www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

allow DNS dynamic updates from DHCP server

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
aag_zeroshell



Joined: 29 Mar 2008
Posts: 1

PostPosted: Sat Mar 29, 2008 9:58 am    Post subject: allow DNS dynamic updates from DHCP server Reply with quote

Hi,

Is it possible to do that DHCP server adds/modifies an entrie in the corresponding DNS server's zone when a new lease is granted? I know this can be done in Windows 2003 DNS/DHCP server, but can it be done here?
Back to top
View user's profile Send private message
fulvio
Site Admin


Joined: 01 Nov 2006
Posts: 1073

PostPosted: Mon Mar 31, 2008 8:30 pm    Post subject: Reply with quote

I am not sure that DNS dynamic updates can work with the LDAP Bind backend used in Zeroshell. I have to investigare about this.

Regards
Fulvio
Back to top
View user's profile Send private message Send e-mail
Manu Poletti



Joined: 09 Apr 2008
Posts: 2
Location: New Zealand

PostPosted: Thu Apr 10, 2008 12:02 am    Post subject: Reply with quote

I have just been looking into this and found a reference to dynamic DNS support on the dNSZone home page (I believe ZeroShell uses dNSZone as the LDAP back-end for BIND 9):
Quote:
A number of people have asked for Dynamic DNS support, or how they can make their DHCP server do DNS updates. There is now a tool that allows a zone to be updated based on the ISC DHCP server's lease database updates. The tool is dhcp2ldapd-1.1 and is a Perl script written by Travis Groth.

I would find it very useful. Would it be possible to add this to ZeroShell?

Regards,
Manu Poletti
Back to top
View user's profile Send private message
c4colo



Joined: 07 Apr 2008
Posts: 3
Location: Denver, CO USA

PostPosted: Fri Apr 11, 2008 11:53 am    Post subject: me too Reply with quote

I had assumed this would be the default behavior. Count this as a vote from me for this feature as well.

Also if you had a form where the various options were listed for advanced configuration of the DHCP server that would be very useful. No fancy anything really, just a warning "This is for advanced usage" and a list of option numbers with text boxes... or one big text box where you could define the ones you want like "66=192.168.1.222" etc.

Thanks
Back to top
View user's profile Send private message
brtlvrs



Joined: 13 Feb 2009
Posts: 3

PostPosted: Fri Feb 13, 2009 6:16 pm    Post subject: how is this feature comming Reply with quote

Hi,
Im interested if this feature is being added ?
It would be really great.
I know how to do it without an ldap backend

zeroshell is looking great btw....
I use it in an esxi enviroment
Back to top
View user's profile Send private message
brtlvrs



Joined: 13 Feb 2009
Posts: 3

PostPosted: Sun Feb 15, 2009 7:47 pm    Post subject: Reply with quote

After I posted my question, I googled a bit more into this feature. I know it is possible to configure it in Linux. I've done it before (using a Red Had linux distro).

And yes that is an option, to use a distro for that , but then I loose zeroshell.....

So I first looked at the script that Manu Poletti suggested.
I've put it in the script/cron section of zeroshell, but it doesn't work. It needs ldap.pm for pearlscripting. And I can't install that .

Oh.... I use the zeroshell virtualmachine version. (booting from iso).
And I can't use the version that installs on a HDD, because it doesn't support SCSI. And esx doesn't support IDE.

So after some googling I found this page http://www.semicomplete.com/articles/dynamic-dns-with-dhcp/

I found out that the named.conf file to modify is not in /etc but in /Database/var/register/system/dns

I modified the named.conf as suggested in the link (mentioned above).
Then I tested it with the nsupdate command.
It works until I send the update.
I tried nsupdate with my generated key, and I got a error message that it didn't recognize my key.
I tried it also with the rndc-key that was already configured in the named.conf, but got also another error that the named deamon couldn't write to a file ( guess this is because the file is in the cd-image).

I think the solution mentioned in the url is the right direction to implement this feature. But I can't translate it to the configuration of zeroshell....

anyone else who can ?
or give me tips ?
Back to top
View user's profile Send private message
brtlvrs



Joined: 13 Feb 2009
Posts: 3

PostPosted: Sun Feb 15, 2009 8:48 pm    Post subject: Reply with quote

Got a bit further now...
I found out that the named.conf file is being generated.
So adding allow-update to the zones can only be done by the script that generates named.conf
I changed it, and the named.conf is as I would like it to be.
I restarted DNS
And tested it with nsupdate

these are the commands in nsupdate:
>server localhost 953
> zone wrk
> key dhcp-key <yeah right..... if I'm gonna publish that Smile>
> zone wrk
> update add 253.3.168.192.in-addr.arpa 600 IN PTR test.wrk.
> send
; Communication with server failed: timed out
>

as you can see, I got no error's , only the timed out error.....
any suggestions ?
Back to top
View user's profile Send private message
biGdada



Joined: 30 Apr 2011
Posts: 8

PostPosted: Sun Jun 05, 2011 12:03 pm    Post subject: Reply with quote

sorry i have to resurrect a 2 year old hive, but is there any progress on this ?
Back to top
View user's profile Send private message
donzaucker



Joined: 23 Jul 2012
Posts: 1

PostPosted: Mon Jul 23, 2012 9:07 am    Post subject: Reply with quote

I have write a porting in bash of the perl script:
No warranty!


#!/bin/bash
#############################################################################
#This program is free software; you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation; either version 2 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program; if not, write to the Free Software
#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#Write by Alessandro Cartatone
#Porting in bash of perl script dhcp2ldap by Travis Groth for use in Zeroshell distribution
#############################################################################


lease_file="/Database/var/register/system/dhcp/dhcpd.leases"
log_file="/Database/dhcp2ldap.log" # insert a path to write log file
domain="yourdomain.org"
reverse="0.168.192.in-addr.arpa" #your reverse domain
FORWARD_BASE=",dc=yourdomain,dc=org,ou=DNS,dc=yourdomain,dc=org"
REVERSE_BASE=",dc=0,dc=168,dc=192,dc=in-addr,dc=arpa,ou=DNS,dc=yourdomain,dc=org"
USER="cn=Manager,dc=yourdomain,dc=org" #default user manager of zeroshell ldap - verify in /etc/openldap/slapd.conf
PASSWORD="xxxxx" #admin password - verify in /etc/openldap/slapd.conf
UPDATE_TIME=30 # In Seconds
AUTO_VERIFY=0
check_count=0
result=0

usage()
{

echo "dhcp2ldap.sh : Dynamic DNS Updates for the Bind9 LDAP backend
Copyright 2012 Alessandro Cartatone under the GNU GPL based on dhcp2ldapd Copyright 2005 Travis Groth <travis\@netfoo.org>
To demonize: nohup <path>/dhcp2ldap.sh 0<&- 1>/dev/null 2>&1 &
Please edit the config variables before running!"

}


parse()
{
lease_found=0
counter=0




while read line
do


if [ "$(echo "$line" | awk '/lease/ {print $1}')" = "lease" ]
then
ip="$(echo "$line" | awk '/lease/ {print $2}')"
lease_found=1
fi

if [ $lease_found ]
then
if [ "$(echo "$line" | awk '/client-hostname/ {print $1}')" = "client-hostname" ]
then
hostname="$(echo "$line" | awk '/client-hostname/ {print $2}')"
hostname="$(echo "$hostname" | sed "s/\"//g")"
hostname="$(echo "$hostname" | sed "s/;//g")"
hostnamearray[counter]=$hostname
iparray[counter]=$ip
lease_found=0
counter=$counter+1
fi

if [ "$(echo "$line" | awk '/lease/ {print $1}')" = "}" ]
then
lease_found=0
fi

fi

done < $lease_file

}


addldapforward()
{
#add forward zone
rm -f /tmp/addhost.ldif 2>&1 >/dev/null
echo "dn: relativeDomainName="$2$FORWARD_BASE > /tmp/addhost.ldif
echo "objectClass: top" >> /tmp/addhost.ldif
echo "objectClass: dNSZone" >> /tmp/addhost.ldif
echo "relativeDomainName: "$2 >> /tmp/addhost.ldif
echo "dNSTTL: 7200" >> /tmp/addhost.ldif
echo "zoneName: "$domain >> /tmp/addhost.ldif
echo "aRecord: "$1 >> /tmp/addhost.ldif
ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null
}

addldapreverse()
{
#add reverse zone
rm -f /tmp/addhost.ldif 2>&1 >/dev/null
echo "dn: relativeDomainName="$(echo "$1" | cut -d'.' -f4)$REVERSE_BASE > /tmp/addhost.ldif
echo "objectClass: top" >> /tmp/addhost.ldif
echo "objectClass: dNSZone" >> /tmp/addhost.ldif
echo "relativeDomainName: "$(echo "$1" | cut -d'.' -f4) >> /tmp/addhost.ldif
echo "dNSTTL: 7200" >> /tmp/addhost.ldif
echo "zoneName: "$reverse >> /tmp/addhost.ldif
echo "pTRRecord: "$2"."$domain"." >> /tmp/addhost.ldif
ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null
}

deleteldapforward()
{

ldapdelete -x -D $USER -w $PASSWORD "relativeDomainName="$1$FORWARD_BASE 2>&1 >/dev/null

