DNS in a small network

Hi there,

I would like to know how to setup a DHCP-DNS server combination on my small
network having around 25 computers in order to achive the following:

- DHCP to automatically update DNS
- DNS resolve names of local computers on my single class C network:
192.168.105.0
- Using BIND & ISC DHCP

I do not have a registered domain name, just a workgroup name and I would
like to forward all unresolved names coming from computers on my lan to my
ISP name server.

Is it feasible. I found many examples but they all start by assuming that I
have a registered domain name.

I want a DNS to quickly find a machine by its name on my lan.

Thanks for links, comments or suggestion.

JP

Kashmir wrote:
> Hi there,
>
> I would like to know how to setup a DHCP-DNS server combination on my small
> network having around 25 computers in order to achive the following:
>
> - DHCP to automatically update DNS
> - DNS resolve names of local computers on my single class C network:
> 192.168.105.0
> - Using BIND & ISC DHCP
>
> I do not have a registered domain name, just a workgroup name and I would
> like to forward all unresolved names coming from computers on my lan to my
> ISP name server.
>
> Is it feasible. I found many examples but they all start by assuming that I
> have a registered domain name.
>
> I want a DNS to quickly find a machine by its name on my lan.
>

It may be sufficient to run dnsmasq on the router
computer and setting the local computers into the
/etc/hosts file of the router.

dnsmasq is decades easier to configure and maintain
then any of the BIND family servers.

With a limited count of client computers, the
easiest way maght be to assign fixed IP's to
each in the DHCPD configuration.

HTH

--

Tauno Voipio
tauno voipio (at) iki fi

Kashmir wrote:
> Hi there,
>
> I would like to know how to setup a DHCP-DNS server combination on my small
> network having around 25 computers in order to achive the following:
>
> - DHCP to automatically update DNS
> - DNS resolve names of local computers on my single class C network:
> 192.168.105.0
> - Using BIND & ISC DHCP
>
> I do not have a registered domain name, just a workgroup name and I would
> like to forward all unresolved names coming from computers on my lan to my
> ISP name server.
>
> Is it feasible.

Yes. I do this at home using ISC Bind + DHCP...

> I found many examples but they all start by assuming that I
> have a registered domain name.

As long as you don't need connectivity from the outside into your
network you can use a completely bogus domain for your internal
machines, served up by your dns server, and then forward all other
requests to your ISP's dns.
For example, I use something.home for my "internal" domain. So machines
are server.something.home, workstation.something.home, etc. They all
resolve all something.home names just fine, and requests to the "real"
world are simply forwarded + resolved. Works great. And since I use
..home which doesn't exist in the "real" world I can be sure my "domain"
won't conflict with a real one...You can of course use any top level
domain that doesn't really exist - .fred, .linux, .whatever-you-want.
Bind doesn't care.

>
> I want a DNS to quickly find a machine by its name on my lan.
>
> Thanks for links, comments or suggestion.

The existing documentation/How-to's *should* be enough to get you going.
Basically you have 3 things to setup...
- A caching server to forward requests to your ISP's server(s)
- An "internal" domain for resolving machines on your LAN
- Integrating DNS and DHCP - I.E. Dynamic DNS

I did it in that order...Mostly because it seemed the steps were easiest
to most difficult in that order. And it worked out that way for me.
The caching server was trivial to get going. The internal domain
slightly more involved, but not hard. Getting DHCP integrated a little
difficult ( for me anyway ). Getting DHCP running wasn't hard, it was
just getting it integrated with bind that took me a while.

As another post recommended, dnsmasq also works quite well for small set
ups. And that is *very* easy to get going. It just doesn't scale quite
as well. I also noticed *slightly* quicker resolution using bind for
requests that are forwarded to the external dns servers, but YMMV on that.
All in all it was a good learning experience for me...

