This guide details how to install DNS (named) and DHCP on CentoOS7 and integrate them dynamically so that DHCP updates DNS when an IP is leased to an LXC container or VM The install below was done on a CentOS7 Desktop edition running on Lenovo ThinkPad P70 mobile workstation hardware. The end goal of this configuration is to integrate DNS with the also-to-be-installed DHCP so that when LXC Linux containers startup they are given a DHCP-issued IP address and then also the DNS is updated with the IP information and DNS lookup information for the Linux container. This page is a WIP and I"m adding things and filling this out as I go along so YMMV and patience.Important Note to SelfRan into an issue where the DNS named was not updating the zone files (fwd.robinsystems.com, rev.robinsystems.com) on my laptop environment and so because it could not update the zone files, it was writing bunches of these "tmp-*" files as shown below. Finally I got a clue on this from this post here and then found a definitive bulleting on this here. The issue is that SELINUX must be notified to allow updating of the zone files. An example of what DNS was going before setting the directive is shown below. This is the status of the directory after the required SELINUX command was issued as shown below. Required SELINUX Command[root@stlns01 data]# cat /etc/sysconfig/selinux # This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - No SELinux policy is loaded.SELINUX=enforcing <-- SELINUX is set to enforcing on this system# SELINUXTYPE= can take one of three two values:# targeted - Targeted processes are protected,# minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection.SELINUXTYPE=targeted [root@stlns01 data]# setsebool -P named_write_master_zones 1 <-- Need to run this if SELINUX=enforcing !![root@stlns01 data]# service named statusRedirecting to /bin/systemctl status named.service● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2016-08-16 08:05:34 CDT; 3min 19s ago Process: 8714 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS) Process: 8704 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Main PID: 8716 (named) CGroup: /system.slice/named.service └─8716 /usr/sbin/named -u namedAug 16 08:05:34 stlns01 named[8716]: zone 0.in-addr.arpa/IN: loaded serial 0Aug 16 08:05:34 stlns01 named[8716]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0Aug 16 08:05:34 stlns01 named[8716]: zone 39.207.10.in-addr.arpa/IN: loaded serial 1512181477Aug 16 08:05:34 stlns01 named[8716]: zone localhost/IN: loaded serial 0Aug 16 08:05:34 stlns01 named[8716]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0Aug 16 08:05:34 stlns01 named[8716]: zone localhost.localdomain/IN: loaded serial 0Aug 16 08:05:34 stlns01 named[8716]: zone robinsystems.com/IN: loaded serial 1512181481Aug 16 08:05:34 stlns01 named[8716]: all zones loadedAug 16 08:05:34 stlns01 named[8716]: runningAug 16 08:05:34 stlns01 systemd[1]: Started Berkeley Internet Name Domain (DNS).[root@stlns01 data]# service named stopRedirecting to /bin/systemctl stop named.service[root@stlns01 data]# service named startRedirecting to /bin/systemctl start named.service[root@stlns01 data]#And now it can be seen that the zone files have finally been updated with the latest DNS entries including DNS for LXC containers cos72 as shown below. [root@stlns01 data]# pwd/var/named/data[root@stlns01 data]# ls -lrttotal 936-rw-r--r--. 