| Novell DNS/DHCP services in NetWare 6.5 integrate the Domain Name Service (DNS) and Dynamic Host Configuration Protocol (DHCP) into the eDirectory database. Integrating these services into eDirectory provides centralized administration and enterprise-wide management of network (IP) addresses, configuration, and hostnames. DNS and DHCP manage the assignment and discovery of IP addresses on a network. By integrating this information into eDirectory, network administrators can manage both DNS and DHCP information together with regular eDirectory information from a single, centralized location. The DNS/DHCP information is stored in the eDirectory database, so it is distributed and replicated just like other eDirectory data, making it easier to access and manage. The DNS/DHCP Management utility is available through iManager. Installing DNS/DHCP Services DNS/DHCP services can be installed as an optional service during the NetWare 6.5 installation routine. It can also be installed as a post-installation task through iManager. When you install DNS/DHCP services as an optional product during the server installation, the eDirectory schema is extended to support a variety of DNS- and DHCP- related objects. These objects help keep track of IP addresses, DNS and DHCP servers, configurations, host addresses, zones, and the like. To install DNS/DHCP services from iManager, complete the following steps: -
Launch iManager and open the Install NetWare 6.5 Products link, and then select Install and Upgrade -
Click Remote Product Install in the right frame. -
Browse to the location of the NetWare 6.5 Operating System CD-ROM and click OK. -
Browse to and select the server to which you want to install DNS/DHCP services. Click Next . Authenticate as an Admin user to the server you selected. -
At the Components screen, select only Novell DNS/DHCP Services and click Next. -
At the Summary screen, select Copy Files to install DNS/DHCP services. You will need to insert or specify the location of the NetWare 6.5 Products CD-ROM. -
Specify the context for the three main DNS/DHCP objects and click Next. More information on each of these objects is provided later in this section. TIP These objects should be located close to the top of the tree where they can be quickly located. -
At the Installation Complete screen, click Close to complete the installation. With DNS/DHCP services installed on the network, an IP client can establish a connection with the network by leasing an IP address from a pool of available addresses, rather than requiring that the workstation be assigned a fixed address individually. This makes IP address management much easier. Once connected to the network, the IP client can automatically detect available DNS name servers, through which it can translate domain namesfor example, www.novell.cominto its corresponding IP address(for example, 137.65.168.1) . This enables the client to communicate with the server properly. Domain names are a benefit to the human users of computers, not the computers themselves . All DNS/DHCP configuration and management is handled through iManager. For more information on the basics of iManager, see Chapter 3. There are several aspects to the configuration of DNS/DHCP services for your NetWare 6.5 network, but the four primary tasks are -
Planning for DNS/DHCP -
Setting DNS/DHCP scope -
Configuring DHCP -
Configuring DNS Planning for DNS/DHCP There are three objects to which all DNS/DHCP servers need to have access: -
DNS/DHCP Group -
DNS/DHCP Locator -
RootServerInfo Zone Locate the DNS/DHCP objects near the top of your eDirectory tree. You might also want to create an administrative role for DNS/DHCP. Once created, you can assign any User objects you want to be able to use iManager to configure DNS/DHCP, as members of this group. For more information on creating iManager roles, see Chapter 3. Consider the following eDirectory issues to maintain optimal performance when providing DNS/DHCP services on your NetWare network: -
Where to locate DNS and DHCP servers: Plan to locate your DNS and DHCP servers so that they are physically close to the hosts that require their services. Plan to have one DHCP server in each partition of your network to minimize impact on WAN communications. -
Which replication strategy to employ : Replicate the partition containing the DNS/DHCP Group and Locator objects to all parts of the network that use DNS/DHCP services to ensure access in the event of system unavailability or hardware problems. -
How to provide fault tolerance: When planning your DNS replication strategy, consider that replication is employed for load balancing when you provide multiple name servers within the DNS zone. Well-planned replication is the best way to provide fault tolerance for DNS/DHCP services. Keeping these issues in mind will help ensure the integrity and performance of your DNS/DHCP environment. Setting DNS/DHCP Scope Setting the scope of the DNS/DHCP services specifies the context of the Locator object and the administrative scope for the iManager session. Defining these two values first will improve performance in larger eDirectory environments because it eliminates the need to search for the Locator object and it restricts the retrieval of DNS/DHCP objects to the scope you specify, instead of searching the entire tree. DNS/DHCP Scope settings will normally last only for the duration of the DNS/DHCP session. However, if you configure DNS/DHCP Scope settings for either DNS or DHCP Management, the settings apply across the session to both roles. To configure DNS/DHCP Scope settings, complete the following steps: -
