DNS / DHCP Setup

[guddler]

Ok, I have a question...

Host files are a PITA and I have a server now so I've setup both a local / caching DNS server and a DHCP server. All is good and well.

So I've moved onto DHCP IP reservations - something I've always done, just seems easiest to me to use DHCP at the client end, and again, that's straightforward enough. Until that is, you get to multiple interfaces for the same machine.

Take for example, my work laptop. It has a gigabit port and a wireless N interface. I tend to use it 98% of the time on wired, but sometimes I bring it down to the house and it goes onto wireless.

Now, it's called "Nef" so I want to be able to ping, ssh (etc.) to Nef, and I don't want to have to care about whether it's wired or wireless. Ie, I could have "Nef1" and "Nef2" (doesn't help that Wired and Wireless both start with W!). But that's a pain.

SO, with fixed IPs you can kind of do this in DNS by using the same method that you would for load balancing but that's not really going to work very well as 50% of the time the DNS server will chuck out an address that isn't active. But I don't want fixed IPs anyway - by virtue of it being a laptop, I can pick it up and take it to work.

So how do I tackle this with DHCP and IP reservations? And having 2 for the same host name? Can I just define two host sections and it deal with it?

I guess I will play about and see but I'm just wondering what the "official" way is.

Ta.

 

[trm]

I wouldn't bother with DHCP reservations. I'd allocate static to anything that really needs it, then go DHCP w/ DDNS for everything else. I'm pretty sure everything out there now will support Dynamic DNS so your registration issues are sorted client-side.

I'm not sure of the security of DDNS on non-Win platforms, but if you wanted to enable security I'd expect some kind of shared secret system similar to CHAP so that the client can prove it registered the initial record and is thus able to update it - when switching from wired to wireless.

If you were to do this with DHCP reservations, I'd have a look to see whether your dhcpd has an option to not sanity check your MAC/reservation table (or maybe supports this out of the box) and allocate the same IP to both MACs via a pair of reservations. As long as you'll definitely only have wifi OR eth then you should be good.

I just thought of another way of doing this which requires both interfaces (wifi and eth) to be on the same subnet and then aliasing both IPs to the machine permanently but that is a REALLY nasty hack and would require manual intervention when you took the laptop off-site, and is super nasty.

But I'd personally suggest going with DDNS and letting the machines do the work for you. Rise (over) the machines

 

[guddler]

Well, i suppose if I can get the DDNS going then very little really needs to be dynamic. It's just something that I've always done as it was easy to do on the router.

The XBox 360 would be useful if fixed as I usually just chuck that into a DMZ and leave it totally open. Not aware of any nasties out in the wild that target XBox 360 and it's bloody annoying having it disconnect from XBox Live 3/4 of the way through a film - which it seems to do nearly every film!

Just as a slight aside, I've setup my DNS using the fake FQDN "guddnet.home" in order to ensure that I never clash with any real domains. I do however, obviously, own guddler.co.uk - can I use that? If so, what do I need to do to ensure I don't interfere with the real name servers for guddler.co.uk ? Or am I best off just leaving it as-is?

I'm finding this all quite good fun I have to say, but I really must crack on and do some non computer stuff. It's just started raining though.

 

[trm]

I'd definitely recommend DDNS for simple clean fun Once it's working (which might be a bit more effort than I'm anticipating given the mix of clients, but you could turn off update security and that should simplify it massively without introducing any significant security risk in your environment) then you won't have to touch anything again.

I have my X360 inside the perimeter "just because" and don't seem to have the same problem you mention, although after spending way too many nights packet sniffing to determine why the uPnP wasn't working I was just happy to have it sorted and am scared to touch it again

As for which domains to use, I'd suggest avoiding a split public/private DNS setup. I've had to make this work before for some organisations and it's a real ball-ache. I tried doing it here for a while too and just jacked it in in the end and went for xxx.int on the inside.

