DHCP & DNS


DHCP

Install

apt install isc-dhcp-server

Configure

/etc/default/isc-dhcp-server

INTERFACES="enp0s3"

/etc/dhcp/dhcpd.conf

Dynamic

option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 3600; 
max-lease-time 7200;

subnet 192.168.201.0 netmask 255.255.255.0 {
        option routers                  192.168.201.1;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      8.8.8.8;
        range   192.168.201.10   192.168.201.100;
}

Static

host host1 {
	 hardware ethernet 00:11:22:33:44:55;
	 fixed-address 192.168.201.254;
 }

DNS

Install

apt install bind9

Configuration

Forwarders

In /etc/bind/named.conf.options uncomment and set where dns requests should be forwared, i.e. the Google DNS servers.

forwarders {
    8.8.8.8;
    8.8.4.4;
};

Create the Actual Zone

I created a new file /etc/bind/db.lab.security-bits.de

$TTL    604800
@       IN      SOA     ns.lab.security-bits.de. lak.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.lab.security-bits.de.
ns      IN      A       10.111.0.1
server 	IN      A       10.111.0.15
client  IN      A       10.111.0.10

Add the Zone to Server

Edit named.conf.local and add

zone "lab.security-bits.de" {
        type master;
        file "/etc/bind/db.lab.security-bits.de";
};

Restart!

service bind9 restart

Testing

First get the dnsutils package

apt install dnsutils

Then use dig

dig server.lab.security-bits.de @127.0.0.1

; <<>> DiG 9.11.5-P4-5.1+deb10u3-Debian <<>> server.lab.security-bits.de @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26228
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 03d2cc75692e697926a1329d603f9633165bac08e8a094cd (good)
;; QUESTION SECTION:
;server.lab.security-bits.de.	IN	A

;; ANSWER SECTION:
server.lab.security-bits.de. 604800 IN	A	10.111.0.15

;; AUTHORITY SECTION:
lab.security-bits.de.	604800	IN	NS	ns.lab.security-bits.de.

;; ADDITIONAL SECTION:
ns.lab.security-bits.de. 604800	IN	A	10.111.0.1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Mar 03 14:59:15 CET 2021
;; MSG SIZE  rcvd: 134