0

So I work in a web hosting environment, and I've got a handful of Linux boxen on our primarily Windows-based network. All the machines (both Windows and Linux) on the network have at least two network interfaces, each with its own DNS suffix, so we can separate backup and management traffic from the production web traffic.

The issue is that the backup/management NIC on each machine is using DHCP to get an address and register itself in DNS, while the production NIC is static, and DHCP isn't an option.

The Windows configuration is relatively simple, we set the one DHCP'ed NIC not to register with DNS and just leave DNS registration to the DHCP server. Then we set the static IP'ed NIC to register with DNS, and everything works fine. I want my Linux boxen to do the same thing, and I've got the DHCP NIC figured out, but I'm not finding a whole lot out there about ways to have Linux automatically register a static address in DNS.

Has anyone done anything like that before?

MikeSmitty
  • 27
  • 1
  • 9

2 Answers2

2

I know you said that DHCP is not an option for the static production NICs, but have you looked into a DHCP server that hands out fixed addresses? For all intents and purposes they are as good as static IP addresses, but with the added advantage of central administration.

This is relatively straightforward to do under Linux (and I believe also under Windows).

Maybe you could explain why fixed addresses via DHCP are not an option, and then we can look at what could be done about it.

wolfgangsz
  • 8,847
  • 3
  • 30
  • 34
  • We do this in Production with Windows, using DHCP reservations. There is minor admin overhead involved in entering the MAC into the reservation table, but it's one-time. Windows is good about asking for the same IP it was last issued, once you disable APIPA. – AndyN Sep 21 '10 at 00:17
  • DHCP reservations are an attractive option, but we often add as many as 10 or 20 addresses (for SSL sites) to a single NIC, and to my knowledge that's not possible with DHCP. – MikeSmitty Sep 21 '10 at 14:41
  • That is correct. It looks like Zoredache is your man. The script supplied by him is not distro specific, it should be easy to adapt it to your needs. – wolfgangsz Sep 21 '10 at 17:02
  • Ah, yeah. I didn't read through the whole script. I skimmed it, and was imagining it to be something like Ubuntu's /etc/network/interfaces file. – MikeSmitty Sep 21 '10 at 19:53
1

Make sure nsupdate is installed, then use it to register your names. The one problem with nsupdate is that you are going to need to permit non-secure dynamic updates. Unless your platform supports nsupdate-gss, and your linux machines are setup with kerberos to be part of the domain.

I have a script that looks like somewhat like this I use in a couple situations, like dynamic registration of OpenVPN clients. In the real script, the IP and actual hostname comes from the vpn server. If you are using a Debian based distribution it would be pretty easy to tweak this script and place it in /etc/network/if-up.d/.

#/bin/bash

dnssrv="192.168.47.12"   # the dns server that will accept the ddns request.
zone="dyn.example.org"   # the name of the zone
ttl="7200"               # 
hostname=`hostname`      # the name of your local host
ip='192.168.47.193'      # IP of the host

(
 echo "server ${dnssrv}"
 echo "zone ${zone}"
 echo "update delete ${farm}"
 echo "update add ${hostname}.${zone} ${ttl} A ${ip}"
 echo "send"
) | /usr/bin/nsupdate

Another alternative may be to just use DHCP for both interfaces at to setup reservations.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • Unfortunately I can't use this script since we're using CentOS, but I'll definitely have check into nsupdate-gss. We've got all of our Linux boxes joined to the domain using Likewise so this may be a viable option. – MikeSmitty Sep 21 '10 at 15:06
  • This time, actually reading through it this looks like a viable script. Thanks! – MikeSmitty Sep 21 '10 at 19:53
  • nsupdate should be available for centos. I think you need the bind-utils package. The Debian specific stuff I mentioned was actually just a note that you could modify the script to hook into the networking startup scripts. I am sure there is probably some way to hook into the Centos networking startup scripts to get it to run nsupdate however you need. – Zoredache Sep 21 '10 at 19:55
  • And if your DNS server is AD and requires Secure updates, you can take the above answer and wrap it in Kerberos using this post: https://serverfault.com/questions/1131671 – user3629081 May 22 '23 at 16:30