1 named named 585 Aug 15 01:53 tmp-9hg2LJmo4A-rw-r--r--. 1 named named 631 Aug 15 01:53 tmp-ZEJRTVFC7Y-rw-r--r--. 1 named named 585 Aug 15 01:56 tmp-3x57jmVJZi-rw-r--r--. 1 named named 631 Aug 15 01:56 tmp-OWSG69O8Ox-rw-r--r--. 1 named named 585 Aug 15 02:06 tmp-e96do71i60-rw-r--r--. 1 named named 631 Aug 15 02:06 tmp-8KaOtDM4XL-rw-r--r--. 1 named named 585 Aug 15 02:13 tmp-vrO0JmwEIO-rw-r--r--. 1 named named 631 Aug 15 02:13 tmp-fwQX8nvE01-rw-rw-r--. 1 named named 3781 Aug 15 02:17 fwd.robinsystems.com.jnl-rw-rw-r--. 1 named named 2735 Aug 15 02:17 rev.robinsystems.com.jnl-rw-r--r--. 1 named named 568 Aug 15 02:19 tmp-R9K0DkvEMI-rw-r--r--. 1 named named 616 Aug 15 02:19 tmp-NLMbJqz7lk-rw-r--r--. 1 named named 568 Aug 15 02:23 tmp-8iV2nPBcnF-rw-r--r--. 1 named named 616 Aug 15 02:23 tmp-99aUlcKPfv-rw-r--r--. 1 named named 568 Aug 15 02:27 tmp-FhlrOTOPDc-rw-r--r--. 1 named named 616 Aug 15 02:27 tmp-4S3Eam0nDs-rw-r--r--. 1 named named 568 Aug 15 02:32 tmp-fExurK7yFj-rw-r--r--. 1 named named 616 Aug 15 02:32 tmp-sUhNKF3zUV-rw-r--r--. 1 named named 568 Aug 15 02:35 tmp-VlTwntrAqN-rw-r--r--. 1 named named 616 Aug 15 02:35 tmp-11crPu9mSO-rw-r--r--. 1 named named 568 Aug 15 02:40 tmp-UpP7lXPaYW-rw-r--r--. 1 named named 616 Aug 15 02:40 tmp-KlmIqNdl2V-rw-r--r--. 1 named named 568 Aug 15 09:53 tmp-X39tBYIkWd-rw-r--r--. 1 named named 616 Aug 15 09:53 tmp-O0aaVNJ2Xd-rw-r--r--. 1 named named 568 Aug 15 10:05 tmp-i07EDYVG1r-rw-r--r--. 1 named named 616 Aug 15 10:08 tmp-Tm5UdozEXc-rw-r--r--. 1 named named 568 Aug 15 10:19 tmp-R2cLfe2oDt-rw-r--r--. 1 named named 616 Aug 15 10:21 tmp-TcVZIbAYBZ-rw-r--r--. 1 named named 568 Aug 15 10:31 tmp-QUGPgWaYEA-rw-r--r--. 1 named named 616 Aug 15 10:35 tmp-zuyuyfVbfV-rw-r--r--. 1 named named 568 Aug 15 10:46 tmp-D7wImCrWHK-rw-r--r--. 1 named named 616 Aug 15 10:48 tmp-fXug1YOQ2x-rw-r--r--. 1 named named 568 Aug 15 10:58 tmp-5fe7791F3a-rw-r--r--. 1 named named 616 Aug 15 11:02 tmp-yyhTA2omv6-rw-r--r--. 1 named named 568 Aug 15 11:10 tmp-Lrc3j9Tg3Z-rw-r--r--. 1 named named 616 Aug 15 11:14 tmp-PiLAniofnB-rw-r--r--. 1 named named 568 Aug 15 11:24 tmp-JziBwYeL7j-rw-r--r--. 1 named named 616 Aug 15 11:26 tmp-JAcfP9kFGu-rw-r--r--. 1 named named 568 Aug 15 11:37 tmp-eyGgnSF4hp-rw-r--r--. 1 named named 616 Aug 15 11:39 tmp-BmzFoEFBck-rw-r--r--. 1 named named 568 Aug 15 11:51 tmp-MbZuxhK0Cy-rw-r--r--. 1 named named 616 Aug 15 11:52 tmp-KUTStQub3F-rw-r--r--. 1 named named 568 Aug 15 12:02 tmp-o7afnQi2sZ-rw-r--r--. 1 named named 616 Aug 15 12:05 tmp-elVw8D8ywq-rw-r--r--. 1 named named 568 Aug 15 12:16 tmp-yk6ow7mjI7-rw-r--r--. 1 named named 616 Aug 15 12:19 tmp-caim4UVoq0-rw-r--r--. 1 named named 568 Aug 15 12:27 tmp-V4zaabdH08-rw-r--r--. 1 named named 616 Aug 15 12:31 tmp-maF6tns0zV-rw-r--r--. 1 named named 568 Aug 15 12:40 tmp-6gEWToawq7-rw-r--r--. 1 named named 616 Aug 15 12:44 tmp-mqyX9KyBBh-rw-r--r--. 1 named named 568 Aug 15 12:52 tmp-JW15H6Heda-rw-r--r--. 1 named named 616 Aug 15 12:57 tmp-0s4ICmOVrx-rw-r--r--. 