 minutes)
198 )
199 NS marvel.quenya.org.
200 MX 10 mail.quenya.org.
201$ORIGIN quenya.org.
202frodo A 192.168.1.1
203marvel A 192.168.1.2
204;
205mail CNAME marvel
206www CNAME marvel
207</pre><p>
208</p><p>
209 The <code class="filename">/var/named/192.168.1.0.rev</code> file:
210</p><pre class="programlisting">
211$ORIGIN .
212$TTL 38400 ; 10 hours 40 minutes
2131.168.192.in-addr.arpa IN SOA marvel.quenya.org. root.quenya.org. (
214 2003021824 ; serial
215 10800 ; refresh (3 hours)
216 3600 ; retry (1 hour)
217 604800 ; expire (1 week)
218 38400 ; minimum (10 hours 40 minutes)
219 )
220 NS marvel.quenya.org.
221$ORIGIN 1.168.192.in-addr.arpa.
2221 PTR frodo.quenya.org.
2232 PTR marvel.quenya.org.
224</pre><p>
225 </p><p>
226<a class="indexterm" name="id447305"></a>
227<a class="indexterm" name="id447312"></a>
228 The configuration files shown here were copied from a fully working system. All dynamically registered
229 entries have been removed. In addition to these files, BIND version 9 will
230 create for each of the dynamic registration files a file that has a
231 <code class="filename">.jnl</code> extension. Do not edit or tamper with the configuration
232 files or with the <code class="filename">.jnl</code> files that are created.
233 </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="DHCP"></a>DHCP Server</h3></div></div></div><p>
234 The following file is used with the ISC DHCP Server version 3.
235 The file is located in <code class="filename">/etc/dhcpd.conf</code>:
236 </p><p>
237 </p><pre class="programlisting">
238ddns-updates on;
239ddns-domainname "quenya.org";
240option ntp-servers 192.168.1.2;
241ddns-update-style ad-hoc;
242allow unknown-clients;
243default-lease-time 86400;
244max-lease-time 172800;
245
246option domain-name "quenya.org";
247option domain-name-servers 192.168.1.2;
248option netbios-name-servers 192.168.1.2;
249option netbios-dd-server 192.168.1.2;
250option netbios-node-type 8;
251
252subnet 192.168.1.0 netmask 255.255.255.0 {
253 range dynamic-bootp 192.168.1.60 192.168.1.254;
254 option subnet-mask 255.255.255.0;
255 option routers 192.168.1.2;
256 allow unknown-clients;
257}
258</pre><p>
259 </p><p>
260 In this example, IP addresses between 192.168.1.1 and 192.168.1.59 are
261 reserved for fixed-address (commonly called <code class="constant">hard-wired</code>) IP addresses. The
262 addresses between 192.168.1.60 and 192.168.1.254 are allocated for dynamic use.
263 </p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch46.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Appendix.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="gpl.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 46. Samba Support </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Appendix A. GNU General Public License</td></tr></table></div></body></html>
Note: See TracBrowser for help on using the repository browser.