allow DNS dynamic updates from DHCP server

Home Page Forums Network Management ZeroShell allow DNS dynamic updates from DHCP server

This topic contains 9 replies, has 0 voices, and was last updated by  aag_zeroshell 2 years ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #40965

    Hi,

    Is it possible to do that DHCP server adds/modifies an entrie in the corresponding DNS server’s zone when a new lease is granted? I know this can be done in Windows 2003 DNS/DHCP server, but can it be done here?

    #46306

    imported_fulvio
    Participant

    I am not sure that DNS dynamic updates can work with the LDAP Bind backend used in Zeroshell. I have to investigare about this.

    Regards
    Fulvio

    #46307

    Manu Poletti
    Member

    I have just been looking into this and found a reference to dynamic DNS support on the dNSZone home page (I believe ZeroShell uses dNSZone as the LDAP back-end for BIND 9):

    A number of people have asked for Dynamic DNS support, or how they can make their DHCP server do DNS updates. There is now a tool that allows a zone to be updated based on the ISC DHCP server’s lease database updates. The tool is dhcp2ldapd-1.1 and is a Perl script written by Travis Groth.

    I would find it very useful. Would it be possible to add this to ZeroShell?

    Regards,
    Manu Poletti

    #46308

    c4colo
    Member

    I had assumed this would be the default behavior. Count this as a vote from me for this feature as well.

    Also if you had a form where the various options were listed for advanced configuration of the DHCP server that would be very useful. No fancy anything really, just a warning “This is for advanced usage” and a list of option numbers with text boxes… or one big text box where you could define the ones you want like “66=192.168.1.222” etc.

    Thanks

    #46309

    brtlvrs
    Member

    Hi,
    Im interested if this feature is being added ?
    It would be really great.
    I know how to do it without an ldap backend

    zeroshell is looking great btw….
    I use it in an esxi enviroment

    #46310

    brtlvrs
    Member

    After I posted my question, I googled a bit more into this feature. I know it is possible to configure it in Linux. I’ve done it before (using a Red Had linux distro).

    And yes that is an option, to use a distro for that , but then I loose zeroshell…..

    So I first looked at the script that Manu Poletti suggested.
    I’ve put it in the script/cron section of zeroshell, but it doesn’t work. It needs ldap.pm for pearlscripting. And I can’t install that .

    Oh…. I use the zeroshell virtualmachine version. (booting from iso).
    And I can’t use the version that installs on a HDD, because it doesn’t support SCSI. And esx doesn’t support IDE.

    So after some googling I found this page http://www.semicomplete.com/articles/dynamic-dns-with-dhcp/

    I found out that the named.conf file to modify is not in /etc but in /Database/var/register/system/dns

    I modified the named.conf as suggested in the link (mentioned above).
    Then I tested it with the nsupdate command.
    It works until I send the update.
    I tried nsupdate with my generated key, and I got a error message that it didn’t recognize my key.
    I tried it also with the rndc-key that was already configured in the named.conf, but got also another error that the named deamon couldn’t write to a file ( guess this is because the file is in the cd-image).

    I think the solution mentioned in the url is the right direction to implement this feature. But I can’t translate it to the configuration of zeroshell….

    anyone else who can ?
    or give me tips ?

    #46311

    brtlvrs
    Member

    Got a bit further now…
    I found out that the named.conf file is being generated.
    So adding allow-update to the zones can only be done by the script that generates named.conf
    I changed it, and the named.conf is as I would like it to be.
    I restarted DNS
    And tested it with nsupdate

    these are the commands in nsupdate:
    >server localhost 953
    > zone wrk
    > key dhcp-key
    > zone wrk
    > update add 253.3.168.192.in-addr.arpa 600 IN PTR test.wrk.
    > send
    ; Communication with server failed: timed out
    >

    as you can see, I got no error’s , only the timed out error…..
    any suggestions ?

    #46312

    biGdada
    Member

    sorry i have to resurrect a 2 year old hive, but is there any progress on this ?

    #46313

    donzaucker
    Member

    I have write a porting in bash of the perl script:
    No warranty!

