Re: DNS + DHCP
Am Dienstag, 18. Februar 2003 15:30 schrieb Paul Johnson:
> On Mon, Feb 17, 2003 at 08:37:06AM -0600, Jeffrey L. Taylor wrote:
> > They work okay together using Dynamic DNS (not things like dyndns.org,
> > same name, different process). You can use TSIG (IIRC) to securely
> > authenticate updates.
>
> I tried before a couple times, and never could get it to work. I'd
> prefer to use IP ranges on my home network for authentication, but
> still didn't manage to make it work. Any pointers from anybody who
> has prodded it into production?
Bind 9 is able to receive dynamic updates by default. Important is
"allow-update" per zone. "localhost" is mandatory if dhcp is running on the
same machine. And : don't forget the reverse zone.
Some lines from a /etc/bind/named.conf.
...
zone "essignetz.de.local" {
type master;
file "/etc/bind/db.essignetz.de.local";
allow-update { 192.168.0.1; 127.0.0.1; };
};
zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192.168.0";
allow-update { 192.168.0.1; 127.0.0.1; };
};
...
/etc/dhcp3/dhcp.conf
---
ddns-update-style interim;
option domain-name "essignetz.de.local";
default-lease-time 60000;
max-lease-time 720000;
# Interface eth1 :
subnet 192.168.0.0 netmask 255.255.255.0
{
authoritative;
....
}
---
If you need keying for security reasons, you should man "dhcpd.conf" and look
for the point "DYNAMIC DNS UPDATE SECURITY".
Willi
Reply to: