source: trunk/server/docs-xml/Samba3-HOWTO/TOSHARG-DNS-DHCP-Configuration.xml@ 640

Last change on this file since 640 was 414, checked in by Herwig Bauernfeind, 16 years ago

Samba 3.5.0: Initial import

File size: 10.9 KB
Line 
1<?xml version="1.0" encoding="iso-8859-1"?>
2<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
3<chapter id="DNSDHCP">
4<chapterinfo>
5 &author.jht;
6</chapterinfo>
7
8<title>DNS and DHCP Configuration Guide</title>
9
10<sect1>
11<title>Features and Benefits</title>
12
13<para>
14<indexterm><primary>Dynamic Host Configuration Protocol</primary><see>DHCP</see></indexterm>
15<indexterm><primary>Domain Name System</primary><see>DNS</see></indexterm>
16There are few subjects in the UNIX world that might raise as much contention as
17Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP).
18Not all opinions held for or against particular implementations of DNS and DHCP
19are valid.
20</para>
21
22<para>
23We live in a modern age where many information technology users demand mobility
24and freedom. Microsoft Windows users in particular expect to be able to plug their
25notebook computer into a network port and have things <quote>just work.</quote>
26</para>
27
28<para>
29<indexterm><primary>ADS</primary></indexterm>
30UNIX administrators have a point. Many of the normative practices in the Microsoft
31Windows world at best border on bad practice from a security perspective.
32Microsoft Windows networking protocols allow workstations to arbitrarily register
33themselves on a network. Windows 2000 Active Directory registers entries in the DNS namespace
34that are equally perplexing to UNIX administrators. Welcome to the new world!
35</para>
36
37
38<para>
39<indexterm><primary>ISC</primary><secondary>DNS</secondary></indexterm>
40<indexterm><primary>ISC</primary><secondary>DHCP</secondary></indexterm>
41<indexterm><primary>Dynamic DNS</primary><see>DDNS</see></indexterm>
42The purpose of this chapter is to demonstrate the configuration of the Internet
43Software Consortium (ISC) DNS and DHCP servers to provide dynamic services that are
44compatible with their equivalents in the Microsoft Windows 2000 Server products.
45</para>
46
47<para>
48This chapter provides no more than a working example of configuration files for both DNS and DHCP servers. The
49examples used match configuration examples used elsewhere in this document.
50</para>
51
52<para>
53<indexterm><primary>DNS</primary></indexterm>
54<indexterm><primary>DHCP</primary></indexterm>
55<indexterm><primary>BIND9.NET</primary></indexterm>
56This chapter explicitly does not provide a tutorial, nor does it pretend to be a reference guide on DNS and
57DHCP, as this is well beyond the scope and intent of this document as a whole. Anyone who wants more detailed
58reference materials on DNS or DHCP should visit the ISC Web site at <ulink noescape="1"
59url="http://www.isc.org"> http://www.isc.org</ulink>. Those wanting a written text might also be interested
60in the O'Reilly publications on DNS, see the <ulink
61url="http://www.oreilly.com/catalog/dns/index.htm">O'Reilly</ulink> web site, and the <ulink
62url="http://www.bind9.net/books-dhcp">BIND9.NET</ulink> web site for details.
63The books are:
64</para>
65
66<orderedlist>
67 <listitem><para>DNS and BIND, By Cricket Liu, Paul Albitz, ISBN: 1-56592-010-4</para></listitem>
68 <listitem><para>DNS &amp; Bind Cookbook, By Cricket Liu, ISBN: 0-596-00410-9</para></listitem>
69 <listitem><para>The DHCP Handbook (2nd Edition), By: Ralph Droms, Ted Lemon, ISBN 0-672-32327-3</para></listitem>
70</orderedlist>
71
72</sect1>
73
74<sect1>
75<title>Example Configuration</title>
76
77<para>
78<indexterm><primary>WINS</primary></indexterm>
79<indexterm><primary>DNS</primary></indexterm>
80The DNS is to the Internet what water is to life. Nearly all information resources (host names) are resolved
81to their Internet protocol (IP) addresses through DNS. Windows networking tried hard to avoid the
82complexities of DNS, but alas, DNS won. <indexterm><primary>WINS</primary></indexterm> The alternative to
83DNS, the Windows Internet Name Service (WINS) &smbmdash; an artifact of NetBIOS networking over the TCP/IP
84protocols &smbmdash; has demonstrated scalability problems as well as a flat, nonhierarchical namespace that
85became unmanageable as the size and complexity of information technology networks grew.