--
- Matt -

"Kashmir" <(E-Mail Removed)> wrote in message
news:kMkse.9178$(E-Mail Removed). ..
> Hi there,
>
> I would like to know how to setup a DHCP-DNS server combination on my
> small network having around 25 computers in order to achive the following:
>
> - DHCP to automatically update DNS
> - DNS resolve names of local computers on my single class C network:
> 192.168.105.0
> - Using BIND & ISC DHCP
>
> I do not have a registered domain name, just a workgroup name and I would
> like to forward all unresolved names coming from computers on my lan to my
> ISP name server.
>
> Is it feasible. I found many examples but they all start by assuming that
> I have a registered domain name.
>
> I want a DNS to quickly find a machine by its name on my lan.
>
> Thanks for links, comments or suggestion.
>
> JP
>

Kashmir,

I believe you were looking for a live, working, example. Ok..
Here is what I do....

DHCP server, serves up IP addresses in the range of
10.0.0.127->10.0.0.253
DNS server, (with dynamic update support) resolves names
in private zone. ( Not a registered domain )
Windows, Linux, Solaris, and BSD clients, get DHCP assigned IP
addresses, along with their default route, pop server, smtp server,
ntp server, and news server, All via DHCP. Windows, Linux, Solaris,
and BSD DHCP clients all update DNS server with dynamic updates.
DNS server is a caching server. Resolves private names, forwards
and caches requests that are not within the private domain.

Below are the changes to the system that make it all work.

Notes: In this example, the DNS/DDNS server is at 10.0.0.254,
and the DHCP server is also at 10.0.0.254. The
external network is on eth0, and the private lan
is on eth1. The DHCP clients are all in 10.0.0.*
subnet. You can edit this scripts and change this
easily to another IANA reserved space, if you wish.
Most of these scripts must be edited, by you, to match
your environment. ( IP addresses of everything, interface
to use, and so on. DON'T JUST RUN THIS WITHOUT
EDITING IT.
The changes below were done to a RedHat box, if you're
on another distro, then you milage will vary :-)

Suggestion: You probably want to do some reading on the HOW-TOs
so you'll understand the example below, and know how
to make modifications to it, for your environment.

And away we go....

Firewall/DHCP/DNS/DDNS node:

/etc/named.conf
------------------------------------------------
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." {
type hint;
file "named.ca";
};

zone "0.0.127.in-addr.arpa" {
notify no;
type master;
file "named.local";
};

zone "home.org" {
notify no;
type master;
allow-update {
10.0.0.254/24;
};
file "zone/home.org";
};

zone "0.0.10.in-addr.arpa" {
notify no;
type master;
allow-update {
10.0.0.254/24;
};
file "zone/10.0.0";
};
--------------------------

/etc/dhcpd.conf

( Note: The config tells the DHCP clients a bunch of stuff
Their IP address, their news server, time server, mail server,
DNS server, default route, and so on. It is also using
dynamic dns updates, so when the Windows clients get
their IP, they will register with the DNS server and become
visible to all of the other systems in the net.
This config will hand out IP addresses from 10.0.0.127 to
10.0.0.253. This is so you can use the lower addresses
for any clients that want static IP addresses.
The address range 10.0.0.* is what I have my NAT (iptables)
setup to provide for the internal network.

------------------------------
authoritative;
default-lease-time 7200;
max-lease-time 86400;
min-lease-time 86400;
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option routers 10.0.0.254;
option domain-name-servers 10.0.0.254;
option domain-name "home.org";
option nntp-server 79.45.49.11;
option ntp-servers 72.5.41.41;
option pop-server 26.46.170.10;
option smtp-server 26.46.170.8;
ddns-update-style interim;
ddns-updates on;
allow-client-updates;

subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.127 10.0.0.253;
}
----------------------

/var/named/localhost.zone
----------------------
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

1D IN NS @
1D IN A 127.0.0.1
------------------------

/var/named/named.ca
------------------------
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.root
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 29, 2004
; related version of root zone: 2004012900
;
;
; formerly NS.INTERNIC.NET
;
.. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
.. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
.. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
.. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
.. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
.. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
.. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
.. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
.. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
.. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; operated by RIPE NCC
;
.. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by ICANN
;
.. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; operated by WIDE
;
.. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
----------------------

/var/named/named.local
-----------------------
$TTL 86400
@ IN SOA home.org. root.home.org. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS 127.0.0.1.

