DHCP is used to tell hosts their IP addresses/netmask, routers, DNS servers and perhaps other information. We will be using the open source standard DHCP server in our lab. This is the dhcpd version 3 from the Internet Software Consortium.
The man page for dhcpd is here
The man page for dhcpd.conf (the configuration file is here
Here is a basic dhcpd.conf file for three networks (10.10.0.0/24, 10.10.3.128/25 and 10.10.4.0/24 ) For all networks it has a default lease of 300 seconds, and a maximum lease available of 1200 seconds. Network 10.10.0.0/24 supports DHCP assigned addresses of 10.10.0.30 to 10.10.0.250. Network 10.10.3.128/25 supports 1 dhcp assigned address of 10.10.3.180. Network 10.10.4.0/24 supports only one host with a specific MAC address.
authoritative;
max-lease-time 1200;
default-lease-time 300;
ddns-update-style ad-hoc;
subnet 10.10.0.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.0.255;
option domain-name "g10.scs";
option domain-name-servers 10.10.0.20, 10.91.0.254;
option routers 10.10.0.1;
range 10.10.0.30 10.10.0.250;
}
subnet 10.10.3.128 netmask 255.255.255.128 {
option subnet-mask 255.255.255.128;
option broadcast-address 10.10.3.255;
option domain-name "g10.scs";
option domain-name-servers 10.10.0.20, 10.91.0.254;
option routers 10.10.3.129;
range 10.10.3.180;
}
subnet 10.10.4.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.4.255;
option domain-name "g15.scs";
option domain-name-servers 10.10.0.20, 10.91.0.254;
option routers 10.10.4.1;
}
host ws3 {
hardware ethernet 00:05:78:34:E2:A2;
fixed-address 10.10.4.100;
option host-name "ws25";
}
So if a DHCPREQUEST comes in for an address and it came from
(either directly or via relay) a host on 10.10.3.128/25 it would be
assigned the address 10.10.3.180. It would be told the appropriate
netmask/dns/routers/domainname for net 10.10.3.128/25 The lease would be valid
for between 300 and 1200 seconds (5-20 minutes) The default lease time
would be 5 minutes.
To start up a dhcp server you will want to create a config file and an empty leases file. You also want to tell it which interface to use. If you were to start a dhcp server on ws0 for your entire network you would do something like below. Here we will assume you are group XX and you have created /mnt/hda1/dhcpd to hold dhcp related files.
touch /mnt/hda1/dhcpd/dhcpd-gXX.leases /usr/sbin/dhcpd -cf /mnt/hda1/dhcpd/dhcpd-gXX.conf -lf /mnt/hda1/dhcpd/dhcpd-gXX.leases eth0The -cf option tells it where to find the dhcpd.conf file, -lf tells it where to store the lease information. eth0 is the ethernet interface on net0.
Since it is not very efficient or scalable to run a DHCP server on every network, and DHCP clients use broadcast packets to make their requests, we can have the access routers for a network (IE the first hop routers) receive the broadcast queries and relay them to a central dhcp server (or set of servers). On the linux/quagga router (R1) we will use the dhcrelay program. Here is the man page for dhcrelay
You will want to tell the dhcrelay process on the routers to listen on the interfaces that have clients (to hear the requests) and on the interfaces facing the dhcpd server (to hear the replies). You will also want to tell the dhcrelay process to discard any request which has already been relayed with the -m discard option.
Here is how you would start dhcrelay on router r1 for group 10, and have it relay to ws0 for group 10.
/usr/sbin/dhcrelay -m discard 10.10.0.20Since we didn't specify interfaces, it will start on all four interfaces (2 face clients, 2 face back to the server.
Cisco routers can also relay dhcp and other broadcast based UDP protocols. We will need to configure R3 to forward dhcp requests from net3 hosts to the DHCP server. To do this we use the "ip helper-address" command in interface configuration mode to forward these requests. Here is a hypothetical r4 which is access router for 10.10.4.0/23 network and has a two interfaces. eth0 is 10.10.0.4/24 (on our net0) and eth1 is 10.10.4.1/23.
interface eth1 ip address 10.10.4.1 255.255.254.0 ip helper-address 10.10.0.20
The principle process for bind is called named. We will be using version 9. The BIND 9 Administrators reference manual is available here The master configuration file is usually called named.conf. It specifies the operation of the server. Below is a commented version of this file which will define a zone g18.scs. This is to be a sub-zone of the fake top level domain scs.
To start the named process you will run the named program with the -c option pointing to the named.conf file you will create.
/usr/sbin/named -c /mnt/hda1/named/named.confDon't forget to add a line like this to the rc.local file on ws0 so that named will start on boot of ws0.
If you chose /mnt/hda1/log/logfile.all as your logfile then you can look at the log file in /mnt/hda1/log/logfile.all to see any errors. Using the tail command will show you the last few lines of the log file.
tail /mnt/hda1/log/logfile.allYou can also use the -g option to named which will prevent it from running as a daemon, and send all errors to the terminal (stderr).
There are also two commands you can use to test your configurations named-checkconf and named-checkzone. See man pages for more details. They do only check syntax, not semantics.
Now lets look at the named.conf file in more detail. See the comments in line for details.
