allow DNS dynamic updates from DHCP server

[aag_zeroshellMember]

Hi,

Is it possible to do that DHCP server adds/modifies an entrie in the corresponding DNS server’s zone when a new lease is granted? I know this can be done in Windows 2003 DNS/DHCP server, but can it be done here?

[imported_fulvioParticipant]

I am not sure that DNS dynamic updates can work with the LDAP Bind backend used in Zeroshell. I have to investigare about this.

Regards
Fulvio

[Manu PolettiMember]

I have just been looking into this and found a reference to dynamic DNS support on the dNSZone home page (I believe ZeroShell uses dNSZone as the LDAP back-end for BIND 9):

A number of people have asked for Dynamic DNS support, or how they can make their DHCP server do DNS updates. There is now a tool that allows a zone to be updated based on the ISC DHCP server’s lease database updates. The tool is dhcp2ldapd-1.1 and is a Perl script written by Travis Groth.

I would find it very useful. Would it be possible to add this to ZeroShell?

Regards,
Manu Poletti

[c4coloMember]

I had assumed this would be the default behavior. Count this as a vote from me for this feature as well.

Also if you had a form where the various options were listed for advanced configuration of the DHCP server that would be very useful. No fancy anything really, just a warning “This is for advanced usage” and a list of option numbers with text boxes… or one big text box where you could define the ones you want like “66=192.168.1.222” etc.

Thanks

[brtlvrsMember]

Hi,
Im interested if this feature is being added ?
It would be really great.
I know how to do it without an ldap backend

zeroshell is looking great btw….
I use it in an esxi enviroment

[brtlvrsMember]

After I posted my question, I googled a bit more into this feature. I know it is possible to configure it in Linux. I’ve done it before (using a Red Had linux distro).

And yes that is an option, to use a distro for that , but then I loose zeroshell…..

So I first looked at the script that Manu Poletti suggested.
I’ve put it in the script/cron section of zeroshell, but it doesn’t work. It needs ldap.pm for pearlscripting. And I can’t install that .

Oh…. I use the zeroshell virtualmachine version. (booting from iso).
And I can’t use the version that installs on a HDD, because it doesn’t support SCSI. And esx doesn’t support IDE.

So after some googling I found this page http://www.semicomplete.com/articles/dynamic-dns-with-dhcp/

I found out that the named.conf file to modify is not in /etc but in /Database/var/register/system/dns

I modified the named.conf as suggested in the link (mentioned above).
Then I tested it with the nsupdate command.
It works until I send the update.
I tried nsupdate with my generated key, and I got a error message that it didn’t recognize my key.
I tried it also with the rndc-key that was already configured in the named.conf, but got also another error that the named deamon couldn’t write to a file ( guess this is because the file is in the cd-image).

I think the solution mentioned in the url is the right direction to implement this feature. But I can’t translate it to the configuration of zeroshell….

anyone else who can ?
or give me tips ?

[brtlvrsMember]

Got a bit further now…
I found out that the named.conf file is being generated.
So adding allow-update to the zones can only be done by the script that generates named.conf
I changed it, and the named.conf is as I would like it to be.
I restarted DNS
And tested it with nsupdate

these are the commands in nsupdate:
>server localhost 953
> zone wrk
> key dhcp-key
> zone wrk
> update add 253.3.168.192.in-addr.arpa 600 IN PTR test.wrk.
> send
; Communication with server failed: timed out
>

as you can see, I got no error’s , only the timed out error…..
any suggestions ?

[biGdadaMember]

sorry i have to resurrect a 2 year old hive, but is there any progress on this ?

[donzauckerMember]

I have write a porting in bash of the perl script:
No warranty!

