Dynamic DNS or DDNS, is useful for dynamically assigning host names to non-static IP addresses. To configure this we need to modify the configuration of BIND and DHCPD. The communication that occurs between the two services is encrypted via an “RNDC-KEY” or rather, a simple hashed out string specified in both config files to communicate securely.
First, let’s install both the DHCP and BIND servers:
1 2 | yum install -y dhcpd yum install -y bind |
Next you can generate an RNDC key / secret by executing rndc-confgen. This output can be observed in /etc/rndc.conf. Copy the [key] section of this file to /etc/rndc.key if you prefer to use includes rather than hard coding it into your config files – these example config files use the (less secure) hard coding method.
Contents of local /etc/dhcp/dhcpd.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | // // dhcpd.conf // allow client-updates; # include "/etc/rndc.key"; option ntp-servers 192.168.2.1; ddns-updates on; option domain-name-servers 192.168.2.1; option domain-name "vassox.local"; option broadcast-address 192.168.2.255; option domain-search "vassox.local"; option routers 192.168.2.1; ddns-rev-domainname "in-addr.arpa"; ignore client-updates; allow unknown-clients; key rndc-key { algorithm hmac-md5; secret "HjHWuFbJvHTCp0xT0gzoiw=="; } update-static-leases on; ddns-update-style interim; ddns-rev-domainname "in-addr.arpa."; ddns-domainname "vassox.local"; default-lease-time 600; max-lease-time 7200; # vassox.local # local_DHCP subnet 192.168.2.0 netmask 255.255.255.0 { allow client-updates; ddns-updates on; range 192.168.2.150 192.168.2.200; } # vassoxlocal zone vassox.local. { primary 192.168.2.1; key rndc-key; } |
Contents of local /etc/named.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | // // named.conf // key rndc-key { algorithm hmac-md5; secret "HjHWuFbJvHTCp0xT0gzoiw=="; }; acl goodclients { 192.168.2.0/24; 127.0.0.1; localhost; localnets; }; options { listen-on port 53 { 127.0.0.1; 192.168.2.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { goodclients; }; forwarders { 176.103.130.130; 176.103.130.131; }; recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; #zone "2.168.192.in-addr.arpa" IN { #type master; #file "/var/named/2.168.192.in-addr.arpa"; #} zone "vassox.local" { type master; file "/var/named/vassox.local.hosts"; #file "/zones/vassox.local.hosts"; allow-update { goodclients;}; allow-query { goodclients;}; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; }; }; |
If you follow this guide and still experience issues, it is most likely due to a zone configuration issue, either with file permissions on the bind /var/ dir.
Comments