}


deleteldapreverse()
{

ldapdelete -x -D $USER -w $PASSWORD "relativeDomainName="$(echo "$1" | cut -d'.' -f4)$REVERSE_BASE 2>&1 >/dev/null

}


do_stuff()
{
count=0
readd=0
notfound="found:"
for i in "${iparray[@]}"
do
lookup="$(host "${hostnamearray[count]}"".""$domain")"
lookup="$(echo "$lookup" | awk '{print $4}')"
if [ "$lookup" = "${iparray[count]}" ]
then
count=$count+1
continue
fi

#when it's "found:" no record in ldap
if [[ "$lookup" != "$notfound" && "$lookup" != "${iparray[count]}" ]]
then
#delete record in ldap
echo "$(date '+%F %T')" "delete record in ldap" $lookup "${iparray[count]}" ${hostnamearray[count]} >> "$log_file"
deleteldapforward ${hostnamearray[count]}
deleteldapreverse "${iparray[count]}"
readd=1
fi

if [[ "$lookup" != "$notfound" || $readd ]]
then
echo "$(date '+%F %T')" "add record in ldap" "${iparray[count]}" ${hostnamearray[count]} >> "$log_file"
addldapforward "${iparray[count]}" ${hostnamearray[count]}
addldapreverse "${iparray[count]}" ${hostnamearray[count]}
fi


count=$count+1
done


}

changed()
{
result=0
curstat="$(stat -c %y "$lease_file")"

if [ $AUTO_VERIFY ]
then
check_count=$check_count+1
fi

if [ "$oldstat" != "$curstat" ] || [ $check_count = $AUTO_VERIFY -a $AUTO_VERIFY ]
then
oldstat="$curstat"
check_count=0
result=1
else
result=0
fi


}



if [ "$1" = "-h" ]
then
usage
exit
else

while :
do
changed
if [ $result -eq 1 ]
then
parse
do_stuff
fi
sleep $UPDATE_TIME
done

fi
Back to top
View user's profile Send private message
mashuser



Joined: 26 May 2015
Posts: 1

PostPosted: Sun Jan 31, 2016 8:05 pm    Post subject: just a better script for those with other setup Reply with quote

This allows you to use other networks than 192.168.0 like 172.16.0.0/16
The assumption is you have reverse zones for each set of /24

In my case I got:
172.16.1.0/24
172.16.2.0/23
172.16.252.0/24
172.16.253.0/24
172.16.254.0/24

172.16.2.0/23 has two reverse zones 2.16.172.in-addr.arpa and 3.16.172.in-addr.arpa so that the hosts in those addresses do not collide with each other.

Code:

#!/bin/bash
#############################################################################
#This program is free software; you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation; either version 2 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program; if not, write to the Free Software
#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#Write by Alessandro Cartatone
#Porting in bash of perl script dhcp2ldap by Travis Groth for use in Zeroshell distribution
#modified by Benj Dag to work with a complicated setup
#############################################################################


lease_file="/Database/var/register/system/dhcp/dhcpd.leases"
log_file="/Database/dhcp2ldap2.log" # insert a path to write log file
domain="example.com"
reverse=".in-addr.arpa" #your reverse domain
FORWARD_BASE=",dc=example,dc=com,ou=DNS,dc=example,dc=com"
REVERSE_BASE=",ou=DNS,dc=example,dc=com"
USER="cn=Manager,dc=example,dc=com" #default user manager of zeroshell ldap - verify in /etc/openldap/slapd.conf
PASSWORD="password" #admin password - verify in /etc/openldap/slapd.conf
UPDATE_TIME=30 # In Seconds   
AUTO_VERIFY=0
check_count=0
result=0

usage()
{

echo "dhcp2ldap.sh : Dynamic DNS Updates for the Bind9 LDAP backend
Copyright 2012 Alessandro Cartatone under the GNU GPL based on dhcp2ldapd Copyright 2005 Travis Groth <travis\@netfoo.org>
To demonize: nohup <path>/dhcp2ldap.sh 0<&- 1>/dev/null 2>&1 &
Please edit the config variables before running!"

