Home Page › Forums › Network Management › ZeroShell › allow DNS dynamic updates from DHCP server
- This topic is empty.
-
AuthorPosts
-
March 29, 2008 at 9:58 am #40965
aag_zeroshell
MemberHi,
Is it possible to do that DHCP server adds/modifies an entrie in the corresponding DNS server’s zone when a new lease is granted? I know this can be done in Windows 2003 DNS/DHCP server, but can it be done here?
March 31, 2008 at 8:30 pm #46306imported_fulvio
ParticipantI am not sure that DNS dynamic updates can work with the LDAP Bind backend used in Zeroshell. I have to investigare about this.
Regards
FulvioApril 10, 2008 at 12:02 am #46307Manu Poletti
MemberI have just been looking into this and found a reference to dynamic DNS support on the dNSZone home page (I believe ZeroShell uses dNSZone as the LDAP back-end for BIND 9):
A number of people have asked for Dynamic DNS support, or how they can make their DHCP server do DNS updates. There is now a tool that allows a zone to be updated based on the ISC DHCP server’s lease database updates. The tool is dhcp2ldapd-1.1 and is a Perl script written by Travis Groth.
I would find it very useful. Would it be possible to add this to ZeroShell?
Regards,
Manu PolettiApril 11, 2008 at 11:53 am #46308c4colo
MemberI had assumed this would be the default behavior. Count this as a vote from me for this feature as well.
Also if you had a form where the various options were listed for advanced configuration of the DHCP server that would be very useful. No fancy anything really, just a warning “This is for advanced usage” and a list of option numbers with text boxes… or one big text box where you could define the ones you want like “66=192.168.1.222” etc.
Thanks
February 13, 2009 at 6:16 pm #46309brtlvrs
MemberHi,
Im interested if this feature is being added ?
It would be really great.
I know how to do it without an ldap backendzeroshell is looking great btw….
I use it in an esxi enviromentFebruary 15, 2009 at 7:47 pm #46310brtlvrs
MemberAfter I posted my question, I googled a bit more into this feature. I know it is possible to configure it in Linux. I’ve done it before (using a Red Had linux distro).
And yes that is an option, to use a distro for that , but then I loose zeroshell…..
So I first looked at the script that Manu Poletti suggested.
I’ve put it in the script/cron section of zeroshell, but it doesn’t work. It needs ldap.pm for pearlscripting. And I can’t install that .Oh…. I use the zeroshell virtualmachine version. (booting from iso).
And I can’t use the version that installs on a HDD, because it doesn’t support SCSI. And esx doesn’t support IDE.So after some googling I found this page http://www.semicomplete.com/articles/dynamic-dns-with-dhcp/
I found out that the named.conf file to modify is not in /etc but in /Database/var/register/system/dns
I modified the named.conf as suggested in the link (mentioned above).
Then I tested it with the nsupdate command.
It works until I send the update.
I tried nsupdate with my generated key, and I got a error message that it didn’t recognize my key.
I tried it also with the rndc-key that was already configured in the named.conf, but got also another error that the named deamon couldn’t write to a file ( guess this is because the file is in the cd-image).I think the solution mentioned in the url is the right direction to implement this feature. But I can’t translate it to the configuration of zeroshell….
anyone else who can ?
or give me tips ?February 15, 2009 at 8:48 pm #46311brtlvrs
MemberGot a bit further now…
I found out that the named.conf file is being generated.
So adding allow-update to the zones can only be done by the script that generates named.conf
I changed it, and the named.conf is as I would like it to be.
I restarted DNS
And tested it with nsupdatethese are the commands in nsupdate:
>server localhost 953
> zone wrk
> key dhcp-key
> zone wrk
> update add 253.3.168.192.in-addr.arpa 600 IN PTR test.wrk.
> send
; Communication with server failed: timed out
>as you can see, I got no error’s , only the timed out error…..
any suggestions ?June 5, 2011 at 12:03 pm #46312biGdada
Membersorry i have to resurrect a 2 year old hive, but is there any progress on this ?
