Linux DNS/DHCP Server [Internal]

seanos

First of all would like to apologise if this should be posted in UNIX forum - fine line imo - and prob get flamed either way [linux <> unix]
anyhows,

Need to setup Linux w/ DNS + DHCP server for internal network of ~500 comps.
looked round on net for howto/man's ... and from what I can tell - isn't one of the easiest things to do heh [gotta stop saying "yeah sure i can" before checking how hard it is].
If anyone knows of reliable/good way of doing this - please let me know - or if know of howto's which go into detail on this matter would be much appriciated.
I got a couple of them, but they didn't seem to address much other than explaining basics v. vaguely.

It is for a relatively large company, so would have to be reliable, and once setup require little tweaking.
client machines would be winnt/2k [and _some_ xp/citrix sadly], running on primarely win2k domain [currently only using features for winnt - i.e. no Active server directory etc, will be upgraded at some point...].

Any help/tips/suggestions welcome.

Typedef

Bind and dhcpd

Peace of piss old boy.

ecksor

Despite the sort of phenomenally helpful replies you'll get here (security) as demonstrated by Typedef, I think that this is more suited to the unix forum, so moving to there and leaving a redirect.

What you're doing doesn't look too hard on the face of it in terms of actually setting up those services. Daunting if you don't know how I'll grant you, but easy as pie once you're pointed in the right direction. The primary difficulties you'll have (I'd imagine) will depend on how your network is segmented for dhcp.

niallb

Hi Sinnocence,
this is a long one, but should get you started.

bind and the ISC dhcpd are my own favourites.
Once set up, it will keep going indefinitely.

You'll need to share a little bit more detail though.
It's not hard, you just need to handle each case.
You say there's about 500 machines.
They're unlikely to be in the same room,
so a bit of layout detail would be useful.

Things you need to bear in mind are how the machines
are going to reach the DHCP server.
You'll only have one DHCP server on the network,
because they hate each other.
If some machines need to access the server via a router,
you need to check that it (the router) can be configured as a DHCP RELAY (BOOTP RELAY is fine).

Then you have a stanza in your DHCP file describing the settings for all requests received VIA each relay.
For example, it's quite likely the router address should be returned to the client as its default gateway.
You can subnet based on the relay by setting different network/netmask to be given for each.
Many of your windows boxes will try to register their names with your DNS servers. Your choice whether or not to humour them!

Here's a generic 2 zone DHCP config based on one I use myself.


#
# Config file for ISC DHCP daemon.
# nb2003080601

server-identifier linuxbox.yourdomain.lan;
max-lease-time 315360000; # Approx. 10 years

# For starters 1 hour. bring default WAY up when it settles down.
default-lease-time 3600;

# Needs a populated DNS lookup - easily scriptable.
get-lease-hostnames true;

boot-unknown-clients true;

option domain-name "yourdomain.lan";
option domain-name-servers linuxbox;
option netbios-name-servers 10.0.0.1;
option netbios-name-servers 10.0.0.2;
option subnet-mask 255.255.0.0;
option all-subnets-local true;
option non-local-source-routing false;
# log-servers Can be used by HP JetDirects for example
option log-servers linuxbox;

# Using 10.1 for main group - room for over 700 hosts
# Take linuxbox to be 10.1.255.1 for example.
# NB: The static address is outside the dhcp scope.
subnet 10.1.0.0 netmask 255.255.0.0 {
range dynamic-bootp 10.1.0.0 10.1.3.255;
option broadcast-address 10.1.255.255;
}

# Second SubNet maybe in another building
# It's identified because the router being used as a relay
# has a 10.2 address - for example 10.2.255.254
# NB: The static router address is outside the dhcp scope.
subnet 10.2.0.0 netmask 255.255.0.0 {
range dynamic-bootp 10.2.0.0 10.2.3.255;
option broadcast-address 10.2.255.255;
option domain-name "subunit.yourdomain.lan";
option domain-name-servers linuxbox;
option log-servers linuxbox;
option routers 10.2.255.254;
option subnet-mask 255.255.0.0;
option netbios-name-servers 10.0.0.1;
option netbios-name-servers 10.0.0.2;
option all-subnets-local true;
option non-local-source-routing false;
}



Hope that gives you some food for thought.
You've more choice with DNS software,
though bind is my personal choice.

Good luck,
NiallB

seanos

thats great,
thanks a lot ...
I'm guessing some messing round on routers will be necessary - have some idea where to go now from diff ppl's replies [here and elsewhere] ... so just play round till get it working ... something to do for a while at least.

logic1

Some useful links:

http://www.dns.net/dnsrd/

http://www.isc.org/products/BIND/

.logic.

jd

Originally posted by niallb

Hope that gives you some food for thought.
You've more choice with DNS software,
though bind is my personal choice.

Good luck,
NiallB

jeeze long time no see/hear...

niallb

Originally posted by jd
jeeze long time no see/hear...

Yeah, 5 years or so if we are who we think each other are ;-)
I'm living out near Phil Quinlan's in Meath.
Good to hear from you,
NiallB