DNS + DHCP cooperation

Mark Andrews marka at isc.org
Sun May 2 22:02:10 UTC 2010 

In message <5955577.256651272721234388.JavaMail.defaultUser at defaultHost>, "marc
o.borsatino at libero.it" writes:

Your error messages are not consistent with the configuration.

/etc/db.marbosoft.org.jnl != "/etc/namedb" +  "/" + "db.marbosoft.org" + ".jnl"

For a dynamic zone the user named is running as needs to be able to write to
the directory holding the master file. 

> Hi to all.
> Sorry for my bad english.
> For pure self-educational, not professional, purposes, I am studying how to c
> onfigure a server with several services operating on it.
> For my experiment I'm using VirtualBox 3.1.x on a WinXP host with 3 FreeBSD g
> uests; one acts as a DHCP + DNS server; the others as clients on two differen
> t subnets.
> The problems relate to the cooperation between DNS and DHCP; in a first stage
>  I configured the DNS (single master) with success.
> Digging into the great FreeBSD documentation (books, HOWTOs on the net, forum
> s) I put together the file server configuration filea reproduced below.
> The problem is that the client, configured as a DHCP client, receives the add
> ress assigned by DHCP server; the client can be reached with IP; 
> it pings the other client and the server using their names, but it is not rec
> ognized by name by the other virtual PCs.
> At startup, named warns that the "working directory is not writable";
> when the client seeks and gets its address, the DNS + DHCP server console war
> ns it can not create the file /etc/db.marbosoft.org.jnl,
> "Permission denied".
> Named runs under the bind user-id; the name working directory is owned by roo
> t / wheel with write right only for the owner.
> Changing owner permissions does not work, because they are restored on restar
> t.

Change the mtree data or change the directory holding the master file.

e.g. file "dynamic/db.marbosoft.org" where /etc/namedb/dynamic is writable by
the user "bind".

> Both BIND and DHCP server programs have been installed from FreeBSD port coll
> ections without problems.
> Where am I wrong?
> Thank you.
> Marco
> #/etc/rc.conf
> hostname="fbsdgw.marbosoft.org"
> defaultrouter="192.168.0.1"
> ifconfig_em0="DHCP"
> inetd_enable="YES"
> ifconfig_em1="inet 172.16.1.1 netmask 255.255.255.0"
> ifconfig_em2="inet 172.16.2.1 netmask 255.255.255.0"
> gateway_enable="YES"
> named_enable="YES"
> dhcpd_enable="YES"
> dhcpd_ifaces="em1"
> dhcpd_conf="/usr/local/etc/dhcpd.conf"
> #end
> 
> #/etc/namedb/named.conf
> options {
>     directory    "/etc/namedb";
>     pid-file    "/var/run/named/pid";
>     dump-file    "/var/dump/named_dump.db";
>     statistics-file    "/var/stats/named.stats";
> };
> 
> include "/etc/namedb/dhcp-dns.key";
> 
> zone "marbosoft.org" in {
>     type master;
>     file "db.marbosoft.org";
>     allow-update { key DHCP_UPDATER; };
> };
> ;this is the zone with a  DHCP client
> zone "1.16.172.in-addr.arpa" in {
>     type master;
>     file "db.172.16.1.0";
>     allow-update { key DHCP_UPDATER; };
> };
> ;this zone still has static addresses
> zone "2.16.172.in-addr.arpa" in {
>     type master;
>      file "db.172.16.2.0";
> };
> 
> zone "." in {
>     type hint;
>     file "named.root";
> };
> #end
> 
> #file /etc/namedb/db.marbosoft.org
> $TTL 1h
> marbosoft.org. IN SOA fbsdgw.marbosoft.org. root.marbosoft.org. (
>     2    ; serial
>     1h    ; refresh
>     1h    ; retry
>     1w    ; ends
>     1H    ; negative cashing
> );
> 
> ;name servers
> marbosoft.org. IN NS    fbsdgw.marbosoft.org.
> 
> ;canonical names
> localhost.marbosoft.org.  IN A    127.0.0.1
> ;this is the client in DHCP; so I've excluded it from static addresses
> ;fbsdnw11.marbosoft.org.   IN A  172.16.1.2
> fbsdnw21.marbosoft.org.   IN A  172.16.2.2
> #I've excluded some rows like aliases
> #end
> 
> #/etc/namedb/db.172.16.1.0
> $TTL 1h
> 1.16.172.in-addr.arpa. IN SOA fbsdgw.marbosoft.org. root.fbsdgw.marbosoft.org
> . (
>     1    
>     1h 
>     1h 
>     1w
>     1h 
> );
> 
> ;name servers
> 1.16.172.in-addr.arpa.    IN NS fbsdgw.marbosoft.org.
> 
> ;canonical names
> 1.1.16.172.in-addr.arpa.    IN PTR fbsdgw.marbosoft.org.
> ;DHCP client
> ;2.1.16.172.in-addr.arpa.    IN PTR fbsdnw11.marbosoft.org.
> #end
> 
> #the file /etc/namedb/named.root is the one installed by BIND9 itself
> 
> #file /usr/local/etc/dhcp.conf
> authoritative;
> option domain-name "marbosoft.org";
> option domain-name-servers 172.16.1.1;
> default-lease-time 600;
> max-lease-time 7200;
> ddns-update-style interim;
> subnet 172.16.1.0 netmask 255.255.255.0 {
>     range 172.16.1.100 172.16.1.150;
>     option routers 172.16.1.1;
> }
> include "/etc/namedb/dhcp-dns.key";
> 
> zone marbosoft.org {
>   primary 127.0.0.1;
>   key DHCP_UPDATER;
> }
> 
> zone 1.16.172.in-addr.arpa {
>   primary 127.0.0.1;
>   key DHCP_UPDATER;
> }
> #end
> 
> #file /etc/namedb/dhcp-dns.key
> key DHCP_UPDATER {
>     algorithm hmac-md5;
>     secret "+4J+tLcLuwvnm/epVb96DYri4Ood1OG5M+IvN7RBgDgIuNpdmKCFkbyw5pmMXMCDG
> VuiVI/qokDTyyDVc0OoWw==";
> };
> 
> 
> ------=_Part_29946_1320011.1272721234387
> Content-Type: text/html;charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
> 
> <p>Hi to all.<br>Sorry for my bad english.<br>For pure self-educational, no=
> t professional, purposes, I am studying how to configure a server with seve=
> ral services operating on it.<br>For my experiment I'm using VirtualBox 3.1=
> .x on a WinXP host with 3 FreeBSD guests; one acts as a DHCP + DNS server; =
> the others as clients on two different subnets.<br>The problems relate to t=
> he cooperation between DNS and DHCP; in a first stage I configured the DNS =
> (single master) with success.<br>Digging into the great FreeBSD documentati=
> on (books, HOWTOs on the net, forums) I put together the file server config=
> uration filea reproduced below.<br>The problem is that the client, configur=
> ed as a DHCP client, receives the address assigned by DHCP server; the clie=
> nt can be reached with IP; <br>it pings the other client and the server usi=
> ng their names, but it is not recognized by name by the other virtual PCs.<=
> br>At startup, named warns that the "working directory is not writable";<br=
