{"id":290,"date":"2011-01-14T18:47:50","date_gmt":"2011-01-14T15:47:50","guid":{"rendered":"http:\/\/www.held.org.il\/blog\/?p=290"},"modified":"2012-06-05T17:23:09","modified_gmt":"2012-06-05T14:23:09","slug":"make-dhcp-auto-update-dynamic-dns","status":"publish","type":"post","link":"http:\/\/www.held.org.il\/blog\/2011\/01\/make-dhcp-auto-update-dynamic-dns\/","title":{"rendered":"Make DHCP auto-update the DNS"},"content":{"rendered":"<p><strong>Update: <\/strong>added a new post on configuring Solaris, link below.<\/p>\n<p><strong>Motivation<\/strong><\/p>\n<p>In today's dynamic R&amp;D network environments, it's not easy to keep the DNS records up-to-date: hosts are reinstalled\/renamed\/added frequently, virtual machines are so easy to deploy and destroy, DHCP allocates different IPs..<\/p>\n<p>This even leads to\u00c2\u00a0pitiful\u00c2\u00a0situations, in which people <strong>get used<\/strong> to referring to computer by their IPs (or using \/etc\/hosts), because the DNS cannot be trusted to reflect the reality.<\/p>\n<p><strong>Solution<\/strong><\/p>\n<p>DHCP servers have the ability to send dynamic DNS updates, as they allocate IPs to clients. The great thing, is that it even works out-of-the-box on some operating systems. Still, if it doesn't, here are 3 things to care about, so to enable this feature:<!--more--><\/p>\n<h3>1. DHCP Clients: make them send the 'host-name' option,<\/h3>\n<p><span style=\"font-family: Georgia, 'Bitstream Charter', serif; line-height: 20px;\">with their relative hostname as the value. <\/span>This is enabled by default on Windows+Ubuntu!<\/p>\n<p>How to configure on various platforms:<\/p>\n<ul>\n<li><strong>Linux:<\/strong> add the following line in <em>\/etc\/dhclient.conf:<\/em><br \/>\n<code>send host-name 'your-hostname-here';<\/code><br \/>\nThis has the disadvantage of having to explicitly mention the computer's hostname in dhclient.conf file. Funny enough, I didn't find a better <strong>standard<\/strong> way to tell the dhclient 'just take the hostname that is set in the operating system'. A partial solution is to run dhclient with an additional flag: -H. e.g.<br \/>\n<code>dhclient -H myhostname<\/code><\/p>\n<ul>\n<li><strong>RedHat: <\/strong>partially resolves the problem by providing the DHCP_HOSTNAME parameter in its <em>\/etc\/sysconfig\/network-scripts\/ifcfg-&lt;iface&gt;<\/em> files. E.g.<br \/>\n<code>DHCP_HOSTNAME=myhostname # Relative hostname, no quotes!<\/code><\/li>\n<li><strong>Ubuntu:<\/strong> resolves the problem <a href=\"https:\/\/bugs.launchpad.net\/debian\/+source\/dhcp3\/+bug\/10239\">elegantly<\/a>. Their patch provides the new magic line in <em>\/etc\/dhclient.conf<\/em>:<br \/>\n<code>send host-name &lt;hostname&gt;;<br \/>\n<\/code>&lt;hostname&gt; is a macro that expands to contain the real Linux hostname. Thus nowadays afaik only Ubuntu can ship a Linux box with this option enabled out-of-the-box, because the lack of need to explicitly set the hostname in an additional configuration file.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Windows:<\/strong> Start -&gt; Run -&gt; ncpa.cpl -&gt; right click on the relevant connection -&gt; properties -&gt; double click on TCP\/IP -&gt; Advanced -&gt; DNS -&gt; validate that 'Register this connection's address in DNS' is checked.<\/li>\n<li><strong>Solaris:<\/strong> see <a href=\"http:\/\/www.held.org.il\/blog\/2011\/03\/perfect-dhcp-configuration-for-solaris\/\">this post<\/a><\/li>\n<\/ul>\n<h3>2. DHCP server: Enable the feature.<\/h3>\n<p><span style=\"font-family: Georgia, 'Bitstream Charter', serif; line-height: 20px;\"> I did it by adding the following line to dhcpd.conf:<\/span><\/p>\n<p><code>ddns-update-style\u00c2\u00a0<em>interim<\/em>;<\/code><\/p>\n<p>That is, for the popular DHCP server - ISC DHCP.<\/p>\n<h3>3. DNS server: enable dynamic updates support,<\/h3>\n<p>and allow incoming updates from the DHCP server's IP. For the ISC-Bind DNS server, this can be done by adding an <em>allow-update<\/em> phrase in a zone block, and adding the DHCP's IP inside:<br \/>\n<code>allow-updates { 1.2.3.4; }; \/\/ IP of DHCP server<\/code><\/p>\n<p>Note that generally this is not considered a secure setting, and it could be hardened by using key-based authentication, which I won't cover here.<\/p>\n<p><strong>Security?<\/strong><\/p>\n<p>I'm curious about the security aspect of this model. The way I see it, bad guys could use this to overwrite popular domain names in the DNS, if they are allowed to send DHCP requests to the same DHCP server (e.g. if they're inside the same LAN).<\/p>\n<p>----<\/p>\n<p>Comments? Tips? HOWTOs for other platforms? Please comment, and I'll update it in the post.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Update: added a new post on configuring Solaris, link below. Motivation In today&#8217;s dynamic R&amp;D network environments, it&#8217;s not easy to keep the DNS records up-to-date: hosts are reinstalled\/renamed\/added frequently, virtual machines are so easy to deploy and destroy, DHCP allocates different IPs.. This even leads to\u00c2\u00a0pitiful\u00c2\u00a0situations, in which people get used to referring to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[13],"tags":[32,147,33,198,203,119],"_links":{"self":[{"href":"http:\/\/www.held.org.il\/blog\/wp-json\/wp\/v2\/posts\/290"}],"collection":[{"href":"http:\/\/www.held.org.il\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.held.org.il\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.held.org.il\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.held.org.il\/blog\/wp-json\/wp\/v2\/comments?post=290"}],"version-history":[{"count":0,"href":"http:\/\/www.held.org.il\/blog\/wp-json\/wp\/v2\/posts\/290\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.held.org.il\/blog\/wp-json\/wp\/v2\/media?parent=290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.held.org.il\/blog\/wp-json\/wp\/v2\/categories?post=290"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.held.org.il\/blog\/wp-json\/wp\/v2\/tags?post=290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}