    #!/bin/bash
    #############################################################################
    #This program is free software; you can redistribute it and/or modify
    #it under the terms of the GNU General Public License as published by
    #the Free Software Foundation; either version 2 of the License, or
    #(at your option) any later version.
    #
    #This program is distributed in the hope that it will be useful,
    #but WITHOUT ANY WARRANTY; without even the implied warranty of
    #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    #GNU General Public License for more details.
    #
    #You should have received a copy of the GNU General Public License
    #along with this program; if not, write to the Free Software
    #Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
    #
    #Write by Alessandro Cartatone
    #Porting in bash of perl script dhcp2ldap by Travis Groth for use in Zeroshell distribution
    #############################################################################

    lease_file=”/Database/var/register/system/dhcp/dhcpd.leases”
    log_file=”/Database/dhcp2ldap.log” # insert a path to write log file
    domain=”yourdomain.org”
    reverse=”0.168.192.in-addr.arpa” #your reverse domain
    FORWARD_BASE=”,dc=yourdomain,dc=org,ou=DNS,dc=yourdomain,dc=org”
    REVERSE_BASE=”,dc=0,dc=168,dc=192,dc=in-addr,dc=arpa,ou=DNS,dc=yourdomain,dc=org”
    USER=”cn=Manager,dc=yourdomain,dc=org” #default user manager of zeroshell ldap – verify in /etc/openldap/slapd.conf
    PASSWORD=”xxxxx” #admin password – verify in /etc/openldap/slapd.conf
    UPDATE_TIME=30 # In Seconds
    AUTO_VERIFY=0
    check_count=0
    result=0

    usage()
    {

    echo “dhcp2ldap.sh : Dynamic DNS Updates for the Bind9 LDAP backend
    Copyright 2012 Alessandro Cartatone under the GNU GPL based on dhcp2ldapd Copyright 2005 Travis Groth
    To demonize: nohup /dhcp2ldap.sh 0/dev/null 2>&1 &
    Please edit the config variables before running!”

    }

    parse()
    {
    lease_found=0
    counter=0

    while read line
    do

    if [ “$(echo “$line” | awk ‘/lease/ {print $1}’)” = “lease” ]
    then
    ip=”$(echo “$line” | awk ‘/lease/ {print $2}’)”
    lease_found=1
    fi

    if [ $lease_found ]
    then
    if [ “$(echo “$line” | awk ‘/client-hostname/ {print $1}’)” = “client-hostname” ]
    then
    hostname=”$(echo “$line” | awk ‘/client-hostname/ {print $2}’)”
    hostname=”$(echo “$hostname” | sed “s/”//g”)”
    hostname=”$(echo “$hostname” | sed “s/;//g”)”
    hostnamearray[counter]=$hostname
    iparray[counter]=$ip
    lease_found=0
    counter=$counter+1
    fi

    if [ “$(echo “$line” | awk ‘/lease/ {print $1}’)” = “}” ]
    then
    lease_found=0
    fi

    fi

    done < $lease_file

    }

    addldapforward()
    {
    #add forward zone
    rm -f /tmp/addhost.ldif 2>&1 >/dev/null
    echo “dn: relativeDomainName=”$2$FORWARD_BASE > /tmp/addhost.ldif
    echo “objectClass: top” >> /tmp/addhost.ldif
    echo “objectClass: dNSZone” >> /tmp/addhost.ldif
    echo “relativeDomainName: “$2 >> /tmp/addhost.ldif
    echo “dNSTTL: 7200” >> /tmp/addhost.ldif
    echo “zoneName: “$domain >> /tmp/addhost.ldif
    echo “aRecord: “$1 >> /tmp/addhost.ldif
    ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null
    }

    addldapreverse()
    {
    #add reverse zone
    rm -f /tmp/addhost.ldif 2>&1 >/dev/null
    echo “dn: relativeDomainName=”$(echo “$1” | cut -d’.’ -f4)$REVERSE_BASE > /tmp/addhost.ldif
    echo “objectClass: top” >> /tmp/addhost.ldif
    echo “objectClass: dNSZone” >> /tmp/addhost.ldif
    echo “relativeDomainName: “$(echo “$1” | cut -d’.’ -f4) >> /tmp/addhost.ldif
    echo “dNSTTL: 7200” >> /tmp/addhost.ldif
    echo “zoneName: “$reverse >> /tmp/addhost.ldif
    echo “pTRRecord: “$2″.”$domain”.” >> /tmp/addhost.ldif
    ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null
    }

    deleteldapforward()
    {

    ldapdelete -x -D $USER -w $PASSWORD “relativeDomainName=”$1$FORWARD_BASE 2>&1 >/dev/null

    }

    deleteldapreverse()
    {

    ldapdelete -x -D $USER -w $PASSWORD “relativeDomainName=”$(echo “$1” | cut -d’.’ -f4)$REVERSE_BASE 2>&1 >/dev/null

    }

    do_stuff()
    {
    count=0
    readd=0
    notfound=”found:”
    for i in “${iparray[@]}”
    do
    lookup=”$(host “${hostnamearray[count]}””.””$domain”)”
    lookup=”$(echo “$lookup” | awk ‘{print $4}’)”
    if [ “$lookup” = “${iparray[count]}” ]
    then
    count=$count+1
    continue
    fi

