| DNS and DHCP services in OES Linux are provided by the traditional open source Bind and ISC DHCP Server programs. These programs are not installed by default in OES Linux, and if desired must be manually installed after the main server installation, or installed during a custom installation of OES Linux. Unlike OES NetWare, these components are not integrated into eDirectory or managed through iManager. DNS and DHCP manage the assignment and discovery of IP addresses on a network. Both of these services are managed via YaST modules, under the Network Services category. Complete configuration of both of these services can be quite complex and is beyond the scope of the book. This section will provide a brief introduction to these services, as well as basic configuration information. For complete information on these services, refer to specific documentation for each service. Installing DNS and DHCP Services DNS and DHCP services can be installed as an optional service during the OES Linux installation routine. It can also be installed as a post-installation task through YaST. To install DNS/DHCP services from YaST, each component (DNS and DHCP) must be installed separately. Complete the following steps to install the DHCP server: 1. | Access YaST from a terminal using yast, or from a graphical environment using yast2 or the YaST launcher from the application menu.
| 2. | Select the Network Services category in YaST. From within this category, locate and select the DHCP Server module. This module will detect that the rpm for dhcp-server is missing and ask if you want to install it. Select Continue to install the necessary packages.
| 3. | At the conclusion of the software installation, SuSEconfig is executed to update the system configuration. When this completes, the configuration of the DNS server will begin automatically.
| 4. | The first step of configuring the DHCP Server is determining which interface the DHCP server will run on. Select the appropriate interface and click Next.
| 5. | At the DHCP Global Settings page, enter the following information and click Next:
- LDAP Support To store the DHCP configuration in LDAP, select this option. This is not normally used with eDirectory.
- Domain Name Contains the domain name used when leasing addresses to clients.
- Primary Name Server IP Enter the IP address of the primary DNS name server. If you're using DNS, this may be the address of the local server.
- (Optional) Secondary Name Server IP Enter the IP address of a secondary DNS name server.
- Default Gateway (Router) Enter the IP address of the default gateway on the current LAN segment.
- (Optional) Time Server Enter the IP address of the NTP server used for synchronizing time.
- (Optional) Print Server Enter the IP address of the print server to be offered to clients. If you are using iPrint, this is not necessary.
- (Optional) WINS Server Enter the IP address of a Windows Internet Naming Service (WINS) server if desired.
- Default Lease Time Enter the default amount of time an address is leased to clients. Use the drop-down box to select time in Days, Hours, Minutes, or Seconds.
| 6. | At the Dynamic DHCP page, enter the following information and click Next:
- First IP Address Enter the first valid IP address to be leased to clients.
- Last IP Address Enter the last valid IP address to be leased to clients. This must reside on the same subnet as the First IP Address.
- Default Lease Time Enter the default amount of time an address in the current address block is leased to clients. Use the drop-down box to select time in Days, Hours, Minutes, or Seconds.
- (Optional) Max Lease Time Enter the maximum amount of time an address is blocked for use by a client. Use the drop-down box to select time in Days, Hours, Minutes, or Seconds.
| 7. | After completing the configuration of DHCP, determine whether the DHCP server should start automatically at server power on, and press Finish to complete the installation.
|
After DHCP has been installed, complete the following steps to install the DNS server: 1. | Access YaST from a terminal using yast, from a graphical environment using yast2, or from the YaST launcher from the application menu.
| 2. | Select the Network Services category in YaST. From within this category, locate and select the DNS Server module. This module will detect that the rpm for bind is missing and ask if you want to install it. Select Continue to install the necessary packages.
| 3. | At the conclusion of the software installation, SuSEconfig is executed to update the system configuration. When this completes, the configuration of the DNS server will begin automatically.
| 4. | The first configuration item that must be configured is the Forwarder Settings. This option determines whether the PPP daemon is allowed to adjust the Forward configuration upon connection. For most installation, this should be left at Set Forwarders Manually. This option can also be adjusted after completing the installation. Make an appropriate selection and click Next.
| 5. | At the DNS Zone configuration screen, the DNS zones that will be managed by this server can be configured. Any zones added during the installation can be edited after the fact. Also, additional zones can be modified after completing the DNS installation. If you are unsure of your DNS configuration, this screen can be left blank for the time being. When ready, click Next to continue.
| 6. | The final installation screen for the DNS server Installation allows you to determine when the DNS server is startedduring bootup or manually. If your DNS configuration is complete, select On; otherwise, select Off until the configuration is complete. To complete the installation of DNS, click Finish.
|
With DNS/DHCP services installed on the network, an IP client can establish a connection with the network by leasing an IP address from a pool of available addresses, rather than requiring that the workstation be assigned a fixed address individually. This makes IP address management much easier. When the IP client is connected to the network, it can automatically detect available DNS name servers, through which it can translate domain names (for example, www.novell.com) into its corresponding IP address (for example, 137.65.168.1). This enables the client to communicate with the server properly. Domain names are a benefit to the human users of computers, not the computers themselves. All DNS/DHCP configuration and management can be performed through direct configuration file editing from a terminal, or through the YaST management utility. For more information on the basics of YaST, see Chapter 6, "SUSE Linux Enterprise Server Management." As DNS and DHCP can be extremely complex and customized for specific network needs, an in-depth discussion on these services does not fit within the scope of this book. However, the remaining content of this section will briefly discuss the basic configuration of both DNS and DHCP services. For more detailed information on these services, refer to the SLES online manual or the documentation installed with each service. Configuring DHCP Services Configuring the DHCP environment involves the following steps: PLANNING DHCP Before using DHCP for the first time, you need to gather a lot of network information: Make a list of all IP hosts to be served by the DHCP server. Include all devices that use network addresses on every segment of your network. Compile a list of current IP address assignments. Organize your lists of hosts and IP addresses by geographic location. For example, if your network is spread over a WAN, make a list for each location to help you organize the distribution of DHCP resources. You must have a list of all permanently assigned network addresses. You might also want to make a list of devices that are to be denied IP addresses and those hosts that are to receive strict address limitations.
Another major issue is deciding how long to set your client leases. You must strike a balance between the amount of network traffic and the amount of flexibility in the system. The longest lease provided by a DHCP server determines the length of time you might have to wait before configuration changes can be propagated within a network. Consider the following issues when setting lease times: Keep leases short if you have more users than IP addresses. Shorter leases support more clients but increase the load on the network and DHCP server. A lease of two hours is long enough to serve most users, and the network load will probably not be significant. Leases shorter than this start to increase network and server load dramatically. Leases should be set twice as long as typical interruptions, such as server and communications outages. Decide how long your users should be able to go without contacting the DHCP server, and double it to get recommended lease duration. Hosts that are advertising services on the network, such as Web servers, should not have an IP address that is constantly changing. Consider permanent assignments for these hosts. The deciding factor should be how long you want the host to be able to keep an assigned address.
The default of three days is usually a pretty good balance between the need for a shorter and a longer lease. CONFIGURING THE DHCP SERVER Configuring the DHCP server is performed with the YaST DHCP Server module. If this is the first time you have used this module, you are presented with the same configuration wizard described in the DHCP Installation steps earlier in this chapter. When you launch the DHCP YaST module after having gone through the default configuration wizard, you are presented with the following general categories of options: Start-Up Offers the option of starting the DHCP Server automatically upon server startup, or using a manual start setting. Card Selection Allows you to specify the network interface card used for by the DHCP Server. Global Settings Provides the same options outlined in the Global Settings section of the DHCP installation process earlier in this chapter. Dynamic DHCP Provides the same options outlined in the Dynamic DHCP section of the DHCP installation process earlier in this chapter. Host Management Used to manually register hosts and configure IP addresses for those hosts based on their hardware address. Expert Settings Used to configure expert options for the DHCP server. After you've entered this category, you cannot return to the simplified view until the changes are saved and the module is restarted.
The configuration of the DHCP server is stored in the /etc/dhcp.conf file. If necessary, this file can be edited manually. After making any changes, be sure to restart the DHCP service for those changes to take effect. STARTING DHCP SERVICES When you have completed the configuration of the DHCP server, YaST should automatically start up the daemon. If necessary, you can also start the DHCP daemon by issuing the following command: rcdhcpd start
This same command can stop the daemon with a stop command-line parameter. You typically won't need to do anything beyond this. If problems are encountered, check the system log file (/var/log/messages) for details. To enable DHCP services on a client workstation, simply configure the TCP/IP properties to obtain an IP address automatically. The next time the client starts, it will send a request to the DHCP server for an IP address. WARNING Client configuration settings will override the configuration received from a DHCP server. The only exception is the hostname parameter set on the DNS Configuration tab of the TCP/IP Properties window.
For detailed information on DHCP configuration options, see the SLES online documentation. Configuring DNS Services Similar to DHCP, configuring the DNS environment involves the following steps: - Planning DNS
- Configuring the DNS server
- Starting DNS services
PLANNING DNS Consider the following issues and recommendations as you plan your DNS environment: You will configure a primary DNS name server, which is considered the authoritative source for DNS information. For load balancing and fault tolerance, plan to install one primary and at least one secondary name server. Secondary name servers receive their zone data from the primary name server. When it starts, and at periodic intervals, the secondary checks with the primary to see whether any information has changed. If the information on the secondary is older than that on the primary, a zone transfer occurs to update the secondary name server's information. If you are running a primary name server and providing DNS service for a zone, the size or geography of your network might require creating subzones within the zone. If a name server cannot answer a query, it must query a remote server. This is particularly relevant for Internet domain queries. The Bind DNS server allows you to configure primary and/or secondary name servers to act as forwarders. Forwarders that handle the off-site queries develop a robust cache of information. When using forwarders, configure the other name servers in your zone to direct their queries to the forwarder. The forwarder can typically respond to any given query with information from its cache, eliminating the need to pass an outside query to a remote server.
Considering the issues discussed here will help make sure your DNS environment is planned properly. CONFIGURING THE DNS SERVER Configuring the DNS server is performed with the YaST DNS Server module. If this is the first time you have used this module, you are presented with the same configuration process described in the DNS Installation steps earlier in this chapter. When you launch the DNS YaST module after having gone through the default configuration, you are presented with the following general categories of options: Start-Up This selection offers the option of starting the DNS server automatically upon server startup or using a manual start setting. The DNS server can also be started and stopped directly from this screen. Finally, this screen also provides the option to enable LDAP support with the DNS server. Forwarders This screen is used to allow the PPP daemon to automatically configure forwarders. Forwarders can also be set for manual mode and any manual forwarders can be directly entered into the forwarding list on this screen. Basic Options This screen is used to configure basic options for the main DNS server configuration. Common options are available as a drop-down box and values for each option can be manually set and entered into the configuration file. Logging This screen is used to configure logging options, including where the log files should be stored and what type of logging details are recorded. ACLs This screen is used to configure Access Control Lists (ACLs) to provide security for zone access. TSIG Keys This screen is used to configure TSIG keys, which are required for authentication when using Dynamic DNS. DNS Zones This screen is used to add zones managed by the DNS server. After adding a zone, an additional option, Edit Zone, becomes available. Use this option to perform advanced zone customizationincluding adding resource records to the domain.
The general configuration of the DNS server is stored in the /etc/named.conf file. In addition to this configuration file, zone-specific information is written to configuration files found in the /var/lib/named directory structure. If necessary, you can edit these files manually. After making any changes, be sure to restart the DNS service for those changes to take affect. STARTING DNS SERVICES When you have completed the configuration of the DNS server, YaST should automatically start up the daemon. If necessary, you can also start the DNS daemon by issuing the following command: rcnamed start
This same command can stop the daemon with a stop command-line parameter. When started, named should start responding to queries for the zone. If you encounter problems, check the system log file (/var/log/messages) for details. To enable DNS services on a client workstation, simply configure the TCP/IP properties to obtain DNS server addresses automatically. The next time the client starts, it will dynamically query for DNS information on the network. For detailed information on DNS configuration options, see the SLES online documentation. |
