I am looking for information on how to configure dhcpd so that it will send updates to BIND. I can see that for BIND, I need to set the allow-update option, but I do not know how to configure dhcpd.
I have found example configurations for dhclient to register itself, but I am only interested in dhcpd doing the registering. I want to be able to set the hostname on a client, reboot it, and then its hostname will be registered in BIND via dhcpd.
Does anyone have any info on this?
You'll need to tell dhcpd that it needs to perform dynamic DNS updates. To do that, add this to your dhcpd.conf file:
ddns-update-style standard;
ddns-rev-domainname "in-addr.arpa.";
deny client-updates;
do-forward-updates on;
update-optimization off;
update-conflict-detection off;
In order to be secure, you can set up a key authentication between dhcpd and BIND. The key file can be included in both dhcpd and BIND configuration files. The key file should look like this:
key "key-name" {
algorithm hmac-sha256; # you can use another algorithm if desired
secret "<secret passphrase here>";
};
Your BIND installation may include a "ddns-confgen" tool that can help you in generating the key file.
Then you can add DNS zone declarations to your dhcpd.conf file. They specify which DNS server(s) the updates should be sent to, and optionally the key to be used:
include "/some/where/ddns-keyfile.key";
zone example.org. { # name of your forward DNS zone
primary 11.22.33.44; # DNS server IP address here
key key-name;
}
zone 1.168.192.in-addr.arpa. { # name of your reverse DNS zone
primary 11.22.33.44; # DNS server IP address here
key key-name;
}
Note that the final dot in zone names is required in dhcpd.conf.
In the BIND configuration file (typically named.conf), you'll need something like the following:
include "/some/where/ddns-keyfile.key";
zone "example.org" { # name of your forward DNS zone
type master;
file "/some/where/db.example.org"; # name of your zone file
update-policy {
grant key-name zonesub A TXT DHCID;
};
};
zone "1.168.192.in-addr.arpa" { # name of your reverse DNS zone
type master;
file "/some/where/db.192.168.1"; # name of your zone file
update-policy {
grant key-name zonesub PTR TXT DHCID;
};
};
The "update-optimization off" setting makes dhcpd always send an update request for BIND, which is useful for testing. Once you're satisfied that your setup works, you can turn update-optimization on: that way dhcpd will only send an update if the DNS records actually need changing. If they already have the required values, no updates will be sent.
The "update-conflict-detection off" setting can be useful if you have systems with e.g. both wireless and wired connections, and you occasionally switch between the two. This allows a new record with the same hostname to override the old one, even if the MAC address of the client's network interface is not the same. (With laptops, a wireless connection is generally more convenient, but for large downloads I prefer the better throughput of a wired connection.)
