DHCP/DDNS Multi ddns domains
Simon Hobson
dhcp1 at thehobsons.co.uk
Sat Jul 11 11:01:45 UTC 2015
Ronald Roeleveld <android at ictinc.nl> wrote:
> My problem starts when I try loading DHCP with a less simplistic configuration.
>
> I would like the following configuration.
>
> I want dynamic (unknown) clients to be assigned;
> dynamic.domain.lan
> range 192.168.178.65 192.168.178.126;
>
> I would like static (known) clients to be assigned;
> domain.lan
> range 192.168.178.1 192.168.178.30;
That's OK - easy to do.
However, why are you splitting the subnet like that - unless you physically separate the clients (by LAN or switch) then it gives you no security whatsoever other than from the most technically illiterate attackers ! Anyone can easily sniff network traffic and see what's going on, and they can easily assign themselves a static address to go and talk to the other devices.
> To achieve this I'm using the following configuration file;
Which is broken in several ways ! You have put DNS zone declarations, and host declarations, within shared network (and possibly subnet) declarations. These are global in scope and should be declared as such - otherwise you get "interesting" inheritance issues.
Plus it's clear you have not understood what a shared-network is - you've declared one for each subnet, while you actually have only one for the physical network.
Try this (I've removed a few things for clarity - actually a lot of what you've put is not required) :
option ntp-servers 194.109.22.18, 194.109.20.18;
option domain-name-servers 192.168.178.24, 192.168.178.20;shared-network 178 {
default-lease-time 3600;
max-lease-time 7200;
ddns-updates on;
update-static-leases on;
use-host-decl-names on;
ddns-update-style interim;
authoritive;
include "/etc/dhcp/ddns.key";
log-facility local7;
ping-check true;
zone 178.168.192.in-addr.arpa. {
primary 127.0.0.1;
key DDNS_UPDATE;
}
zone dynamic.domain.lan. {
primary 127.0.0.1;
key DDNS_UPDATE;
}
zone ictinc.lan. {
primary 127.0.0.1;
key DDNS_UPDATE;
}
subnet 192.168.178.0 netmask 255.255.255.128 {
option routers 192.168.178.1;
# Dynamic clients
pool {
allow unknown-clients'
range 192.168.178.65 192.168.178.126;
option domain-name "dynamic.domain.lan";
ddns-domainname "dynamic.domain.lan";
}
# Static clients
pool {
deny unknown-clients;
range 192.168.178.1 192.168.178.30;
option domain-name "domain.lan";
ddns-domainname "domain.lan";
}
}
host router1-lan {
option host-name "router1.domain.lan";
ddns-hostname "router1";
hardware ethernet C0:25:06:5A:A8:02;
fixed-address 192.168.178.1;
}
More information about the dhcp-users
mailing list