User Tools

Site Tools


dns_dhcp

SAMBA4 AD DNS/DHCP DNS: with Bind9 / DHCP “Ubuntu 14.04 LTS”

  • Domain info
  • server hostname: dcsrv
  • search-domain abc.lan
  • Domain Realm mydc“for the next tutorial setting up samba4″
Edit host file: nano /etc/hosts
127.0.0.1 localhost.abc.lan localhost
10.0.2.99 dcsrv.adc.lan dcsrv

Setup static IP: /etc/network/interfaces

auto eth0
iface eth0 inet static
   address 10.0.2.99
   netmask 255.255.255.0
   network 10.0.2.0
   broadcast 10.0.2.255
   gateway 10.0.2.1
   dns-nameservers 8.8.8.8
   dns-search abc.lan
   sudo reboot
   
sudo apt-get update
sudo apt-get dist-upgrade
sudo reboot

Install Bind9 and DHCP.

sudo apt-get install isc-dhcp-server bind9

Configuring DNS

sudo nano /etc/bind/named.conf.options
acl internals {
    localhost;
    localnets;
};
 
options {
   directory "/var/cache/bind";
 
   // If there is a firewall between you and nameservers you want
   // to talk to, you may need to fix the firewall to allow multiple
   // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
 
   // If your ISP provided one or more IP addresses for stable
   // nameservers, you probably want to use them as forwarders.
   // Uncomment the following block, and insert the addresses replacing
   // the all-0's placeholder.
 
   forwarders {
       // DNS to the internet you could also add the DNS servers from your ISP
       8.8.8.8;
   };
   allow-query {
      internals;
   };
   // restrict recursion
   allow-recursion {
      internals;
   };
   allow-transfer {
      internals;
   };
   //========================================================================
   // If BIND logs error messages about the root key being expired,
   // you will need to update your keys.  See https://www.isc.org/bind-keys
   //========================================================================
   // turn off zone encryption. The auto flag still generates warnings in the log file
   dnssec-enable no;
   // dnssec-validation auto;
 
   listen-on-v6 { any; };
   auth-nxdomain no;    # conform to RFC1035
};

The installation process creates the crypto file needed when the new DHCP server communicates with the DNS server. The command below creates a file /etc/bind/rndc.key which replaces the file generated by the install process.

To view current rndc-key file created during the install:
nano /etc/bind/rndc.key
Example of rndc-key below:
key "rndc-key" {
  algorithm hmac-md5;
  secret "wrhfunsh45k/wodkqtfhsnv==";
};
Recommend to change key using this command:
sudo /usr/sbin/rndc-confgen -a

Set permissions on key to keep it safe.

sudo chown root:bind /etc/bind/rndc.key
sudo chmod 640 /etc/bind/rndc.key

Adding DNS Zones

sudo nano /etc/bind/named.conf.local

//
// Do any local configuration here
//
include "/etc/bind/rndc.key";
 
zone "abc.lan" {
     type master;
     file "/var/lib/bind/abc.lan.zone";
     allow-update { key rndc-key; };
};
 

zone "2.0.10.in-addr.arpa" {
     type master;
     file "/var/lib/bind/abc.lan.rev.zone";
     allow-update { key rndc-key; };
};
 
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

sudo nano /var/lib/bind/abc.lan.zone Update: I will try to update the Tutorial Video. It is good practice to keep the static DNS records’ IPs the same for both zones.

$ORIGIN .
$TTL 907200	; 1 week 3 days 12 hours
abc.lan		IN SOA	ns.abc.lan. admin.abc.lan. (
				2014071403 ; serial
				28800      ; refresh (8 hours)
				3600       ; retry (1 hour)
				604800     ; expire (1 week)
				38400      ; minimum (10 hours 40 minutes)
				)
			NS	ns.abc.lan.
$ORIGIN abc.lan.
router01		A	10.0.2.1
ns                      A       10.0.2.99
dcsrv                   CNAME   ns
mydc                    CNAME   ns

Reverse lookup zone:

sudo nano /var/lib/bind/abc.lan.rev.zone

$ORIGIN .
$TTL 907200	; 1 week 3 days 12 hours
2.0.10.in-addr.arpa IN SOA	ns.abc.lan. admin.abc.lan. (
				2014071402 ; serial
				28800      ; refresh (8 hours)
				604800     ; retry (1 week)
				604800     ; expire (1 week)
				86400      ; minimum (1 day)
				)
			NS	ns.abc.lan.
$ORIGIN 2.0.10.in-addr.arpa.
1		       PTR     router01.abc.lan.
99                     PTR     mydc.abc.lan.
99                     PTR     dcsrv.abc.lan.
99                     PTR     ns.abc.lan.

Change the permissions on the two new zone files that were created.

sudo chown root:bind /var/lib/bind/*zone

sudo service bind9 restart

DHCP Configuration:

sudo nano /etc/dhcp/dhcpd.conf

Remove your current information in the dhcp.conf and add the information below; then modify to your needs.

ddns-updates on;
ddns-update-style interim;
update-static-leases on;
authoritative;
include "/etc/dhcp/ddns-keys/rndc.key";
allow unknown-clients;
use-host-decl-names on;
default-lease-time 86400; #24  hours
max-lease-time 86400; #21 hours
log-facility local7;
 
# abc.lan DNS zones
zone abc.lan. {
  primary 127.0.0.1; # This server is the primary DNS server for the zone
  key rndc-key;       # Use the key we defined earlier for dynamic updates
}
zone 2.0.10.in-addr.arpa. {
  primary 127.0.0.1; # This server is the primary reverse DNS server for the zone
  key rndc-key;       # Use the key we defined earlier for dynamic updates
}
 
# abc.lan LAN range
subnet 10.0.2.0 netmask 255.255.255.0{
  range 10.0.2.100 10.0.2.200;
  option subnet-mask 255.255.255.0;
  option routers 10.0.2.1;
  option domain-name-servers 10.0.2.99;
  option domain-name "abc.lan";
  ddns-domainname "abc.lan.";
  ddns-rev-domainname "2.0.10.in-addr.arpa.";
}

sudo ln /etc/bind/rndc.key /etc/dhcp/ddns-keys/rndc.key

sudo ls -l /etc/dhcp/ddns-keys/rndc.key

sudo chown root:bind /etc/dhcp/ddns-keys/rndc.key

You will need to change the dns-nameservers to localhost 127.0.0.1

auto eth0
iface eth0 inet static
   address 10.0.2.99
   netmask 255.255.255.0
   network 10.0.2.0
   broadcast 10.0.2.255
   gateway 10.0.2.1
   dns-nameservers 127.0.0.1
   dns-search abc.lan

reboot

Login and test DNS/DHCP by restarting both services

sudo service bind9 restart

sudo service isc-dhcp-server restart

Done.


Page Tools