i want to share with you how to configure DHCP dynamic updates .
first you need to create key , either by using rndc-confgen or dnssec-keygen , it will give you the same results
you need only the following attributes form the result : algorithm and secret ,
in the dhcp server edit /etc/dhcpd.conf and add the following
in global config add :
ddns-update-style interim;
ddns-updates on;
ddns-ttl 1800;
ignore client-updates;
key "keyname" {
algorithm hmac-md5;
secret "T7AUeDuMo7ZadiUz1VRB1w==";
};
in scope configuration add the following
option domain-name "xxx.yyy";
option domain-name-servers 1.1.1.1,2.2.2.2;
option ntp-servers 10.1.46.50;
zone xxx.yyy. { primary 127.0.0.1; key keyname; }
zone 1.1.1.in-addr.arpa. { primary 127.0.0.1;key keyname; }
and from the DNS part add the following to named.conf in the global configuration area, taking into consideration that it is the same key has been added to DHCP configuration
key "keyname" {
algorithm hmac-md5;
secret "T7AUeDuMo7ZadiUz1VRB1w==";
};
and for every zone you wish the DHCP server to update add the following
allow-update { key keyname; };
Notes :
1. if the DHCP and BIND located in the same server. you better allow update only through loopback interface
2. dhcpd user should have a write access to zones directory and it could be done by using setfacl
No comments:
Post a Comment