{"id":235,"date":"2020-11-10T13:40:41","date_gmt":"2020-11-10T13:40:41","guid":{"rendered":"https:\/\/blog.inplico.uk\/?p=235"},"modified":"2023-09-12T09:45:18","modified_gmt":"2023-09-12T08:45:18","slug":"dhcp-and-bind","status":"publish","type":"post","link":"https:\/\/blog.inplico.uk\/?p=235","title":{"rendered":"DHCP and Bind"},"content":{"rendered":"

If you wish to use your server as a dhcp server then you need to make sure that bind9 and the dhcp server can talk to each other.\u00a0 You should already have bind installed and running as expected at this point.\u00a0 Next thing to do is install your dhcp server<\/p>\n

# apt install isc-dhcp-server<\/pre>\n
Debian will probably attempt to start the DHCP server at this point and that may very well fail; Don’t worry about that. Next thing to do is to edit a couple of configuration files.\u00a0 The first of these tells the server which interface to listen on.<\/p>\n
Open \/etc\/default\/isc-dhcp-server and edit the INTERFACESv4 directive as instructed in the file.\u00a0 In my example I only want to provide ip addresses on the local network which is served by the interface “eno1” on my Dell server.<\/p>\n
INTERFACESv4=\"eno1\"<\/pre>\n
The next thing to do is update our rndc key (this is not strictly necessary as it is generated automatically on installation, but it is not a bad idea to update it every once in a while).<\/p>\n
# rndc-confgen -a -b 512<\/pre>\n
This will automatically generate (or regenerate a file called rndc.key<\/strong> in \/etc\/bind<\/strong>.\u00a0 Once it is generated you are advised to copy it over to your dhcp configuration directory and restrict its permissions Note: COPY not MOVE!<\/p>\n
# mkdir \/etc\/dhcp\/ddns-keys\r\n# cp \/etc\/bind\/rndc.key \/etc\/dhcp\/ddns-keys\r\n# chmod 640 \/etc\/dhcp\/ddns-keys\/rndc.key<\/pre>\n
Moving on to your dns configuration, navigate to your \/etc\/bind<\/strong> directory and edit named.conf<\/strong> in order to make bind aware of the rndc key by adding the following line:<\/p>\n
include \"\/etc\/bind\/rndc.key\";<\/pre>\n
Now you need to tell bind that you want to allow anything that presents the rndc key to have permission to edit the zone file.<\/p>\n
zone \"mydomain.lan\" IN {\r\n                type master;\r\n                file \"named.mydomain.lan\";\r\n                allow-update {\r\n                        key rndc-key;\r\n                };\r\n\r\n        };\r\n<\/pre>\n
Your zone may look different but the important bit is the allow-update stanza.\u00a0 You may have additional lines in here, but you need the key rndc-key<\/strong> directive to allow dhcp to use the key in order to update the zone file.<\/p>\n
Finally you can move on to edit the dhcpd.conf file in the \/etc\/dhcp folder:<\/p>\n
First we what to change the ddns-style to “standard”<\/p>\n
ddns-update-style standard;\r\n<\/pre>\n
Now we want to add the following lines:<\/p>\n
allow unknown-clients;\r\nuse-host-decl-names on;\r\n\r\ninclude \"\/etc\/dhcp\/ddns-keys\/rndc.key\";\r\n<\/pre>\n
This tells the server that we want to be able to assign dhcp addresses to unknown clients (which is usually what dhcp servers do) and that we want to use the name supplied by the client in order to identify it (which again is pretty standard stuff.\u00a0 Finally our include directive tells the server where to look for the rndc key file for authentication purposes.<\/p>\n
The last part of the configuration is going to be specific for your particular environment, but it is fairly self explanatory once you have the syntax right:<\/p>\n
zone mydomain.lan. {\r\n        primary 172.17.1.20;\r\n        key rndc-key;\r\n}\r\n<\/pre>\n
The zone directive is very similar to the declaration in named.conf.default-zones.\u00a0 The “primary” directive refers to the address of the primary dns server.<\/p>\n
The following will assign ip addresses in the range 172.18.20.1 172.18.20.254 and update the zone mydomain.lan with any new clients.\u00a0 It will set the router\/gateway on the client and the name servers as well as setting the domain name so that you do not have to use the full fqdn when trying to connect to the server or other clients on the network.<\/p>\n
subnet 172.18.0.0 netmask 255.255.0.0 {\r\n    range 172.18.20.1 172.18.20.254;\r\n    option subnet-mask 255.255.0.0;\r\n    option broadcast-address 172.18.255.255;\r\n    option routers 172.18.1.1;\r\n    option domain-name-servers 172.18.1.1, 80.229.182.240;\r\n    option domain-name \"mydomain.lan\";\r\n    ddns-domainname \"mydomain.lan\";\r\n}\r\n<\/pre>\n
That should be about it, your server should now start, albeit I had to reboot one of mine in order to get this to work, but that may have been down to a few misconfiguration attempts before I got it right.<\/p>\n
 <\/p>\n
BINDING MAC ADDRESSES TO IP ADDRESSES<\/strong><\/p>\n
This is as simple adding<\/p>\n
host client_hostname {\r\n    hardware ethernet cl:ie:nt:ma:ca:dr:35;\r\n    fixed-address xxx.xxx.xxx.xxx\r\n}\r\n<\/pre>\n
for each bound client.<\/p>\n
 <\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
If you wish to use your server as a dhcp server then you need to make sure that bind9 and the dhcp server can talk to each other.\u00a0 You should already have bind installed and running as expected at this point.\u00a0 Next thing to do is install your dhcp server # apt install isc-dhcp-server Debian […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-235","post","type-post","status-publish","format-standard","hentry","category-debian-server"],"_links":{"self":[{"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/posts\/235","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=235"}],"version-history":[{"count":7,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/posts\/235\/revisions"}],"predecessor-version":[{"id":481,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=\/wp\/v2\/posts\/235\/revisions\/481"}],"wp:attachment":[{"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=235"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=235"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.inplico.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=235"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}