In iManager, open either the DNS or DHCP link and select DNS/DHCP Scope Settings. -
Specify the eDirectory context of the DNS/DHCP Locator object. -
Specify the eDirectory container object that will provide the administrative scope of the current session. -
Click OK. Setting the DNS/DHCP scope effectively constrains the DNS/DHCP environment within which you will be working during this iManager session. Configuring DHCP Services Configuring the DHCP environment involves the following steps: -
Planning DHCP -
Creating DHCP objects -
Starting DHCP services Planning DHCP Before using DHCP for the first time, you need to gather a lot of network information: -
Make a list of all IP hosts to be served by the DHCP server. Include all devices that use network addresses on every segment of your network. -
Compile a list of current IP address assignments. Organize your lists of hosts and IP addresses by geographic location. For example, if your network is spread over a WAN, make a list for each location to help you organize the distribution of DHCP resources. -
You must have a list of all permanently assigned network addresses. You might also want to make a list of devices that are to be denied IP addresses and those hosts that are to receive strict address limitations. Another major issue is deciding how long to set your client leases. You must strike a balance between the amount of network traffic and the amount of flexibility in the system. The longest lease provided by a DHCP server determines the length of time you might have to wait before configuration changes can be propagated within a network. Consider the following issues when setting lease times: -
Keep leases short if you have more users than IP addresses. Shorter leases support more clients , but increase the load on the network and DHCP server. A lease of two hours is long enough to serve most users, and the network load will probably not be significant. Leases shorter than this start to increase network and server load dramatically. -
Leases should be set twice as long as typical interruptions, such as server and communications outages. Decide how long your users should be able to go without contacting the DHCP server, and double it to get a recommended lease duration. -
Hosts that are advertising services on the network, such as Web servers, should not have an IP address that is constantly changing. Consider permanent assignments for these hosts. The deciding factor should be how long you want the host to be able to keep an assigned address. The default of 3 days is usually a pretty good balance between the need for a shorter and a longer lease. Creating DHCP Objects After you gather the necessary information, you need to create eDirectory objects to represent this information in eDirectory. Create a DHCP Server object from which to configure the DHCP environment. Create Subnet objects to represent each LAN segment. Create one or more Subnet Address Range objects to represent all your contiguous strings of IP addresses for each LAN subnet. When a DHCP server makes or modifies address assignments, it updates the database. The partition where this database is stored should have at least two writeable replicas. Having only one replica might be unsafe due to a lack of fault tolerance, but three can be too costly in terms of replication overhead. To create the necessary DHCP objects, complete the steps in the following sections. Creating a DHCP Server Object Use iManager to install a DHCP Server object in any of the following container objects, based upon the needs of your network: Organization, Organizational Unit, Country, or Locality. -
From iManager, open the DHCP link and select DHCP Server Management. -
Select Create Server from the drop-down menu and click OK. -
Browse to and select the server that will act as a DHCP server, and select Create. -
At the Request Succeeded message screen, click OK. The DHCP Server object will be used as part of the management infrastructure for DHCP. Creating a Subnet Object Use iManager to create and set up a DHCP Subnet object for each of the subnets to which you will assign addresses, by completing the following steps: -
From iManager, open the DHCP link and select Subnet Management. -
Select Create Subnet from the drop-down menu, and select OK. -
At the Create Subnet screen, enter the required information and select Create. -
Subnet Name: Specify a unique name for this Subnet object. -
eDirectory Context: Specify the eDirectory context where the subnet record will be stored. -
Subnet Address: Specify the IP subnet address. -
Subnet Mask: Specify the IP subnet mask. -
Default DHCP Server: Specify the DHCP server that will manage this subnet. By default, this server is assigned all address ranges created under the subnet. -
At the Request Succeeded message screen, click OK. IP Address objects are simultaneously created to exclude routing and broadcast addresses. Creating Subnet Address Range Objects Use iManager to create and set up Subnet Address Range objects for each pool of addresses you want to be dynamically assigned by DHCP. To create and set up a Subnet Address Range object, complete the following steps: -
From iManager, open the DHCP link and select Address Range Management. -
