Article summary
I recently built an internal DNS/DHCP server which I wanted to support Dynamic DNS updates. This can sometimes be a bit of a challenge depending on the operating system and available packages, but it’s really quite easy on Ubuntu. The following guide describes what I did to get BIND9 and DHCP3-server installed, configured, and running on an Ubuntu 10.04 LTS system.
Preparation
My first step was deciding how I wanted the DNS/DHCP server to operate; that is, what sort of IP addresses it should allocate for DHCP, what zones to use for DNS, etc.
The Network:
- Network: 192.168.5.0/24
- DNS/DHCP Server Address: 192.168.5.200
- DNS/DHCP Server Name: eneth
- Gateway Address: 192.168.5.254
- Broadcast Address: 192.168.5.255
DHCP Server:
- Dynamic Pool: 192.168.5.100 to 192.168.5.199
- Static Pool: 192.168.5.1 to 192.168.5.99 and 192.168.5.200 to 192.168.5.254
DNS Server:
- Forward Lookup Zone: aohq.local.
- Reverse Lookup Zone: 5.168.192.in-addr.arpa.
My second step was ensuring that my system was in a proper state to be a DNS/DHCP server… namely, that it had a static IP address and a valid hostname. This involved editing /etc/networks/interfaces to set the IP address of the primary ethernet interface (eth0):
auto eth0
iface eth0 inet static
address 192.168.5.200
netmask 255.255.255.0
network 192.168.5.0
broadcast 192.168.5.255
gateway 192.168.5.254
I also removed the DHCP client so that it wouldn’t be possible for the system to mistakenly receive a dynamic IP address.
sudo apt-get purge dhcp3-client
Note: I performed this step because of some odd issues I’ve had with systems suddenly switching to a dynamically allocated IP address even when I had specifically set a static one for the system.
Setting up BIND9
I started installing required packages for BIND9:
sudo apt-get install bind9
Then, I edited /etc/bind/named.conf.options
to add the following:
forward first;
forwarders {
8.8.8.8;
8.8.4.4;
};
max-ncache-ttl 300;
I use a max-ncache-ttl (max negative cache time-to-live) of 300 as we’ve often had issues with our DNS server caching the negative existence of a domain name for far too long when we’re trying to add a new sub-domain to our system.
Next, I edited /etc/bind/named.conf.local
to add references to my zone files:
zone "aohq.local" {
type master;
forwarders {};
file "/var/lib/bind/db.aohq.local"
allow-updates { key rndc-key };
}
zone "5.168.192.in-addr.arpa" {
type master;
forwarders {};
file "/var/lib/bind/db.5.168.192.in-addr.arpa"
allow-updates { key rndc-key };
}
I added “forwarders {};” to override the server-wide forwarders as these zones are internal/local. I also added “allow-update { key rndc-key };” to allow Dynamic DNS updates for these zone (more on that later). I provide a location for the zone files at /var/lib/bind
as this is a location which BIND9 can safely read/write without running into Ubuntu’s AppArmor. The default location for zone files is /etc/bind/
.
Setting up DHCP3-server
I installed the necessary packages for DHCP3-server:
sudo apt-get install dhcp3-server
Note: Since this will likely start the DHCP server, you should be sure your network is ready. Wouldn’t do to have two competing DHCP servers handing out addresses simultaneously.