}


parse()
{
lease_found=0
counter=0




while read line
do


if [ "$(echo "$line" | awk '/lease/ {print $1}')" = "lease" ]
then
ip="$(echo "$line" | awk '/lease/ {print $2}')"
lease_found=1
fi

if [ $lease_found ]
then
if [ "$(echo "$line" | awk '/client-hostname/ {print $1}')" = "client-hostname" ]
then
hostname="$(echo "$line" | awk '/client-hostname/ {print $2}')"
hostname="$(echo "$hostname" | sed "s/\"//g")"
hostname="$(echo "$hostname" | sed "s/;//g")"
hostnamearray[counter]=$hostname
iparray[counter]=$ip
lease_found=0
counter=$counter+1
fi

if [ "$(echo "$line" | awk '/lease/ {print $1}')" = "}" ]
then
lease_found=0
fi

fi

done < $lease_file

}


addldapforward()
{
#add forward zone
rm -f /tmp/addhost.ldif 2>&1 >/dev/null
echo "dn: relativeDomainName="$2$FORWARD_BASE > /tmp/addhost.ldif
echo "objectClass: top" >> /tmp/addhost.ldif
echo "objectClass: dNSZone" >> /tmp/addhost.ldif
echo "relativeDomainName: "$2 >> /tmp/addhost.ldif
echo "dNSTTL: 7200" >> /tmp/addhost.ldif
echo "zoneName: "$domain >> /tmp/addhost.ldif
echo "aRecord: "$1 >> /tmp/addhost.ldif
ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null
}

addldapreverse()
{
#add reverse zone
rm -f /tmp/addhost.ldif 2>&1 >/dev/null
echo "dn: relativeDomainName="$(echo "$1" | sed -r 's/^([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})$/\4,dc=\3,dc=\2,dc=\1,dc=in-addr,dc=arpa/g')$REVERSE_BASE > /tmp/addhost.ldif
echo "objectClass: top" >> /tmp/addhost.ldif
echo "objectClass: dNSZone" >> /tmp/addhost.ldif
echo "relativeDomainName: "$(echo "$1" | cut -d'.' -f4) >> /tmp/addhost.ldif
echo "dNSTTL: 7200" >> /tmp/addhost.ldif
echo "zoneName: "$(echo "$1" | sed -r 's/^([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})$/\3.\2.\1.in-addr.arpa/g') >> /tmp/addhost.ldif
echo "pTRRecord: "$2"."$domain"." >> /tmp/addhost.ldif
cat /tmp/addhost.ldif
ldapadd -x -D $USER -w $PASSWORD -f /tmp/addhost.ldif 2>&1 >/dev/null
}

deleteldapforward()
{

ldapdelete -x -D $USER -w $PASSWORD "relativeDomainName="$1$FORWARD_BASE 2>&1 >/dev/null

}


deleteldapreverse()
{

ldapdelete -x -D $USER -w $PASSWORD "relativeDomainName="$(echo "$1" | sed -r 's/^([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3}).([0-9]{1,3})$/\4,dc=\3,dc=\2,dc=\1,dc=in-addr,dc=arpa/g')$REVERSE_BASE 2>&1 >/dev/null

}


do_stuff()
{
count=0
readd=0
notfound="found:"
for i in "${iparray[@]}"
do
lookup="$(host "${hostnamearray[count]}"".""$domain")"
lookup="$(echo "$lookup" | awk '{print $4}')"
if [ "$lookup" = "${iparray[count]}" ]
then
count=$count+1
continue
fi

#when it's "found:" no record in ldap
if [[ "$lookup" != "$notfound" && "$lookup" != "${iparray[count]}" ]]
then
#delete record in ldap
echo "$(date '+%F %T')" "delete record in ldap" $lookup "${iparray[count]}" ${hostnamearray[count]} >> "$log_file"
deleteldapforward ${hostnamearray[count]}
deleteldapreverse "${iparray[count]}"
readd=1
fi

if [[ "$lookup" != "$notfound" || $readd ]]
then
echo "$(date '+%F %T')" "add record in ldap" "${iparray[count]}" ${hostnamearray[count]} >> "$log_file"
addldapforward "${iparray[count]}" ${hostnamearray[count]}
addldapreverse "${iparray[count]}" ${hostnamearray[count]}
fi


count=$count+1
done


}

changed()
{
result=0
curstat="$(stat -c %y "$lease_file")"

if [ $AUTO_VERIFY ]
then
check_count=$check_count+1
fi

if [ "$oldstat" != "$curstat" ] || [ $check_count = $AUTO_VERIFY -a $AUTO_VERIFY ]
then
oldstat="$curstat"
check_count=0
result=1
else
result=0
fi


}



if [ "$1" = "-h" ]
then
usage
exit
else

while :
do
changed
if [ $result -eq 1 ]
then
parse
do_stuff
fi
sleep $UPDATE_TIME
done

fi
[/code]
Back to top
View user's profile Send private message
marcus@richters-it.de



Joined: 07 Mar 2012
Posts: 34

PostPosted: Mon Aug 07, 2017 7:32 am    Post subject: Reply with quote

fulvio wrote:
I am not sure that DNS dynamic updates can work with the LDAP Bind backend used in Zeroshell. I have to investigare about this.

Regards
Fulvio


push
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group