Select Create Address Range from the drop-down menu, and select OK. -
At the Create Address Range window, enter the required information and select Create. -
Select the Subnet: Specify the subnet for which the address range is required from the drop-down menu. -
Address Range Name: Specify a unique name for the subnet address range. -
Start Address: Specify the beginning of the address range. -
End Address: Specify the end of the address range. -
At the Request Succeeded message screen, click OK. Optionally , you can also use iManager to create specific IP Address objects if you have certain addresses that need to be assigned to specific devices, or excluded from dynamic assignment. This requires you to specify the client's Media Access Control (MAC) address or client ID. Starting DHCP Services Once you have created the necessary DHCP objects in eDirectory, you can start DHCP services on your server by entering the following command at the server console prompt: LOAD DHCPSRVR You typically won't need to anything beyond this, but DHCPSRVR.NLM does support some command-line parameters for specific functions, as noted in Table 5.1. Table 5.1. DHCPSRVR.NLM Command-Line Parameters | PARAMETER | DESCRIPTION | | -d1 | Turns on a screen log of DHCP packets on the NetWare server. | | -d2 | Turns on a screen log of debug statements and DHCP packets on the NetWare server. | | -d3 | In addition to -d2 , this parameter sends the DHCP log to a file called SYS:ETC\DHCPSRVR.LOG . | | -h | Displays the command-line syntax. | | -py | Sets the global polling interval to every y minutes. | | -s | Forces the DHCP server to read and write from the Master replica. | To enable DHCP services on a client workstation, simply configure the TCP/IP properties to obtain an IP address automatically. The next time the client starts, it will send a request to the DHCP server for an IP address. WARNING Client configuration settings will override the configuration received from a DHCP server. The only exception is the hostname parameter set on the DNS Configuration tab of the TCP/IP Properties window.
For detailed information on DHCP configuration parameters, see the NetWare 6.5 online documentation. Configuring DNS Services Similar to DHCP, configuring the DNS environment involves the following steps: -
Planning DNS -
Creating DNS objects -
Starting DNS services Planning DNS Consider the following issues and recommendations as you plan your DNS environment: -
You will configure a primary DNS name server, which is considered the authoritative source for DNS information. For load balancing and fault tolerance, plan to install one primary and at least one secondary name server. -
Secondary name servers receive their zone data from the primary name server. When it starts, and at periodic intervals, the secondary checks with the primary to see whether any information has changed. If the information on the secondary is older than that on the primary, a zone transfer occurs to update the secondary name server's information. -
If you are running a primary name server and providing DNS service for a zone, the size or geography of your network might require creating subzones within the zone. -
Novell recommends installing your NetWare 6.5 DNS name server as a primary to most efficiently take advantage of Dynamic DNS (DDNS). By doing this, if you make changes to the DHCP environment with iManager, those changes can be dynamically recognized by the primary DNS server. Secondary name servers, even non-NetWare secondary name servers, can transfer that revised data in from the primary server. -
If your NetWare servers will operate as secondary DNS servers to a non-Novell master name server, one Novell secondary name server must be specified as the Dynamic DNS or Zone In server (a server that receives zone transfer information from the master name server and updates eDirectory accordingly ). Other NetWare secondary name servers can then transfer the information from eDirectory. -
If a name server cannot answer a query, it must query a remote server. This is particularly relevant for Internet domain queries. Novell's DNS/DHCP services allow you to configure primary and/or secondary name servers to act as forwarders. Forwarders that handle the off-site queries develop a robust cache of information. When using forwarders, configure the other name servers in your zone to direct their queries to the forwarder. The forwarder can typically respond to any given query with information from its cache, eliminating the need to pass an outside query to a remote server. Considering the issues discussed here will help make sure your DNS environment is planned properly. Creating DNS Objects There are three main types of DNS objects that you will create for your DNS environment. The following sections provide the steps for creating each type. DNS Server Object The DNS Server object allows you to configure the operation of your DNS servers through eDirectory. To create a DNS Server object, complete the following steps: -
From iManager, open the DNS link and select DNS Server Management. -
Select Create Server from the drop-down menu and click OK. -
At the Create DNS Server screen, enter the required information and select Create. -
NCP Server Name: Browse to and select the NetWare server that will act as a DNS server. -
Hostname: Specify a unique hostname for the DNS Server object. -
Domain Name: Specify a domain name for the DNS server object. -
