|
Size: 3808
Comment:
|
← Revision 30 as of 2021-03-15 21:24:19 ⇥
Size: 4621
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 14: | Line 14: |
| address 192.168.1.36 | address 192.168.1.38 |
| Line 22: | Line 22: |
| Before installing the DHCP server, make sure that you do not have other DHCP servers running on your network. It can cause hours of debugging. Also remember that switching off an existing DHCP server will cause all your devices to get new IP-adresses. Some devices may have to be rebooted to work properly again. If you use the same IP-adress range on both old and new DHCP server, then you may run into IP-address conflicts too. | Before installing the DHCP server, make sure that you do not have other DHCP servers running on your network. It can cause hours of debugging. * Save time by running a static IP on the host you are configuring your system from, so you do not loose your ssh connections randomly. * Remember that switching off an existing DHCP server will cause all your devices to get new IP-adresses. Some devices may have to be rebooted to work properly again. * If you use the same IP-address range on both old and new DHCP server, then you may run into IP-address conflicts too. |
| Line 37: | Line 41: |
| ''As of 2017-12-11 I cannot get the sha512 keys to work, according to [[https://kb.isc.org/article/AA-01243/0/DHCP-4.2.8b1-Release-Notes.html|ISC]] it should be implemented in ISC's DHCP server by now, but it does not seem to work on the DHCP server.'' | |
| Line 39: | Line 42: |
| Copy your DDNS update key from the DNS Master and save it in `/etc/dhcp/ddns-update.dnskey`. | Copy your DDNS update key from the DNS Master and save it in `/etc/dhcp/ddns-update.kallenberg.dk`. Edit `/etc/dhcp/ddns-update.kallenberg.dk` and remove the quotations. If the quotations are not removed, then the DHCP server will not accept it as a valid key. {{{ key ddns-update { algorithm hmac-sha512; secret yYFzfibvlpS33+vsngV2jF5tGkTiVSjhYoFuV0T7bnCVfFGx3Mu05SW+LakImdofkNM00LxHCLuvD1W1vSWMmA==; }; }}} |
| Line 50: | Line 59: |
| include "/etc/dhcp/ddns-update.dnskey"; | |
| Line 52: | Line 60: |
| include "/etc/dhcp/ddns-update.kallenberg.dk"; | |
| Line 58: | Line 67: |
==== Server ==== |
|
| Line 61: | Line 72: |
| option domain-name-servers 192.168.1.34, 192.168.1.35; | option domain-name-servers 192.168.1.36, 192.168.1.37; |
| Line 65: | Line 76: |
| update-optimization off; | |
| Line 67: | Line 79: |
| ==== Subnet ==== | |
| Line 69: | Line 82: |
| ddns-update-style interim; | ddns-update-style standard; |
| Line 77: | Line 90: |
| primary 192.168.1.34; | primary 192.168.1.36; |
| Line 83: | Line 96: |
| primary 192.168.1.34; | primary 192.168.1.36; |
| Line 98: | Line 111: |
| option domain-name-servers 192.168.1.34, 192.168.1.35; option ntp-servers 192.168.1.38, 192.168.1.39; |
option domain-name-servers 192.168.1.36, 192.168.1.37; option ntp-servers 192.168.1.40, 192.168.1.41; |
| Line 108: | Line 121: |
| ==== Static IP-adresses ==== We would like servers to have static IP-adresses, but not more static than controlling it from the DHCP server. Remember to keep this file synchronized with the one on the DHCP secondary. |
|
| Line 112: | Line 129: |
| fixed-address 192.168.1.38; | fixed-address 192.168.1.40; |
| Line 117: | Line 134: |
| fixed-address 192.168.1.39; | fixed-address 192.168.1.41; |
| Line 121: | Line 138: |
| ==== DHCP Primary ==== | |
| Line 125: | Line 143: |
| address 192.168.1.36; | address 192.168.1.38; |
| Line 127: | Line 145: |
| peer address 192.168.1.37; | peer address 192.168.1.39; |
| Line 136: | Line 154: |
| Line 137: | Line 156: |
| Line 141: | Line 159: |
| Notice that even though the server is started, it will not begin to hand out IP-addresses yet. It will wait until it sees the secondary. Once it has seen the secondary, the DHCP server will begin to work. == References == * https://kb.isc.org/docs/aa-01091 |
DHCP Primary
Network
We will give the DHCP primary a static IP-address. Edit /etc/networking/interfaces and make the following changes.
# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static
address 192.168.1.38
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1
Software
Before installing the DHCP server, make sure that you do not have other DHCP servers running on your network. It can cause hours of debugging.
- Save time by running a static IP on the host you are configuring your system from, so you do not loose your ssh connections randomly.
- Remember that switching off an existing DHCP server will cause all your devices to get new IP-adresses. Some devices may have to be rebooted to work properly again.
- If you use the same IP-address range on both old and new DHCP server, then you may run into IP-address conflicts too.
Install the DHCP server.
apt-get install isc-dhcp-server
Configure the server
Stop the server
service isc-dhcp-server stop
Get the DDNS update key
Copy your DDNS update key from the DNS Master and save it in /etc/dhcp/ddns-update.kallenberg.dk. Edit /etc/dhcp/ddns-update.kallenberg.dk and remove the quotations. If the quotations are not removed, then the DHCP server will not accept it as a valid key.
key ddns-update {
algorithm hmac-sha512;
secret yYFzfibvlpS33+vsngV2jF5tGkTiVSjhYoFuV0T7bnCVfFGx3Mu05SW+LakImdofkNM00LxHCLuvD1W1vSWMmA==;
};
Choose Network Device
Edit /etc/default/isc-dhcp-server and set the dhcp server to run on eth0.
INTERFACESv4="eth0"
Edit dhcpcd.conf
Comment out all lines in /etc/dhcp/dhcpd.conf and add the following to the bottom of the file:
include "/etc/dhcp/dhcpd.conf_default"; include "/etc/dhcp/ddns-update.kallenberg.dk"; include "/etc/dhcp/dhcpd.conf_primary"; include "/etc/dhcp/dhcpd.conf_subnet"; include "/etc/dhcp/dhcpd.conf_static";
Individual Config Files
Server
/etc/dhcp/dhcpd.conf_default
option domain-name "kallenberg.dk"; option domain-name-servers 192.168.1.36, 192.168.1.37; default-lease-time 3600; max-lease-time 7200; log-facility local7; update-optimization off;
Subnet
/etc/dhcp/dhcpd.conf_subnet
ddns-update-style standard;
ddns-updates on;
ddns-domainname "kallenberg.dk";
ignore client-updates;
update-static-leases on;
# forward zones for DNS updates
zone kallenberg.dk {
primary 192.168.1.36;
key ddns-update;
}
# reserse zone for DNS updates
zone 1.168.192.in-addr.arpa {
primary 192.168.1.36;
key ddns-update;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
pool {
failover peer "network";
range 192.168.1.96 192.168.1.127;
}
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option domain-name "kallenberg.dk";
option domain-name-servers 192.168.1.36, 192.168.1.37;
option ntp-servers 192.168.1.40, 192.168.1.41;
#option ntp-servers ntp01, ntp02;
default-lease-time 3600;
max-lease-time 7200;
}
Static IP-adresses
We would like servers to have static IP-adresses, but not more static than controlling it from the DHCP server. Remember to keep this file synchronized with the one on the DHCP secondary.
/etc/dhcp/dhcpd.conf_static
host ntp01 {
hardware ethernet 52:54:00:9e:33:2f;
fixed-address 192.168.1.40;
}
host ntp02 {
hardware ethernet 52:54:00:c5:f1:92;
fixed-address 192.168.1.41;
}
DHCP Primary
/etc/dhcp/dhcpd.conf_primary
failover peer "network" {
primary;
address 192.168.1.38;
port 647;
peer address 192.168.1.39;
peer port 647;
max-response-delay 60;
max-unacked-updates 10;
mclt 3600;
split 128;
load balance max seconds 3;
}
Start the server
service isc-dhcp-server start
Notice that even though the server is started, it will not begin to hand out IP-addresses yet. It will wait until it sees the secondary. Once it has seen the secondary, the DHCP server will begin to work.