July 23, 2012 at 9:07 am #46313donzaucker
MemberI have write a porting in bash of the perl script:
No warranty!#!/bin/bash
#############################################################################
#This program is free software; you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation; either version 2 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program; if not, write to the Free Software
#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#Write by Alessandro Cartatone
#Porting in bash of perl script dhcp2ldap by Travis Groth for use in Zeroshell distribution
#############################################################################lease_file=”/Database/var/register/system/dhcp/dhcpd.leases”
log_file=”/Database/dhcp2ldap.log” # insert a path to write log file
domain=”yourdomain.org”
reverse=”0.168.192.in-addr.arpa” #your reverse domain
FORWARD_BASE=”,dc=yourdomain,dc=org,ou=DNS,dc=yourdomain,dc=org”
REVERSE_BASE=”,dc=0,dc=168,dc=192,dc=in-addr,dc=arpa,ou=DNS,dc=yourdomain,dc=org”
USER=”cn=Manager,dc=yourdomain,dc=org” #default user manager of zeroshell ldap – verify in /etc/openldap/slapd.conf
PASSWORD=”xxxxx” #admin password – verify in /etc/openldap/slapd.conf
UPDATE_TIME=30 # In Seconds
AUTO_VERIFY=0
check_count=0
result=0usage()
{echo “dhcp2ldap.sh : Dynamic DNS Updates for the Bind9 LDAP backend
Copyright 2012 Alessandro Cartatone under the GNU GPL based on dhcp2ldapd Copyright 2005 Travis Groth
To demonize: nohup /dhcp2ldap.sh 0/dev/null 2>&1 &
Please edit the config variables before running!”}
parse()
{
lease_found=0
counter=0while read line
doif [ “$(echo “$line” | awk ‘/lease/ {print $1}’)” = “lease” ]
then
ip=”$(echo “$line” | awk ‘/lease/ {print $2}’)”
lease_found=1
fiif [ $lease_found ]
then
if [ “$(echo “$line” | awk ‘/client-hostname/ {print $1}’)” = “client-hostname” ]
then
hostname=”$(echo “$line” | awk ‘/client-hostname/ {print $2}’)”
hostname=”$(echo “$hostname” | sed “s/”//g”)”
hostname=”$(echo “$hostname” | sed “s/;//g”)”
hostnamearray[counter]=$hostname
iparray[counter]=$ip
lease_found=0
counter=$counter+1
fiif [ “$(echo “$line” | awk ‘/lease/ {print $1}’)” = “}” ]
then
lease_found=0
fifi
done < $lease_file
}
addldapforward()
{
#add forward zone
rm -f /tmp/addhost.ldif 2>&1 >/dev/null
echo “dn: relativeDomainName=”$2$FORWARD_BASE > /tmp/addhost.ldif
echo “objectClass: top” >> /tmp/addhost.ldif
echo “objectClass: dNSZone” >> /tmp/addhost.ldif
echo “relativeDomainName: “$2 >> /tmp/addhost.ldif
echo “dNSTTL: 7200” >> /tmp/addhost.ldif
echo “zoneName: “$domain >> /tmp/addhost.ldif
echo “aRecord: “$1 >> /tmp/addhost.ldif
ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null
}addldapreverse()
{
#add reverse zone
rm -f /tmp/addhost.ldif 2>&1 >/dev/null
echo “dn: relativeDomainName=”$(echo “$1” | cut -d’.’ -f4)$REVERSE_BASE > /tmp/addhost.ldif
echo “objectClass: top” >> /tmp/addhost.ldif
echo “objectClass: dNSZone” >> /tmp/addhost.ldif
echo “relativeDomainName: “$(echo “$1” | cut -d’.’ -f4) >> /tmp/addhost.ldif
echo “dNSTTL: 7200” >> /tmp/addhost.ldif
echo “zoneName: “$reverse >> /tmp/addhost.ldif
echo “pTRRecord: “$2″.”$domain”.” >> /tmp/addhost.ldif
ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null
}deleteldapforward()
{ldapdelete -x -D $USER -w $PASSWORD “relativeDomainName=”$1$FORWARD_BASE 2>&1 >/dev/null