//This is file named.conf
// double slashes are comments
// We will use /mnt/hda1/named as location for all the named related files
// We will store the process pid number in named.pid in that directory
// so you will want to create that directory
options {
directory "/mnt/hda1/named" ;
pid-file "named.pid";
};
// We will use rndc-confgen command to generate these keys
// and we will put the corresponding output from that into
// the rndc.conf file and here in the config file
// DONT USE the secret below, generate one with rndc.conf
//
// run the command rndc-confgen at the command line.
//
// rndc-confgen > /mnt/hda1/named/rndc.conf
//
// from the file /mnt/hda1/named/rndc.conf
// copy the lines with the # in front into named.conf file
// (without the #'s at the start)
//
// ALSO NOTE. rndc-confgen uses /dev/random, so you may
// need to move the mouse (via vnc) to generate some randomness...
//
key "rndc-key" {
algorithm hmac-md5;
secret "1R8uaKHmugBJwS9avwV/8w==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
// Here we tell it where to go for the root zone data
// we will tell it to use roothints.ca
// if we were on the real internet we could generate
// roothints.ca via this command
// dig @a.root-servers.net . ns >> /mnt/hda1/named/roothints.ca
//
// for our fake network we will use root.scs as the fake root
// you can use this query to create roothints.ca
//
// dig @10.91.0.254 . ns >> /mnt/hda1/named/roothints.ca
zone . {
type hint;
file "roothints.ca";
};
// We will always be authoritative for the reverse DNS for the loopback network
// see below for the contents of named.localhost
zone "0.0.127.in-addr.arpa" {
type master;
file "named.localhost";
};
// here we say we are authoritative and master for the
// g18.scs zone. The configuration data will be in the file g18.zone in
// the /mnt/hda1/named directory
zone "g18.scs" {
type master;
file "g18.zone";
};
// here we say we are authoritative and master for the
// reverse DNS zone for the 10.18.0.0 network. (IE 18.10.in-addr.arpa)
// The configuration data will be in the file g18.revzone in
// the /mnt/hda1/named directory
zone "18.10.in-addr.arpa" {
type master;
file "g18.revzone";
};
From the inline comments above you can see how to create the roothints.ca and the rndc.conf
file.
@ IN SOA localhost. root.localhost. (
2008020100 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
Now we need to discuss further the format of the zone configuration files.
The first line of this file should be a specification for the default TTL for all records. It is set using the $TTL directive. It must be the first line of the zone file.
The generic format for the rest of the lines in the zone file is:
(domainrecord) (optional TTL) (class) (type) (resource data)Here is a commented zone file for the zone g18.scs. I have included records for r1 only.
$TTL 3600
; first line above sets the default TTL
; in named zone files like this comments start with semi-colons
;
; @ is shorthand for the current defined zone
; below is the SOA record for g18.scs
; IN SOA (nameserver that is SOA) hostmaster.(contact point email domain) (
; 2012012400 ; serial number (yyyymmddXX, increment XX for each change during a day)
; 3600 ; Refresh ( how often other authoritative, but not master servers
; check the master to see if serial has increased and
; as such the secondary needs to refresh its data from
; the master. In seconds)
; 300 ; Retry ( if the secondary can not reach the master, how often
; it should try to. In seconds )
; 36000 ; Expire ( if the secondary has not contacted the master within
; this many seconds, stop answering authoritatively )
; 300 ) ; neg TTL ( how long a querying server should cache a negative (no answer)
; response. In seconds )
;
;
;
;
;
@ in soa ws0.g18.scs. hostmaster.ws0.g18.scs. (
2012012400 ; serial
3600 ; Refresh
300 ; Retry
36000 ; Expire
300 ) ; neg TTL
;
; list all authoritative name servers for this domain. We want root.scs to be a secondary authoritative server
;
in ns ws0.g18.scs.
in ns root.scs.
;
; glue records. So querying servers know the IP's of the authoritative servers
; note that the fully qualified domain name is used (with a dot at the end) for clarity
;
ws0.g18.scs. in a 10.18.0.20
root.scs. in a 10.91.0.254
;
; records for the domain. We have 4 address records for this domain
;
r1-n1 in a 10.18.1.1
r1-n2 in a 10.18.1.129
r1-p2p1 in a 10.18.1.194
r1-p2p2 in a 10.18.1.198
;
; here we define an alias r1 for r1-n1.g18.scs (fully qualified for clarity)
; Also, we up the TTL to 2 hours for this record
;
r1 7200 in cname r1-n1.g18.scs.
For the reverse zone, the zone file would be similar. But instead of A records
you would use PTR records. (Be very sure to use fully qualified names for the
PTR records and include the . at the end.)
$TTL 3600
@ IN SOA ws0.g18.scs. hostmaster.ws0.g18.scs. (
2012012400 ; serial
3600 ; Refresh
300 ; Retry
36000 ; Expire
300 ) ; neg TTL
in ns ws0.g18.scs.
in ns root.scs.
;
; ptrs for the addresses
;
1.1 in ptr r1-n1.g18.scs.
129.1 in ptr r1-n2.g18.scs.
194.1 in ptr r1-p2p1.g18.scs.
198.1 in ptr r1-p2p2.g18.scs.