SUSE Conversations


DHCP, DNS, DDNS, and TSIG configuration on OES 11 (SLES 11)



By: paulsenj

January 3, 2013 11:23 am

Reads:1976

Comments:5

Rating:0

So, you decided to migrate DHCP and DNS from NetWare 6.x OES 2 to SLES 11 OES 11 and things, especially DDNS are not working. First things first, DDNS can not work after migration because DDNS works differently on SLES/Linux and OES 11 than it does on NetWare. You also may be having odd issues with DNS resolving things properly too, especially those DDNS addresses that were migrated.

I am going to suggest that you just throw it away and start from scratch! I know, you really don’t have the time to start over with it, right? Yeah, that’s what I thought and I ended up wasting about two days chasing error messages and not having good results finding answers. I would either find resources (Novell KB articles, forum post, docs) that were too old and/or for NetWare or nothing at all. I am going to show you in this HOW-TO that you can re-create a simple DHCP and DNS setup with DDNS working in very little time, much less time then I spent chasing error messages anyway. Time involved for a simple network topology: ~30 minutes!

Let’s get started!

  1. Make sure you’re using the latest version of the Novell DNS/DHCP Management Console or at least the version you can download from your fully patched OES 11 server.
  2. Backup your DNS Zones and DHCP service by using the DNS/DHCP Management Console’s Export option. Note: For DNS you need to have the Zone selected to export it and for DHCP you must have the Service selected.
  3. Backup eDirectory on your SLES 11 OES 11 server.
    1. Open a terminal or SSH into your server
    2. Create a directory for your backups and cd into that directory.example: mkdir /root/edir
    3. Type: ndsbackup cf backupnameexample: ndsbackup cf 2012-8-23
    4. Enter your NDS admin name with contextexample: admin.digitalairlines
    5. Enter your admin password and hit “enter”
    6. Congratulations you have backed up eDir on SLES! :D
  4. In the DNS/DHCP Management Console go through and delete ALL of your DNS and DHCP stuff! Then close the management console.
  5. In ConsoleOne or iManager delete, EXCEPT for DNS AG stuff!, any lingering DNS and DHCP stuff including DNS_servername, DHCP_servername, DHCPGroup, dhcpLocator, DNS Records, IN-ADDR.ARPA records, DNS-DHCP, DNSDHCP-GROUP, RootServerInfo, and TSIG keys you may have created, and any other stuff that mentions DNS or DHCP.
  6. Stop DNS and DHCP on the server
    1. rcnovell-named stop
    2. rcnovell-dhcpd stop
  7. DHCP – Installation/configuration
    1. Get to your server console and start X or SSH in from a workstation with X installed (Linux, OSX) and start yast2. (example: ssh -Yl root servername or ssh -Xl root servername ( that is a lowercase “L” in there))
    2. In YaST2 Control Center select “Open Enterprise Server” in the left hand menu to bring that section into view then select “OES Install and Configure”
    3. You don’t need to change anything in the Software Selection screen, just hit “Accept”
    4. Scroll until you see “Novell DHCP Services” and change “Reconfigure is disabled” by clicking on the “disabled” link. Wait a moment and then click on the “Novell DHCP Services” heading to configure it.
    5. You will need to enter your admin password then you can fill out the screen in front of you. I suggest you take most of the defaults it gives you though I decided to add ou=dhcp,o=myorg for the “Common DHCP Configuration Object Contexts” and you may wish to as well as the TSIG key file could cause issues if you just dump everything into o=myorg. For the “LDAP method” choose “Dynamic” and for “Referrals” choose “Do not chase referral”. Then click “Next”.
    6. Choose your eDir server address, I suggest choosing the address of the server you are installing DHCP on. Select the checkbox for “Use secure channel for configuration”. In the “LDAP User Name with Context” box leave it as the pre-filled OESCommonProxy_servername,o=myorg or add appropriate credentials. “LDAP port for DHCP server” should be set to 636, and you should select the checkbox for “Use secure channel for DHCP server”. Under the “Certificates” section I selected “Never” and left the rest blank. Then click ‘Next”.
    7. Select your network interface from the box, there will probably only be one to select so it makes the decision easy! If you have more then one you will have to choose which one(s) you want. Then click “Next” to finish the configuration and return to the “Novell Open Enterprise Server Configuration” page.
    8. Click “Next” to write the configuration and then click “Finish” to close the OES configuration.
  8. DHCP – Setup in the DNS/DHCP Management Console
    1. Open the DNS/DHCP Management Console and click on the “DHCP (OES Linux)” tab, we now need to create a service so click on “Our Network” then click the create button (the little 3D box) and select “Service” and then click OK. In the “Create Service” dialog box enter the name you want to give the service, I used “DHCP_SERVICE”, and select the context, I put it in the context I used during the DHCP server configuration ou=dhcp,o=myorg, and select the Default DHCP Server, there should only be one to choose from, then click “Create”.