1 IN PTR localhost.
-----------------------

/var/named/zone/10.0.0
-----------------------
$ORIGIN .
$TTL 86400 ; 1 day
0.0.10.in-addr.arpa IN SOA home.org. root.home.org. (
1999071556 ; serial
28800 ; refresh (8 hours)
14400 ; retry (4 hours)
3600000 ; expire (5 weeks 6 days 16
hours)
86400 ; minimum (1 day)
)
NS ns.home.org.
$ORIGIN 0.0.10.in-addr.arpa.
-----------------------

/var/named/zone/home.org
-----------------------
$ORIGIN .
$TTL 86400 ; 1 day
home.org IN SOA home.org. root.home.org. (
1999072040 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns.home.org.
MX 10 mail.home.org.
$TTL 3600 ; 1 hour
TXT "007d3f99ba9a82ec22ea390bd355b7bc4c"
$ORIGIN home.org.
$TTL 86400 ; 1 day
localhost A 127.0.0.1
mail A 10.0.0.254
$TTL 86400 ; 1 day
ns A 10.0.0.254
www CNAME firewall2
----------------------

/etc/rc.d/rc3.d/S35dhcpd (edited so that only eth1 offers DHCP )
--------------------
#!/bin/sh
#
# dhcpd This shell script takes care of starting and stopping
# the dhcpd services.
#
# probe: true

# Source function library.
.. /etc/rc.d/init.d/functions

# Source networking configuration.
if [ ! -f /etc/sysconfig/network ]; then
exit 0
fi

.. /etc/sysconfig/network

# See how we were called.
case "$1" in
start)
# Start daemons.
echo -n $"Starting dhcpd daemon: "
daemon /usr/sbin/dhcpd eth1
echo
;;
stop)
# Stop daemons.
echo -n $"Shutting down dhcpd: "
killproc dhcpd
echo
;;
restart)
$0 stop
$0 start
;;
*)
echo $"Usage: dhcpd {start|stop}"
exit 1
esac

exit 0
------------------------


Be sure you start /etc/rc.d/rc3.d/S35dhcpd and
/etc/rc.d/rc3.d/S45named. ( See chkconfig )


Next step:

I modified the script that tinkers with
/etc/resolv.conf, to fixup the DNS entries correctly. I only
modified a few lines of this script. If you search below
for "MODIFIED" you'll see the area that I changed.


On RedHat box:

/sbin/dhclient-script
-----------------------------
#!/bin/bash
# Network Interface Configuration System
# Parts Copyright (c) 2002 Red Hat, Inc. all rights reserved.
#
# Based on:
# dhclient-script for Linux. Dan Halbert, March, 1997.
# Updated for Linux 2.[12] by Brian J. Murrell, January 1999.

# Notes:

# 0. This script is based on the netbsd script supplied with dhcp-970306.

# 1. ifconfig down apparently deletes all relevant routes and flushes
# the arp cache, so this doesn't need to be done explicitly.

# 2. The alias address handling here has not been tested AT ALL.
# I'm just going by the doc of modern Linux ip aliasing, which uses
# notations like eth0:0, eth0:1, for each alias.

# 3. I have to calculate the network address, and calculate the broadcast
# address if it is not supplied. This might be much more easily done
# by the dhclient C code, and passed on.

function make_resolv_conf() {
if [ -n "$new_domain_name" ] || [ -n "$new_domain_name_servers" ]; then
echo '; generated by /sbin/dhclient-script' > /etc/resolv.conf
if [ -n "$new_domain_name" ]; then
echo search $new_domain_name >> /etc/resolv.conf
fi
# MODIFIED
# Add the DNS server for my network.
# Add a couple of DNS servers that I know work.The ISPs
# come last, as they stink.
#
echo nameserver 10.0.0.254 >>/etc/resolv.conf
echo nameserver 26.14.64.253 >>/etc/resolv.conf
echo nameserver 26.14.65.253 >>/etc/resolv.conf
# END OF MODIFIED
#
for nameserver in $new_domain_name_servers; do
echo nameserver $nameserver >>/etc/resolv.conf
done
fi
}

# Must be used on exit. Invokes the local dhcp client exit hooks, if any.
function exit_with_hooks() {
exit_status=$1
if [ -f /etc/dhclient-exit-hooks ]; then
. /etc/dhclient-exit-hooks
fi
# probably should do something with exit status of the local script
exit $exit_status
}

