Configure DHCP Server to Update DNS Server in Solaris 11
By: Date: August 26, 2018 Categories: Enterprise Computing,Solaris / Illumos Tags:

This configuration focuses on a working setup where the DHCP server updates the DNS server with dynamically assigned addresses.  There are other production considerations, including the best location for directories and logging, that are not addressed here.

About Our Setup

We will configure the DHCP server and DNS server on the same host.  Here are some details:

  • Network:  192.168.138.0/24
  • Router/gateway: 192.168.138.1
  • Domain Name: pg.org
  • DNS/DHCP Server Name: dnsdhcp
  • DNS/DCHP Server IP: 192.168.138.10

Install Software Packages

This setup assumes that your DNS and DHCP server are on the same system.  You ‘ll need to install the DNS and DHCP server packages:

pkg install isc-dhcp
pkg install dns/bind

Configure your DHCP Server

Configure the appropriate values in /etc/inet/dhcpd4.conf. As well as updating the domain names and IP addresses, select your own value for your secret key which will be used for communication with your DNS server.

#dhcpd.conf
ddns-update-style interim;
ignore client-updates;
ddns-domainname "pg.org.";
ddns-rev-domainname "in.addr.arpa.";
authoritative;
option domain-name "pg.org";
option domain-name-servers dnsdhcp.pg.org;
default-lease-time 1814400; #21 days
max-lease-time 1814400; #21 days
log-facility local7;
key rndc-key { algorithm hmac-md5;
secret "ABCDEFGHIJK123456789=";
};
zone 138.168.192.in-addr.arpa. {
primary 127.0.0.1;
key rndc-key;
}
zone pg.org. {
primary 127.0.0.1;
key rndc-key;
}
subnet 192.168.138.0 netmask 255.255.255.0 {
range 192.168.138.100 192.168.138.200;
option domain-name-servers dnsdhcp.pg.org;
option domain-name "pg.org";
option routers 192.168.138.1;
ddns-domainname "pg.org.";
ddns-rev-domainname "in.addr.arpa.";
}

Next, you can enable the DCHP server:

svcadm enable dhcp/server:ipv4

Configure DNS Server

First, create some directories you’ll need.  You can actually use whatever directories you want, just update the the named.conf file with the correct values.

mkdir -p /etc/namedb/master
mkdir -p /etc/namedb/working
touch /etc/namedb/root.hints

Note that in this example we are configuring an empty root.hints file.  You may need to provide something else in this file; search online.  This DNS server is in a lab and will forward requests to another local DNS server, 192.168.1.1.

Configure the file /etc/named.conf with:

include "/etc/rndc.key";
options {
        directory       "/etc/namedb/working";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";
        forwarders {
               192.168.1.1;
        };
        forward only;
};
controls {
        inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndc-key"; };
};
zone "." {
        type hint;
        file "/etc/namedb/root.hints";
};
zone "0.0.127.in-addr.arpa" {
        type master;
        notify no;
        file "/etc/namedb/master/0.0.127.in-addr.arpa";
        allow-update { key rndc-key; };
};
zone "pg.org" {
        type master;
        notify no;
        file "/etc/namedb/master/pg.org";
        allow-update { key rndc-key; };
};
zone "138.168.192.in-addr.arpa" {
        type master;
        notify no;
        file "/etc/namedb/master/138.168.192.in-addr.arpa";
        allow-update { none; };
};

You also need to populate the file /etc/rndc.key with these contents. Again, provide your own secret key that matches what is in the DHCP server configuration.

key "rndc-key" {
        algorithm hmac-md5;
        secret "ABCDEFGHIJK123456789=";
};

Configure DNS Databases

Forward DNS Zones

You need a starting file for each of your DNS zones.  First, for forward lookups of your domain, in this case pg.org/etc/namedb/master/pg.org:

$ORIGIN .
$TTL 10800      ; 3 hours
pg.org                  IN SOA  dnsdhcp.pg.org. root.pg.org. (
                                2016100331 ; serial
                                28800      ; refresh (8 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                              38400      ; minimum (10h40m)
                                )
                        NS      dnsdhcp.pg.org.
$ORIGIN pg.org.
$TTL 86400      ; 1 day
_nfsv4idmapdomain       TXT     "pg.org"
$TTL 3600       ; 1 hour
dnsdhcp                 A       192.168.138.10
$TTL 10800      ; 3 hours
localhost               A       127.0.0.1
$TTL 86400      ; 1 day

Reverse DNS Zones

A reverse zone for our 192.168.138.0 space, named /etc/namedb/master/138.168.192.in-addr.arpa:

$TTL 3h
@       IN      SOA     dnsdhcp.pg.org. root.pg.org. (
        2016100301
        28800
        3600
        604800
        38400
)
        IN      NS      dnsdhcp.pg.org.

And one for our localhost space: /etc/namedb/master/0.0.127.in-addr.arpa:

$TTL 3D
@               IN      SOA     dnsdhcp.pg.org. root.pg.org. (
                                2016100301       ; Serial
                                28800            ; Refresh
                                7200             ; Retry
                                604800           ; Expire
                                86400)           ; Minimum TTL
                        NS      dnsdhcp.pg.org.
1                       PTR     localhost.

Enable The DNS Server

Enable the DNS server and check its status:

svcadm enable dns/server
svcs dns/server

Test a Client Configuration

You can now spin up a new client and see if you can resolve the DNS name for your new client.  Note that Solaris clients do not send a hostname by default with the DHCP request, and so no DNS name will be created.  See my post Solaris 11 Client Not Updating DNS Through DHCP for the way to correct this.

Use NSUPDATE to Add Records

You can use nsupdate to add records to your dns server.  For example:

root@dnsdhcp:~# nsupdate -k /etc/rndc.key
> update add apache.pg.org 86400 A 192.168.138.50
> send