    #when it’s “found:” no record in ldap
    if “$lookup” != “$notfound” && “$lookup” != “${iparray[count]}”
    then
    #delete record in ldap
    echo “$(date ‘+%F %T’)” “delete record in ldap” $lookup “${iparray[count]}” ${hostnamearray[count]} >> “$log_file”
    deleteldapforward ${hostnamearray[count]}
    deleteldapreverse “${iparray[count]}”
    readd=1
    fi

    if | $readd
    then
    echo “$(date ‘+%F %T’)” “add record in ldap” “${iparray[count]}” ${hostnamearray[count]} >> “$log_file”
    addldapforward “${iparray[count]}” ${hostnamearray[count]}
    addldapreverse “${iparray[count]}” ${hostnamearray[count]}
    fi

    count=$count+1
    done

    }

    changed()
    {
    result=0
    curstat=”$(stat -c %y “$lease_file”)”

    if [ $AUTO_VERIFY ]
    then
    check_count=$check_count+1
    fi

    if [ “$oldstat” != “$curstat” ] || [ $check_count = $AUTO_VERIFY -a $AUTO_VERIFY ]
    then
    oldstat=”$curstat”
    check_count=0
    result=1
    else
    result=0
    fi

    }

    if [ “$1” = “-h” ]
    then
    usage
    exit
    else

    while :
    do
    changed
    if [ $result -eq 1 ]
    then
    parse
    do_stuff
    fi
    sleep $UPDATE_TIME
    done

    fi

    #46314

    mashuser
    Member

    This allows you to use other networks than 192.168.0 like 172.16.0.0/16
    The assumption is you have reverse zones for each set of /24

    In my case I got:
    172.16.1.0/24
    172.16.2.0/23
    172.16.252.0/24
    172.16.253.0/24
    172.16.254.0/24

    172.16.2.0/23 has two reverse zones 2.16.172.in-addr.arpa and 3.16.172.in-addr.arpa so that the hosts in those addresses do not collide with each other.


    #!/bin/bash
    #############################################################################
    #This program is free software; you can redistribute it and/or modify
    #it under the terms of the GNU General Public License as published by
    #the Free Software Foundation; either version 2 of the License, or
    #(at your option) any later version.
    #
    #This program is distributed in the hope that it will be useful,
    #but WITHOUT ANY WARRANTY; without even the implied warranty of
    #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    #GNU General Public License for more details.
    #
    #You should have received a copy of the GNU General Public License
    #along with this program; if not, write to the Free Software
    #Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
    #
    #Write by Alessandro Cartatone
    #Porting in bash of perl script dhcp2ldap by Travis Groth for use in Zeroshell distribution
    #modified by Benj Dag to work with a complicated setup
    #############################################################################


    lease_file="/Database/var/register/system/dhcp/dhcpd.leases"
    log_file="/Database/dhcp2ldap2.log" # insert a path to write log file
    domain="example.com"
    reverse=".in-addr.arpa" #your reverse domain
    FORWARD_BASE=",dc=example,dc=com,ou=DNS,dc=example,dc=com"
    REVERSE_BASE=",ou=DNS,dc=example,dc=com"
    USER="cn=Manager,dc=example,dc=com" #default user manager of zeroshell ldap - verify in /etc/openldap/slapd.conf
    PASSWORD="password" #admin password - verify in /etc/openldap/slapd.conf
    UPDATE_TIME=30 # In Seconds
    AUTO_VERIFY=0
    check_count=0
    result=0

    usage()
    {

    echo "dhcp2ldap.sh : Dynamic DNS Updates for the Bind9 LDAP backend
    Copyright 2012 Alessandro Cartatone under the GNU GPL based on dhcp2ldapd Copyright 2005 Travis Groth
    To demonize: nohup /dhcp2ldap.sh 0/dev/null 2>&1 &
    Please edit the config variables before running!"