#!/bin/bash
#############################################################################
#This program is free software; you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation; either version 2 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program; if not, write to the Free Software
#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#Write by Alessandro Cartatone
#Porting in bash of perl script dhcp2ldap by Travis Groth for use in Zeroshell distribution
#############################################################################

lease_file=”/Database/var/register/system/dhcp/dhcpd.leases”
log_file=”/Database/dhcp2ldap.log” # insert a path to write log file
domain=”yourdomain.org”
reverse=”0.168.192.in-addr.arpa” #your reverse domain
FORWARD_BASE=”,dc=yourdomain,dc=org,ou=DNS,dc=yourdomain,dc=org”
REVERSE_BASE=”,dc=0,dc=168,dc=192,dc=in-addr,dc=arpa,ou=DNS,dc=yourdomain,dc=org”
USER=”cn=Manager,dc=yourdomain,dc=org” #default user manager of zeroshell ldap – verify in /etc/openldap/slapd.conf
PASSWORD=”xxxxx” #admin password – verify in /etc/openldap/slapd.conf
UPDATE_TIME=30 # In Seconds
AUTO_VERIFY=0
check_count=0
result=0

usage()
{

echo “dhcp2ldap.sh : Dynamic DNS Updates for the Bind9 LDAP backend
Copyright 2012 Alessandro Cartatone under the GNU GPL based on dhcp2ldapd Copyright 2005 Travis Groth
To demonize: nohup /dhcp2ldap.sh 0/dev/null 2>&1 &
Please edit the config variables before running!”

}

parse()
{
lease_found=0
counter=0

while read line
do

if [ “$(echo “$line” | awk ‘/lease/ {print $1}’)” = “lease” ]
then
ip=”$(echo “$line” | awk ‘/lease/ {print $2}’)”
lease_found=1
fi

if [ $lease_found ]
then
if [ “$(echo “$line” | awk ‘/client-hostname/ {print $1}’)” = “client-hostname” ]
then
hostname=”$(echo “$line” | awk ‘/client-hostname/ {print $2}’)”
hostname=”$(echo “$hostname” | sed “s/”//g”)”
hostname=”$(echo “$hostname” | sed “s/;//g”)”
hostnamearray[counter]=$hostname
iparray[counter]=$ip
lease_found=0
counter=$counter+1
fi

if [ “$(echo “$line” | awk ‘/lease/ {print $1}’)” = “}” ]
then
lease_found=0
fi

fi

done < $lease_file

}

addldapforward()
{
#add forward zone
rm -f /tmp/addhost.ldif 2>&1 >/dev/null
echo “dn: relativeDomainName=”$2$FORWARD_BASE > /tmp/addhost.ldif
echo “objectClass: top” >> /tmp/addhost.ldif
echo “objectClass: dNSZone” >> /tmp/addhost.ldif
echo “relativeDomainName: “$2 >> /tmp/addhost.ldif
echo “dNSTTL: 7200” >> /tmp/addhost.ldif
echo “zoneName: “$domain >> /tmp/addhost.ldif
echo “aRecord: “$1 >> /tmp/addhost.ldif
ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null
}

addldapreverse()
{
#add reverse zone
rm -f /tmp/addhost.ldif 2>&1 >/dev/null
echo “dn: relativeDomainName=”$(echo “$1” | cut -d’.’ -f4)$REVERSE_BASE > /tmp/addhost.ldif
echo “objectClass: top” >> /tmp/addhost.ldif
echo “objectClass: dNSZone” >> /tmp/addhost.ldif
echo “relativeDomainName: “$(echo “$1” | cut -d’.’ -f4) >> /tmp/addhost.ldif
echo “dNSTTL: 7200” >> /tmp/addhost.ldif
echo “zoneName: “$reverse >> /tmp/addhost.ldif
echo “pTRRecord: “$2″.”$domain”.” >> /tmp/addhost.ldif
ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null
}

deleteldapforward()
{

ldapdelete -x -D $USER -w $PASSWORD “relativeDomainName=”$1$FORWARD_BASE 2>&1 >/dev/null

}

deleteldapreverse()
{

ldapdelete -x -D $USER -w $PASSWORD “relativeDomainName=”$(echo “$1” | cut -d’.’ -f4)$REVERSE_BASE 2>&1 >/dev/null

}

do_stuff()
{
count=0
readd=0
notfound=”found:”
for i in “${iparray[@]}”
do
lookup=”$(host “${hostnamearray[count]}””.””$domain”)”
lookup=”$(echo “$lookup” | awk ‘{print $4}’)”
if [ “$lookup” = “${iparray[count]}” ]
then
count=$count+1
continue
fi