}
deleteldapreverse()
{ldapdelete -x -D $USER -w $PASSWORD “relativeDomainName=”$(echo “$1” | cut -d’.’ -f4)$REVERSE_BASE 2>&1 >/dev/null
}
do_stuff()
{
count=0
readd=0
notfound=”found:”
for i in “${iparray[@]}”
do
lookup=”$(host “${hostnamearray[count]}””.””$domain”)”
lookup=”$(echo “$lookup” | awk ‘{print $4}’)”
if [ “$lookup” = “${iparray[count]}” ]
then
count=$count+1
continue
fi#when it’s “found:” no record in ldap
if “$lookup” != “$notfound” && “$lookup” != “${iparray[count]}”
then
#delete record in ldap
echo “$(date ‘+%F %T’)” “delete record in ldap” $lookup “${iparray[count]}” ${hostnamearray[count]} >> “$log_file”
deleteldapforward ${hostnamearray[count]}
deleteldapreverse “${iparray[count]}”
readd=1
fiif | $readd
then
echo “$(date ‘+%F %T’)” “add record in ldap” “${iparray[count]}” ${hostnamearray[count]} >> “$log_file”
addldapforward “${iparray[count]}” ${hostnamearray[count]}
addldapreverse “${iparray[count]}” ${hostnamearray[count]}
ficount=$count+1
done}
changed()
{
result=0
curstat=”$(stat -c %y “$lease_file”)”if [ $AUTO_VERIFY ]
then
check_count=$check_count+1
fiif [ “$oldstat” != “$curstat” ] || [ $check_count = $AUTO_VERIFY -a $AUTO_VERIFY ]
then
oldstat=”$curstat”
check_count=0
result=1
else
result=0
fi}
if [ “$1” = “-h” ]
then
usage
exit
elsewhile :
do
changed
if [ $result -eq 1 ]
then
parse
do_stuff
fi
sleep $UPDATE_TIME
donefi
January 31, 2016 at 8:05 pm #46314mashuser
MemberThis allows you to use other networks than 192.168.0 like 172.16.0.0/16
The assumption is you have reverse zones for each set of /24In my case I got:
172.16.1.0/24
172.16.2.0/23
172.16.252.0/24
172.16.253.0/24
172.16.254.0/24172.16.2.0/23 has two reverse zones 2.16.172.in-addr.arpa and 3.16.172.in-addr.arpa so that the hosts in those addresses do not collide with each other.
#!/bin/bash
#############################################################################
#This program is free software; you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation; either version 2 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program; if not, write to the Free Software
#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#Write by Alessandro Cartatone
#Porting in bash of perl script dhcp2ldap by Travis Groth for use in Zeroshell distribution
#modified by Benj Dag to work with a complicated setup
#############################################################################
lease_file="/Database/var/register/system/dhcp/dhcpd.leases"
log_file="/Database/dhcp2ldap2.log" # insert a path to write log file
domain="example.com"
reverse=".in-addr.arpa" #your reverse domain
FORWARD_BASE=",dc=example,dc=com,ou=DNS,dc=example,dc=com"
REVERSE_BASE=",ou=DNS,dc=example,dc=com"
USER="cn=Manager,dc=example,dc=com" #default user manager of zeroshell ldap - verify in /etc/openldap/slapd.conf
PASSWORD="password" #admin password - verify in /etc/openldap/slapd.conf
UPDATE_TIME=30 # In Seconds
AUTO_VERIFY=0
check_count=0
result=0
usage()
{
echo "dhcp2ldap.sh : Dynamic DNS Updates for the Bind9 LDAP backend
Copyright 2012 Alessandro Cartatone under the GNU GPL based on dhcp2ldapd Copyright 2005 Travis Groth
To demonize: nohup /dhcp2ldap.sh 0/dev/null 2>&1 &
Please edit the config variables before running!"