# Invoke the local dhcp client enter hooks, if they exist.
if [ -f /etc/dhclient-enter-hooks ]; then
exit_status=0
. /etc/dhclient-enter-hooks
# allow the local script to abort processing of this state
# local script must set exit_status variable to nonzero.
if [ $exit_status -ne 0 ]; then
exit $exit_status
fi
fi

# Import Red Hat Linux configuration
cd /etc/sysconfig/network-scripts;
.. /etc/sysconfig/network-scripts/network-functions
.. /etc/rc.d/init.d/functions

[ -f ../network ] && . ../network
[ -f ../networking/network ] && . ../networking/network

CONFIG=$interface

need_config ${CONFIG}

[ -f "${CONFIG}" ] || {
echo $"$0: configuration for $interface not found." >&2
exit_with_hooks 1
}

source_config

release=`uname -r`
release=`expr $release : '\(.*\)\..*'`
relminor=`echo $release |sed -e 's/[0-9]*\.\([0-9][0-9]*\)\(\..*\)*$/\1/'`
relmajor=`echo $release |sed -e 's/\([0-9][0-9]*\)\..*$/\1/'`

if [ x$new_broadcast_address != x ]; then
new_broadcast_arg="broadcast $new_broadcast_address"
fi
if [ x$old_broadcast_address != x ]; then
old_broadcast_arg="broadcast $old_broadcast_address"
fi
if [ x$new_subnet_mask != x ]; then
new_subnet_arg="netmask $new_subnet_mask"
fi
if [ x$old_subnet_mask != x ]; then
old_subnet_arg="netmask $old_subnet_mask"
fi
if [ x$alias_subnet_mask != x ]; then
alias_subnet_arg="netmask $alias_subnet_mask"
fi

if [ x$reason = xMEDIUM ]; then
# Linux doesn't do mediums (ok, ok, media).
exit_with_hooks 0
fi

if [ x$reason = xPREINIT ]; then
if [ x$alias_ip_address != x ]; then
# Bring down alias interface. Its routes will disappear too.
ifconfig $interface:0- inet 0
fi
if [ $relmajor -lt 2 ] || ( [ $relmajor -eq 2 ] && [ $relminor -eq 0 ] )
then
ifconfig $interface inet 0.0.0.0 netmask 0.0.0.0 \
broadcast 255.255.255.255 up
# Add route to make broadcast work. Do not omit netmask.
route add default dev $interface netmask 0.0.0.0
else
ifconfig $interface 0 up
fi

# We need to give the kernel some time to get the interface up.
sleep 1

exit_with_hooks 0
fi

if [ x$reason = xARPCHECK ] || [ x$reason = xARPSEND ]; then
exit_with_hooks 0
fi

if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \
[ x$reason = xREBIND ] || [ x$reason = xREBOOT ]; then

if [ -n "$new_nis_domain" ]; then
domainname "$new_nis_domain"

rm -f /etc/yp.conf
if [ -n "$new_nis_servers" ]; then
for I in $new_nis_servers; do
echo "domain $new_nis_domain server $I" >> /etc/yp.conf
done
else
echo "domain $new_nis_domain broadcast" >> /etc/yp.conf
fi
elif [ -n "$new_nis_servers" ]; then
rm -f /etc/yp.conf
for I in $new_nis_servers; do
echo "ypserver $I" >> /etc/yp.conf
done
fi

if [ -n "$new_ntp_servers" ] && [ -e /etc/ntp.conf ]; then
cat <<EOF > /etc/ntp.conf
restrict default ignore
restrict 127.0.0.1
driftfile /etc/ntp/drift
broadcastdelay 0.008
authenticate yes
keys /etc/ntp/keys
EOF
:> /etc/ntp/step-tickers
for I in $new_ntp_servers; do
echo "server $I" >> /etc/ntp.conf
echo "$I" >> /etc/ntp/step-tickers
done
fi

