DHCP Not Updating DNS

So I had a weird problem -- suddenly my DHCP server stopped updating my DNS server when my main laptop that I use all the time renewed its DHCP lease. It seemed to be working fine for all other machines on my network.

After much fooling around and some reading, I discovered in the middle of some document a statement that the DHCP server keeps track of whether it thinks it has updated the DNS server, to avoid one round trip when renewing a lease. This means that if the DHCP server thinks it has updated DNS, it won't try again and if the DNS server doesn't have that address, it'll never get it.

Well, the DNS server will never get it until you do the following on the DHCP client machine to force a release of the lease:

sudo dhclient -r

Once you do that and then renew the lease again (e.g. disconnect and connect the network) everything is fine.

Securing DNS/bind/named

This is another late posting of some notes when I built some new infrastructure servers on VMs to replace my aging PowerPC Macs that ran my network.

The security info I got when my ISP told me I had a badly configured name server requires that you create a /var/named directory:

sudo mkdir /var/named 
sudo chgrp bind /var/named 
sudo chmod 770 /var/named 
sudo chmod g+s /var/named 
sudo mkdir /var/log/named 
sudo chmod 770 /var/log/named 
sudo chmod g+s /var/log/named

Building A DHCP/DNS Server

Months ago I built a DHCP/DNS server from scratch. Most of these notes I made at the time I was building it, meaning to fix them up within a day or two and post them. Of course, I kept doing other things before finishing the documentation, so here are my rather raw notes. This was for Ubuntu 6.06 running on VMWare Server.

1. Create a new VM with a 2 GB disk, don't preallocate and make sure all disks are less than 2 GB. Only give it 64 MB of RAM
2. Attach the Ubuntu .iso to the CD and start the VM
3. Build with the options you want
4. Do the following:
   



sudo apt-get update
sudo apt-get upgrade
sudo apt-get install ssh ntp-simple snmpd snmp bacula-client build-essential linux-headers-$(uname -r)



5. Install VMTools

cd /tmp
sudo mount /cdrom
sudo tar xvfz /cdrom/VMwareTools-1.0.0-27828.tar.gz
cd vmware-tools-distrib
sudo ./vmware-install.pl



6. Edit /etc/dhcp3/dhclient.conf to send host-name "netres01";
   
7. Restart the network to get into DNS and DHCP (if you already have one)
   
8. Install DHCP and DNS and stop the services:

sudo apt-get install dhcp3-server bind9 sudo
/etc/init.d/bind9 stop sudo /etc/init.d/dhcp3 stop



9. Since this is a DNS server, I'll allow it to use a fixed IP address. Edit /etc/network/interfaces. Edit the forward and reverse zone files.
   

auto eth0
iface eth0 inet static
address 10.3.3.2
netmask 255.255.255.0
network 10.3.3.0
broadcast 10.3.3.255
gateway 10.3.3.3
pre-up iptables-restore < /etc/iptables.rules post-down iptables-save -c > /etc/iptables.rules

You have to kill the existing dhclient process because ifdown/ifup doesn't (it wouldn't know how, really).

Change the key for the DNS server before starting it, or you'll have to manually look up the pids and kill the named processes. rndc stops working because the key has changed since named started.

If you had a name server from DNS before, it will still be in /etc/resolv.conf.

The biggest thing is to get the permissions right on the /etc/bind directories and files.

nsupdate

Set up the new DNS first and get it working.