}
parse()
{
lease_found=0
counter=0
while read line
do
if [ "$(echo "$line" | awk '/lease/ {print $1}')" = "lease" ]
then
ip="$(echo "$line" | awk '/lease/ {print $2}')"
lease_found=1
fi
if [ $lease_found ]
then
if [ "$(echo "$line" | awk '/client-hostname/ {print $1}')" = "client-hostname" ]
then
hostname="$(echo "$line" | awk '/client-hostname/ {print $2}')"
hostname="$(echo "$hostname" | sed "s/"//g")"
hostname="$(echo "$hostname" | sed "s/;//g")"
hostnamearray[counter]=$hostname
iparray[counter]=$ip
lease_found=0
counter=$counter+1
fi
if [ "$(echo "$line" | awk '/lease/ {print $1}')" = "}" ]
then
lease_found=0
fi
fi
done < $lease_file
}
addldapforward()
{
#add forward zone
rm -f /tmp/addhost.ldif 2>&1 >/dev/null
echo "dn: relativeDomainName="$2$FORWARD_BASE > /tmp/addhost.ldif
echo "objectClass: top" >> /tmp/addhost.ldif
echo "objectClass: dNSZone" >> /tmp/addhost.ldif
echo "relativeDomainName: "$2 >> /tmp/addhost.ldif
echo "dNSTTL: 7200" >> /tmp/addhost.ldif
echo "zoneName: "$domain >> /tmp/addhost.ldif
echo "aRecord: "$1 >> /tmp/addhost.ldif
ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null
}
addldapreverse()
{
#add reverse zone
rm -f /tmp/addhost.ldif 2>&1 >/dev/null
echo "dn: relativeDomainName="$(echo "$1" | sed -r 's/^([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})$/4,dc=3,dc=2,dc=1,dc=in-addr,dc=arpa/g')$REVERSE_BASE > /tmp/addhost.ldif
echo "objectClass: top" >> /tmp/addhost.ldif
echo "objectClass: dNSZone" >> /tmp/addhost.ldif
echo "relativeDomainName: "$(echo "$1" | cut -d'.' -f4) >> /tmp/addhost.ldif
echo "dNSTTL: 7200" >> /tmp/addhost.ldif
echo "zoneName: "$(echo "$1" | sed -r 's/^([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})$/3.2.1.in-addr.arpa/g') >> /tmp/addhost.ldif
echo "pTRRecord: "$2"."$domain"." >> /tmp/addhost.ldif
cat /tmp/addhost.ldif
ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null
}
deleteldapforward()
{
ldapdelete -x -D $USER -w $PASSWORD "relativeDomainName="$1$FORWARD_BASE 2>&1 >/dev/null
}
deleteldapreverse()
{
ldapdelete -x -D $USER -w $PASSWORD "relativeDomainName="$(echo "$1" | sed -r 's/^([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})$/4,dc=3,dc=2,dc=1,dc=in-addr,dc=arpa/g')$REVERSE_BASE 2>&1 >/dev/null
}
do_stuff()
{
count=0
readd=0
notfound="found:"
for i in "${iparray[@]}"
do
lookup="$(host "${hostnamearray[count]}"".""$domain")"
lookup="$(echo "$lookup" | awk '{print $4}')"
if [ "$lookup" = "${iparray[count]}" ]
then
count=$count+1
continue
fi
#when it's "found:" no record in ldap
if "$lookup" != "$notfound" && "$lookup" != "${iparray[count]}"
then
#delete record in ldap
echo "$(date '+%F %T')" "delete record in ldap" $lookup "${iparray[count]}" ${hostnamearray[count]} >> "$log_file"
deleteldapforward ${hostnamearray[count]}
deleteldapreverse "${iparray[count]}"
readd=1
fi
if | $readd
then
echo "$(date '+%F %T')" "add record in ldap" "${iparray[count]}" ${hostnamearray[count]} >> "$log_file"
addldapforward "${iparray[count]}" ${hostnamearray[count]}
addldapreverse "${iparray[count]}" ${hostnamearray[count]}
fi
count=$count+1
done
}
changed()
{
result=0
curstat="$(stat -c %y "$lease_file")"
if [ $AUTO_VERIFY ]
then
check_count=$check_count+1
fi
if [ "$oldstat" != "$curstat" ] || [ $check_count = $AUTO_VERIFY -a $AUTO_VERIFY ]
then
oldstat="$curstat"
check_count=0
result=1
else
result=0
fi
}
if [ "$1" = "-h" ]
then
usage
exit
else
while :
do
changed
if [ $result -eq 1 ]
then
parse
do_stuff
fi
sleep $UPDATE_TIME
done
fi
[/code]
August 7, 2017 at 7:32 am #46315marcus@richters-it.de
Participant@fulvio wrote:
I am not sure that DNS dynamic updates can work with the LDAP Bind backend used in Zeroshell. I have to investigare about this.
Regards
Fulviopush
-
AuthorPosts
- You must be logged in to reply to this topic.