1 named named 568 Aug 15 13:05 tmp-ItDYRaDDMD-rw-r--r--. 1 named named 616 Aug 15 13:11 tmp-YZimGY7oVf-rw-r--r--. 1 named named 568 Aug 15 13:19 tmp-XlDiWEzFr6-rw-r--r--. 1 named named 616 Aug 15 13:24 tmp-ukoVNq6XgY-rw-r--r--. 1 named named 568 Aug 15 13:33 tmp-UuftUdLw1P-rw-r--r--. 1 named named 616 Aug 15 13:37 tmp-sK8wlI7dGR-rw-r--r--. 1 named named 568 Aug 15 13:41 tmp-GRBIw0Z9G7-rw-r--r--. 1 named named 616 Aug 15 13:41 tmp-aSup414G5P-rw-r--r--. 1 named named 568 Aug 15 13:52 tmp-48Oc5Itu7D-rw-r--r--. 1 named named 616 Aug 15 13:52 tmp-drfj472R92-rw-r--r--. 1 named named 568 Aug 15 14:02 tmp-b82ONSJ1EM-rw-r--r--. 1 named named 616 Aug 15 14:02 tmp-LvFPxFWNBF-rw-r--r--. 1 named named 616 Aug 15 15:45 tmp-7xht57fEID-rw-r--r--. 1 named named 568 Aug 15 15:45 tmp-M2lPgcpKqU-rw-r--r--. 1 named named 568 Aug 15 15:57 tmp-Z9KwXsLeVq-rw-r--r--. 1 named named 616 Aug 15 15:58 tmp-8NBoWivaP1-rw-r--r--. 1 named named 568 Aug 15 16:07 tmp-Q4ezxTqgVQ-rw-r--r--. 1 named named 616 Aug 15 16:07 tmp-Uomz1u6O0O-rw-r--r--. 1 named named 568 Aug 15 16:48 tmp-cUUOGSvQq6-rw-r--r--. 1 named named 616 Aug 15 16:48 tmp-Gu0rsKvlQ4-rw-r--r--. 1 named named 568 Aug 15 16:58 tmp-friaRt2SjH-rw-r--r--. 1 named named 616 Aug 15 16:58 tmp-qckzM2BU3P-rw-r--r--. 1 named named 568 Aug 15 17:15 tmp-Cy37oslXjd-rw-r--r--. 1 named named 616 Aug 15 17:15 tmp-s0QA2SDmym-rw-r--r--. 1 named named 616 Aug 15 20:29 tmp-7PL0E9Mu1L-rw-r--r--. 1 named named 568 Aug 15 20:31 tmp-e4Jx6B6Age-rw-r--r--. 1 named named 568 Aug 15 20:38 tmp-nTZ7UeDPro-rw-r--r--. 1 named named 616 Aug 15 20:38 tmp-jtGBvgxv8C-rw-r--r--. 1 named named 616 Aug 15 20:58 tmp-cas277bamL-rw-r--r--. 1 named named 568 Aug 15 20:59 tmp-CpNpk4iggH-rw-r--r--. 1 named named 616 Aug 15 21:11 tmp-gUZTweYLm6-rw-r--r--. 1 named named 568 Aug 15 21:13 tmp-HaoQaECFMz-rw-r--r--. 1 named named 616 Aug 15 21:24 tmp-zUZxUJ0dxN-rw-r--r--. 1 named named 568 Aug 15 21:25 tmp-l2dyL29YBz-rw-r--r--. 1 named named 616 Aug 15 21:36 tmp-gHuoYtNi7l-rw-r--r--. 1 named named 568 Aug 15 21:38 tmp-UX5W6Up1Zn-rw-r--r--. 1 named named 568 Aug 15 21:50 tmp-wjOD3x3ks3-rw-r--r--. 1 named named 568 Aug 15 21:50 tmp-g5LPdbNtSW-rw-r--r--. 1 named named 616 Aug 15 21:50 tmp-hZvsFzKw1r-rw-r--r--. 1 named named 568 Aug 15 22:00 tmp-y8C7UFDDLz-rw-r--r--. 1 named named 616 Aug 15 22:00 tmp-bYGlL7culQ-rw-r--r--. 1 named named 568 Aug 15 22:37 tmp-FggtyTcNRe-rw-r--r--. 1 named named 616 Aug 15 22:37 tmp-J1wEAe0Erp-rw-r--r--. 1 named named 568 Aug 15 23:03 tmp-fodCEc2cN0-rw-r--r--. 1 named named 616 Aug 15 23:03 tmp-eLmBmhqBKm-rw-r--r--. 1 named named 568 Aug 15 23:12 tmp-O0gcOHDipm-rw-r--r--. 1 named named 616 Aug 15 23:12 tmp-HWGjaoYA7D-rw-r--r--. 1 named named 568 Aug 16 07:29 tmp-5GZA5gNWBQ-rw-r--r--. 1 named named 616 Aug 16 07:30 tmp-jQ1ZP0bDHS-rw-r--r--. 1 named named 568 Aug 16 07:44 tmp-qYqrXUzEas-rw-r--r--. 1 named named 616 Aug 16 07:44 tmp-00a7LqgdhM-rw-r--r--. 1 named named 568 Aug 16 07:49 tmp-i31wKuGmRe-rw-r--r--. 1 named named 616 Aug 16 07:49 tmp-D7OWmXwGmi-rw-r--r--. 1 named named 568 Aug 16 08:08 rev.robinsystems.com-rw-r--r--. 1 named named 616 Aug 16 08:08 fwd.robinsystems.com-rw-r--r--. 