DHCP

DDNS and DHCP are complementary services. DHCP doles out the addresses and DNS helps you find the address.

The ISC is also implementing a DHCP server for UNIX systems. As I write this, DHCP 2.0 is the production version and in common use. DHCP 3.0 is in beta. The 2.0 distribution does not support dynamic DNS updates. The 3.0 beta does support dynamic updates but the documentation carries big warnings about not being final, so use it at your own peril and only if you need the features. But a production release might be available by the time you read this. As with BIND, you can get DHCP from the ISC ftp site: ftp://ftp.isc.org/isc/dhcp/. See its Web site at http://www.isc.org/products/DHCP/ for more information about the available releases, their status, and features. I will not even try to describe the design, implementation, and usage issues connected with DHCP; I will simply discuss some DHCP/DNS integration issues. Please see The DHCP Handbook for more complete information about DHCP, both the standard and the implementation.

Mixing DNS and DHCP Implementations

Some people want to use Windows DHCP with BIND DNS, or vice versa. I have not had the opportunity to try either combination, but the general advice available on the Net about this is "don't." It apparently works better if you keep Windows DHCP paired with Windows DNS and ISC DHCP paired with ISC DNS.

DHCP and Static DNS Entries

Due to the lack of support for dynamic DNS support in DHCP 2 and, more significantly perhaps, the potential management overhead if everyone could grab any name and get an IP address to go, a lot of sites use fixed names for their DHCP range. In BIND 8 it's quite easy to enter such ranges in zone files too, using $GENERATE which was introduced in Chapter 2. In such a case, the 16 new penguin employee computers would be assigned an IP range, such as 192.168.55.220 to 229, and the names would be entered thus:

 $GENERATE 220-229 dhcp$ A 192.168.55.$ 

The names would be dhcp220.penguin.bv and so forth. This is a good way to do it; it is simple and low maintenance. For hosts that you want to have fixed IP numbers or fixed hostname, ISC DHCP 2 provides a way for you to assign them. In the dhcpd.conf file, insert something like this:

 host gentoo {         hardware ethernet 00:60:1d:1f:1e:f7;         fixed-address 192.168.55.55; } 

This assigns the given IP address to the host bearing the given Ethernet address. Just enter the name in DNS in the usual manner. The "gentoo" part of the host statement is arbitrary, but it would be good policy to assign 192.168.55.55 the name gentoo.penguin.bv.

DHCP and Dynamic DNS Entries

As I mentioned earlier, version 3 of the ISC DHCP distribution can do dynamic updates of DNS based on the hostname the client wants. However, the how of this integration has not been entirely worked out at this time so I'll refrain from teasing you with what you can't do. The DHCP Handbook has more information about how it is supposed to work.

The DNS update conditionals allow the DHCP server to specify update conditions to the DNS server such as "if the name already is in use" to forbid users from using new names or "if the name is not present" to forbid users from using names already in use. Whichever way you want it is a pure administrative decision and what you can allow depends on how much you trust your users. If you don't trust your users, I recommend that you give them static names.

Dynamic Updates by the Client

I have assumed that the DHCP server would do the DNS updates. Of course it does not have to, and indeed, on a limited scale it might be easier to do on the client's server. Doing it from the DHCP server gives low ACL/key maintenance overhead and, if need be, full control of what gets added. But there is nothing stopping you from giving the DHCP (or PPP) client access to update DNS. By running a simple script after the interface has been assigned, an address DNS can be updated:

 #!/bin/sh PATH=/sbin:/usr/sbin:/bin:/usr/bin export PATH IF=hme0 NAME=gentoo.dyn.penguin.bv TTL=60 IP=`ifconfig $IF | awk '/inet/ { print $2; }'` nsupdate <<EOC update delete $NAME update add $NAME $TTL A $IP EOC 

The script shown here works on Solaris. It needs to be adapted to other OSes; the interface names and the output of ifconfig vary wildly between OSes. Also add the -k option if you want to use TSIG signing.