If you do it simply then you end up with an almighty mess as you're exposing internal DNS state on the net (which will include IPs from the reserved 'black hole' subnets, plus your secondary DNS at home is possibly going to change IP from time to time) and if you do it as a proper split DNS then it's the same as managing two domains (which you'd do if you had .int for home and .uk externally) PLUS the hassle of the name-space collision.

Will you have (m)any inbound port forwarding open on your home firewall?

 

[guddler]

Will you have (m)any inbound port forwarding open on your home firewall?

Unlikely I would think. Possibly as time goes by and I (hopefully) gain confidence in the server. But at the moment, open ports tend to be temporary things. I used to do my own hosting but the Mac Mini wasn't really designed to be left on 24/7 and I didn't like doing so. Since then I've not really had much opened up.

I'll stick with the fake domain at home then. I'm nearing the end of the DDNS setup now. I think there's a few hoops to jump through due to selinux but other than that I think I'm nearly done. I'm interested to see what the Mac's do as they have a tendency to use some weird sh*t that sticks ".local" on the end of all the host names and I don't want that.

I also don't want sh*t like "Shaz's iPad" and "Mart's iPhone" appearing in the DNS so this could be interesting

Not that I'm going to need to ping or otherwise reference those though. But I can think of other equally annoying examples!

 

[guddler]

Arse! Need to start again - had it all working lovely as a stock DNS / DHCP setup but somewhere along the line of setting up DDNS something went wrong and now none of its working!

 

[trm]

Arse! Need to start again - had it all working lovely as a stock DNS / DHCP setup but somewhere along the line of setting up DDNS something went wrong and now none of its working!

ESX snapshots FTW Once I've got to a decent checkpoint I'll do a snapshot, make the iffy changes and then if everything is OK, right click the VM and select Snapshot Manager and then delete the most recent. That clears the transaction log and permanently applies any changes made during the snap to the VMDK so they're committed.

You can run with snapshot enabled for as long as you have spare disk, but any changes made during a snapshot will build up a in separate roll-back log so if you made a snapshot and then copied 3GB of data to the VM, you'd have a 3GB transaction log plus whatever size the base VM is. When you commit (delete - dumb terminology I know) the snapshot then the transaction log goes and you get the disk space of the TX log back. Sorry if any of this is teaching you to suck eggs.

 

[guddler]

Well, what an interesting day!

First up, nope, I didn't realise that all the time I had a snapshot in place it was creating rollback information! Best I delete the snapshot I took immediately after I installed CentOS then and find some other way to keep a "point in time" backup

Also, I've finally cracked the DDNS / DHCP thing. Actually, it wasn't the DDNS, that was reasonably easy, it was actually the DHCP. I just couldn't get it to work. In the end I had to resort to just reading the MAN page for dhcpd.conf from top to bottom studying each parameter in turn. In the end my issue was that I had "server-identifier" set and it should have been "server-name" instead. What this was doing was making all the clients ignore the DHCP assignments they were sent and instead they were just sitting there doing DISCOVERs

Got there in the end.

And with reference to the original issue. With the DDNS, as long as host names are defined properly on all my machines, and I can remember what they are, then it's going to be fine. The exception to this, I thought was going to be the 360 which I figured I'd probably want to open up in the FW. But the 360 is doing some funky sh*t and is presenting the same MAC address regardless of whether it's on wired or wireless. While odd behaviour this is cool as I can set a fixed host entry in the DHCP for that one and life is peachy.

Got there in the end! Though not how I intended to spend my bank holiday Friday!!

 

[trm]

Ended up with an unexpectedly free w/e due to my mate who I was going to visit coming down with chickenpox and discovering that it looks like I didn't have it when I was young, and that Stink can't even tell the difference between measles and chickenpox!

So even though it's already roasting up here I think I'm going to assemble my new server and cross everything that it doesn't kick out too much heat or noise.

I could just setup the aircon, but it's too hot to be arsed

 

[guddler]

Lol! I've just been out and cut the grass. That was hot! Not coming down then? You know you want to!