6 <title>DNS and DHCP Configuration Guide</title>
9 <title>Features and Benefits</title>
12 There are few subjects in the UNIX world that might raise as much contention as
13 Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP).
14 Not all opinions held for or against particular implementations of DNS and DHCP
19 We live in a modern age where many information technology users demand mobility
20 and freedom. Microsoft Windows users in particular expect to be able to plug their
21 notebook computer into a network port and have things <quote>just work.</quote>
25 UNIX administrators have a point. Many of the normative practices in the Microsoft
26 Windows world at best border on bad practice from a security perspective.
27 Microsoft Windows networking protocols allow workstations to arbitrarily register
28 themselves on a network. Windows 2000 Active Directory registers entries in the DNS name space
29 that are equally perplexing to UNIX administrators. Welcome to the new world!
34 <indexterm><primary>ISC</primary><secondary>DNS</secondary></indexterm>
35 <indexterm><primary>ISC</primary><secondary>DHCP</secondary></indexterm>
36 The purpose of this chapter is to demonstrate the configuration of the Internet
37 Software Consortium (ISC) DNS and DHCP servers to provide dynamic services that are
38 compatible with their equivalents in the Microsoft Windows 2000 Server products.
42 The purpose of this chapter is to provide no more than a working example of
43 configuration files for both DNS and DHCP servers. The examples used match
44 configuration examples used elsewhere in this document.
48 This chapter explicitly does not provide a tutorial, nor does it pretend to be
49 a reference guide on DNS and DHCP, as this is well beyond the scope and intent
50 of this document as a whole. Anyone who wants more detailed reference materials
51 on DNS or DHCP should visit the ISC Web sites at <ulink noescape="1" url="http://www.isc.org">
52 http://www.isc.org</ulink>. Those wanting a written text might also be interested
53 in the O'Reilly publications on these two subjects.
59 <title>Example Configuration</title>
62 The domain name system is to the Internet what water is to life. By it nearly all
63 information resources (host names) are resolved to their Internet protocol (IP) address.
64 Windows networking tried hard to avoid the complexities of DNS, but alas, DNS won.
65 <indexterm><primary>WINS</primary></indexterm>
66 The alternative to DNS, the Windows Internet Name Service (WINS) an artifact of
67 NetBIOS networking over the TCP/IP protocols, has demonstrated scalability problems as
68 well as a flat non-hierarchical name space that became unmanageable as the size and
69 complexity of information technology networks grew.
73 WINS is a Microsoft implementation of the RFC1001/1002 NetBIOS Name Service (NBNS).
74 It allows NetBIOS clients (like Microsoft Windows Machines) to register an arbitrary
75 machine name that the administrator or user has chosen together with the IP
76 address that the machine has been given. Through the use of WINS, network client machines
77 could resolve machine names to their IP address.
81 The demand for an alternative to the limitations of NetBIOS networking finally drove
82 Microsoft to use DNS and Active Directory. Microsoft's new implementation attempts
83 to use DNS in a manner similar to the way that WINS is used for NetBIOS networking.
84 Both WINS and Microsoft DNS rely on dynamic name registration.
88 Microsoft Windows clients can perform dynamic name registration to the DNS server
89 on start-up. Alternately, where DHCP is used to assign workstation IP addresses,
90 it is possible to register host names and their IP address by the DHCP server as
91 soon as a client acknowledges an IP address lease. Lastly, Microsoft DNS can resolve
92 hostnames via Microsoft WINS.
96 The following configurations demonstrate a simple insecure Dynamic DNS server and
97 a simple DHCP server that matches the DNS configuration.
101 <title>Dynamic DNS</title>
104 <indexterm><primary>DNS</primary><secondary>Dynamic</secondary></indexterm>
105 The example DNS configuration is for a private network in the IP address
106 space for network 192.168.1.0/24. The private class network address space
107 is set forth in RFC1918.