    2. Select the service you created and click on the “Configured Options” tab. Click on “Modify …” to add the options you need and set them accordingly. (examples: Time Offset, Router, Time Server, Domain Name Server, TFTP Server Name (set this to your ZCM pre-boot server DNS name), Boot File Name (set this to “nvlnbp.sys” for ZCM pre-boot services)) Then click the save button (looks like an arrow going into a floppy disk).
    3. OPTIONAL (Fixes PXE DHCP address hogging) Select the service you just created and then click the create button again and create a “Class” and name it “PXE” and click “Create”. Select the PXE class you just created and in the “Conditional Expression:” box type “match if option dhcp-client-identifier = null” without the quotes. Then click the save button (looks like an arrow going into a floppy disk).
    4. Select the service you created and click on the create button, then choose “TSIG Key” and click OK. Enter a name for the key, I used “DNS-DHCP_KEY” but you can use anything you want as long as its not longer than 16 characters, then type in a secret in which the number of characters is divisible by 4 (example: “secret12secret24″ 16 characters is divisible by 4) and then click on “Create”. Note: You need to create a second key later in the DNS setting with the same name and secret as this one so take that into account!
    5. Select the service you created and click on the create icon, then choose “Zone” and click OK. (Yes, we are creating the Zones before the subnets or pools and even before the DNS, this is to save time later and will work fine as long as you set up the Zones in DNS with the same names.) Enter your primary DNS Zone name, this is the myorg bit and the DNS server IP address then click “Create”. Now click back on the Zone you just created and in the “TSIG Key:” dropdown select your key.
    6. Select the service you created and click on the create button, then choose “Zone” and click OK. Enter your primary DNS IN-ADDR.ARPA Zone name, in my case this is the 20.172.IN-ADDR.ARPA bit and the DNS server IP address then click “Create”. Now click back on the Zone you just created and in the “TSIG Key:” dropdown select your key.
    7. Select the service you created and click on the create button, then choose “Subnet” and click OK. Enter your subnet information. (example for a 172.20 class 16 subnet use: Subnet Address: 172.20.0.0, Subnet Mask 255.255.0.0) Then click “Create”.
    8. Select the subnet you just created and set the “DNS Zone for Dynamic Update:” to your primary DNS Zone that you created, this is the myorg zone, and click the save button.
    9. Select the subnet you created and click the create button, then choose “Pool” and click OK. Enter a pool name, I chose “MAIN_POOL”, and set the “Start Address:” and “End Address:” to suit your needs then click “Create”.
    10. Select the pool you just created and then click on the “General” tab if it isn’t already displayed. In the “Range Type:” dropdown choose “Bootp&DHCP” and in the “DNS Update Option:” dropdown choose “Always Update”. Then click save.
    11. OPTIONAL (Fixes PXE DHCP address hogging) Select the pool you just created and then click on the “General” tab if it isn’t already displayed. You will see “PXE” listed under the “Available DHCP Class(es):” list, select “PXE” and then under “Denied DHCP Class(es):” click “Add >>” then click save.
    12. OPTIONAL (Fixes PXE DHCP address hogging) Select the subnet you created and then click the create button and choose “Pool”, enter “PXE_POOL” for the name and set a range of addresses that it can use for PXE booting then click “Create”. Select the “PXE_POOL” and on the General tab under the “Range Type:” dropdown select “DHCP”, then select “PXE” under “Available DHCP Class(es):” and under “Allowed DHCP Class(es):” click the “Add >>” button. Now click on the “Settings” tab and click the “Modify …” button then select “max-lease-time” from the list and set it to “0, 0, 30, 30″ and then click OK. You should now have an entry under your settings tab that says “max-lease-time” with a value of “1800″. Click the save button.
    13. Go to your terminal window or SSH session and start the DHCP service using the “rcnovell-dhcpd start” command. After it starts go back to the DNS/DHCP Management Console and Click on the “DHCP_servername” icon on the bottom of the “DHCP (OES Linux)” tab screen. In the “DHCP Server:” section click “Add …” and add the IP Address of the DHCP Server then click the save button. Now click on the “Settings” tab and add the following settings by clicking the “Modify …” button and choosing them one at a time and setting them as shown below:
      	Setting				Value
      	authoritative			True
      	ddns-domainname		"myorg"
      	ddns-rev-domainname	"20.172.IN-ADDR.ARPA"
      	ddns-update-style		interim
      	omapi-port			7911
      	update-optimization		True
      	client-updates			deny
      	omapi-key			TSIG_KeyName  (This was DNS-DHCH_KEY in my example)