> >when the client seeks and gets its address, the DNS + DHCP server console =
> warns it can not create the file /etc/db.marbosoft.org.jnl,<br>"Permission =
> denied".<br>Named runs under the bind user-id; the name working directory i=
> s owned by root / wheel with write right only for the owner.<br>Changing ow=
> ner permissions does not work, because they are restored on restart.</p><p>=
> Both BIND and DHCP server programs have been installed from FreeBSD port co=
> llections without problems.<br>Where am I wrong?<br>Thank you.<br>Marco</p>=
> <p><span mce_style=3D"font-size: x-small;" style=3D"font-size: x-small;"><s=
> pan mce_style=3D"font-family: courier new,courier;" style=3D"font-family: c=
> ourier new,courier;">#/etc/rc.conf<br>hostname=3D"fbsdgw.marbosoft.org"<br>=
> defaultrouter=3D"192.168.0.1"<br>ifconfig_em0=3D"DHCP"<br>inetd_enable=3D"Y=
> ES"<br>ifconfig_em1=3D"inet 172.16.1.1 netmask 255.255.255.0"<br>ifconfig_e=
> m2=3D"inet 172.16.2.1 netmask 255.255.255.0"<br>gateway_enable=3D"YES"<br>n=
> amed_enable=3D"YES"<br>dhcpd_enable=3D"YES"<br>dhcpd_ifaces=3D"em1"<br>dhcp=
> d_conf=3D"/usr/local/etc/dhcpd.conf"<br>#end<br><br>#/etc/namedb/named.conf=
> <br>options {<br>    directory    "/etc/named=
> b";<br>    pid-file    "/var/run/named/pid";<=
> br>    dump-file    "/var/dump/named_dump.db"=
> ;<br>    statistics-file    "/var/stats/named=
> .stats";<br>};<br><br>include "/etc/namedb/dhcp-dns.key";<br><br>zone "marb=
> osoft.org" in {<br>    type master;<br>    fi=
> le "db.marbosoft.org";<br>    allow-update { key DHCP_UPDATE=
> R; };<br>};<br>;this is the zone with a  DHCP client<br>zone "1.16.172=
> .in-addr.arpa" in {<br>    type master;<br>  &nbsp=
> ; file "db.172.16.1.0";<br>    allow-update { key DHCP_UPDAT=
> ER; };<br>};<br>;this zone still has static addresses<br>zone "2.16.172.in-=
> addr.arpa" in {<br>    type master;<br>   &nb=
> sp; file "db.172.16.2.0";<br>};<br><br>zone "." in {<br>    =
> type hint;<br>    file "named.root";<br>};<br>#end<br><br>#f=
> ile /etc/namedb/db.marbosoft.org<br>$TTL 1h<br>marbosoft.org. IN SOA fbsdgw=
> .marbosoft.org. root.marbosoft.org. (<br>    2  &n=
> bsp; ; serial<br>    1h    ; refresh<br>&nbsp=
> ;   1h    ; retry<br>    1w &n=
> bsp;  ; ends<br>    1H    ; negative cas=
> hing<br>);<br><br>;name servers<br>marbosoft.org. IN NS    f=
> bsdgw.marbosoft.org.<br><br>;canonical names<br>localhost.marbosoft.org.&nb=
> sp; IN A    127.0.0.1<br>;this is the client in DHCP; so I'v=
> e excluded it from static addresses<br>;fbsdnw11.marbosoft.org.  =
>  IN A  172.16.1.2<br>fbsdnw21.marbosoft.org.   IN A  17=
> 2.16.2.2<br>#I've excluded some rows like aliases<br>#end<br><br>#/etc/name=
> db/db.172.16.1.0<br>$TTL 1h<br>1.16.172.in-addr.arpa. IN SOA fbsdgw.marboso=
> ft.org. root.fbsdgw.marbosoft.org. (<br>    1   &n=
> bsp;<br>    1h <br>    1h <br>  &nb=
> sp; 1w<br>    1h <br>);<br><br>;name servers<br>1.16.172.in-=
> addr.arpa.    IN NS fbsdgw.marbosoft.org.<br><br>;canonical =
> names<br>1.1.16.172.in-addr.arpa.    IN PTR fbsdgw.marbosoft=
> .org.<br>;DHCP client<br>;2.1.16.172.in-addr.arpa.    IN PTR=
>  fbsdnw11.marbosoft.org.<br>#end<br><br>#the file /etc/namedb/named.root is=
>  the one installed by BIND9 itself<br><br>#file /usr/local/etc/dhcp.conf<br=
> >authoritative;<br>option domain-name "marbosoft.org";<br>option domain-nam=
> e-servers 172.16.1.1;<br>default-lease-time 600;<br>max-lease-time 7200;<br=
> >ddns-update-style interim;<br>subnet 172.16.1.0 netmask 255.255.255.0 {<br=
> >    range 172.16.1.100 172.16.1.150;<br>    =
> option routers 172.16.1.1;<br>}<br>include "/etc/namedb/dhcp-dns.key";<br><=
> br>zone marbosoft.org {<br>  primary 127.0.0.1;<br>  key DHCP_UPD=
> ATER;<br>}<br><br>zone 1.16.172.in-addr.arpa {<br>  primary 127.0.0.1;=
> <br>  key DHCP_UPDATER;<br>}<br>#end<br><br>#file /etc/namedb/dhcp-dns=
> .key<br>key DHCP_UPDATER {<br>    algorithm hmac-md5;<br>&nb=
> sp;   secret "+4J+tLcLuwvnm/epVb96DYri4Ood1OG5M+IvN7RBgDgIuNpdmKC=
> Fkbyw5pmMXMCDGVuiVI/qokDTyyDVc0OoWw=3D=3D";<br>};</span></span></p><p><br><=
> /p>
> ------=_Part_29946_1320011.1272721234387--
> 
> 
> --===============4578086693570123285==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --===============4578086693570123285==--
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list