Update: added a new post on configuring Solaris, link below.
Motivation
In today's dynamic R&D network environments, it's not easy to keep the DNS records up-to-date: hosts are reinstalled/renamed/added frequently, virtual machines are so easy to deploy and destroy, DHCP allocates different IPs..
This even leads to pitiful situations, in which people get used to referring to computer by their IPs (or using /etc/hosts), because the DNS cannot be trusted to reflect the reality.
Solution
DHCP servers have the ability to send dynamic DNS updates, as they allocate IPs to clients. The great thing, is that it even works out-of-the-box on some operating systems. Still, if it doesn't, here are 3 things to care about, so to enable this feature:
1. DHCP Clients: make them send the 'host-name' option,
with their relative hostname as the value. This is enabled by default on Windows+Ubuntu!
How to configure on various platforms:
- Linux: add the following line in /etc/dhclient.conf:
send host-name 'your-hostname-here';
This has the disadvantage of having to explicitly mention the computer's hostname in dhclient.conf file. Funny enough, I didn't find a better standard way to tell the dhclient 'just take the hostname that is set in the operating system'. A partial solution is to run dhclient with an additional flag: -H. e.g.
dhclient -H myhostname
- RedHat: partially resolves the problem by providing the DHCP_HOSTNAME parameter in its /etc/sysconfig/network-scripts/ifcfg-<iface> files. E.g.
DHCP_HOSTNAME=myhostname # Relative hostname, no quotes!
- Ubuntu: resolves the problem elegantly. Their patch provides the new magic line in /etc/dhclient.conf:
send host-name <hostname>;
<hostname> is a macro that expands to contain the real Linux hostname. Thus nowadays afaik only Ubuntu can ship a Linux box with this option enabled out-of-the-box, because the lack of need to explicitly set the hostname in an additional configuration file.
- RedHat: partially resolves the problem by providing the DHCP_HOSTNAME parameter in its /etc/sysconfig/network-scripts/ifcfg-<iface> files. E.g.
- Windows: Start -> Run -> ncpa.cpl -> right click on the relevant connection -> properties -> double click on TCP/IP -> Advanced -> DNS -> validate that 'Register this connection's address in DNS' is checked.
- Solaris: see this post
2. DHCP server: Enable the feature.
I did it by adding the following line to dhcpd.conf:
ddns-update-style interim;
That is, for the popular DHCP server - ISC DHCP.
3. DNS server: enable dynamic updates support,
and allow incoming updates from the DHCP server's IP. For the ISC-Bind DNS server, this can be done by adding an allow-update phrase in a zone block, and adding the DHCP's IP inside:
allow-updates { 1.2.3.4; }; // IP of DHCP server
Note that generally this is not considered a secure setting, and it could be hardened by using key-based authentication, which I won't cover here.
Security?
I'm curious about the security aspect of this model. The way I see it, bad guys could use this to overwrite popular domain names in the DNS, if they are allowed to send DHCP requests to the same DHCP server (e.g. if they're inside the same LAN).
----
Comments? Tips? HOWTOs for other platforms? Please comment, and I'll update it in the post.
In openSUSE you can find the following variables in /etc/sysconfig/network/dhcp :
# Should the DHCP client set the hostname? (yes|no)
DHCLIENT_SET_HOSTNAME="yes"
# specify a hostname to send ( -h option)
# By default the current hostname is sent ("AUTO"), if one is defined in
# /etc/HOSTNAME.
# Use this variable to override this with another hostname, or leave empty
# to not send a hostname.
DHCLIENT_HOSTNAME_OPTION="AUTO"
I use foreman[1] to deploy my OS's, it takes care for dns, dhcp, tftp (for pxe boot), kickstart/preseed and even can create you vm if you use libvirt, and of course puppet.
Ohad
[1] - http://theforeman.org
Ohad: Interesting - I should check it out!
Pingback: Perfect DHCP configuration for Solaris | Web 0.2
Arch Linux has this enabled out of the box as well. This is because Arch Linux uses dhcpcd instead of dhclient.
carl@archlinux:~ $ grep -A1 DDNS /etc/dhcpcd.conf
# Inform the DHCP server of our hostname for DDNS.
hostname
Can't find that option (81 - send fqdn) in Mac OS X.. Anyone knows something about that?
Shouldn't you try and do this securely? I think you have ti use TSIGs.
It was a long time ago, but perhaps someone still will find it useful.
You can add
send host-name = gethostname();
in your dhclient.conf, then you don't need to hardcode hostname.