At the Request Succeeded message screen, select OK. Once created, the DNS Server object will allow you to manage your DNS environment through eDirectory. DNS Zone Object Zones define the group of domains and/or sub-domains for which you have authority. All host information for a zone is maintained in a single, authoritative database. To create a DNS Zone object, complete the following steps: -
From iManager, open the DNS link and select Zone Management. -
Select Create Zone from the drop-down menu, and select OK. -
At the Create DNS Zone screen, enter the required information and select Create. -
Zone Type: Select Create New Zone. The IN-ADDR ARPA zone is used for reverse look-ups, translating an IP address into a domain name. For more information on IN-ADDR ARPA zones, see the NetWare 6.5 online documentation. -
eDirectory Context: Specify a location for the Zone object. -
Zone Domain Name: Specify a domain name for the Zone object. -
Zone Type: Select Primary if this zone will be associated with the primary name server and will function as the authoritative source for domain information. Otherwise, select Secondary. -
(Conditional) Name Server IP Address: If this is a secondary zone, enter the IP address of the primary DNS name server from which this zone will receive its updates. -
(Conditional) Assigned Authoritative Zone Server: If the primary DNS server is a NetWare server, select it from the drop-down list. -
(Conditional) Name Server Information: If the primary DNS server is not a NetWare server, specify its complete hostname and, optionally, its domain. -
At the Request Succeeded message screen, select OK. You can create multiple DNS Zones to better manage more complex DNS environments, and each can be managed separately. (Optional) Resource Records A resource record is a piece of information about a domain name. Each resource record contains information about a particular piece of data within the domain. To create a new resource record, complete the following steps: -
From iManager, open the DNS link and select Resource Record Management. -
Select Create Resource Record from the drop-down menu, and select OK. -
At the Create Resource Record screen, enter the required information and select Create. -
Domain Name: Select the domain in which the resource record is to be created. -
(Optional) Hostname: Select the name of the host server. This binds a domain name with a hostname for a specific name server. -
Specify the Resource Record (RR) type and select Create. Depending on the type of RR you are creating, you will be required to specify different types of record data. For more information on RR types, see the NetWare 6.5 online documentation. -
At the Request Succeeded screen, select OK. You can create as many resource records as needed to properly describe and configure your DNS environment. Starting DNS Services After you have created and set up a DNS Server object and a DNS Zone object, enter the following command at the DNS server console: LOAD NAMED After NAMED.NLM is loaded, the DNS server can respond to queries for the zone. You typically won't need to do anything beyond this, but NAMED.NLM does support some command-line parameters for specific functions, as noted in Table 5.2. You can issue the LOAD NAMED command repeatedly to invoke different command-line options. Although the different features will toggle on/off, NAMED.NLM is loaded only the first time. Table 5.2. NAMED.NLM Command-Line Parameters | PARAMETER | DESCRIPTION | | -rp | This option can be used to add characters to the list of characters prohibited from use in DNS names. All characters in the list will be replaced by dashes (-) before storing them in eDirectory. | | -r [ONOFF] | Dynamic reconfiguration option tells the DNS server to periodically (every 15 minutes by default) reload the configuration data for the server and zones, and automatically check for added, deleted, and modified zones. | | -ft [ONOFF] | When enabled, the DNS server will start using the backup files if eDirectory is inaccessible. When off, the DNS server will not service the zones for which eDirectory is inaccessible. | | -? | Displays usage information. | | -dl | Sets the level of detail to be logged. Values are 1 to 5 for information, notice, warning, error, and critical respectively. You can also indicate the specific categories of messages that you want logged. For a complete list of log categories, see the NetWare 6.5 online documentation. | | -n < number of CPUs > | Specifies the number of CPUs available for use by DNS. Can specify from 1 to 32. | | -p | Specifies the port number used by DNS. Default port is 53. | | -mstats | Saves the DNS server's memory usage information to SYS:ETC\NAMED.MEM. This is useful for determining DNS server load. | | -qstats | Saves the DNS server's query statistics information to SYS:ETC\DNS\NAMED.STA . Can be used with -mstats information determine DNS server load. | | -pa | Purge all cache on the DNS server. | | - info | Provides information about all zones currently loaded in the DNS server. | | -v < volume name > | Enables clustering support for DNS by allowing DNS information to be stored on a volume other than SYS. | | -zi < zone name > | Forces named zone for zone-in transfer. | To enable DNS services on a client workstation, simply configure the TCP/IP properties to obtain DNS server addresses automatically. The next time the client starts, it will dynamically query for DNS information on the network. |
