This guide details how to install DNS (named) and DHCP on CentoOS7 and integrate them dynamically so that DHCP updates DNS when an IP is leased to an LXC container or VM The install below was done on a CentOS7 Desktop edition running on Lenovo ThinkPad P70 mobile workstation hardware. The end goal of this configuration is to integrate DNS with the also-to-be-installed DHCP so that when LXC Linux containers startup they are given a DHCP-issued IP address and then also the DNS is updated with the IP information and DNS lookup information for the Linux container.
This page is a WIP and I"m adding things and filling this out as I go along so YMMV and patience.
Ran into an issue where the DNS named was not updating the zone files (fwd.robinsystems.com, rev.robinsystems.com) on my laptop environment and so because it could not update the zone files, it was writing bunches of these "tmp-*" files as shown below. Finally I got a clue on this from this post here and then found a definitive bulleting on this here. The issue is that SELINUX must be notified to allow updating of the zone files. An example of what DNS was going before setting the directive is shown below. This is the status of the directory after the required SELINUX command was issued as shown below.
Required SELINUX Command
[root@stlns01 data]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing <-- SELINUX is set to enforcing on this system
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@stlns01 data]# setsebool -P named_write_master_zones 1 <-- Need to run this if SELINUX=enforcing !!
[root@stlns01 data]# service named status
Redirecting to /bin/systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2016-08-16 08:05:34 CDT; 3min 19s ago
Process: 8714 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
Process: 8704 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 8716 (named)
CGroup: /system.slice/named.service
└─8716 /usr/sbin/named -u named
Aug 16 08:05:34 stlns01 named[8716]: zone 0.in-addr.arpa/IN: loaded serial 0
Aug 16 08:05:34 stlns01 named[8716]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Aug 16 08:05:34 stlns01 named[8716]: zone 39.207.10.in-addr.arpa/IN: loaded serial 1512181477
Aug 16 08:05:34 stlns01 named[8716]: zone localhost/IN: loaded serial 0
Aug 16 08:05:34 stlns01 named[8716]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Aug 16 08:05:34 stlns01 named[8716]: zone localhost.localdomain/IN: loaded serial 0
Aug 16 08:05:34 stlns01 named[8716]: zone robinsystems.com/IN: loaded serial 1512181481
Aug 16 08:05:34 stlns01 named[8716]: all zones loaded
Aug 16 08:05:34 stlns01 named[8716]: running
Aug 16 08:05:34 stlns01 systemd[1]: Started Berkeley Internet Name Domain (DNS).
[root@stlns01 data]# service named stop
Redirecting to /bin/systemctl stop named.service
[root@stlns01 data]# service named start
Redirecting to /bin/systemctl start named.service
[root@stlns01 data]#
And now it can be seen that the zone files have finally been updated with the latest DNS entries including DNS for LXC containers cos72 as shown below.
