# Name resolution for internal network - Howto ?!?

## behd

I have several computers on a LAN (not Internet)  and I want to be able to ping / nfsmount / smbmount /etc... them by their name and NOT by their IP...

Those computers are a mix Win/Lin OS... 

What would be the best solution to setup an (sort of) internal DNS ?

("hosts" file of each computers cannot be edited, primarly because computers receive their ip from dhcp and then because, it'll be awfull to maintain)...

Is djbdns, bind & co advised, or is it too much for what I wish to do ?

(btw. if anyone has a simple walktrough to do so, it's also welcome  :Smile:  )

Thanks !!!!

----------

## tgoodaire

Could you just give them ip addresses manually, instead of having dhcpcd assign them? That's what I did. (I only have three computers).

Just set their ip addresses and gateway (probably 192.168.1.1) and you should be ok.

----------

## kashani

You got a few options.

DHCP by MAC

Windows and Linux DHCP servers will support hardcoding IP's based on MAC address. Basically MAC 000a4523fe34 will always get 10.10.10.112 and what not. You can also set a range for people who don't need a known IP.

Generally this works well if you have less than 20 machines you care about. So for a small fairly static department it's nice. Combine with an internal DNS server and you're set.

Dynamic DNS

This is a little more complicated. Basically each machine after getting its IP address registers with the DNS server. The DNS server takes the update and then other clients can then resolve it. IIRC it's usally the host name of the machine that gets added. Both MS and Bind name servers support this... but I've never done it. 

kashani

----------

## behd

thanks for the infos...

but:

- give ip addresses manually

- DHCP by MAC 

are not a solution...

---

> Dynamic DNS

Well that's what I need  :Wink: 

> Basically each machine after getting its IP address registers 

> with the DNS server. 

Not a problem to tell to a Windows to register his name with the primary DNS server, but how can I achieve this under linux ?

> The DNS server takes the update and then other clients can 

> then resolve it. 

Would be perfect... but before starting TONS of reading, I would be glad to have a little idea on how to implement this (best choices, common pitfalls, tips & tricks, etc...)

> IIRC it's usally the host name of the machine that gets added. Both MS 

> and Bind name servers support this... but I've never done it. 

I've already had a quick look to djbdns which looks great but I saw nowhere in  http://cr.yp.to/djbdns.html relevant informations on how to achieve this...

It looks like djbdns could only act as Internet names cache (it'll also be usefull in a near future. BUT I don't want to start installing it before I am sure I can do, everything needed with it...)

btw. atm. I simply pass my ISP DNS to other comps trough DHCP...

---

So if anyone can point me in the right direction, it would be most appreciated !!! (links to relevant posts / pages / etc...)

---

hehehe was writing my post when I found this post:https://forums.gentoo.org/viewtopic.php?t=17570&highlight=djbdns

looks interesting... maybe my solution will be there... I'll keep you posted..

----------

## behd

> for the killer solution install dhcp and dns (bind!), and configure 

> auto-dns-update, so that the dns recods match the hostnames the dhcpd 

> recieve from the clients.

Does anyone know if this solution is possible with djbdns ?

--- from dhcpd.conf man page----

DYNAMIC DNS UPDATE SECURITY

       When  you set your DNS server up to allow updates from the DHCP server, you may be exposing it to unauthorized updates.   To  avoid  this,  you should  use  TSIG  signatures  -  a method of cryptographically signing

updates using a shared secret key.   As long as you protect the secrecy

of  this key, your updates should also be secure.   Note, however, that

the DHCP protocol itself provides no security,  and  that  clients  can

therefore  provide information to the DHCP server which the DHCP server

will then use in its updates, with  the  constraints  described  previously...

-----

Waugh !?! Is this TSIG signature really needed if DNS & DHCP are on the same server (wouldn' t  it be possible to tell DNS to only accept localhost updates ?!?)

----------

## behd

 *behd wrote:*   

> 
> 
> > Basically each machine after getting its IP address registers 
> 
> > with the DNS server. 
> ...

 

Okie st00pid question (I was confused by other settings) !!!

This is done everywhere (win / lin) via the DHCP protocol, right ?

(just have to specify in my dhcpd.conf the auto-dns-update)...

----------

## kashani

 *behd wrote:*   

> > for the killer solution install dhcp and dns (bind!), and configure 
> 
> > auto-dns-update, so that the dns recods match the hostnames the dhcpd 
> 
> > recieve from the clients.
> ...

 

Doubt it. Bind didn't get the functionality till the 9.x train and djb isn't known for adding usability features to his software.  :Very Happy: 

 *Quote:*   

> 
> 
> Waugh !?! Is this TSIG signature really needed if DNS & DHCP are on the same server (wouldn' t  it be possible to tell DNS to only accept localhost updates ?!?)

 

Wouldn't worry about it too much since I'm assuming this is all inside a firewall on private IPs.

I'd be interested in seeing a config if you get it to work. I never had time to play with it myself.

kashani

----------

## bonnyjoy

There is a brief HOW-TO on how to get dhcp to update bind in the Tips & Tricks section.

Try this post

https://forums.gentoo.org/viewtopic.php?t=37326

I tried to set it up but didn't really have much time to experiment so you may have better luck.

----------

## behd

--- Some interesting URLs to docs & proggie ---

http://www.lifewithdjbdns.com/

http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/DNS-HOWTO.html#ss3.2

https://forums.gentoo.org/viewtopic.php?t=17570&highlight=djbdns

http://www.thismetalsky.org/magic/projects/dhcp_dns.html

http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html

------

> I'm assuming this is all inside a firewall on private IPs.

of course... but everything I am trying @home should be usable in a potential

hostile environment (ie. @work) -> Remember most of the hack attempts came from inside your network...

Will keep you posted, if I succeed to implement a kewl solution !!!

(maybe if I have a bit time, I will also write a walktrough on how to setup

a dynamic DNS because it seems that lot of ppl want it BUT there's no precise informations about it  :Sad:  )

----------

## behd

ANYWAY I AM STILL INTERESTED IN A DEFINITIVE ANSWER ABOUT

AUTO-DNS-UPDATE IN DJBDNS !!! cause I am absolutely not confident in Bind -> it's great, it does lot of things (probably more that I ever want) BUT it has a long history of vulnerabilities.

----------

