Archive for May, 2005

DHCP and Dynamic DNS

Friday, May 27th, 2005

After some fiddling, I managed to Dynamic DNS updates working.  I had to adjust numerous parameters to allow the DNS server to update its zones dynamically and create the necessary journal files:

  1. Adjust the allow-update option in /etc/named.conf to allow the locally-running DHCP server to update DNS.
  2. Create a directory (/var/named/chroot/var/named/dynamic) where the named has permissions to create and delete journal files.  UPDATE (09/09/2005): this is a bad choice!  Selinux fights you all the way -the data directory is a better choice.  See the section on selinux.
  3. Adjusted the zone file locations for the dynamically updated zones to use this new directory.
  4. Adjust the Security-Enabled Linux (in Targeted mode) configuration to allow named to write its own zone files.  To do this, adjust the named_write_master_zones entry in the /etc/selinux/targeted/booleans file.
  5. Added the option ignore client-updates to the /etc/dhpcd.conf file.  Otherwise, dhcpd only tries to update the reverse zone file mapping and leaves the forward zone update to the client (which is not permitted to update the zone per the named configuration).

Thereafter, it became a matter of fiddling the lease files to cause dhcpd to think that it was time to update DNS.  Judicious monitoring of /var/log/messages and the /var/named/named.run files helped.  I also jacked up the named debug level (rndc trace 3) to get a better look at what was happening.  Curiously, dhcpd does not generate a ton of debug information, and there is no way to prod it for more.

Outstanding issues:

  1. Security for now is based on dhcpd and named running in the same server and therefore only allowing the localhost to update the zone files.  An alternative would be to use security keys.  The existing /etc/rndc.key file would be a good start.
  2. Mixing dynamic and static IP addresses in the same zone is messy.  Dynamically created entries are inserted in an alphabetic sort order but the result is still ugly.  An alternative would be to create a new subdomain (e.g. dyn.hapgoods.com) for dynamic hosts.
  3. Getting a client to update his own dns record where he determines his firewall’s dynamic IP address is tricky.  The ddclient package can determine the firewall’s IP address, but getting the client to perform a dynamic dns update each time the address changes is tricky.  Can nsupdate and ddclient work together?

References:

http://www.zytrax.com/books

https://www.redhat.com/archives/fedora-selinux-list/2004-December/msg00018.html

http://www.trustix.org/wiki/index.php/DHCP

http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html

dhcpd man page

Posted in Linux | No Comments »

Proliant 3000 #2 Hardware Configuration

Friday, May 6th, 2005

Confirmed the following hardware configuration for suzuki:

SN

D825BX610680

RAM

640KB + 1376256 KB

Array Cntrlr

Compaq SMART-2DH

Video

Cirrus CLGD

Mgmt.

Compaq Integrated Management Display

Tape Drive

Compaq DLT 35/70

Posted in Proliant 3000 | No Comments »