[root@stlns01 data]# pwd
/var/named/data
[root@stlns01 data]# ls -lrt
total 936
-rw-r--r--. 1 named named 585 Aug 15 01:53 tmp-9hg2LJmo4A
-rw-r--r--. 1 named named 631 Aug 15 01:53 tmp-ZEJRTVFC7Y
-rw-r--r--. 1 named named 585 Aug 15 01:56 tmp-3x57jmVJZi
-rw-r--r--. 1 named named 631 Aug 15 01:56 tmp-OWSG69O8Ox
-rw-r--r--. 1 named named 585 Aug 15 02:06 tmp-e96do71i60
-rw-r--r--. 1 named named 631 Aug 15 02:06 tmp-8KaOtDM4XL
-rw-r--r--. 1 named named 585 Aug 15 02:13 tmp-vrO0JmwEIO
-rw-r--r--. 1 named named 631 Aug 15 02:13 tmp-fwQX8nvE01
-rw-rw-r--. 1 named named 3781 Aug 15 02:17 fwd.robinsystems.com.jnl
-rw-rw-r--. 1 named named 2735 Aug 15 02:17 rev.robinsystems.com.jnl
-rw-r--r--. 1 named named 568 Aug 15 02:19 tmp-R9K0DkvEMI
-rw-r--r--. 1 named named 616 Aug 15 02:19 tmp-NLMbJqz7lk
-rw-r--r--. 1 named named 568 Aug 15 02:23 tmp-8iV2nPBcnF
-rw-r--r--. 1 named named 616 Aug 15 02:23 tmp-99aUlcKPfv
-rw-r--r--. 1 named named 568 Aug 15 02:27 tmp-FhlrOTOPDc
-rw-r--r--. 1 named named 616 Aug 15 02:27 tmp-4S3Eam0nDs
-rw-r--r--. 1 named named 568 Aug 15 02:32 tmp-fExurK7yFj
-rw-r--r--. 1 named named 616 Aug 15 02:32 tmp-sUhNKF3zUV
-rw-r--r--. 1 named named 568 Aug 15 02:35 tmp-VlTwntrAqN
-rw-r--r--. 1 named named 616 Aug 15 02:35 tmp-11crPu9mSO
-rw-r--r--. 1 named named 568 Aug 15 02:40 tmp-UpP7lXPaYW
-rw-r--r--. 1 named named 616 Aug 15 02:40 tmp-KlmIqNdl2V
-rw-r--r--. 1 named named 568 Aug 15 09:53 tmp-X39tBYIkWd
-rw-r--r--. 1 named named 616 Aug 15 09:53 tmp-O0aaVNJ2Xd
-rw-r--r--. 1 named named 568 Aug 15 10:05 tmp-i07EDYVG1r
-rw-r--r--. 1 named named 616 Aug 15 10:08 tmp-Tm5UdozEXc
-rw-r--r--. 1 named named 568 Aug 15 10:19 tmp-R2cLfe2oDt
-rw-r--r--. 1 named named 616 Aug 15 10:21 tmp-TcVZIbAYBZ
-rw-r--r--. 1 named named 568 Aug 15 10:31 tmp-QUGPgWaYEA
-rw-r--r--. 1 named named 616 Aug 15 10:35 tmp-zuyuyfVbfV
-rw-r--r--. 1 named named 568 Aug 15 10:46 tmp-D7wImCrWHK
-rw-r--r--. 1 named named 616 Aug 15 10:48 tmp-fXug1YOQ2x
-rw-r--r--. 1 named named 568 Aug 15 10:58 tmp-5fe7791F3a
-rw-r--r--. 1 named named 616 Aug 15 11:02 tmp-yyhTA2omv6
-rw-r--r--. 1 named named 568 Aug 15 11:10 tmp-Lrc3j9Tg3Z
-rw-r--r--. 1 named named 616 Aug 15 11:14 tmp-PiLAniofnB
-rw-r--r--. 1 named named 568 Aug 15 11:24 tmp-JziBwYeL7j
-rw-r--r--. 1 named named 616 Aug 15 11:26 tmp-JAcfP9kFGu
-rw-r--r--. 1 named named 568 Aug 15 11:37 tmp-eyGgnSF4hp
-rw-r--r--. 1 named named 616 Aug 15 11:39 tmp-BmzFoEFBck
-rw-r--r--. 1 named named 568 Aug 15 11:51 tmp-MbZuxhK0Cy
-rw-r--r--. 1 named named 616 Aug 15 11:52 tmp-KUTStQub3F
-rw-r--r--. 1 named named 568 Aug 15 12:02 tmp-o7afnQi2sZ
-rw-r--r--. 1 named named 616 Aug 15 12:05 tmp-elVw8D8ywq
-rw-r--r--. 1 named named 568 Aug 15 12:16 tmp-yk6ow7mjI7
-rw-r--r--. 1 named named 616 Aug 15 12:19 tmp-caim4UVoq0
-rw-r--r--. 1 named named 568 Aug 15 12:27 tmp-V4zaabdH08
-rw-r--r--. 1 named named 616 Aug 15 12:31 tmp-maF6tns0zV
-rw-r--r--. 1 named named 568 Aug 15 12:40 tmp-6gEWToawq7
-rw-r--r--. 1 named named 616 Aug 15 12:44 tmp-mqyX9KyBBh
-rw-r--r--. 1 named named 568 Aug 15 12:52 tmp-JW15H6Heda
