Public domain
# dnssec-keygen -a hmac-md5 -b 128 -n USER dhcpupdate
Kdhcpupdate.+157+30215
# ls
Kdhcpupdate.+157+30215.key Kdhcpupdate.+157+30215.private
# cat Kdhcpupdate.+157+30215.key
dhcpupdate. IN KEY 0 3 157 EFRHY4Vd4rOqbwphd5yGNA==
# cat Kdhcpupdate.+157+30215.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: EFRHY4Vd4rOqbwphd5yGNA==
Bits: AAA=
if you run dnssec-keygen on virtual machines and it hangs for a while, add '-r /dev/urandom' option to dnssec-keygen command line.
options {
directory "/var/named";
};
zone "." IN {
type hint;
file "caching-example/named.root";
};
zone "localhost" IN {
type master;
file "caching-example/localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "caching-example/named.local";
allow-update { none; };
};
key dhcpupdate {
algorithm hmac-md5;
secret "EFRHY4Vd4rOqbwphd5yGNA==";
};
zone "example.com" {
type master;
file "example.com.fwd";
allow-update { key dhcpupdate; };
};
zone "1.16.172.in-addr.arpa" {
type master;
file "example.com.rev";
allow-update { key dhcpupdate; };
};
$TTL 1D
$ORIGIN example.com.
@ SOA ns hostmaster (
2012150700 ; sn
1H ; ref
10M ; ret
1W ; exp
3H ) ; min
NS ns
ns A 172.16.1.2
$TTL 1D
$ORIGIN 1.16.172.in-addr.arpa.
@ SOA ns.example.com. hostmaster.example.com. (
2012071500 ; sn
1H ; ref
10M ; ret
1W ; exp
3H ) ; min
NS ns1.example.com.
2 PTR ns1.example.com.
chmod +x /etc/rc.d/rc.bind
/etc/rc.d/rc.bind restart
# nsupdate
> server 172.16.1.2
> key dhcpupdate EFRHY4Vd4rOqbwphd5yGNA==
> zone example.com
> update add laptop.example.com. 600 IN A 172.16.1.50
> send
> zone 1.16.172.in-addr.arpa
> update add 50.1.16.172.in-addr.arpa 600 IN PTR laptop.example.com.
> send
> quit
# dig +short @172.16.1.2 laptop.example.com
172.16.1.50
# dig +short @172.16.1.2 -x 172.16.1.50
laptop.example.com.
# nsupdate
> server 172.16.1.2
> key dhcpupdate EFRHY4Vd4rOqbwphd5yGNA==
> zone example.com
> update delete laptop.example.com.
> send
> zone 1.16.172.in-addr.arpa
> update delete 50.1.16.172.in-addr.arpa
> send
> quit
if your named server refused to start with the following warning logs:
journal rollforward failed: journal out of sync with zone
delete .jnl files and restart bind:
cd /var/named
rm *.jnl
/etc/rc.d/rc.bind restart
ddns-update-style interim;
update-static-leases on;
default-lease-time 300;
max-lease-time 3600;
key dhcpupdate {
algorithm hmac-md5;
secret EFRHY4Vd4rOqbwphd5yGNA==;
}
zone example.com. {
primary 172.16.1.2;
key dhcpupdate;
}
zone 1.16.172.in-addr.arpa. {
primary 172.16.1.2;
key dhcpupdate;
}
subnet 172.16.1.0 netmask 255.255.255.0 {
option routers 172.16.1.2;
option subnet-mask 255.255.255.0;
option domain-name-servers 37.152.160.18, 8.8.8.8;
range 172.16.1.100 172.16.1.200;
ddns-domainname "example.com";
ddns-hostname = concat(binary-to-ascii(10, 8, "-", leased-address), ".dynamic");
#ddns-hostname = binary-to-ascii (16, 8, "-", substring (hardware, 1, 6));
host webserver {
hardware ethernet 3e:4b:37:00:82:00;
fixed-address 172.16.1.50;
ddns-hostname "www";
ddns-domainname "example.com";
}
}
touch /var/state/dhcp/dhcpd.leases
dhcpd
# dig +short @172.16.1.2 172-16-1-100.dynamic.example.com
172.16.1.100
# dig +short @172.16.1.2 -x 172.16.1.100
172-16-1-100.dynamic.example.com.
# dig +short @172.16.1.2 www.example.com
172.16.1.50
# dig +short @172.16.1.2 -x 172.16.1.50
www.example.com.
rndc freeze example.com
rndc freeze 1.16.172.in-addr.arpa
rndc thaw example.com
rndc thaw 1.16.172.in-addr.arpa
man dhcpd.conf
man dhcp-eval
BY: Pejman Moghadam
TAG: dhcpd, bind, ddns, dns
DATE: 2012-07-15 14:04:49