#when it’s “found:” no record in ldap
if “$lookup” != “$notfound” && “$lookup” != “${iparray[count]}”
then
#delete record in ldap
echo “$(date ‘+%F %T’)” “delete record in ldap” $lookup “${iparray[count]}” ${hostnamearray[count]} >> “$log_file”
deleteldapforward ${hostnamearray[count]}
deleteldapreverse “${iparray[count]}”
readd=1
fi

if | $readd
then
echo “$(date ‘+%F %T’)” “add record in ldap” “${iparray[count]}” ${hostnamearray[count]} >> “$log_file”
addldapforward “${iparray[count]}” ${hostnamearray[count]}
addldapreverse “${iparray[count]}” ${hostnamearray[count]}
fi

count=$count+1
done

}

changed()
{
result=0
curstat=”$(stat -c %y “$lease_file”)”

if [ $AUTO_VERIFY ]
then
check_count=$check_count+1
fi

if [ “$oldstat” != “$curstat” ] || [ $check_count = $AUTO_VERIFY -a $AUTO_VERIFY ]
then
oldstat=”$curstat”
check_count=0
result=1
else
result=0
fi

}

if [ “$1” = “-h” ]
then
usage
exit
else

while :
do
changed
if [ $result -eq 1 ]
then
parse
do_stuff
fi
sleep $UPDATE_TIME
done

fi

[mashuserMember]

This allows you to use other networks than 192.168.0 like 172.16.0.0/16
The assumption is you have reverse zones for each set of /24

In my case I got:
172.16.1.0/24
172.16.2.0/23
172.16.252.0/24
172.16.253.0/24
172.16.254.0/24

172.16.2.0/23 has two reverse zones 2.16.172.in-addr.arpa and 3.16.172.in-addr.arpa so that the hosts in those addresses do not collide with each other.

#!/bin/bash

#############################################################################

#This program is free software; you can redistribute it and/or modify

#it under the terms of the GNU General Public License as published by

#the Free Software Foundation; either version 2 of the License, or

#(at your option) any later version.

#

#This program is distributed in the hope that it will be useful,

#but WITHOUT ANY WARRANTY; without even the implied warranty of

#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

#GNU General Public License for more details.

#

#You should have received a copy of the GNU General Public License

#along with this program; if not, write to the Free Software

#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

#

#Write by Alessandro Cartatone

#Porting in bash of perl script dhcp2ldap by Travis Groth for use in Zeroshell distribution

#modified by Benj Dag to work with a complicated setup

#############################################################################





lease_file="/Database/var/register/system/dhcp/dhcpd.leases"

log_file="/Database/dhcp2ldap2.log" # insert a path to write log file

domain="example.com"

reverse=".in-addr.arpa" #your reverse domain

FORWARD_BASE=",dc=example,dc=com,ou=DNS,dc=example,dc=com"

REVERSE_BASE=",ou=DNS,dc=example,dc=com"

USER="cn=Manager,dc=example,dc=com" #default user manager of zeroshell ldap - verify in /etc/openldap/slapd.conf

PASSWORD="password" #admin password - verify in /etc/openldap/slapd.conf

UPDATE_TIME=30 # In Seconds

AUTO_VERIFY=0

check_count=0

result=0



usage()

{



echo "dhcp2ldap.sh : Dynamic DNS Updates for the Bind9 LDAP backend

Copyright 2012 Alessandro Cartatone under the GNU GPL based on dhcp2ldapd Copyright 2005 Travis Groth 

To demonize: nohup /dhcp2ldap.sh 0/dev/null 2>&1 &

Please edit the config variables before running!"



}





parse()

{

lease_found=0

counter=0









while read line

do





if [ "$(echo "$line" | awk '/lease/ {print $1}')" = "lease" ]

then

ip="$(echo "$line" | awk '/lease/ {print $2}')"

lease_found=1

fi



if [ $lease_found ]

then

if [ "$(echo "$line" | awk '/client-hostname/ {print $1}')" = "client-hostname" ]

then

hostname="$(echo "$line" | awk '/client-hostname/ {print $2}')"

hostname="$(echo "$hostname" | sed "s/"//g")"

hostname="$(echo "$hostname" | sed "s/;//g")"

hostnamearray[counter]=$hostname

iparray[counter]=$ip

lease_found=0

counter=$counter+1

fi



if [ "$(echo "$line" | awk '/lease/ {print $1}')" = "}" ]

then

lease_found=0

fi



fi



done < $lease_file



}





addldapforward()