Next, I edited /etc/dhcp3/dhcpd.conf
to include the following:
authoritative;
ddns-updates on;
ddns-update-style interim;
ddns-rev-domainname "in-addr.arpa.";
option domain-name "aohq.local";
option domain-name-servers 192.168.5.200;
option ntp-servers us.pool.ntp.org;
ignore client-updates;
update-static-leases on;
use-host-decl-names on;
include "/etc/bind/rndc.key";
zone aohq.local. {
primary 192.168.5.200;
key rndc-key;
}
zone 5.168.192.in-addr.arpa. {
primary 192.168.5.200;
key rndc-key;
}
subnet 192.168.5.0 netmask 255.255.255.0 {
pool
{
range 192.168.5.100 192.168.5.199;
}
option subnet-mask 255.255.255.0;
option routers 192.168.5.254;
}
I specifically added “ddns-updates on” to allow Dynamic DNS. I included the RNDC key from bind, located at /etc/bind/rndc.key
by default, and associated it with the appropriate zone for DDNS updates. This is what DHCP3-server uses to authenticate itself to BIND9 in order to make updates. (Recall that I earlier allowed updates with this key in the BIND9 configuration).
Before starting things up, I to added details about the DNS/DHCP server to the zone files directly:
/var/lib/bind/db.5.168.192.in-addr.arpa:
$ORIGIN 5.168.192.in-addr.arpa.
$TTL 10800 ; 3 hours
5.168.192.in-addr.arpa IN SOA eneth.aohq.local. root.aohq.local. (
2012040233 ; serial
900 ; refresh (15 minutes)
900 ; retry (15 minutes)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
NS eneth.aohq.local.
200 PTR eneth.aohq.local.
/var/lib/bind/db.aohq.local:
$ORIGIN aohq.local.
$TTL 10800 ; 3 hours
aohq.local IN SOA eneth.aohq.local. root.aohq.local. (
2012040233 ; serial
900 ; refresh (15 minutes)
900 ; retry (15 minutes)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
NS eneth.aohq.local.
eneth
The Finale
Finally, I was able to restart BIND9 and DHCP3-server to get things going:
sudo service dhcp3-server restart
sudo service bind9 restart
I was able to test that DHCP was working by connecting a new system to the network to receive a static IP address. I tested that the DNS server was working by querying it for details I had placed in the zone files ($ dig eneth.aohq.local @192.168.5.200
). I tested that DDNS was operating by querying for the hostname of the new system which I had connected to the network based on IP address ($ host 192.168.5.101
).
Errors
Setting up complex packages like BIND9 and DHCP3-server are bound to result in errors. Be sure to check the appropriate logs (e.g. /var/log/syslog
and /var/log/named/bind.log
), and adjust configuration parameters as necessary. I went through several iterations of tweaking configuration files and restarting all services before I was satisfied with the result.
- error: zone [zone-name]/IN: NS ‘[dns-server-hostname]’ has no address records (A or AAAA)
You’ll probably encounter this if you forget to provide records for your DNS server in your zone files; e.g. [dns-server-name] IN A [dns-server-ip-address] - error: [some-zone-file]: create: permission denied
Check to make sure that permissions on the given file are correct. Configuration files must be readable by the bind user, and zone/journal files must be writable by the bind user. - updating zone ‘[zone-name]/IN’: error: journal open failed: unexpected error
It is possible that Ubuntu’s AppArmor is getting in the way of the zone updates. Make sure you check/var/log/syslog
for related messages. Also check the AppArmor configuration at/etc/apparmor.d/usr.sbin.named
. - error: zone [zone-name]/IN: [some-hostname]/A: bad owner name (check-names)
The hostname that a client is requesting is invalid for use in a FQDN. Change the client’s hostname. - error: zone [zone-name]/IN: journal rollforward failed: journal out of sync with zone
The zone journal file has gotten out of sync with the zone file (usually occurs with forced restarts, or modifying the zone file while BIND9 is running). Delete the .jnl file (in/var/lib/bind
), and restart BIND9.
[…] https://spin.atomicobject.com/2012/04/03/setting-up-bind9-and-dhcp3-on-ubuntu-with-dynamic-dns/ […]
[…] found some really nice troubleshooting steps regarding dhcp and dns server here (Thanks to original […]
Thank you for the informative tutorial. I want the advice regarding same work with IPv6, is it better idea using SLAAC. the main problem is how to change prefix address and maintain the changed update in DNS . any advice will be welcomed.