86</para>
87
88<para>
89<indexterm><primary>RFC 1001</primary></indexterm>
90<indexterm><primary>RFC 1002</primary></indexterm>
91WINS is a Microsoft implementation of the RFC1001/1002 NetBIOS Name Service (NBNS).
92It allows NetBIOS clients (like Microsoft Windows machines) to register an arbitrary
93machine name that the administrator or user has chosen together with the IP
94address that the machine has been given. Through the use of WINS, network client machines
95could resolve machine names to their IP address.
96</para>
97
98<para>
99The demand for an alternative to the limitations of NetBIOS networking finally drove
100Microsoft to use DNS and Active Directory. Microsoft's new implementation attempts
101to use DNS in a manner similar to the way that WINS is used for NetBIOS networking.
102Both WINS and Microsoft DNS rely on dynamic name registration.
103</para>
104
105<para>
106Microsoft Windows clients can perform dynamic name registration to the DNS server
107on startup. Alternatively, where DHCP is used to assign workstation IP addresses,
108it is possible to register hostnames and their IP address by the DHCP server as
109soon as a client acknowledges an IP address lease. Finally, Microsoft DNS can resolve
110hostnames via Microsoft WINS.
111</para>
112
113<para>
114The following configurations demonstrate a simple, insecure dynamic DNS server and
115a simple DHCP server that matches the DNS configuration.
116</para>
117
118 <sect2>
119 <title>Dynamic DNS</title>
120
121 <para>
122 <indexterm><primary>DNS</primary><secondary>Dynamic</secondary></indexterm>
123 The example DNS configuration is for a private network in the IP address
124 space for network 192.168.1.0/24. The private class network address space
125 is set forth in RFC1918.
126 </para>
127
128
129 <para>
130 <indexterm><primary>BIND</primary></indexterm>
131 It is assumed that this network will be situated behind a secure firewall.
132 The files that follow work with ISC BIND version 9. BIND is the Berkeley
133 Internet Name Daemon.
134 </para>
135
136 <para>
137 The master configuration file <filename>/etc/named.conf</filename>
138 determines the location of all further configuration files used.
139 The location and name of this file is specified in the startup script
140 that is part of the operating system.
141<programlisting>
142# Quenya.Org configuration file
143
144acl mynet {
145 192.168.1.0/24;
146 127.0.0.1;
147};
148
149options {
150
151 directory "/var/named";
152 listen-on-v6 { any; };
153 notify no;
154 forward first;
155 forwarders {
156 192.168.1.1;
157 };
158 auth-nxdomain yes;
159 multiple-cnames yes;
160 listen-on {
161 mynet;
162 };
163};
164
165# The following three zone definitions do not need any modification.
166# The first one defines localhost while the second defines the
167# reverse lookup for localhost. The last zone "." is the
168# definition of the root name servers.
169
170zone "localhost" in {
171 type master;
172 file "localhost.zone";
173};
174
175zone "0.0.127.in-addr.arpa" in {
176 type master;
177 file "127.0.0.zone";
178};
179
180zone "." in {
181 type hint;
182 file "root.hint";
183};
184
185# You can insert further zone records for your own domains below.
186
187zone "quenya.org" {
188 type master;
189 file "/var/named/quenya.org.hosts";
190 allow-query {
191 mynet;
192 };
193 allow-transfer {
194 mynet;
195 };
196 allow-update {
197 mynet;
198 };
199 };
200
201zone "1.168.192.in-addr.arpa" {
202 type master;
203 file "/var/named/192.168.1.0.rev";
204 allow-query {
205 mynet;
206 };
207 allow-transfer {
208 mynet;
209 };
210 allow-update {
211 mynet;
212 };
213};
