[Samba] [Fwd: Samba-3 By Ex Chapt 3] .No good.. use Dynamic DNS
Setup. / samba
Louis van Belle
louis at van-belle.nl
Fri Jul 8 08:05:31 GMT 2005
You could use dynamic Dns.. .so what is it..
simple, you setup your dns, set your server to resolve it first.
1 problem, you have dhcp assigned ip adres and your resolve.conf
is changed everytime.
wel here is te solution
What you need:
Bind9 , DHCP3-client ( if you get ip by dhcp from provider )
DHCP3-server
1) setup your dhcp client. ( not needed if you have static ip NOT assigned
bij DHCP from provider )
in /etc/dhcp3/dhclient.conf :
send dhcp-lease-time 31449600; <== set this if you want.
supersede domain-name "obl.clangame.nl"; <== set this to YOUR
LOCAL DNS Domain This make your server to resove YOUR domain first.
prepend domain-name-servers 127.0.0.1; <== set this to localhost
request subnet-mask, broadcast-address, routers, host-name,
domain-name, domain-name-servers, <== if above is not
working, remove this line.
netbios-name-servers, netbios-scope;
#require subnet-mask, domain-name-servers;
if now an ip is assigned it wil put
search obl.clangame.nl
nameserver 127.0.0.1
in the resolve.conf
this make 1 resolve YOUR domain first, and resolve first over YOUR NDS.
2) automatic adding dhcp-clients (your pc's) to the dns.
in the /etc/dhcp3/dhcpd.conf
192.168.15.1 is my server where samba, dhcp server and client and dns is
running on.
# Sample configuration file for ISC dhcpd for Debian
server-identifier generals; <== generals is my
servername.
authoritative;
log-facility local7;
ddns-update-style interim;
allow-cient-updates;
ddns-updates on;
ddns-domainname "obl.clangame.nl"; <== obl.clangame.nl is my local
domain at home.
ddns-rev-domainname "15.168.192.in-addr.arpa"; <== my local net.
192.168.15.0/24 ( 192.168.15.0/255.255.255.0 )
key ddns-key {
<=== key = ddns-key , but ddns-key could also be some other name
algorithm hmac-md5; secret "ddnsHereWasSomeTh1ingElse"; <=== more on
this at the dns setup. my key starts with ddns-secretkey
}
This one is needed to allow dhcp3-server to update bind9 (the dns)
zone obl.clangame.nl. {
<== these are also defined in your dns. The HOST Zone
primary 127.0.0.1;
<== define your dns server IP
key ddns-key;
<== dont forget your ddnskey
}
zone 15.168.192.in-addr.arpa. {
<== these are also defined in your dns. The REVERSE Zone ( ptr records )
primary 127.0.0.1;
<== define your dns server IP
key ddns-key;
<== dont forget your ddnskey
}
#
#
# use shared-network if you have a interface alias like eth0 and et0:1
# Shared Network on marco
shared-network obl.clangame.nl {
# Subnet definition for Servers LocalNet
subnet 127.0.0.0 netmask 255.0.0.0 {
}
# Subnet definition for marco options
subnet 192.168.15.0 netmask 255.255.255.0 {
range 192.168.15.30 192.168.15.45;
option broadcast-address 192.168.15.63;
option subnet-mask 255.255.255.0;
option domain-name "obl.clangame.nl";
option domain-name-servers 192.168.15.1;
option netbios-name-servers 192.168.15.1;
option netbios-node-type 8;
option ntp-servers 192.168.15.1;
option routers 192.168.15.1;
default-lease-time 86400;
max-lease-time 172800;
one-lease-per-client on;
option ip-forwarding off;
option time-offset -18000;
allow unknown-clients;
}
}
Wel , now is your dhcp server and client setup, and ready to go.
Now te hard part. BIND9 i use the Debian standard, so 3 config files for
bind.
1) the named.conf, nothing to do here.
2) the named.conf.options, Check this one and adjust as needed.
3) the named.conf.local , add your domains here. i use webmin to do that.
// This is the primary configuration file for the BIND DNS server named.