112 <indexterm><primary>BIND</primary></indexterm>
113 It is assumed that this network will be situated behind a secure firewall.
114 The files that follow work with ISC BIND version 9. BIND is the Berkeley
115 Internet Name Daemon. The following configuration files are offered:
119 The master configuration file for <filename>/etc/named.conf</filename>
120 determines the location of all further configuration files used.
121 The location and name of this file is specified in the start-up script
122 that is part of the operating system.
123 <smbfile name="named.conf">
125 # Quenya.Org configuration file
134 directory "/var/named";
135 listen-on-v6 { any; };
148 # The following three zone definitions do not need any modification.
149 # The first one defines localhost while the second defines the
150 # reverse lookup for localhost. The last zone "." is the
151 # definition of the root name servers.
153 zone "localhost" in {
155 file "localhost.zone";
158 zone "0.0.127.in-addr.arpa" in {
168 # You can insert further zone records for your own domains below.
172 file "/var/named/quenya.org.hosts";
184 zone "1.168.192.in-addr.arpa" {
186 file "/var/named/192.168.1.0.rev";
202 The following files are all located in the directory <filename>/var/named</filename>.
203 This is the <filename>/var/named/localhost.zone</filename> file:
204 <smbfile name="localhost.zone">
208 42 ; serial (d. adams)
221 The <filename>/var/named/127.0.0.zone</filename> file:
222 <smbfile name="127.0.0.0.zone">
225 @ IN SOA localhost. root.localhost. (
226 42 ; serial (d. adams)
239 The <filename>/var/named/quenya.org.host</filename> file:
240 <smbfile name="quenya.org.host">
243 $TTL 38400 ; 10 hours 40 minutes
244 quenya.org IN SOA marvel.quenya.org. root.quenya.org. (
246 10800 ; refresh (3 hours)
247 3600 ; retry (1 hour)
248 604800 ; expire (1 week)
249 38400 ; minimum (10 hours 40 minutes)
251 NS marvel.quenya.org.
252 MX 10 mail.quenya.org.
264 The <filename>/var/named/192.168.1.0.rev</filename> file:
265 <smbfile name="192.168.1.0.rev">
268 $TTL 38400 ; 10 hours 40 minutes
269 1.168.192.in-addr.arpa IN SOA marvel.quenya.org. root.quenya.org. (
271 10800 ; refresh (3 hours)
272 3600 ; retry (1 hour)
273 604800 ; expire (1 week)
274 38400 ; minimum (10 hours 40 minutes)
276 NS marvel.quenya.org.
277 $ORIGIN 1.168.192.in-addr.arpa.
278 1 PTR frodo.quenya.org.
279 2 PTR marvel.quenya.org.
285 The above were copied from a fully working system. All dynamically registered
286 entries have been removed. In addition to these files, BIND version 9 will
287 create for each of the dynamic registration files a file that has a
288 <filename>.jnl</filename> extension. Do not edit or tamper with the configuration
289 files or with the <filename>.jnl</filename> files that are created.
295 <title>DHCP Server</title>
298 The following file is used with the ISC DHCP Server version 3.
299 The file is located in <filename>/etc/dhcpd.conf</filename>:
303 <smbfile name="dhcpd.conf">
306 ddns-domainname "quenya.org";
307 option ntp-servers 192.168.1.2;
308 ddns-update-style ad-hoc;
309 allow unknown-clients;
310 default-lease-time 86400;
311 max-lease-time 172800;
313 option domain-name "quenya.org";
314 option domain-name-servers 192.168.1.2;
315 option netbios-name-servers 192.168.1.2;
316 option netbios-dd-server 192.168.1.2;
317 option netbios-node-type 8;
319 subnet 192.168.1.0 netmask 255.255.255.0 {
320 range dynamic-bootp 192.168.1.60 192.168.1.254;
321 option subnet-mask 255.255.255.0;
322 option routers 192.168.1.2;
323 allow unknown-clients;
330 In the above example, IP addresses between 192.168.1.1 and 192.168.1.59 are
331 reserved for fixed address (commonly called <constant>hard-wired</constant>) IP addresses. The
332 addresses between 192.168.1.60 and 192.168.1.254 are allocated for dynamic use.