1 named named 515429 Aug 16 08:09 named.run[root@stlns01 data]#Install Bind and Bind-Utils PackagesInstall the bind and bind-utils packages as shown below. I'm not entirely sure the "bind-chroot" package is needed. There is currently nothing in the subdirectories of chroot and so I think it's not needed for the type of DNS implementation done here.[root@localhost named]# yum install bind bind-utils bind-chrootLoaded plugins: fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: mirror.cisp.com * epel: ftp.osuosl.org * extras: mirror.sesp.northwestern.edu * updates: mirror.team-cymru.orgPackage 32:bind-utils-9.9.4-29.el7_2.3.x86_64 already installed and latest versionResolving Dependencies--> Running transaction check---> Package bind.x86_64 32:9.9.4-29.el7_2.3 will be installed--> Finished Dependency ResolutionDependencies Resolved=================================================================================================================================================================================================================== Package Arch Version Repository Size===================================================================================================================================================================================================================Installing: bind x86_64 32:9.9.4-29.el7_2.3 updates 1.8 MTransaction Summary===================================================================================================================================================================================================================Install 1 PackageTotal download size: 1.8 MInstalled size: 4.3 MIs this ok [y/d/N]: yDownloading packages:bind-9.9.4-29.el7_2.3.x86_64.rpm | 1.8 MB 00:00:00 Running transaction checkRunning transaction testTransaction test succeededRunning transaction Installing : 32:bind-9.9.4-29.el7_2.3.x86_64 1/1 Verifying : 32:bind-9.9.4-29.el7_2.3.x86_64 1/1 Installed: bind.x86_64 32:9.9.4-29.el7_2.3 Complete![root@localhost named]# Install DHCP PackageInstall the DHCP package as shown below. [root@localhost ovs]# yum install dhcpLoaded plugins: fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: mirrors.gigenet.com * epel: mirror.steadfast.net * extras: mirrors.gigenet.com * updates: mirror.team-cymru.orgResolving Dependencies--> Running transaction check---> Package dhcp.x86_64 12:4.2.5-42.el7.centos will be installed--> Finished Dependency ResolutionDependencies Resolved=================================================================================================================================================================================================================== Package Arch Version Repository Size===================================================================================================================================================================================================================Installing: dhcp x86_64 12:4.2.5-42.el7.centos base 511 kTransaction Summary===================================================================================================================================================================================================================Install 1 PackageTotal download