214</programlisting>
215 </para>
216
217 <para>
218 The following files are all located in the directory <filename>/var/named</filename>.
219 This is the <filename>/var/named/localhost.zone</filename> file:
220<programlisting>
221$TTL 1W
222@ IN SOA @ root (
223 42 ; serial (d. adams)
224 2D ; refresh
225 4H ; retry
226 6W ; expiry
227 1W ) ; minimum
228
229 IN NS @
230 IN A 127.0.0.1
231 </programlisting>
232 </para>
233
234 <para>
235 The <filename>/var/named/127.0.0.zone</filename> file:
236<programlisting>
237$TTL 1W
238@ IN SOA localhost. root.localhost. (
239 42 ; serial (d. adams)
240 2D ; refresh
241 4H ; retry
242 6W ; expiry
243 1W ) ; minimum
244
245 IN NS localhost.
2461 IN PTR localhost.
247</programlisting>
248 </para>
249
250 <para>
251 The <filename>/var/named/quenya.org.host</filename> file:
252<programlisting>
253$ORIGIN .
254$TTL 38400 ; 10 hours 40 minutes
255quenya.org IN SOA marvel.quenya.org. root.quenya.org. (
256 2003021832 ; serial
257 10800 ; refresh (3 hours)
258 3600 ; retry (1 hour)
259 604800 ; expire (1 week)
260 38400 ; minimum (10 hours 40 minutes)
261 )
262 NS marvel.quenya.org.
263 MX 10 mail.quenya.org.
264$ORIGIN quenya.org.
265frodo A 192.168.1.1
266marvel A 192.168.1.2
267;
268mail CNAME marvel
269www CNAME marvel
270</programlisting>
271</para>
272
273<para>
274 The <filename>/var/named/192.168.1.0.rev</filename> file:
275<programlisting>
276$ORIGIN .
277$TTL 38400 ; 10 hours 40 minutes
2781.168.192.in-addr.arpa IN SOA marvel.quenya.org. root.quenya.org. (
279 2003021824 ; serial
280 10800 ; refresh (3 hours)
281 3600 ; retry (1 hour)
282 604800 ; expire (1 week)
283 38400 ; minimum (10 hours 40 minutes)
284 )
285 NS marvel.quenya.org.
286$ORIGIN 1.168.192.in-addr.arpa.
2871 PTR frodo.quenya.org.
2882 PTR marvel.quenya.org.
289</programlisting>
290 </para>
291
292 <para>
293<indexterm><primary>BIND</primary></indexterm>
294<indexterm><primary>dynamic registration files</primary></indexterm>
295 The configuration files shown here were copied from a fully working system. All dynamically registered
296 entries have been removed. In addition to these files, BIND version 9 will
297 create for each of the dynamic registration files a file that has a
298 <filename>.jnl</filename> extension. Do not edit or tamper with the configuration
299 files or with the <filename>.jnl</filename> files that are created.
300 </para>
301
302 </sect2>
303
304 <sect2 id="DHCP">
305 <title>DHCP Server</title>
306
307 <para>
308 The following file is used with the ISC DHCP Server version 3.
309 The file is located in <filename>/etc/dhcpd.conf</filename>:
310 </para>
311
312 <para>
313 <programlisting>
314ddns-updates on;
315ddns-domainname "quenya.org";
316option ntp-servers 192.168.1.2;
317ddns-update-style ad-hoc;
318allow unknown-clients;
319default-lease-time 86400;
320max-lease-time 172800;
321
322option domain-name "quenya.org";
323option domain-name-servers 192.168.1.2;
324option netbios-name-servers 192.168.1.2;
325option netbios-dd-server 192.168.1.2;
326option netbios-node-type 8;
327
328subnet 192.168.1.0 netmask 255.255.255.0 {
329 range dynamic-bootp 192.168.1.60 192.168.1.254;
330 option subnet-mask 255.255.255.0;
331 option routers 192.168.1.2;
332 allow unknown-clients;
333}
334</programlisting>
335 </para>
336
337 <para>
338 In this example, IP addresses between 192.168.1.1 and 192.168.1.59 are
339 reserved for fixed-address (commonly called <constant>hard-wired</constant>) IP addresses. The
340 addresses between 192.168.1.60 and 192.168.1.254 are allocated for dynamic use.
341 </para>
342
343 </sect2>
344
345</sect1>
346</chapter>
Note: See TracBrowser for help on using the repository browser.