      Then click OK and then click the Save button.

    14. Go to your terminal window or SSH session and restart the DHCP service using the “rcnovell-dhcpd restart” command. Our DHCP setup is done! :D
  9. DNS – Installation/configuration
    1. Get to your server console and start X or SSH in from a workstation with X installed (Linux, OSX) and start yast2. (example: ssh -Yl root servername or ssh -Xl root servername ( that is a lowercase “L” in there))
    2. In YaST2 Control Center select “Open Enterprise Server” in the left hand menu to bring that section into view then select “OES Install and Configure”
    3. You don’t need to change anything in the Software Selection screen, just hit “Accept”
    4. Scroll until you see “Novell DNS Services” and change “Reconfigure is disabled” by clicking on the “disabled” link. Wait a moment and then click on the “Novell DNS Services” heading to configure it.
    5. You will need to enter your admin password then you can fill out the screen in front of you. I suggest you take the defaults it gives you though make sure you select your DNS/DHCP servers IP Address for the “Directory server address” dropdown. This will help keep things running if you the other server isn’t available at some point. Also make sure there is the checkbox for “Use Secure LDAP Port” is selected then click “Next”.
    6. In the “Proxy User for DNS Management” box leave it as the pre-filled OESCommonProxy_servername,o=myorg or add appropriate credentials. Under the “Credential Storage Location:” section choose “CASA”. Then click ‘Next”.
    7. In the “Common DNS Configuration Object and User Contexts” section I decided to use ou=dns,o=myorg for all three fields and you may wish to as well as the TSIG key file could cause issues if you just dump everything into o=myorg. Then click “Next”
    8. Make sure you select the checkbox for “Create DNS Server Object” and add your server’s DNS name (hostname only, not servername.myorg) to the “Host Name” box and enter your domain name “myorg” into the “Domain Name for DNS Server” box. Then click “Next” to finish the configuration and return to the “Novell Open Enterprise Server Configuration” page.
    9. Click “Next” to write the configuration and then click “Finish” to close the OES configuration.
  10. DNS – Setup in the DNS/DHCP Management Console
    1. Open the DNS/DHCP Management Console and click on the “DNS” tab, then select “All Zones”. You will notice that there is already a “RootServerInfo” zone listed. Its important that you leave that alone. Now click on the create button, select “Zone” from the list and click OK. In the dialog box make sure “Create New Zone” is selected at the top and then enter the “NDS Context:” where you would like to create it (this is the ou=dns,o=myorg bit), Then enter the name of your Primary DNS Zone (this is the “myorg” bit) in the “Zone Domain Name:” box. Make sure that “Zone Type:” is set to “Primary” and “Assign Authoritative DNS Server:” is set to “DNS_servername” then click “Create”
    2. Select “All Zones” again and click create, select “Zone” and click OK. Select the option for “Create IN-ADDR ARPA”. Enter the same “NDS Context” as you did for your forward zone, myorg, and then set the network address to be the same as your subnet was for the DHCP settings. In my case this was “172.20″ with the last two boxes empty, you should see the “Zone Domain Name:” box automatically populating as you type and for my setup it read “20.172.IN-ADDR.ARPA”. Its important to note that this must be the same exact name as the Zone you created for the DHCP service! Make sure that “Zone Type:” is set to “Primary” and “Assign Authoritative DNS Server:” is set to “DNS_servername” then click “Create”
    3. Select “All Zones” again and click create, select “DNS Key” and click OK. Enter the same EXACT “Key Name:” and “Secret:” as you used for the DHCP TSIG key you created in step “8:d”. Go back to the DHCP tab and copy and paste them if you must! Enter the “NDS Context:” that you used “9:g” (ou=dns,o=myorg) and click “Create”.