size: 511 kInstalled size: 1.4 MIs this ok [y/d/N]: yDownloading packages:dhcp-4.2.5-42.el7.centos.x86_64.rpm | 511 kB 00:00:00 Running transaction checkRunning transaction testTransaction test succeededRunning transaction Installing : 12:dhcp-4.2.5-42.el7.centos.x86_64 1/1 Verifying : 12:dhcp-4.2.5-42.el7.centos.x86_64 1/1 Installed: dhcp.x86_64 12:4.2.5-42.el7.centos Complete![root@localhost ovs]#Configure DHCP to Listen to OpenvSwitch InterfaceThis step is signficantly different in CentOS7. The steps used to get DHCP to listen to interface sw1 are shown below.[root@localhost dnssec-keys]# cat /etc/sysconfig/dhcpd# WARNING: This file is NOT used anymore.# If you are here to restrict what interfaces should dhcpd listen on,# be aware that dhcpd listens *only* on interfaces for which it finds subnet# declaration in dhcpd.conf. It means that explicitly enumerating interfaces# also on command line should not be required in most cases.# If you still insist on adding some command line options,# copy dhcpd.service from /lib/systemd/system to /etc/systemd/system and modify# it there.# https://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F# example:# $ cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system/# $ vi /etc/systemd/system/dhcpd.service# $ ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid <your_interface_name(s)># $ systemctl --system daemon-reload# $ systemctl restart dhcpd.service[root@localhost dnssec-keys]# cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system[root@localhost dnssec-keys]# vi /etc/systemd/system/dhcpd.service[root@localhost dnssec-keys]# systemctl --system daemon-reload[root@localhost dnssec-keys]# systemctl restart dhcpd.service[root@localhost dnssec-keys]# service dhcpd statusRedirecting to /bin/systemctl status dhcpd.service● dhcpd.service - DHCPv4 Server Daemon Loaded: loaded (/etc/systemd/system/dhcpd.service; disabled; vendor preset: disabled) Active: active (running) since Sun 2016-08-14 17:40:55 CDT; 14s ago Docs: man:dhcpd(8) man:dhcpd.conf(5) Main PID: 11171 (dhcpd) Status: "Dispatching packets..." CGroup: /system.slice/dhcpd.service └─11171 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid sw1 <-- Listening on sw1Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config fileAug 14 17:40:55 localhost.localdomain dhcpd[11171]: Internet Systems Consortium DHCP Server 4.2.5Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: Copyright 2004-2013 Internet Systems Consortium.Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: All rights reserved.Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: For info, please visit https://www.isc.org/software/dhcp/Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: Wrote 0 leases to leases file.Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: Listening on LPF/sw1/82:61:03:22:40:48/10.207.39.0/24Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: Sending on LPF/sw1/82:61:03:22:40:48/10.207.39.0/24Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: Sending on Socket/fallback/fallback-netAug 14 17:40:55 localhost.localdomain systemd[1]: Started DHCPv4 Server Daemon.[root@localhost dnssec-keys]# |
CentOS7 > CentOS7 General >