Created by Prateek K Gupta

email: pkgupta73@hotmail.com

Copyright Prateek k Gupta

Configuring DHCP And DNS Services

Setting up DHCP on Red Hat If your network has a large number of clients, manually configuring every machine with a static IP address is a tough job. The Dynamic Host Configuration Protocol (DHCP) lets you automatically assign an IP address to a machine on the network from a pool or range of IP addresses it has. To configure a DHCP server on your Linux machine, you need to create a file called dhcpd.conf in the /etc directory. This file contains all the information that the daemon needs while starting up. This file is in the following format (the line numbers are not part of the file, theyre for the explanation that follows):

1. subnet 192.168.0.0 netmask 255.255.255.0 { 2. range 192.168.0.10 192.168.0.250; 3. default-lease-time 86400; 4. max-lease-time 259200; 5. option subnet-mask 255.255.255.0; 6. option broadcast-address 192.168.0.255; 7. option routers 192.168.0.254; 8. option domain-name-servers 192.168.1.254; 9. option domain-name "prateek.com"; 10. } Lets look at these lines a bit more closely. The first line specifies the (sub) network that the DHCP server is to manage or maintain. Within this network, we have to configure different parameters (written within the curly braces). The next line contains the range from which the server picks up IP addresses to allocate. The starting and ending IP addresses are entered here. Line 3 contains the default lease time. A lease is the amount of time that a particular machine can hold an IP address before having to renew the lease with the server. The value is given in number of seconds, so 86400 stands for one day. The next line, max-lease-time, specifies the maximum amount of time that a machine can hold on to a specific IP address. Then come other options that will also be transmitted to the machine. These include the subnet mask, the router, the domain name server, and the domain name. Once this is done, you need to create a file called dhcpd.leases, also in the /etc/ directory, which will contain information about which IP address has been allocated to which machine. Since all this will be done by the server, all you need to do is create a 0 byte file with the command, touch /etc/dhcpd.leases. The next step requires you to add a broadcast route. Do this by appending the line /sbin/route add host 255.255.255.255 dev eth0 to /etc/rc.d/rc.local.
-1 -

Created by Prateek K Gupta

email: pkgupta73@hotmail.com

Copyright Prateek k Gupta

Finally, make sure DHCP is started at bootup. You can do this by running Setup, choosing ntsysv, and enabling dhcpd. Restart the machine, by giving the command sync, followed by reboot. Your DHCP server will be up and running after the machine starts up. Any machine that logs on the network will receive an IP address and all other parameters automatically. If its a Win 95 client, you can check all the settings by running winipcfg in the Run dialog box. There may be cases when you need to assign a particular machine the same IP address always. You can either hardwire the information in the computer or add the following lines to the dhcpd.conf file. host mynotebook { hardware ethernet 00:80:C8:85:B5:D2; fixed-address 192.168.0.20; option host-name "mynotebook"; } This specifies the ethernet address, which will be unique, the IP address that will always be allocated to that machine, and a host name. With DHCP, the network administrators nightmare of correctly setting up IP addresses on machines simply vanishes. Youll never need to manually configure another machine ever again. If you have Linux Workstation, then you can download dhcpcd daemon (client version of dhcpcd) to get dynamic IP assignment from your DHCP server.

-2 -

Created by Prateek K Gupta

email: pkgupta73@hotmail.com

Copyright Prateek k Gupta

Domain Name server on Linux

Before starting on the actual procedure for setting up a Domain Name Server (DNS) on Linux, let us first understand what DNS is, and how it works. The Domain Name Server, DNS in short, is the service that lets you use name like www.yahoo.com instead of a complex IP address like 203.45.224.55. Domain Name Servers map IP addresses to host names and vice-versa. You set a particular server to be your DNS which has some mappings already done for you. When you request a particular host name, say, via your Web browser, your DNS first checks whether it has an entry for the host name you asked. If it has, it passes on the IP address; otherwise, it sends the request to its DNS. The same procedure happens for DNS and so on, till the name is found, or it reaches the root domain name servers maintained by the InterNIC. If the name is not found even there, an error is cascaded down all the way to your client. If found, all the DNSs on the way update their database of mappings. Most of this is done automatically, so you dont have to worry too much. A DNS server is also known as a nameserver (NS). Theses servers comes in three varieties: Primary Secondary Caching If you are connecting to an existing network (through your school or company network, for example), you only need to run a caching server. If, on the other hand, you are setting up a new site to be accessed through the Internet, you need to set up a Primary server. Secondary server become important as your site grows to the point that primary server can no longer handle the load from queries.