-rw-r--r--. 1 named named 616 Aug 15 12:57 tmp-0s4ICmOVrx
-rw-r--r--. 1 named named 568 Aug 15 13:05 tmp-ItDYRaDDMD
-rw-r--r--. 1 named named 616 Aug 15 13:11 tmp-YZimGY7oVf
-rw-r--r--. 1 named named 568 Aug 15 13:19 tmp-XlDiWEzFr6
-rw-r--r--. 1 named named 616 Aug 15 13:24 tmp-ukoVNq6XgY
-rw-r--r--. 1 named named 568 Aug 15 13:33 tmp-UuftUdLw1P
-rw-r--r--. 1 named named 616 Aug 15 13:37 tmp-sK8wlI7dGR
-rw-r--r--. 1 named named 568 Aug 15 13:41 tmp-GRBIw0Z9G7
-rw-r--r--. 1 named named 616 Aug 15 13:41 tmp-aSup414G5P
-rw-r--r--. 1 named named 568 Aug 15 13:52 tmp-48Oc5Itu7D
-rw-r--r--. 1 named named 616 Aug 15 13:52 tmp-drfj472R92
-rw-r--r--. 1 named named 568 Aug 15 14:02 tmp-b82ONSJ1EM
-rw-r--r--. 1 named named 616 Aug 15 14:02 tmp-LvFPxFWNBF
-rw-r--r--. 1 named named 616 Aug 15 15:45 tmp-7xht57fEID
-rw-r--r--. 1 named named 568 Aug 15 15:45 tmp-M2lPgcpKqU
-rw-r--r--. 1 named named 568 Aug 15 15:57 tmp-Z9KwXsLeVq
-rw-r--r--. 1 named named 616 Aug 15 15:58 tmp-8NBoWivaP1
-rw-r--r--. 1 named named 568 Aug 15 16:07 tmp-Q4ezxTqgVQ
-rw-r--r--. 1 named named 616 Aug 15 16:07 tmp-Uomz1u6O0O
-rw-r--r--. 1 named named 568 Aug 15 16:48 tmp-cUUOGSvQq6
-rw-r--r--. 1 named named 616 Aug 15 16:48 tmp-Gu0rsKvlQ4
-rw-r--r--. 1 named named 568 Aug 15 16:58 tmp-friaRt2SjH
-rw-r--r--. 1 named named 616 Aug 15 16:58 tmp-qckzM2BU3P
-rw-r--r--. 1 named named 568 Aug 15 17:15 tmp-Cy37oslXjd
-rw-r--r--. 1 named named 616 Aug 15 17:15 tmp-s0QA2SDmym
-rw-r--r--. 1 named named 616 Aug 15 20:29 tmp-7PL0E9Mu1L
-rw-r--r--. 1 named named 568 Aug 15 20:31 tmp-e4Jx6B6Age
-rw-r--r--. 1 named named 568 Aug 15 20:38 tmp-nTZ7UeDPro
-rw-r--r--. 1 named named 616 Aug 15 20:38 tmp-jtGBvgxv8C
-rw-r--r--. 1 named named 616 Aug 15 20:58 tmp-cas277bamL
-rw-r--r--. 1 named named 568 Aug 15 20:59 tmp-CpNpk4iggH
-rw-r--r--. 1 named named 616 Aug 15 21:11 tmp-gUZTweYLm6
-rw-r--r--. 1 named named 568 Aug 15 21:13 tmp-HaoQaECFMz
-rw-r--r--. 1 named named 616 Aug 15 21:24 tmp-zUZxUJ0dxN
-rw-r--r--. 1 named named 568 Aug 15 21:25 tmp-l2dyL29YBz
-rw-r--r--. 1 named named 616 Aug 15 21:36 tmp-gHuoYtNi7l
-rw-r--r--. 1 named named 568 Aug 15 21:38 tmp-UX5W6Up1Zn
-rw-r--r--. 1 named named 568 Aug 15 21:50 tmp-wjOD3x3ks3
-rw-r--r--. 1 named named 568 Aug 15 21:50 tmp-g5LPdbNtSW
-rw-r--r--. 1 named named 616 Aug 15 21:50 tmp-hZvsFzKw1r
-rw-r--r--. 1 named named 568 Aug 15 22:00 tmp-y8C7UFDDLz
-rw-r--r--. 1 named named 616 Aug 15 22:00 tmp-bYGlL7culQ
-rw-r--r--. 1 named named 568 Aug 15 22:37 tmp-FggtyTcNRe
-rw-r--r--. 1 named named 616 Aug 15 22:37 tmp-J1wEAe0Erp
-rw-r--r--. 1 named named 568 Aug 15 23:03 tmp-fodCEc2cN0
-rw-r--r--. 1 named named 616 Aug 15 23:03 tmp-eLmBmhqBKm
-rw-r--r--. 1 named named 568 Aug 15 23:12 tmp-O0gcOHDipm
-rw-r--r--. 1 named named 616 Aug 15 23:12 tmp-HWGjaoYA7D
-rw-r--r--. 1 named named 568 Aug 16 07:29 tmp-5GZA5gNWBQ
-rw-r--r--. 1 named named 616 Aug 16 07:30 tmp-jQ1ZP0bDHS
-rw-r--r--. 1 named named 568 Aug 16 07:44 tmp-qYqrXUzEas
-rw-r--r--. 1 named named 616 Aug 16 07:44 tmp-00a7LqgdhM
-rw-r--r--. 1 named named 568 Aug 16 07:49 tmp-i31wKuGmRe
