DNS DHCP

  • SAMBA4 AD DNS/DHCP DNS: with Bind9 / DHCP “Ubuntu 14.04 LTS”
    Domain info
    server hostname: dcsrv
    search-domain abc.lan
    Domain Realm mydc “for the next tutorial setting up samba4″
    Edit host file: nano /etc/hosts
    127.0.0.1 localhost.abc.lan localhost
    10.0.2.99 dcsrv.adc.lan dcsrv
  • Setup static IP: /etc/network/interface
    auto eth0
    iface eth0 inet static
    address 10.0.2.99
    netmask 255.255.255.0
    network 10.0.2.0
    broadcast 10.0.2.255
    gateway 10.0.2.1
    dns-nameservers 8.8.8.8
    dns-search abc.lan
    sudo reboot
    sudo apt-get update
    sudo apt-get dist-upgrade
    sudo reboot
  • Install Bind9 and DHCP.
    sudo apt-get install isc-dhcp-server bind9
    Configuring DNS
    sudo nano /etc/bind/named.conf.options
    acl internals {
    localhost;
    localnets;
    };

options {
directory “/var/cache/bind”;

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0’s placeholder.

forwarders {
// DNS to the internet you could also add the DNS servers from your ISP
8.8.8.8;
};
allow-query {
internals;
};
// restrict recursion
allow-recursion {
internals;
};
allow-transfer {
internals;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
// turn off zone encryption. The auto flag still generates warnings in the log file
dnssec-enable no;
// dnssec-validation auto;

listen-on-v6 { any; };
auth-nxdomain no; # conform to RFC1035
};
The installation process creates the crypto file needed when the new DHCP server communicates with the DNS server. The command below creates a file /etc/bind/rndc.key which replaces the file generated by the install process.
To view current rndc-key file created during the install:
nano /etc/bind/rndc.key
Example of rndc-key below:
key “rndc-key” {
algorithm hmac-md5;
secret “wrhfunsh45k/wodkqtfhsnv==”;
};

Recommend to change key using this command:
sudo /usr/sbin/rndc-confgen -a

  • Set permissions on key to keep it safe.

sudo chown root:bind /etc/bind/rndc.key
sudo chmod 640 /etc/bind/rndc.key

  • Adding DNS Zones
    sudo nano /etc/bind/named.conf.local

//
// Do any local configuration here
//
include “/etc/bind/rndc.key”;

zone “abc.lan” {
type master;
file “/var/lib/bind/abc.lan.zone”;
allow-update { key rndc-key; };
};

zone “2.0.10.in-addr.arpa” {
type master;
file “/var/lib/bind/abc.lan.rev.zone”;
allow-update { key rndc-key; };
};

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include “/etc/bind/zones.rfc1918”;

sudo nano /var/lib/bind/abc.lan.zone
Update: I will try to update the Tutorial Video. It is good practice to keep the static DNS records’ IPs the same for both zones.
$ORIGIN .
$TTL 907200 ; 1 week 3 days 12 hours
abc.lan IN SOA ns.abc.lan. admin.abc.lan. (
2014071403 ; serial
28800 ; refresh (8 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
38400 ; minimum (10 hours 40 minutes)
)
NS ns.abc.lan.
$ORIGIN abc.lan.
router01 A 10.0.2.1
ns A 10.0.2.99
dcsrv CNAME ns
mydc CNAME ns

Reverse lookup zone:
sudo nano /var/lib/bind/abc.lan.rev.zone
$ORIGIN .
$TTL 907200 ; 1 week 3 days 12 hours
2.0.10.in-addr.arpa IN SOA ns.abc.lan. admin.abc.lan. (
2014071402 ; serial
28800 ; refresh (8 hours)
604800 ; retry (1 week)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns.abc.lan.
$ORIGIN 2.0.10.in-addr.arpa.
1 PTR router01.abc.lan.
99 PTR mydc.abc.lan.
99 PTR dcsrv.abc.lan.
99 PTR ns.abc.lan.

  • Change the permissions on the two new zone files that were created.
    sudo chown root:bind /var/lib/bind/*zone
    sudo service bind9 restart
    DHCP Configuration
    sudo nano /etc/dhcp/dhcpd.conf
    Remove your current information in the dhcp.conf and add the information below; then modify to your needs.
    ddns-updates on;
    ddns-update-style interim;
    update-static-leases on;
    authoritative;
    include “/etc/dhcp/ddns-keys/rndc.key”;
    allow unknown-clients;
    use-host-decl-names on;
    default-lease-time 86400; #24 hours
    max-lease-time 86400; #21 hours
    log-facility local7;

# abc.lan DNS zones
zone abc.lan. {
primary 127.0.0.1; # This server is the primary DNS server for the zone
key rndc-key; # Use the key we defined earlier for dynamic updates
}
zone 2.0.10.in-addr.arpa. {
primary 127.0.0.1; # This server is the primary reverse DNS server for the zone
key rndc-key; # Use the key we defined earlier for dynamic updates
}

# abc.lan LAN range
subnet 10.0.2.0 netmask 255.255.255.0{
range 10.0.2.100 10.0.2.200;
option subnet-mask 255.255.255.0;
option routers 10.0.2.1;
option domain-name-servers 10.0.2.99;
option domain-name “abc.lan”;
ddns-domainname “abc.lan.”;
ddns-rev-domainname “2.0.10.in-addr.arpa.”;
}

  • Apply these commands to create some links and set permissions:
    sudo ln /etc/bind/rndc.key /etc/dhcp/ddns-keys/rndc.key
    sudo ls -l /etc/dhcp/ddns-keys/rndc.key
    sudo chown root:bind /etc/dhcp/ddns-keys/rndc.key
    You will need to change the dns-nameservers to localhost 127.0.0.1
    auto eth0
    iface eth0 inet static
    address 10.0.2.99
    netmask 255.255.255.0
    network 10.0.2.0
    broadcast 10.0.2.255
    gateway 10.0.2.1
    dns-nameservers 127.0.0.1
    dns-search abc.lan
    reboot
    Login and test DNS/DHCP by restarting both services
    sudo service bind9 restart
    sudo service isc-dhcp-server restart
    Done.