Configuring Dynamic DNS with DHCP on Centos 7 / RHEL 7

Last Updated on

Dynamic DNS or DDNS, is useful for dynamically assigning host names to non-static IP addresses.  To configure this we need to modify the configuration of BIND and DHCPD.  The communication that occurs between the two services is encrypted via an “RNDC-KEY” or rather, a simple hashed out string specified in both config files to communicate securely.

First, let’s install both the DHCP and BIND servers:

1
2
yum install -y dhcpd
yum install -y bind

Next you can generate an RNDC key / secret by executing rndc-confgen.  This output can be observed in /etc/rndc.conf.  Copy the [key] section of this file to /etc/rndc.key if you prefer to use includes rather than hard coding it into your config files – these example config files use the (less secure) hard coding method.

Contents of local /etc/dhcp/dhcpd.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
//
// dhcpd.conf
//
allow client-updates;
# include "/etc/rndc.key";
option ntp-servers 192.168.2.1;
ddns-updates on;
option domain-name-servers 192.168.2.1;
option domain-name "vassox.local";
option broadcast-address 192.168.2.255;
option domain-search "vassox.local";
option routers 192.168.2.1;
ddns-rev-domainname "in-addr.arpa";
ignore client-updates;
allow unknown-clients;

key rndc-key {
algorithm hmac-md5;
secret "HjHWuFbJvHTCp0xT0gzoiw==";
}

update-static-leases on;
ddns-update-style interim;
ddns-rev-domainname "in-addr.arpa.";
ddns-domainname "vassox.local";

default-lease-time 600;
max-lease-time 7200;

# vassox.local

# local_DHCP
subnet 192.168.2.0 netmask 255.255.255.0 {
allow client-updates;
ddns-updates on;
range 192.168.2.150 192.168.2.200;
}

# vassoxlocal
zone vassox.local. {
primary 192.168.2.1;
key rndc-key;
}

Contents of local /etc/named.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
//
// named.conf
//

key rndc-key {
algorithm hmac-md5;
secret "HjHWuFbJvHTCp0xT0gzoiw==";
};

acl goodclients {
192.168.2.0/24;
127.0.0.1;
localhost;
localnets;
};

options {
listen-on port 53 { 127.0.0.1; 192.168.2.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { goodclients; };

forwarders {
176.103.130.130;
176.103.130.131;
};

recursion yes;

dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key"; };

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

#zone "2.168.192.in-addr.arpa" IN {
#type master;
#file "/var/named/2.168.192.in-addr.arpa";
#}

zone "vassox.local" {
type master;
file "/var/named/vassox.local.hosts";
#file "/zones/vassox.local.hosts";
allow-update { goodclients;};
allow-query { goodclients;};
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
};

If you follow this guide and still experience issues, it is most likely due to a zone configuration issue, either with file permissions on the bind /var/ dir.

Lima

About the author

Lima is the visual nautical indicator for "stop instantly."

Comments

Leave a Reply