{

#add forward zone

rm -f /tmp/addhost.ldif 2>&1 >/dev/null

echo "dn: relativeDomainName="$2$FORWARD_BASE > /tmp/addhost.ldif

echo "objectClass: top" >> /tmp/addhost.ldif

echo "objectClass: dNSZone" >> /tmp/addhost.ldif

echo "relativeDomainName: "$2 >> /tmp/addhost.ldif

echo "dNSTTL: 7200" >> /tmp/addhost.ldif

echo "zoneName: "$domain >> /tmp/addhost.ldif

echo "aRecord: "$1 >> /tmp/addhost.ldif

ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null

}



addldapreverse()

{

#add reverse zone

rm -f /tmp/addhost.ldif 2>&1 >/dev/null

echo "dn: relativeDomainName="$(echo "$1" | sed -r 's/^([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})$/4,dc=3,dc=2,dc=1,dc=in-addr,dc=arpa/g')$REVERSE_BASE > /tmp/addhost.ldif

echo "objectClass: top" >> /tmp/addhost.ldif

echo "objectClass: dNSZone" >> /tmp/addhost.ldif

echo "relativeDomainName: "$(echo "$1" | cut -d'.' -f4) >> /tmp/addhost.ldif

echo "dNSTTL: 7200" >> /tmp/addhost.ldif

echo "zoneName: "$(echo "$1" | sed -r 's/^([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})$/3.2.1.in-addr.arpa/g') >> /tmp/addhost.ldif

echo "pTRRecord: "$2"."$domain"." >> /tmp/addhost.ldif

cat /tmp/addhost.ldif

ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null

}



deleteldapforward()

{



ldapdelete -x -D $USER -w $PASSWORD "relativeDomainName="$1$FORWARD_BASE 2>&1 >/dev/null



}





deleteldapreverse()

{



ldapdelete -x -D $USER -w $PASSWORD "relativeDomainName="$(echo "$1" | sed -r 's/^([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})$/4,dc=3,dc=2,dc=1,dc=in-addr,dc=arpa/g')$REVERSE_BASE 2>&1 >/dev/null



}





do_stuff()

{

count=0

readd=0

notfound="found:"

for i in "${iparray[@]}"

do

lookup="$(host "${hostnamearray[count]}"".""$domain")"

lookup="$(echo "$lookup" | awk '{print $4}')"

if [ "$lookup" = "${iparray[count]}" ]

then

count=$count+1

continue

fi



#when it's "found:" no record in ldap

if "$lookup" != "$notfound" && "$lookup" != "${iparray[count]}"

then

#delete record in ldap

echo "$(date '+%F %T')" "delete record in ldap" $lookup "${iparray[count]}" ${hostnamearray[count]} >> "$log_file"

deleteldapforward ${hostnamearray[count]}

deleteldapreverse "${iparray[count]}"

readd=1

fi



if | $readd

then

echo "$(date '+%F %T')" "add record in ldap" "${iparray[count]}" ${hostnamearray[count]} >> "$log_file"

addldapforward "${iparray[count]}" ${hostnamearray[count]}

addldapreverse "${iparray[count]}" ${hostnamearray[count]}

fi





count=$count+1

done





}



changed()

{

result=0

curstat="$(stat -c %y "$lease_file")"



if [ $AUTO_VERIFY ]

then

check_count=$check_count+1

fi



if [ "$oldstat" != "$curstat" ] || [ $check_count = $AUTO_VERIFY -a $AUTO_VERIFY ]

then

oldstat="$curstat"

check_count=0

result=1

else

result=0

fi





}







if [ "$1" = "-h" ]

then

usage

exit

else



while :

do

changed

if [ $result -eq 1 ]

then

parse

do_stuff

fi

sleep $UPDATE_TIME

done



fi

[/code]

[marcus@richters-it.deParticipant]

@fulvio wrote:

I am not sure that DNS dynamic updates can work with the LDAP Bind backend used in Zeroshell. I have to investigare about this.

Regards
Fulvio

push

[Author]

Posts