if [ -n "$new_host_name" ] && need_hostname; then
hostname $new_host_name
fi

if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \
[ x$alias_ip_address != x$old_ip_address ]; then
# Possible new alias. Remove old alias.
ifconfig $interface:0- inet 0
fi
if [ x$old_ip_address != x ] && [ x$old_ip_address != x$new_ip_address ];
then
# IP address changed. Bringing down the interface will delete all
routes,
# and clear the ARP cache.
ifconfig $interface inet 0 down

fi
if [ x$old_ip_address = x ] || [ x$old_ip_address != x$new_ip_address ] ||
\
[ x$reason = xBOUND ] || [ x$reason = xREBOOT ]; then

ifconfig $interface inet $new_ip_address $new_subnet_arg \
$new_broadcast_arg
# Add a network route to the computed network address.
if [ $relmajor -lt 2 ] || \
( [ $relmajor -eq 2 ] && [ $relminor -eq 0 ] ); then
route add -net $new_network_number $new_subnet_arg dev $interface
fi
for router in $new_routers; do
route add default gw $router
done
fi
if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address !=
x ];
then
ifconfig $interface:0- inet 0
ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
route add -host $alias_ip_address $interface:0
fi
if [ "${PEERDNS}" != "no" ]; then
make_resolv_conf
fi
exit_with_hooks 0
fi

if [ x$reason = xEXPIRE ] || [ x$reason = xFAIL ] || [ x$reason = xRELEASE ]
\
|| [ x$reason = xSTOP ]; then
if [ x$alias_ip_address != x ]; then
# Turn off alias interface.
ifconfig $interface:0- inet 0
fi
if [ x$old_ip_address != x ]; then
# Shut down interface, which will delete routes and clear arp cache.
ifconfig $interface inet 0 down
fi
if [ x$alias_ip_address != x ]; then
ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
route add -host $alias_ip_address $interface:0
fi
exit_with_hooks 0
fi

if [ x$reason = xTIMEOUT ]; then
if [ x$alias_ip_address != x ]; then
ifconfig $interface:0- inet 0
fi
ifconfig $interface inet $new_ip_address $new_subnet_arg \
$new_broadcast_arg
set $new_routers
if ping -q -c 1 -w 10 $1; then
if [ x$new_ip_address != x$alias_ip_address ] && \
[ x$alias_ip_address != x ]; then
ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
route add -host $alias_ip_address dev $interface:0
fi
if [ $relmajor -lt 2 ] || \
( [ $relmajor -eq 2 ] && [ $relminor -eq 0 ] ); then
route add -net $new_network_number
fi
for router in $new_routers; do
route add default gw $router
done
if [ "${PEERDNS}" != "no" ]; then
make_resolv_conf
fi
exit_with_hooks 0
fi
ifconfig $interface inet 0 down
exit_with_hooks 1
fi

exit_with_hooks 0
------------------------------------------------


Just in case you run into a really bad DHCP client,
that just acts stupid, here is a way to force
feed it. Add these changes to the various files
involved. This will force a fixed IP address, from
the DHCP space to be given to a particular client,
and give this box a permanent DNS entry.

-------------------------------------
Note: The hardware ethernet address must be
edited so that it matches the MAC address of
this silly box.

/etc/dhcpd.conf:

host junkyard {
hardware ethernet 00:13:69:2e:34:58;
fixed-address 10.0.0.55;
option host-name "junkyard";
}

-------------------------------------
/var/named/zone/10.0.0:

55 PTR junkyard.home.org.

-------------------------------------
/var/named/zone/home.org:

junkyard A 10.0.0.55
HINFO "PIII" "Junkyard force-feed"



Enjoy,
Postmaster.

Thanks for your help

Can i ask you something about dhcpd.conf. I've been fighting with my dhcp
server to get it going and it is always complaining about the following
error that I can't figure out:

or info, please visit http://www.isc.org/sw/dhcp/
/etc/dhcpd.conf line 15: partial base64 value left
over: 12.
secret serveurdns;
^
Configuration file errors encountered -- exiting

Here is my config:

################################################## #################################
# /etc/dhcp/dhcpd.conf
#
################################################## #################################
#server-identifier pulsar.split.test;
#authoritative;
#ddns-update-style interim;
################################################## #################################
# key to appear in named.conf
#
key "HSFeCYq4Gwy05mHY4gzcAw==" {
algorithm hmac-md5;
secret serveurdns;
}