The /etc/hosts file

Although DNS is the primary means of names resolution, the /etc/hosts file is still found on most machines. It can help to speed up the IP address lookup of frequently requested Addresses such as the IP address of the local machine or of the nameserver. Also, during boot time, machines need to know the mapping of some hostnames to IP addresses (for example, your NIS servers) before DNS can be referenced. The IP address-to-hostname mapping for these hosts is kept in the /etc/hosts file. Following is a sample /etc/hosts file: # IP Address 127.0.0.1 192.168.0.2 192.168.0.254 Hostname localhost maggie linux Alias mailhub.prateek.com www

The leftmost column is the IP address to be resolved. The next column is the hostname corresponding to that IP address. Any subsequent columns are aliases for that host. In the second line, for example, the address 192.168.0.2 is for the host maggie. Another name for maggie is mailhub. The domain name is automatically appended to the hostname by the system; however many people append it themselves for clarity. At the very least, oyu need to have the entries for Localhost Your NIS server (if you use NIS or NIS+)

-3 -

Created by Prateek K Gupta

email: pkgupta73@hotmail.com

Copyright Prateek k Gupta

Any systems from which you mount disks The host itself

Getting Started With DNS

First we will see how to configure DNS clients. Then we look at some of the tools used to test and configure DNS. Configuring the DNS client: /etc/resolv.conf Every machaine in your network is a DNS client. To know which DNS server to use, you need to configure the file /etc/resolv.conf. This file should look something like this: Search prateek.com nameserver 192.168.0.254 Here prateek.com is the domain name of the site, and the IP address listed after nameserver is the address of the DNS server that should be contacted. You can have up to three nameserver entries.

The software of DNS To configure a DNS for your site, you need to be familiar with the following tools: Named The resolver library Nslookup Traceroute

named The named daemon needs to run on DNS servers to handle queries. If named cannot answer a query, it forwards the request to a server that can. Along with queries, nameed is responsible for performing zone transfers. Zone transferring is the method by which changed DNS information is propagated across the Internet. You need to install the named daemon from the bind distribution, available from Red Hat CD-ROM. bind-4.9.5p1-2.i386.rpm The Resolver Library The resolver library enables client programs to perform DNS queries. The library is built in to the standard library under Linux. nslookup The nslookup command is a utility invoked from the command line to ensure that both the resolver and the DNS server being queried are configured correctly. It does this by resolving either a hostname into an IP address or an IP address into a domain name. To use nslookup, simply provide the address you want to resolve as a command line argument. For example:

-4 -

Created by Prateek K Gupta

email: pkgupta73@hotmail.com

Copyright Prateek k Gupta

nslookup rane.prateek.com The result should look something like this: [root@linux /root]# nslookup rane.prateek.com Server: ns.prateek.com Address: 192.168.0.254 Non-authoritative answer: Name: rane.prateek.com Address: 192.168.0.8 traceroute The traceroute utility enables you to determine the path a packet is taking across your network and into other networks. This is very useful for debugging network connection problem, especially when you suspect the trouble is located in someone elses network. Using the ICMP protocol (same as ping), traceroute looks up each machine along the path to a destination host and display the corresponding name and IP address for that site. With each name is the number of milliseconds each of the three tiers took to get to the destination. Preceding each name is a number that indicates the distance to that host in terms of hops. The number of hops to a host indicates the number of intermediate machine that had to process the packet. As you can guess, a machine that is 1 or 2 hops away is usually much closer than a machine that is 30 hops away. To use traceroute, give the destination hostname or IP address as a command-line argument. For example: traceroute www.hyperreal.org If you see any start characters (such as *) instead of a hostname, that machine is likely unavailable for a variety of reasons, with network failure and firewall protection being the most common. By using a traceroute, you can also get a good measure of the connectivity of a site. If you are in the process of evaluating an ISP, try doing a traceroute from its site to a number of other site, especially to a large communication companies such as Sprint and MCI.

There are two types of mappings possible: forward and reverse. Forward stores the host name to IP mappings and Reverse stores the opposite, that is, IP to host name mappings. Linux stores all the mappings and other information in simple ASCII format in four different files. Before you set these files up, you need to create or modify a file called named.boot in the /etc directory. This file contains information required to start the DNS. The structure of the file is like this:

directory dir_name cache filename dns_typedomain filename dns_typedomain filename dns_typedomain filename
-5 -

Created by Prateek K Gupta

email: pkgupta73@hotmail.com

Copyright Prateek k Gupta

forwarders

ip_addr

[]

Here the directory specifies the full path to the files that store the mappings (for example, /var/named), the cache specifies the name of the cache file that stores the list of the root DNS server on the Net. The dns_type is usually set to primary and the domain to your domain name. You need three entries, one each for the local database, a forward mapping and a reverse mapping file. The forwarders line tells named where DNS queries should be forwarded if it cannot resolve queries on its own. If you are running a caching-only server, this should be the secondary or primary server for your site. A typical named.boot file would look like the following:

# Sample file for named.boot in /etc. ; ; a caching only nameserver config ; directory cache . primary 0.0.127.in-addr.arpa primary prateek.com primary 0.168.192.in-addr.arpa

/var/named named.ca named.local named.prateek.com.forward named.prateek.com.reverse

Youll notice that the IP addresses are given in reverse order, with the last octet removed. This is to mimic the way that domain naming works, which is the reverse of the way that IP works. The IN-ADDR.ARPA domain contains all the reverse mappings possible. Now youre all set to create the files named above. Remember to replace prateek.com with your domain name. For Our convenience we have a ready made script on the PCQ CD-ROM, called makensfiles, which creates these files. You may need to update the files with information pertaining to your domain. The named.ca stores the names of all the root servers on the Internet. This file can be just downloaded from ftp://rs.internic.net/domain/named.root and saved here. You can even add the names of your ISP (VSNL) to this, right at the top. Just follow the structure already existing in the file.
#Sample file in var/named/named.ca ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . <file>" ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC registration services ; under anonymous FTP as ; file /domain/named.root ; on server FTP.RS.INTERNIC.NET ; -OR- under Gopher at RS.INTERNIC.NET ; under menu InterNIC Registration Services (NSI) ; submenu InterNIC Registration Archives ; file named.root ; ; last update: Aug 22, 1997 ; related version of root zone: 1997082200 ; ; ; formerly NS.INTERNIC.NET

-6 -

Created by Prateek K Gupta

email: pkgupta73@hotmail.com

Copyright Prateek k Gupta

; . 3600000 IN NS A.ROOT-SERVERS.NET. 3600000 A ; ; formerly NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. 3600000 A ; ; formerly C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. 3600000 A ; ; formerly TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. 3600000 A ; ; formerly NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. 3600000 A ; ; formerly NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. 3600000 A ; ; formerly NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. 3600000 A ; ; formerly AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. 3600000 A ; ; formerly NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. 3600000 A ; ; temporarily housed at NSI (InterNIC) ; . 3600000 NS J.ROOT-SERVERS.NET. 3600000 A ; ; housed in LINX, operated by RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. 3600000 A ; ; temporarily housed at ISI (IANA) ; . 3600000 NS L.ROOT-SERVERS.NET. 3600000 A ; ; housed in Japan, operated by WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. 3600000 A

A.ROOT-SERVERS.NET. 198.41.0.4

B.ROOT-SERVERS.NET. 128.9.0.107

C.ROOT-SERVERS.NET. 192.33.4.12

D.ROOT-SERVERS.NET. 128.8.10.90

E.ROOT-SERVERS.NET. 192.203.230.10

F.ROOT-SERVERS.NET. 192.5.5.241

G.ROOT-SERVERS.NET. 192.112.36.4

H.ROOT-SERVERS.NET. 128.63.2.53

I.ROOT-SERVERS.NET. 192.36.148.17

J.ROOT-SERVERS.NET. 198.41.0.10

K.ROOT-SERVERS.NET. 193.0.14.129

L.ROOT-SERVERS.NET. 198.32.64.12

M.ROOT-SERVERS.NET. 202.12.27.33

-7 -

Created by Prateek K Gupta

email: pkgupta73@hotmail.com

Copyright Prateek k Gupta

; End of File

The named.prateek.com.forward file ( as shown below) stores the host name to IP address mappings for your domain. That is if your domain is linux.prateek.com, each line specifies hosts in this domain. Each line takes the form: name IN A IP_address. By default, all the hosts in the file are numbered from p2, p100, maggie, mmx, work and so on, and corresponding IP addresses in your network. For example, work would map to, say, 192.168.0.253. You can then access it by work.prateek.com. If you need to map different host names, just change the name for that particular address. You can also add other address which may not be part of your network. For example, if you have a mail server in the US called mail.abc.com with an IP address as 202.34.56.12, just add the line mail IN A 202.34.56.12. You can test your forward DNS setup by pinging any host name. For example, ping work.prateek.com should receive a response from 192.168.0.253. #Sample file in var/named/named.prateek.com.forward @ IN SOA linux.prateek.com. hostmaster.linux.prateek.com. ( 1999101101 ; serial 3600 ; refresh 900 ; retry 1209600 ; expire 43200 ; default_ttl ) @ IN MX 5 linux.prateek.com. @ IN NS linux.prateek.com. @ IN A 192.168.0.254 p2 IN A 192.168.0.1 maggie IN A 192.168.0.2 p100 IN A 192.168.0.3 mmx IN A 192.168.0.5 work IN A 192.168.0.253 linux IN A 192.168.0.254 www CNAME linux ; End of File

The named.prateek.com.reverse stores just the opposite of the above. It stores the last octet of your network with the complete host name for the IP address. For the same machine in the example above, there will be an entry like 253 IN PTR work.prateek.com. All you need to do in this file is to change the host names (that too only if you need to) for machines that have a different entry in the forward file. You do not need to add mappings for addresses outside your domain.

