Re: [suse-security] Update BIND9 with new clients

["Philippe Vogel" <filiaap@xxxxxxxxxx>]

> How do I configure BIND9 to update its zone files based upon new clients
assigned an IP address by my Linksys Router.

Doesn't your router already provide caching DNS?
DNS and DHCP settings get provided via DHPC-Server on your router.
It is not possible to mix this two linux distributions, because Linksys does
use a busybox linux with different daemons, than SuSE.
Afaik linksys doesn't tell it uses busybox and because of this it's on a
blacklist of busybox ...

You mean something like dynamical update for DNS and DHCP, but for that
purpose you need "compatible" daemons on both boxes.
I use bind9 and dhcpd with dynamical update in a w2k environment.
The windowsbox is degraded and only servers services in the internal network
+ dns-update.
The linuxbox acts as transparent www-proxy, dns and dhcp (with accessscripts
for registered ip's only) and accepts zonechanges from the w2k-server.
Such setups are not trivial, because both services depend on each other.

I don't know if it works, maybe use the linksys as dhcp & dns from the
linuxbox and allow zonetransfers to the linuxbox, but I didn't test such
setups (look above).

Router:

Setup DHCP to set 1. DNS to router and 2. DNS to linux-box.

Test if it works (I don't give any garanty), you see that in the zonefiles,
if they change - e.g. with static IP's assigned and no hostname given by
dhcp (this does bind and they depend on each other now):

1.2.3.x is an example, you have to use private ip's e.g. 192.168.x.x or
172.x.x.x!!!

DHCP (1.2.3.1 is router, 1.2.3.2 is samba-server with dns):

default-lease-time 86400;
max-lease-time 86400;
#subnetmask
option subnet-mask 255.255.255.0;
#broadcast-addr=last addr of network
option broadcast-address 1.2.3.255;
#default-gateway
option routers 1.2.3.1;
option ip-forwarding on;
#WINS
option netbios-name-servers 1.2.3.2;
option netbios-dd-server 1.2.3.2;
option netbios-node-type 8;
ddns-domainname linux.local
ddns-update-style interim;
update-static-leases true;
option domain-name-servers 1.2.3.1, 1.2.3.2;
option domain-name "linux.local";
option interface-mtu 1500;

subnet 1.2.3.0 netmask 255.255.255.0 {
 option subnet-mask 255.255.255.0;
 range 1.2.3.2 1.2.3.254;

host 1.2.3.4 {
 hardware ethernet 00:a0:24:58:69:16;
 fixed-address 1.2.3.4;
}

#[...]

}

ethernetaddess 00:a0:24:58:69:16 => ip 1.2.3.4 & & domain = linux.local

DNS:

1.2.3.zone:

4   1D IN   PTR     buero.linux.local.

linux.local.zone:

buero.linux.local.                      IN      A       1.2.3.4

=> forward & reverse zones describe network 1.2.3.0/24 => 1.2.3.4 =
buero1.linux.local/buero1.linux.local = 1.2.3.4

DNS & DHCP:

DHCP gives IP and Domainname, DNS gives fdqn => host = buero1.linux.local

You have to both setup forward and reverse lookup-zones so everything works
propper!

Configs can be found with google, if you look for bind + dynamic update:

http://www.google.com/search?sourceid=navclient&hl=de&ie=UTF-8&oe=UTF-8&q=dhcp+bind+dynamic+update

For this you have to write acl's for bind to accept changes fom the other
server.

> My router has IP 192.168.1.1
> My LINUX machine (fileserver & proxy) is runniing BIND9 is on a fixed
address 192.168.0.101
> I want BIND9 to act as caching DNS for internet addresses (already done)
AND to provide local (ie 192.168.0.xxx) DNS lookup for my machines.

To redirect traffic efficient all should run on one router and not on
different machines.
Linsys is nice, but doesn't offer that features a custom crafted linux can
offer.
I would switch to linux server as router and degrade linksysrouter as wifi
accesspoint if you use wireless on it.

Philippe

P.S.: Look here: http://www.mattfoster.clara.co.uk/ddns.htm and
http://www.bsddiary.net/doc/bind9.html (chinese, but you can look at the
example configs!).


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here