[Samba] [Fwd: Samba-3 By Ex Chapt 3] .No good.. use Dynamic DNS Setup. / samba

Louis van Belle louis at van-belle.nl
Fri Jul 8 08:05:31 GMT 2005 

You could use dynamic Dns.. .so what is it.. 
simple, you setup your dns, set your server to resolve it first. 
1 problem, you have dhcp assigned ip adres and your resolve.conf 
is changed everytime.

wel here is te solution
What you need: 
Bind9 , DHCP3-client ( if you get ip by dhcp from provider ) 
DHCP3-server


1) setup your dhcp client. ( not needed if you have static ip NOT assigned
bij DHCP from provider )
in /etc/dhcp3/dhclient.conf : 
send dhcp-lease-time 31449600;			<== set this if you want.
supersede domain-name "obl.clangame.nl";		<== set this to YOUR
LOCAL DNS Domain  This make your server to resove YOUR domain first.
prepend domain-name-servers 127.0.0.1;		<== set this to localhost 
request subnet-mask, broadcast-address, routers, host-name,
	domain-name, domain-name-servers, 		<== if above is not
working, remove this line.
	netbios-name-servers, netbios-scope;
#require subnet-mask, domain-name-servers;

if now an ip is assigned it wil put 
search obl.clangame.nl
nameserver 127.0.0.1
in the resolve.conf

this make 1 resolve YOUR domain first, and resolve first over YOUR NDS.

2) automatic adding dhcp-clients (your pc's) to the dns.
in the /etc/dhcp3/dhcpd.conf  
192.168.15.1 is my server where samba, dhcp server and client and dns is
running on.

# Sample configuration file for ISC dhcpd for Debian
server-identifier generals;			<== generals is my
servername.
authoritative;
log-facility local7;
ddns-update-style interim;
    allow-cient-updates;
    ddns-updates on;
    ddns-domainname "obl.clangame.nl";	<== obl.clangame.nl is my local
domain at home.
    ddns-rev-domainname "15.168.192.in-addr.arpa";	<== my local net.
192.168.15.0/24 ( 192.168.15.0/255.255.255.0 ) 

    
key ddns-key {
<=== key = ddns-key , but ddns-key could also be some other name
    algorithm hmac-md5; secret "ddnsHereWasSomeTh1ingElse"; 	<=== more on
this at the dns setup.  my key starts with ddns-secretkey
    }
This one is needed to allow dhcp3-server to update bind9 (the dns)
zone obl.clangame.nl. {
<== these are also defined in your dns.	The HOST Zone
    primary 127.0.0.1;
<== define your dns server IP
    key ddns-key;
<== dont forget your ddnskey
    }
zone 15.168.192.in-addr.arpa. {
<== these are also defined in your dns.	The REVERSE Zone ( ptr records )
    primary 127.0.0.1;
<== define your dns server IP
    key ddns-key;
<== dont forget your ddnskey
    }
#
#
# use shared-network if you have a interface alias like eth0 and et0:1
# Shared Network on marco
shared-network obl.clangame.nl {
	# Subnet definition for Servers LocalNet
	subnet 127.0.0.0 netmask 255.0.0.0 {
		}
	# Subnet definition for marco options
	subnet 192.168.15.0 netmask 255.255.255.0 {
		range 192.168.15.30 192.168.15.45;
		option broadcast-address 192.168.15.63;
		option subnet-mask 255.255.255.0;
		option domain-name "obl.clangame.nl";
		option domain-name-servers 192.168.15.1;
		option netbios-name-servers 192.168.15.1;
		option netbios-node-type 8;
		option ntp-servers 192.168.15.1;
		option routers 192.168.15.1;
		default-lease-time 86400;
		max-lease-time 172800;
		one-lease-per-client on;
		option ip-forwarding off;
		option time-offset -18000;
		allow unknown-clients;
		}
	}

Wel , now is your dhcp server and client setup, and ready to go.
Now te hard part.  BIND9 i use the Debian standard, so 3 config files for
bind.
1) the named.conf, nothing to do here.
2) the named.conf.options, Check this one and adjust as needed.
3) the named.conf.local	, add your domains here. i use webmin to do that.