################################################## #################################
# Zone for local lan SPLIT.test
#
################################################## ################################
zone split.test. {
primary 192.168.125.249;
key "HSFeCYq4Gwy05mHY4gzcAw==";
}
zone 125.168.192.in-addr.arpa. {
primary 192.168.125.249;
key "HSFeCYq4Gwy05mHY4gzcAw==";
}
################################################## #################################
# Assignation 175-200
#
################################################## ################################
subnet 192.168.125.0 netmask 255.255.255.0 {
authoritative;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.125.255;
option domain-name "split.test";
option domain-name-servers 192.168.125.249;
pool {
ddns-updates on;
ddns-domainname "split.test";
range 192.168.125.175 192.168.125.200;
}
}




----- Original Message -----
From: "Matt Payton" <(E-Mail Removed)>
Newsgroups: comp.os.linux.networking
Sent: Thursday, June 16, 2005 9:05 PM
Subject: Re: DNS in a small network


> Kashmir wrote:
>> Hi there,
>>
>> I would like to know how to setup a DHCP-DNS server combination on my
>> small network having around 25 computers in order to achive the
>> following:
>>
>> - DHCP to automatically update DNS
>> - DNS resolve names of local computers on my single class C network:
>> 192.168.105.0
>> - Using BIND & ISC DHCP
>>
>> I do not have a registered domain name, just a workgroup name and I would
>> like to forward all unresolved names coming from computers on my lan to
>> my ISP name server.
>>
>> Is it feasible.
>
> Yes. I do this at home using ISC Bind + DHCP...
>
>> I found many examples but they all start by assuming that I have a
>> registered domain name.
>
> As long as you don't need connectivity from the outside into your network
> you can use a completely bogus domain for your internal machines, served
> up by your dns server, and then forward all other requests to your ISP's
> dns.
> For example, I use something.home for my "internal" domain. So machines
> are server.something.home, workstation.something.home, etc. They all
> resolve all something.home names just fine, and requests to the "real"
> world are simply forwarded + resolved. Works great. And since I use
> .home which doesn't exist in the "real" world I can be sure my "domain"
> won't conflict with a real one...You can of course use any top level
> domain that doesn't really exist - .fred, .linux, .whatever-you-want. Bind
> doesn't care.
>
>>
>> I want a DNS to quickly find a machine by its name on my lan.
>>
>> Thanks for links, comments or suggestion.
>
> The existing documentation/How-to's *should* be enough to get you going.
> Basically you have 3 things to setup...
> - A caching server to forward requests to your ISP's server(s)
> - An "internal" domain for resolving machines on your LAN
> - Integrating DNS and DHCP - I.E. Dynamic DNS
>
> I did it in that order...Mostly because it seemed the steps were easiest
> to most difficult in that order. And it worked out that way for me. The
> caching server was trivial to get going. The internal domain slightly
> more involved, but not hard. Getting DHCP integrated a little difficult
> ( for me anyway ). Getting DHCP running wasn't hard, it was just getting
> it integrated with bind that took me a while.
>
> As another post recommended, dnsmasq also works quite well for small set
> ups. And that is *very* easy to get going. It just doesn't scale quite
> as well. I also noticed *slightly* quicker resolution using bind for
> requests that are forwarded to the external dns servers, but YMMV on that.
> All in all it was a good learning experience for me...
>
> --
> - Matt -
"Matt Payton" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Kashmir wrote:
>> Hi there,
>>
>> I would like to know how to setup a DHCP-DNS server combination on my
>> small network having around 25 computers in order to achive the
>> following:
>>
>> - DHCP to automatically update DNS
>> - DNS resolve names of local computers on my single class C network:
>> 192.168.105.0
>> - Using BIND & ISC DHCP
>>
>> I do not have a registered domain name, just a workgroup name and I would
>> like to forward all unresolved names coming from computers on my lan to
>> my ISP name server.
>>
>> Is it feasible.
>
> Yes. I do this at home using ISC Bind + DHCP...
>
>> I found many examples but they all start by assuming that I have a
>> registered domain name.
>
> As long as you don't need connectivity from the outside into your network
> you can use a completely bogus domain for your internal machines, served
> up by your dns server, and then forward all other requests to your ISP's
> dns.
> For example, I use something.home for my "internal" domain. So machines
> are server.something.home, workstation.something.home, etc. They all
> resolve all something.home names just fine, and requests to the "real"
> world are simply forwarded + resolved. Works great. And since I use
> .home which doesn't exist in the "real" world I can be sure my "domain"
> won't conflict with a real one...You can of course use any top level
> domain that doesn't really exist - .fred, .linux, .whatever-you-want. Bind
> doesn't care.
>
>>
>> I want a DNS to quickly find a machine by its name on my lan.
>>
>> Thanks for links, comments or suggestion.
>
> The existing documentation/How-to's *should* be enough to get you going.
> Basically you have 3 things to setup...
> - A caching server to forward requests to your ISP's server(s)
> - An "internal" domain for resolving machines on your LAN
> - Integrating DNS and DHCP - I.E. Dynamic DNS
>
> I did it in that order...Mostly because it seemed the steps were easiest
> to most difficult in that order. And it worked out that way for me. The
> caching server was trivial to get going. The internal domain slightly
> more involved, but not hard. Getting DHCP integrated a little difficult
> ( for me anyway ). Getting DHCP running wasn't hard, it was just getting
> it integrated with bind that took me a while.
>
> As another post recommended, dnsmasq also works quite well for small set
> ups. And that is *very* easy to get going. It just doesn't scale quite
> as well. I also noticed *slightly* quicker resolution using bind for
> requests that are forwarded to the external dns servers, but YMMV on that.
> All in all it was a good learning experience for me...
>
> --
> - Matt -