    4. Select your Primary DNS Zone (myorg) and click on the “Key List” tab, select your DNS Key in the “Available DNS Keys” box and click “Add >>” to add it to the “Selected DNS Keys” box. Then click the save button! Now click on the “Control Lists” tab and select the option for “Allow Update Option” and click “Add …”, then select the “Key Options” option and click OK. Now click the save button again! Repeat these instructions for your IN-ADDR.ARPA zone, remember to save after each step!
    5. Go to your terminal window or SSH session and start the DNS service using the “rcnovell-named start” command. After it starts go back to the DNS/DHCP Management Console and Click on the “DNS_servername” icon on the bottom of the “DNS” tab screen. Check to make sure that your servers FQDN (servername.myorg) is listed in the “DNS Server Domain Name:” section, if it isn’t type it in and click save. Now click on the “Key List” tab, select your DNS Key in the “Available DNS Keys” box and click “Add >>” to add it to the “Selected DNS Keys” box. Then click the save button!
    6. Go to your terminal window or SSH session and restart the DNS service using the “rcnovell-named restart” command.
    7. Return to the DNS/DHCP Management Console and click on the “DNS” tab. Select your Primary DNS Zone (myorg) and click the create button. Select “Resource Record” and click OK. Now start adding back all of your static DNS records, don’t worry about anything that uses DHCP for addressing as it will now update the DNS server using DDNS! This is the place for things with static IP Addresses like servers, printers, network equipment, or anything else that has both a static IP Address and for which you need DNS resolution. After you’re done entering all of your DNS records it is probably wise to restart the DNS service again using the “rcnovell-named restart” command. Our DNS setup is now done! :D
  11. Notes
    1. I didn’t go over setting up “Hosts” in the DHCP subnet. Its easy and well documented and outside of the purpose of this document. You should be able to figure it out easily enough if you need to do it.
    2. DNS/DHCP Management Console may need to be restarted after certain steps for it to “see” the changes. This seems to be a bug, but maybe its just my setup. If it starts acting up on you just try to close it and restart it and see if that fixes your issues.
    3. Note to Novell: Some more thorough documentation would be nice on this stuff!
    4. After you have done everything in this you may want to back up your DNS, DHCP, and eDir configurations again!
    5. DISCLAIMER: These instructions aren’t for everybody. They were written for someone who has a good amount of experience managing Novell servers, if this isn’t you then please “Don’t try this at home” or at least not on production servers! There is a good chance that following these instructions could make your problems worse or GET YOU FIRED, they could even MAKE YOUR SERVER EXPLODE!!! Ok, well maybe not the last one but the point is that this document is provided without any warranty or guarantee and I am not liable in anyway for any damage following these instructions might cause!
    6. Good luck!

Written by:

Justin Paulsen
IT Admin, Novell TTP Member
Frederic School District
1437 Clam Falls Drive
Frederic, WI 54837
USA
paulsenj@frederic.k12.wi.us
petaris@gmail.com

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: ,
Categories: Open Enterprise Server on SLES, SUSE Linux Enterprise Server, Technical Solutions

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

5 Comments

  1. By:txrjohnson

    Thanks for a great article and giving out your perfect setup. I was able to perform these steps in my lab and it all works like a champ!

  2. By:lackovic

    I saw so long ago a well-written manual.
    Boys from Novell should be learning to write guides.

  3. By:ssalgy

    This is the kind of writing that made Cool Solutions cool, and we need more of this. If you have other processes that you feel are not adequately explained in the docs, please cook up another helping.

Comment

RSS