// This is the primary configuration file for the BIND DNS server named.
// If you are just adding zones, please do that in
/etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
zone "." {
        type hint;
        file "/etc/bind/db.root";
};
zone "localhost" {
        type master;
        file "/etc/bind/db.local";
        allow-transfer { localhost; };
#       allow-update{none;};
};
zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
        allow-transfer { localhost; };
#       allow-update{none;};
};
zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};
# below works in bind9 from sarge ( testing )
#zone "com" { type delegation-only; };
#zone "net" { type delegation-only; };
// From the release notes:
//  Because many of our users are uncomfortable receiving undelegated
answers
//  from root or top level domains, other than a few for whom that behaviour
//  has been trusted and expected for quite some length of time, we have now
//  introduced the "root-delegations-only" feature which applies
delegation-only
//  logic to all top level domains, and to the root domain.  An exception
list
//  should be specified, including "MUSEUM" and "DE", and any other top
level
//  domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };
include "/etc/bind/named.conf.local";



#################  the named.conf.local ######## 
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
// include "/etc/bind/zones.rfc1918";
zone "obl.clangame.nl" {
	type master;
	file "/etc/bind/db.obl.clangame.nl.hosts";
	allow-update { key ddns-key; };
	allow-query { "home-net1"; "local-net"; };
	allow-transfer { "home-net1"; "local-net"; };
	};
zone "15.168.192.in-addr.arpa" {
	type master;
	file "/etc/bind/db.obl.clangame.nl.rev";
	notify no; // yes if you also have a dns slave server
	allow-update { key ddns-key; };
	allow-query { "home-net1"; "local-net"; };
	allow-transfer { "home-net1"; "local-net"; };
	};

############# the most dificult ,,,.. the NAMED.CONF.OPTIONS
################
First, to know, you dns has key for updating records.
try in /etc/bind   `cat rndc.key`  
you must see something like this. 
key "rndc-key" {
        algorithm hmac-md5;
        secret "Changeed2P0tectMe";
};

!!!!!!! DO NOT CHANGE THIS KEY WHEN BIND IS RUNNING.
if you did, i think you better run these commands.
kill -15 `ps -A | grep named | cut -c1-6`  

The real config.. 

###########################  named.conf.options ################
////// SIG KEY's Begin ///////
//  =>  more info:  man rndc
// Also see Controles  /// 
key rndc-key {
	algorithm hmac-md5;
	secret "Changeed2P0tectMe";			<== add or check
this with your /etc/bind/rndc.key
};
key "ddns-key" {
	algorithm hmac-md5;
	secret "ddnsHereWasSomeTh1ingElse";		<== change this to
your need
};
////// SIG KEY's END ////////

///// Defined ACL's Begin ////////
// Localhost aka local-net
acl local-net {
	127.0.0.1;
	};
// server ip of THIS server
acl server-ip {
	192.168.15.1;		<== change this to your server ip.
	};
// Private network of THIS server
acl home-net1 {
	192.168.15.0/24;		<== change this to your need
	};
// Other Private network 
// acl home-net2 {
//	192.168.18.0/24;
//	};
// your External DNS Servers
acl extern-dns1 {
	213.197.28.3;		<== set here the DNS of your provider
	};
acl extern-dns2 {
	213.197.30.28;		<== set here the DNS of your provider
	};
// your Primary Internal DNS Servers (aka THIS Server)
acl intern-dns1 {
	192.168.15.1;
	};
// your Secondary slave DNS Servers on
acl intern-dns2 {
	192.168.15.1;
	};

///// Defined ACL's End ////////

///// View Statments's Begin ////////  Not tested yet by me.
// restrict remote users from looking up the server version 
// view "chaos" chaos {
// 	match-clients {any;};
// 	allow-query {none;};
// 	    zone "." {
// 	    type hint;
// 	    file "/dev/null";
// 	    };
// 	};
///// View Statments's End ////////


////// Defined OPTIONS Begin //////
options {
	// version statement for security to avoid hacking known weaknesses
	version "0.0.0";
	directory "/var/cache/bind";
	// query-source address * port 53;
	listen-on-v6 { none; };
	listen-on port 53 { "server-ip"; "local-net"; };
	// optional - disables transfers except from slave
//	allow-transfer { none; );  	// for master
	// allows notifies only from master
//	allow-notify { none; }; 	// for slave
	allow-query { "home-net1"; "local-net"; };
	forwarders { 213.197.28.3; 213.197.30.28; };		<== set here
the DNS of your provider, MUST BE IP numbers
	// forward first;    // I like to resolve first to my own domain
	auth-nxdomain no;    # conform to RFC1035 ( = no )
	notify no;   // default no notify define this in the zone
};
////// Defined OPTIONS End //////

logging {
	channel syslog_errors {
	    syslog daemon;
	    severity info;
	    };
	channel query_file { 
	    file "/var/log/bind-query.log"; 		This is only needed
if you want to use bindgraph. demo here http://frejus.itgate.net/as112/ 
	    print-time yes; 					for debian
apt-get install bindgraph 
	    };

	category default{ syslog_errors; };
	category queries { query_file; };
	category lame-servers { null; };
};

////// Control Statments Begin //////
// Also see SIG Key // 
controls { 
	inet 127.0.0.1 port 953 
	allow { "home-net1"; "local-net"; } keys { "rndc-key"; }; 
};
////// Control Statments End //////


#########setup your own domain ########## and your up and running with ddns
with dhcp-client.

Now set te resolve in samba 
USE PROXY DNS = YES 
BE a wins server to yes

and your resolving is much faster.

More information about the samba mailing list