Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 06 December 2024, 03:39:35 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  LAN Clients DNS-Records via DHCP?
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: LAN Clients DNS-Records via DHCP?  (Read 17953 times)
uwetr
Jr. Member
*
Offline Offline

Posts: 1


« on: Friday 28 November 2008, 01:58:06 am »

Hi,

I'm using EFW since Monday and I'm faced to problem I don't understand, maybe somebody could give me helping hand?

In the past I run the  ICS DHCP-Server and BIND. The DHCP server automatically updated the DNS-Zone of my LAN with the names of the LAN clients which get the IP from the DHCP server.
Since DNSMASQ and the Host-file is a handy tool I decided to cancel this servers and go ahead with EFW.

The documantion at http://www.thekelleys.org.uk/dnsmasq/doc.html offers the same functionallity with DNSMASQ:

The integrated DHCP server supports static and dynamic DHCP leases and multiple networks and IP ranges. It works across BOOTP relays and supports DHCP options including RFC3397 DNS search lists. Machines which are configured by DHCP have their names automatically included in the DNS

But my DHCP-Clients won't update the DNS-Zone (the /etc/hosts file), no idea why.

Anbody else with the same prob discovered a solution alreaday?

cheers,
  Uwe
Logged
maxim
Full Member
***
Offline Offline

Posts: 23

This forum was a waste of time.


« Reply #1 on: Saturday 28 May 2011, 11:32:08 am »

Since info on this feature is kinda slim, and activity on this forum is oh-so-frequent,  I thought I'd post some info that I've found in the last few hours regarding this feature and what options there are for Endian users.

Essentially there are no easy options to get this feature to actually work.

dnsmasq had a feature which would read the dhcp.leases file from ISC's DHCPd service and would resolve DNS from it. I found a couple of references scattered around the net.

There was another post on this matter here:

http://www.efwsupport.com/index.php?topic=110.0

It mentioned the option for dnsmasq called dhcp-leasefile

I found some info on it here:

http://forum.pfsense.org/index.php?topic=11635.msg%msg_id%
Quote
-l, --dhcp-leasefile=<path>
    Use the specified file to store DHCP lease information. If this option is given but no dhcp-range option is given then dnsmasq version 1 behaviour is activated. The file given is assumed to be an ISC dhcpd lease file and parsed for leases which are then added to the DNS system if they have a hostname. This functionality may have been excluded from dnsmasq at compile time, in which case an error will occur. In any case note that ISC leasefile integration is a deprecated feature. It should not be used in new installations, and will be removed in a future release.

This would be the exact feature that I'm looking for to get this working. However, they have deprecated this lovely feature for whatever reason. The keyword is still present and is usable without error, however it's function has changed completely.

From the current man page/--help output:
Quote
-l, --dhcp-leasefile=<path>
Use the specified file to store DHCP lease information.

It's used when dnsmasq is used as a DHCP server. This is not the case with Endian. dnsmasq has no "Dynamic DNS" update features which allow a DHCP server to update it's DNS records. DHCPd has no features to update any matters of DNS other than through Dynamic DNS. Thus we're in at a crossroads.

In order to get this feature, there are two options:
  • dhcpd must be turned off (and swapped for dnsmasq)
or
  • dnsmasq must be turned off (and swapped for bind)


The easiest of the two is to disable the dhcpd server. At that point it makes the DHCP page in the web interface completely useless, and could potentially create conflicts in the future if someone turns dhcpd back on. Management of the dhcp server will have to be done completely from the command line.

I might just figure out how to do it tomorrow if I feel like it since the dhcp page doesn't even really use most of the features of dhcpd anyway.
Logged
maxim
Full Member
***
Offline Offline

Posts: 23

This forum was a waste of time.


« Reply #2 on: Monday 30 May 2011, 07:02:54 am »

This is just a follow up post on the matter described above. I got bored and decided to sort it all out once and for all. There might be a "better" way to do it but since I know so little of the inner workings I came up with this.

The steps in short detail are:
  • Setup dnsmasq to run DHCP
  • Stop dhcpd
  • Prevent dhcpd from ever starting again
  • Restart dnsmasq
  • ?????
  • Profit!

First is to setup a custom config file that will get loaded by dnsmasq when it starts.

Edit /etc/dnsmasq/dnsmasq.d/custom.conf put the following with applicable changes in it:
Code:
# Add the domain to simple names (without a period) in /etc/hosts in the same way as for DHCP-derived names.
expand-hosts

#Prevent dnsmasq from forwarding any queries for the domain local.
local=/local./

# Define the domain name.
domain=local

#dhcp-leasefile=<path>
#Use the specified file to store DHCP lease information
dhcp-leasefile=/var/lib/dhcp/dhcpd.dnsmasq.leases

#enable the dhcp server with a range:
dhcp-range=br0,192.168.1.100,192.168.27.200,12h

#DHCP Options by number and values.
dhcp-option=3,192.168.1.1                              #Default route

# Enable pxe booting, define the boot file, and next-server
#dhcp-boot=/pxelinux.0,,192.168.1.150

#Define static addresses.
#dhcp-host=MAC,hostname,1.1.1.1

Next, stop the dhcpd server:
Code:
/etc/init.d/dhcpd stop

After it's stopped, edit /etc/init.d/dhcpd, we'll change the script so that it will immediately exit with error code 0 before actually starting any services:
Code:
#!/bin/sh
exit 0
#DHCPd is disabled because dnsmasq can handle DHCP just as well,
#however, it doesn't offer any connectivity (Dynamic DNS) from DHCPd.
#So dhcpd is configured to run DHCP instead.

You can choose to leave out the note about the reason for the exit 0. In addition to the feature limitations mentioned above, this is done to prevent the service from ever starting. Endian configures the firewall to actually block the DHCP packets from getting out to the network. With this fact, if the DHCP server is "disabled" in the web interface, dnsmasq won't be able to serve DHCP to the network. so it must be "Enabled" on the applicable interface in the web interface, even though having it "Enabled" will actually do nothing, and start no services. If someone "Disables" it on the web interface, it will prevent dnsmasq from serving to the network.

Next, restart the dnsmasq service
Code:
/etc/init.d/dnsmasq restart

Check out /var/log/messages for warnings or errors from dnsmasq and make sure that everything started OK. If that's the case, you should have DHCP working now, along with Dynamic DNS lookup to the hostnames registered in DHCP.

You can test this feature by using nslookup:
Code:
>nslookup maxim
Server:  efw.local
Address:  192.168.1.1

Name:    maxim.local
Address:  192.168.1.130

"efw" is the hostname of the endian firewall.
"local" is the name of the domain.
"maxim" is the hostname of this machine.
The IP address is resolved correctly.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com