[lug] Unable to ping netbios names from linux

Calvin Dodge caldodge at fpcc.net
Sun Jan 25 08:13:04 MST 2004 

On Sat, Jan 24, 2004 at 07:45:21PM -0800, Budyanto Himawan wrote:
> 
> Looks like /etc/hosts is much simpler.
> 
> Having said that it seems like there's no automatic
> way to do this. I have to manually put in the address
> mapping somehow. How does DNS servers get updated if
> their entries consist of name to IP Address mapping
> but  the IP addresses are DHCP addresses (they can
> change over time).

Well ... a DHCP client gives its name to the DHCP server (check 
/var/lib/dhcp/dhcpd.leases for examples).
The DHCP server can be told "give this name and IP address to DNS", and 
DNS can be told "add this name and address to your zone files".

This can be done most simply if DNS and DHCP are on the same server. 
For example, here's the setup at my parents' place:

At the start of /etc/dhcpd.conf, you'll see ..

#################################
ddns-domainname "dodgefamily.local";
ddns-update-style interim;
zone dodgefamily.local {
        primary 127.0.0.1;
}
zone 0.168.192.in-addr.arpa. {
        primary 127.0.0.1;
}
################################

This says "use the 'interim' style of DNS update, and append '.dodgefamily.local' to each DHCP client name before
giving it to the server". "Tell the server to update forward (dodgefamily.local) and reverse address zones".
"talk to the DNS server at 127.0.0.1" (local loopback)

Then, in /etc/named.conf, you'll see ...

################################
zone "dodgefamily.local" IN {
        type master;
        file "named.dodgelocal";
        allow-update { 127.0.0.1; };
};

zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.0";
        allow-update {127.0.0.1;};
};
###############################


These refer to the local forward and reverse DNS zones. They say "allow updates only on the local loopback address".


Make sure /var/named (and all files therein) is writeable by named ("chown -R named /var/named")
Then, start a process to watch the log file ("tail -f /var/log/messages")
Start named ("service named start (or restart if already running)").
Start dhcpd ("service dhcpd start (ditto)").
Start a Windows client.  The log file should show something like this:


Jan 25 07:46:50 www named[32288]: client 127.0.0.1#38777: updating zone 'dodgefamily.local/IN': adding an RR
Jan 25 07:46:50 www named[32288]: client 127.0.0.1#38777: updating zone 'dodgefamily.local/IN': adding an RR
Jan 25 07:46:50 www dhcpd: if IN A toshiba-user.dodgefamily.local domain doesn't exist add 21600 IN A toshiba-user.dodgefamily.local 192.168.0.101 add 21600 IN TXT toshiba-user.dodgefamily.local "00628dfa255675e581b48673aaa8181e31": success.
Jan 25 07:46:50 www named[32288]: client 127.0.0.1#38777: updating zone '0.168.192.in-addr.arpa/IN': deleting an rrset
Jan 25 07:46:50 www named[32288]: client 127.0.0.1#38777: updating zone '0.168.192.in-addr.arpa/IN': adding an RR
Jan 25 07:46:50 www dhcpd: delete IN PTR 101.0.168.192.in-addr.arpa. add 21600 IN PTR 101.0.168.192.in-addr.arpa. toshiba-user.dodgefamily.local: success.
Jan 25 07:46:50 www dhcpd: DHCPREQUEST for 192.168.0.101 from 00:00:39:2d:8c:e2 via eth0
Jan 25 07:46:50 www dhcpd: DHCPACK on 192.168.0.101 to 00:00:39:2d:8c:e2 (toshiba-user) via eth0


/etc/resolve.conf includes the line "domain dodgefamily.local", so I can just type
"ping toshiba-user" to see if my laptop is alive and on the LAN.

[calvin at www calvin]$ ping toshiba-user
PING toshiba-user.dodgefamily.local (192.168.0.101) 56(84) bytes of data.
64 bytes from toshiba-user.dodgefamily.local (192.168.0.101): icmp_seq=0 ttl=64 time=0.490 ms
64 bytes from toshiba-user.dodgefamily.local (192.168.0.101): icmp_seq=1 ttl=64 time=0.481 ms



If the DHCP and DNS servers are different machines, then the "allow-update" and "primary" 
bits need to include cryptographic key information.  I haven't done this, so I can't give you
even semi-authoritative advice on the subject, other than:

"man dhcpd.conf"
"man dnssec-keygen"
"man named.conf"
and "This example is left as an exercise for the student"



Caveats:  the above configuration works on a Fedora Core 1 server, and previously worked on Red Hat 9.
I make no guarantees that it will work on your machine. As far as security is concerned, I can only say
that named doesn't complain about an "allow-update" address of 127.0.0.1, but does complain (in the system
log) about a more public address (like 192.168.0.2) when it's not told to use a cryptographic key. I'm 
assuming that the non-complaint about 127.0.0.1 means that it's reasonably secure.

FWIW, you don't have to do the reverse zones.

Does this help?

Calvin
-- 
Calvin Dodge
Certified Linux Bigot (tm)
http://www.caldodge.fpcc.net

More information about the LUG mailing list