On Fri, 17 Jun 2005 13:42:57 GMT, "Postmaster" <postmaster@127.0.0.1>
wrote:


> Windows, Linux, Solaris, and BSD clients, get DHCP assigned IP
> addresses, along with their default route, pop server, smtp server,
> ntp server, and news server, All via DHCP

How to the PCs, especially the windows boxes, make use of pop smtp,
ntp and news server addresses?

Dan

Dan wrote:
> On Fri, 17 Jun 2005 13:42:57 GMT, "Postmaster" <postmaster@127.0.0.1>
> wrote:
>
>
>
>> Windows, Linux, Solaris, and BSD clients, get DHCP assigned IP
>> addresses, along with their default route, pop server, smtp server,
>> ntp server, and news server, All via DHCP
>
>
> How to the PCs, especially the windows boxes, make use of pop smtp,
> ntp and news server addresses?
>
> Dan

The server addresses are set up in the respective
service clients in the Windows boxes, 'account setup'.

Please do not confuse:
- NTP is Network Time Protocol, and
- NNTP is Network News Transport Protocol

The different mail and news services are separated
by different TCP port numbers at the server.

HTH

--

Tauno Voipio
tauno voipio (at) iki fi

Hi linux friends,

I finally got my DHCP working. It took so long I almost gave up but at the
last minute (like in suspence movies) I got it going. I felt like Scottie in
star trek.

I had a problem with SELinux that prevented the DHCP deamon to work on my
server. I did not know SElinux existed.

The error was: Can't bind to DHCP address: Permission denied.

The additionnal sentences in the error message suggested I had BOOTP running
somewhere on my network. I tested it quickly by isolating the server alone
on its switch.

The error message was not too explicit for me anyway.

Now I am working on BIND and I should have it working pretty soon. I still
have to figure how the "rndc.key" thing secure updates work between dhcpd
and BIND and I'll put that new "old server" in service.

Thanks for your help and suggestions.

Kashmir

Kashmir wrote:
> Thanks for your help
>
> Can i ask you something about dhcpd.conf. I've been fighting with my dhcp
> server to get it going and it is always complaining about the following
> error that I can't figure out:
>
> or info, please visit http://www.isc.org/sw/dhcp/
> /etc/dhcpd.conf line 15: partial base64 value left
> over: 12.
> secret serveurdns;
> ^


Hmm...It's been a while since I set it up, and now that it's working I
just haven't had to mess with it...But I think you have to encrypt the
string in dhcpd.conf, instead of using plain text...


--
- Matt -