Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SETUP DNS SERVER
- install dns service:
- sudo apt-get install bind9
- set public dns server for forwarding:
- sudo nano /etc/bind/named.conf.options
- -------------------------------------------------------------
- forwarders {
- 8.8.8.8;
- 8.8.4.4;
- };
- -------------------------------------------------------------
- edit /etc/dhcp/dhclient.conf:
- sudo nano /etc/dhcp/dhclient.conf
- uncomment:
- supersede domain-name "mydomain.lan";
- prepend domain-name-servers 127.0.0.1;
- set lan interface ip:
- sudo nano /etc/network/interfaces
- --------------------------------------------------------------
- # The primary network interface
- auto eth0
- iface eth0 inet static
- address 192.168.0.2
- netmask 255.255.255.0
- gateway 192.168.0.1
- network 192.168.0.0
- broadcast 192.168.0.255
- dns-nameservers 127.0.0.1
- dns-search mydomain.lan
- dns-domain mydomain.lan
- --------------------------------------------------------------
- edit /etc/bind/named.conf.local:
- sudo nano /etc/bind/named.conf.local
- --------------------------------------------------------------
- zone "mydoamin.lan" IN {
- type master;
- file "/etc/bind/zones/mydomain.lan.db";
- };
- zone "0.168.192.in-addr.arpa" {
- type master;
- file "/etc/bind/zones/rev.0.168.192.in-addr.arpa";
- };
- --------------------------------------------------------------
- create zones folder:
- sudo mkdir /etc/bind/zones
- create mydomain.lan zone file:
- sudo nano /etc/bind/zones/mydomain.lan.db
- --------------------------------------------------------------
- $ORIGIN .
- $TTL 86400 ; 1 day
- mydomain.lan. IN SOA ubuntu.mydomain.lan. hostmaster.mydoamin.lan. (
- 2014012001 ; serial
- 8H ; refresh
- 4H ; retry
- 4W ; expire
- 1D ; minimum
- )
- mydomain.lan. IN NS ubuntu.mydomain.lan.
- mydoamin.lan. IN MX 10 ubuntu.mydomain.lan.
- $ORIGIN mydomain.lan.
- printer IN A 192.168.0.9
- router IN A 192.168.0.1
- server IN A 192.168.0.5
- ubuntu IN A 192.168.0.2
- ---------------------------------------------------------------
- create reverse lookup zone:
- sudo nano /etc/bind/zones/rev.0.168.192.in-addr.arpa
- ---------------------------------------------------------------
- @ IN SOA ubuntu.mydomain.lan. hostmaster.mydomain.lan. (
- 2014012001 ; serial
- 8H ; refresh
- 4H ; retry
- 4W ; expire
- 1D ; minimum
- )
- IN NS ubuntu.home.lan.
- 1 IN PTR router.mydomain.lan.
- 2 IN PTR ubuntu.mydomain.lan.
- 5 IN PTR server.mydomain.lan.
- 9 IN PTR printer.mydomain.lan.
- ---------------------------------------------------------------
- restart dns server:
- sudo service bind9 restart
- restart network interface:
- sudo nohup sh -c "ifdown eth0 && ifup eth0"
- =====================================================================================
- SETUP DHCP SERVER
- install dhcp service:
- sudo apt-get install isc-dhcp-server
- set the interface using the dhcp service:
- sudo nano /etc/default/isc-dhcp-server
- ---------------------------------------------------------------
- INTERFACES="eth0"
- ---------------------------------------------------------------
- edit dhcp config /etc/dhcp/dhcpd.conf:
- sudo nano /etc/dhcp/dhcpd.conf
- ---------------------------------------------------------------
- ddns-update-style none;
- option domain-name "mydomain.lan";
- option domain-name-servers ubuntu.mydomain.lan;
- default-lease-time 600;
- max-lease-time 7200;
- authoritative;
- subnet 192.168.0.0 netmask 255.255.255.0 {
- range 192.168.0.100 192.168.0.200;
- option routers router.mydomain.lan;
- }
- ---------------------------------------------------------------
- restart dhcp service:
- sudo service isc-dhcp-server restart
- =====================================================================================
- SETUP DNS AND DHCP FOR DYNAMIC UPDATES
- copy your forward lookup and reverse lookup zone files to /var/lib/bind/ folder:
- sudo cp /etc/bind/zones/* /var/lib/bind/
- change the /var/lib/bind/ folder owner:
- sudo chown bind:bind /var/lib/bind/*
- Create a secret shared between the DHCP server and the DNS(Generate a new key):
- sudo dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER
- Show the generated key:
- sudo cat Kdhcp_updater.*.private|grep Key
- edit /etc/bind/named.conf.local to include the secret key:
- sudo nano /etc/bind/named.conf.local
- ---------------------------------------------------------------
- key DHCP_UPDATER {
- algorithm HMAC-MD5.SIG-ALG.REG.INT;
- # Important: Replace this key with your generated key.
- # Also note that the key should be surrounded by quotes.
- secret "--PUT YOUR GENERATED KEY HERE--";
- };
- zone "mydomain.lan" {
- type master;
- # Change the path of the database file to the writable copy in /var/lib/bind
- file "/var/lib/bind/mydomain.lan.db";
- # Tell this zone that we will allow it to be updated from anyone
- # that knows the secret specified in the DHCP_UPDATER key.
- allow-update { key DHCP_UPDATER; };
- };
- zone "0.168.192.in-addr.arpa" {
- type master;
- # Change the path of the database file to the writable copy in /var/lib/bind
- file "/var/lib/bind/rev.0.162.198.in-addr.arpa";
- # Tell this zone that we will allow it to be updated from anyone
- # that knows the secret specified in the DHCP_UPDATER key.
- allow-update { key DHCP_UPDATER; };
- };
- ---------------------------------------------------------------
- edit /etc/dhcp/dhcpd.conf to include the secret key:
- sudo nano /etc/dhcp/dhcpd.conf
- ---------------------------------------------------------------
- ddns-update-style interim;
- ignore client-updates; # Overwrite client configured FQHNs
- ddns-domainname "mydomain.lan.";
- ddns-rev-domainname "in-addr.arpa.";
- option domain-name "mydomain.lan";
- option domain-name-servers ubuntu.mydomain.lan;
- default-lease-time 600;
- max-lease-time 7200;
- authoritative;
- log-facility local7;
- key DHCP_UPDATER {
- algorithm HMAC-MD5.SIG-ALG.REG.INT;
- # Important: Replace this key with your generated key.
- # Also note that the key should be surrounded by quotes.
- secret "--PUT YOUR GENERATED KEY HERE--";
- };
- zone mydomain.lan. {
- primary 127.0.0.1;
- key DHCP_UPDATER;
- }
- zone 0.168.192.in-addr.arpa. {
- primary 127.0.0.1;
- key DHCP_UPDATER;
- }
- subnet 192.168.0.0 netmask 255.255.255.0 {
- range 192.168.0.100 192.168.0.200;
- option routers router.mydomain.lan;
- }
- ---------------------------------------------------------------
- change permission:
- sudo chmod o-r /etc/bind/named.conf.local
- sudo chmod o-r /etc/dhcp/dhcpd.conf
- change ownership:
- sudo chown dhcpd:dhcpd /etc/dhcp/dhcpd.conf
- restart dns server:
- sudo service bind9 restart
- restart dhcp server:
- sudo service isc-dhcp-server restart
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement