|
Ozzzy's Mandrake Site Resolution for Windows and Unix I realize that DNS and DHCP can and will work together to provide a secure dynamic DNS environment. The problem is that many 'home' LANS may have a mixture of several operating systems, some of which may be incompatible with this system. The scheme outlined below will work with small lans and requires admin intervention only when machines are added/removed or when a machine has a new NIC installed. Therefore, even though it is not as elegant as a DDNS setup, it does work to provide resolution on a mixed unix/Windows LAN. In this page 'self-configuring' is taken to mean that all the setups that any machine on the LAN needs to have to perform are supplied to it; IP, gateways, DNS, WINS etc. Making a self-configuring network I manage a small local area network in my home. It's a mixture of Linux and Windows machines and all of them want to be able to share files, reach the internet and the whole gamut of things we all do with our computers. In the past I had things setup statically with each machine having a group of hosts and lmhosts files etc. which had to be edited by hand every time I had to change something. This was very counter-productive. To remedy this, I installed BIND, DHCPd and SAMBA on the server (Mandrake) and configured the server to do whatever I needed to provide the LAN with it's setups and configurations. Life is now simple. Server Configuration My server runs Linux and is equipped with two network cards. One connects to the internet through a DSL modem and the other goes to the LAN. The LAN is running private IP's. Install BIND The first thing you have to do is to get the BIND 9.x daemons/utilities onto your hard drive. The simplest way would be to type 'urpmi bind'. Once urpmi has done it's thing you can start configuring. On a local area network using 'private' IP addresses you can invent your own top-level domain. As long as nothing from the internet is trying to resolve your IP's this is fine. Call your domain something like 'mydomain.etc'. We'll be using this example from now on and be assuming that you're using 192.168.0.x as your IP range. The point to all this is to allow you to have resolution on your LAN without hand-bombing a bunch of '/etc/hosts' files. This BIND implimentation will provide you with all the DNS you need as it will forward anything that it doesn't know about to your ISP's DNS. Bind Configuration File You'll have to create or edit a file called '/etc/named.conf'. It should look something like this (replace the xxx.xxx.xxx.xxx entries with the IP addresses of 1) your actual internet IP and 2) the IP's of your ISP's domain name servers: acl internals{ 192.168.0.0/24; };
acl external_ip{ xxx.xxx.xxx.xxx/32; };
acl intip{ 192.168.0.1/32; };
options {
directory "/var/named";
forwarders{ xxx.xxx.xxx.xxx; xxx.xxx.xxx.xxx; };
allow-query{
internals;
external_ip;
localhost;
intip;
};
listen-on{ intip; localhost; };
pid-file "named.pid";
interface-interval 0;
};
controls{
// Who can issue commands to named via rndc, and by what key?
inet 127.0.0.1 allow{ localhost; }
keys{ rndc-key; };
};
key "rndc-key"{
algorithm hmac-md5;
// To generate your rndc password, use 'mmencode' from the metamail package secret
"soijngnlsingslSNLlkf89p0DL0jlkglsk97KDGD==";
};
zone "." {
type hint;
file "root.hints";
};
zone "mydomain.etc"{
type master;
file "pz/mydomain.etc";
notify no;
};
zone "0.0.127.in-addr.arpa"{
type master;
file "pz/127.0.0";
notify no;
};
zone "1.168.192.in-addr.arpa"{
type master;
file "pz/192.168.0";
notify no;
};Zone Files Once you've done this you'll have to create a set of zone files for your LAN. Let's assume that you have three computers those being Fritz with an IP of 192.168.0.100, Zigmund with an IP of 192.168.0.101 and the 'server' which is called Server and has an IP of 192.168.0.1 (this is your gateway machine). The first zone file will be called /var/named/pz/mydomain.etc and look like this: @ IN SOA server.mydomain.etc. root. ( 5 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire 86400 ; default_ttl ) ; DNS Servers @ IN NS server.mydomain.etc. ; Machine Names localhost IN A 127.0.0.1 server IN A 192.168.0.1 fritz IN A 192.168.0.100 zigmund IN A 192.168.0.101 ; Aliases www IN CNAME server. @ IN MX 5 server. The next file you'll create will be called /var/named/pz/127.0.0 and will contain: @ IN SOA localhost. root. ( 0 ; serial 28800 ; refresh 7200 ; retry 2419200 ; expire 86400 ; default_ttl ) @ IN NS localhost. 1 IN PTR localhost. @ IN SOA server.mydomain.etc. root. ( 2003011401 ; serial 28800 ; refresh 7200 ; retry 604800 ; expire 86400 ; default_ttl ) @ IN NS server.mydomain.etc. ; Workstations ; 100 IN PTR fritz.mydomain.etc. 101 IN PTR zigmund.mydomain.etc. 1 IN PTR server.saunders.etc. . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS J.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. . 518400 IN NS L.ROOT-SERVERS.NET. . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS D.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 B.ROOT-SERVERS.NET. 3600000 IN A 128.9.0.107 J.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.10 K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12 M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 If you've done your work you'll have a working domain-name server. Now we can move on to getting DHCP working on your LAN so that you don't have to manually change a bunch of machines should your DNS etc. change. Start BIND with the command 'service named start' Install DHCPD Mandrake comes with a small DHCP server called 'udhcp'. I haven't played with it at all. I use 'dhcpd' which comes in a package known as 'dhcp-2.0b1pl6-6'. You'll have to google it. Here's how to set things up: DHCPD Configuration file I've found that setting up machines with static IP's is the way to go. Unfortunately, if the whole network setup is all static then you've got to run around when you change things. DHCPd allows you to issue static IP's to your network which keeps BIND happy and still allows you to change DNS, WINS and gatways at will. Here's a sample configuration file. Note you'll have to get the MAC addresses for all your machines in advance: default-lease-time 86400;
max-lease-time 86400;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option domain-name "mydomain.etc";
option routers 192.168.0.1;
option domain-name-servers 192.168.0.1;
option netbios-name-servers 192.168.0.1;
# This allows you to hang 'guest' machines on the lan and have
# them issued an IP between 110 and 250 subnet 192.168.0.0
netmask 255.255.255.0 { range 192.168.1.110 192.168.1.250; }
# Place an entry here for all your machines except the server
host fritz {
hardware ethernet 00:0b:f3:25:7d:bb;
fixed-address 192.168.0.100;
}
host zigmund {
hardware ethernet 00:0a:f6:57:b0:a9;
fixed-address 192.168.0.101;
}Installing SAMBA The simplest way to do this is to type the command urpmi samba SAMBA Configuration file You'll have to configure SAMBA to do two things. Firstly to function and lastly to act as a WINS server for your Windows machines. Backup the '/etc/samba/smb.conf' file first. Here's a sample configuration file for our fictitious LAN: [global] # Define the Workgroup, the name of the server and the server # description workgroup = MYDOMAIN netbios name = server server string = Samba Server # Allow hosts only from the local LAN hosts allow = 192.168.0. 127. # Define printer system and the name of the printcap printing = bsd printcap name = /etc/printcap # Load all the printers for use with SAMBA load printers = yes printing = bsd # Define the log file and lock file log file = /var/log/samba/log.%m lock directory = /var/lock/samba max log size = 50 # Set login type and methods security = user encrypt passwords = yes unix password sync = yes passwd program = /usr/bin/passwd %u # Set the socket options socket options = TCP_NODELAY # Define how the server is seen on the LAN local master = yes preferred master = yes # Add WINS support as server wins support = yes dns proxy = no [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no public = no guest ok = no writable = no printable = yes Wrapping things up Now we can start tying things together. You want your machine to use your new DNS setup so edit '/etc/resolv.conf' to show: nameserver 192.168.1.1 domain mydomain.etc NETWORKING=yes FORWARD_IPV4="yes" HOSTNAME="server" DOMAINNAME="mydomain.etc" GATEWAY="xxx.xxx.xxx.xxx" GATEWAYDEV="ethx" forget to firewall the machine. NEVER open up the Windows networking ports to the world and ALWAYS run anti-virus/anti-trojan software. I'd suggest running 'chkrootkit' (google it) from a cron job as well. Enjoy. Back to the main page |