    }


    parse()
    {
    lease_found=0
    counter=0




    while read line
    do


    if [ "$(echo "$line" | awk '/lease/ {print $1}')" = "lease" ]
    then
    ip="$(echo "$line" | awk '/lease/ {print $2}')"
    lease_found=1
    fi

    if [ $lease_found ]
    then
    if [ "$(echo "$line" | awk '/client-hostname/ {print $1}')" = "client-hostname" ]
    then
    hostname="$(echo "$line" | awk '/client-hostname/ {print $2}')"
    hostname="$(echo "$hostname" | sed "s/"//g")"
    hostname="$(echo "$hostname" | sed "s/;//g")"
    hostnamearray[counter]=$hostname
    iparray[counter]=$ip
    lease_found=0
    counter=$counter+1
    fi

    if [ "$(echo "$line" | awk '/lease/ {print $1}')" = "}" ]
    then
    lease_found=0
    fi

    fi

    done < $lease_file

    }


    addldapforward()
    {
    #add forward zone
    rm -f /tmp/addhost.ldif 2>&1 >/dev/null
    echo "dn: relativeDomainName="$2$FORWARD_BASE > /tmp/addhost.ldif
    echo "objectClass: top" >> /tmp/addhost.ldif
    echo "objectClass: dNSZone" >> /tmp/addhost.ldif
    echo "relativeDomainName: "$2 >> /tmp/addhost.ldif
    echo "dNSTTL: 7200" >> /tmp/addhost.ldif
    echo "zoneName: "$domain >> /tmp/addhost.ldif
    echo "aRecord: "$1 >> /tmp/addhost.ldif
    ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null
    }

    addldapreverse()
    {
    #add reverse zone
    rm -f /tmp/addhost.ldif 2>&1 >/dev/null
    echo "dn: relativeDomainName="$(echo "$1" | sed -r 's/^([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})$/4,dc=3,dc=2,dc=1,dc=in-addr,dc=arpa/g')$REVERSE_BASE > /tmp/addhost.ldif
    echo "objectClass: top" >> /tmp/addhost.ldif
    echo "objectClass: dNSZone" >> /tmp/addhost.ldif
    echo "relativeDomainName: "$(echo "$1" | cut -d'.' -f4) >> /tmp/addhost.ldif
    echo "dNSTTL: 7200" >> /tmp/addhost.ldif
    echo "zoneName: "$(echo "$1" | sed -r 's/^([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})$/3.2.1.in-addr.arpa/g') >> /tmp/addhost.ldif
    echo "pTRRecord: "$2"."$domain"." >> /tmp/addhost.ldif
    cat /tmp/addhost.ldif
    ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null
    }

    deleteldapforward()
    {

    ldapdelete -x -D $USER -w $PASSWORD "relativeDomainName="$1$FORWARD_BASE 2>&1 >/dev/null

    }


    deleteldapreverse()
    {

    ldapdelete -x -D $USER -w $PASSWORD "relativeDomainName="$(echo "$1" | sed -r 's/^([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})$/4,dc=3,dc=2,dc=1,dc=in-addr,dc=arpa/g')$REVERSE_BASE 2>&1 >/dev/null

    }


    do_stuff()
    {
    count=0
    readd=0
    notfound="found:"
    for i in "${iparray[@]}"
    do
    lookup="$(host "${hostnamearray[count]}"".""$domain")"
    lookup="$(echo "$lookup" | awk '{print $4}')"
    if [ "$lookup" = "${iparray[count]}" ]
    then
    count=$count+1
    continue
    fi

    #when it's "found:" no record in ldap
    if "$lookup" != "$notfound" && "$lookup" != "${iparray[count]}"
    then
    #delete record in ldap
    echo "$(date '+%F %T')" "delete record in ldap" $lookup "${iparray[count]}" ${hostnamearray[count]} >> "$log_file"
    deleteldapforward ${hostnamearray[count]}
    deleteldapreverse "${iparray[count]}"
    readd=1
    fi

    if | $readd
    then
    echo "$(date '+%F %T')" "add record in ldap" "${iparray[count]}" ${hostnamearray[count]} >> "$log_file"
    addldapforward "${iparray[count]}" ${hostnamearray[count]}
    addldapreverse "${iparray[count]}" ${hostnamearray[count]}
    fi


    count=$count+1
    done


    }

    changed()
    {
    result=0
    curstat="$(stat -c %y "$lease_file")"

    if [ $AUTO_VERIFY ]
    then
    check_count=$check_count+1
    fi

    if [ "$oldstat" != "$curstat" ] || [ $check_count = $AUTO_VERIFY -a $AUTO_VERIFY ]
    then
    oldstat="$curstat"
    check_count=0
    result=1
    else
    result=0
    fi


    }



    if [ "$1" = "-h" ]
    then
    usage
    exit
    else

    while :
    do
    changed
    if [ $result -eq 1 ]
    then
    parse
    do_stuff
    fi
    sleep $UPDATE_TIME
    done

    fi

    [/code]

    #46315

    @fulvio wrote:

    I am not sure that DNS dynamic updates can work with the LDAP Bind backend used in Zeroshell. I have to investigare about this.

    Regards
    Fulvio

    push

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.