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
allow-transfer { localhost; };
# allow-update{none;};
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
allow-transfer { localhost; };
# allow-update{none;};
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
# below works in bind9 from sarge ( testing )
#zone "com" { type delegation-only; };
#zone "net" { type delegation-only; };
// From the release notes:
// Because many of our users are uncomfortable receiving undelegated
answers
// from root or top level domains, other than a few for whom that behaviour
// has been trusted and expected for quite some length of time, we have now
// introduced the "root-delegations-only" feature which applies
delegation-only
// logic to all top level domains, and to the root domain. An exception
list
// should be specified, including "MUSEUM" and "DE", and any other top
level
// domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };
include "/etc/bind/named.conf.local";
################# the named.conf.local ########
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
// include "/etc/bind/zones.rfc1918";
zone "obl.clangame.nl" {
type master;
file "/etc/bind/db.obl.clangame.nl.hosts";
allow-update { key ddns-key; };
allow-query { "home-net1"; "local-net"; };
allow-transfer { "home-net1"; "local-net"; };
};
zone "15.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.obl.clangame.nl.rev";
notify no; // yes if you also have a dns slave server
allow-update { key ddns-key; };
allow-query { "home-net1"; "local-net"; };
allow-transfer { "home-net1"; "local-net"; };
};
############# the most dificult ,,,.. the NAMED.CONF.OPTIONS
################
First, to know, you dns has key for updating records.
try in /etc/bind `cat rndc.key`
you must see something like this.
key "rndc-key" {
algorithm hmac-md5;
secret "Changeed2P0tectMe";
};
!!!!!!! DO NOT CHANGE THIS KEY WHEN BIND IS RUNNING.
if you did, i think you better run these commands.
kill -15 `ps -A | grep named | cut -c1-6`
The real config..
########################### named.conf.options ################
////// SIG KEY's Begin ///////
// => more info: man rndc
// Also see Controles ///
key rndc-key {
algorithm hmac-md5;
secret "Changeed2P0tectMe"; <== add or check
this with your /etc/bind/rndc.key
};
key "ddns-key" {
algorithm hmac-md5;
secret "ddnsHereWasSomeTh1ingElse"; <== change this to
your need
};
////// SIG KEY's END ////////
///// Defined ACL's Begin ////////
// Localhost aka local-net
acl local-net {
127.0.0.1;
};
// server ip of THIS server
acl server-ip {
192.168.15.1; <== change this to your server ip.
};
// Private network of THIS server
acl home-net1 {
192.168.15.0/24; <== change this to your need
};
// Other Private network
// acl home-net2 {
// 192.168.18.0/24;
// };
// your External DNS Servers
acl extern-dns1 {
213.197.28.3; <== set here the DNS of your provider
};
acl extern-dns2 {
213.197.30.28; <== set here the DNS of your provider
};
// your Primary Internal DNS Servers (aka THIS Server)
acl intern-dns1 {
192.168.15.1;
};
// your Secondary slave DNS Servers on
acl intern-dns2 {
192.168.15.1;
};
///// Defined ACL's End ////////
///// View Statments's Begin //////// Not tested yet by me.
// restrict remote users from looking up the server version
// view "chaos" chaos {
// match-clients {any;};
// allow-query {none;};
// zone "." {
// type hint;
// file "/dev/null";
// };
// };
///// View Statments's End ////////
////// Defined OPTIONS Begin //////
options {
// version statement for security to avoid hacking known weaknesses
version "0.0.0";
directory "/var/cache/bind";
// query-source address * port 53;
listen-on-v6 { none; };
listen-on port 53 { "server-ip"; "local-net"; };
// optional - disables transfers except from slave
// allow-transfer { none; ); // for master
// allows notifies only from master
// allow-notify { none; }; // for slave
allow-query { "home-net1"; "local-net"; };
forwarders { 213.197.28.3; 213.197.30.28; }; <== set here
the DNS of your provider, MUST BE IP numbers
// forward first; // I like to resolve first to my own domain
auth-nxdomain no; # conform to RFC1035 ( = no )
notify no; // default no notify define this in the zone
};
////// Defined OPTIONS End //////
logging {
channel syslog_errors {
syslog daemon;
severity info;
};
channel query_file {
file "/var/log/bind-query.log"; This is only needed
if you want to use bindgraph. demo here http://frejus.itgate.net/as112/
print-time yes; for debian
apt-get install bindgraph
};
category default{ syslog_errors; };
category queries { query_file; };
category lame-servers { null; };
};
////// Control Statments Begin //////
// Also see SIG Key //
controls {
inet 127.0.0.1 port 953
allow { "home-net1"; "local-net"; } keys { "rndc-key"; };
};
////// Control Statments End //////
#########setup your own domain ########## and your up and running with ddns
with dhcp-client.
Now set te resolve in samba
USE PROXY DNS = YES
BE a wins server to yes
and your resolving is much faster.
More information about the samba
mailing list