-8 -

Created by Prateek K Gupta

email: pkgupta73@hotmail.com

Copyright Prateek k Gupta

#Sample file in var/named/named.prateek.com.reverse @ IN SOA linux.prateek.com. hostmaster.linux.prateek.com. ( 1999101101 ; serial 3600 ; refresh 900 ; retry 1209600 ; expire 43200 ; default_ttl ) @ IN NS linux.prateek.com. 3 IN PTR p100.prateek.com. 1 IN PTR p2.prateek.com. 5 IN PTR mmx.prateek.com. 253 IN PTR work.prateek.com. 2 IN PTR account.prateek.com. 254 IN PTR linux.prateek.com. 200 IN PTR chip.com. ; End of File Since we have use so many types of resource records in our DNS setup, lets have a quick look on to the important record type and their uses. SOA: Start of Authority The SOA record starts the description of a sites entries. The format of this entry is as follows: @ IN SOA linux.prateek.com. hostmaster.linux.prateek.com. ( 1999101101 ; serial 3600 ; refresh 900 ; retry 1209600 ; expire 43200 ; default_ttl ) The first line begins with the domain for which this SOA record is authoritative. This entry is followed by IN to indicate that the Internet standard is being used. The column after the IN is the primary nameserver for this domain., hten the email address of the admin user. There is a open parenthesis which tells that the line continues on the next line, thereby making the file easier to read. The five values presented in subsequent line; first one is the serial number which is necessary to change if you have secondary nameserver for zone transfer. The second value is the refresh tare in seconds. The third value is the retry rate in seconds, for the secondary to contact primary DNS server.The fourth value indicates when secondary server cannot contact primary they should discard the value after the specified number of seconds.The final value, the minimum entry tells caching servers how long they should wait before expiring the entry if they cannot contact the primary DNS server. NS: Nameserver The NS record specifies the authoritative nameserver for a given domain. In the above example linux.prateek.com is the nameserver. These are fully qualified hostnames, so they need the period to suffix them.

-9 -

Created by Prateek K Gupta

email: pkgupta73@hotmail.com

Copyright Prateek k Gupta

A: Address Record The address record is used for providing translation from hostnames to IP addresses. There should be an A record for each machine that need a publicly resolvable hostname. PTR: Pointer Record The pointer record, also known as the reverse resolution record, tells the named how to turn an IP address into a hostname. Notice that the IP address to be reverse-resolved is in reverse order and is suffixed with a period.

MX: Mail Exchanger The mail exchanger record enables you to specify which host in your network is in charge of receiving mail from the outside. Sendmail uses this record to determine the correct machine to which mail needs to be sent. The number after the MX indicates a priority level for that entry. Lower numbers mean higher priority. CNAME: Canonical Name The CNAME record makes it possible to alias hostnames via DNS. This is useful for giving common names to servers. In the case above www is an alias and linux is the real name of the server. For setting up the defaults, run the pcqupdt script from the PCQUPDT directory on the CDROM, if you havent already done so. One of the steps asks you whether you wish to set up DNS on your server. Select yes here, and the script automatically creates default files and places them in the correct directories. All you need to do is edit the required files for customizing your server. You must remember to restart the name server daemon after all the changes are done by using the command: /etc/rc.d/init.d/named restart. Your Domain Name Server should be up and running if youve done everything correctly.

Troubleshooting and Debugging DNS

One of the main debugging tools you have with in.named is having the daemon dump its cached database to a text file. To have in.named dump its cache, you must send the daemon an INT signal. The file /etc/named.pid contains the process ID of in.named. The following command sends the INT signal to in.named: Kill INT cat /etc/named.pid The file /var/tmp/named_dump.db will contain the cache information that was dumped. The cache file will look identical to a zone database file. The in.named daemon also supports debug logging. To start the daemon logging, send the daemon a USR1 signal like this: Kill USR1 cat /etc/named.pid The logging information is logged in the /var/tmp/named.run file. If the USR1 signal is sent to the daemon, the verbosity of the logging information increases. To reset the debug level to 0, send the daemon a USR2 signal.

- 10 -

Created by Prateek K Gupta

email: pkgupta73@hotmail.com

Copyright Prateek k Gupta

The HUP signal can be sent to the named daemon each time a zone database is changed. The HUP signal re-reads the databases without having to kill and restart the in.named daemon. The following example sends the HUP signal to in.named: Kill HUP cat /etc/named.pid

- 11 -

Created by Prateek K Gupta

email: pkgupta73@hotmail.com

Copyright Prateek k Gupta

- 12 -