-rw-r--r--. 1 named named 616 Aug 16 07:49 tmp-D7OWmXwGmi
-rw-r--r--. 1 named named 568 Aug 16 08:08 rev.robinsystems.com
-rw-r--r--. 1 named named 616 Aug 16 08:08 fwd.robinsystems.com
-rw-r--r--. 1 named named 515429 Aug 16 08:09 named.run
[root@stlns01 data]#
Install the bind and bind-utils packages as shown below. I'm not entirely sure the "bind-chroot" package is needed. There is currently nothing in the subdirectories of chroot and so I think it's not needed for the type of DNS implementation done here.
[root@localhost named]# yum install bind bind-utils bind-chroot
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.cisp.com
* epel: ftp.osuosl.org
* extras: mirror.sesp.northwestern.edu
* updates: mirror.team-cymru.org
Package 32:bind-utils-9.9.4-29.el7_2.3.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.9.4-29.el7_2.3 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================================================================================================================
Package Arch Version Repository Size
===================================================================================================================================================================================================================
Installing:
bind x86_64 32:9.9.4-29.el7_2.3 updates 1.8 M
Transaction Summary
===================================================================================================================================================================================================================
Install 1 Package
Total download size: 1.8 M
Installed size: 4.3 M
Is this ok [y/d/N]: y
Downloading packages:
bind-9.9.4-29.el7_2.3.x86_64.rpm | 1.8 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 32:bind-9.9.4-29.el7_2.3.x86_64 1/1
Verifying : 32:bind-9.9.4-29.el7_2.3.x86_64 1/1
Installed:
bind.x86_64 32:9.9.4-29.el7_2.3
Complete!
[root@localhost named]#
Install the DHCP package as shown below.
[root@localhost ovs]# yum install dhcp
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.gigenet.com
* epel: mirror.steadfast.net
* extras: mirrors.gigenet.com
* updates: mirror.team-cymru.org
Resolving Dependencies
--> Running transaction check
---> Package dhcp.x86_64 12:4.2.5-42.el7.centos will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================================================================================================================
Package Arch Version Repository Size
===================================================================================================================================================================================================================
Installing:
dhcp x86_64 12:4.2.5-42.el7.centos base 511 k
Transaction Summary
===================================================================================================================================================================================================================
Install 1 Package
Total download size: 511 k
Installed size: 1.4 M
Is this ok [y/d/N]: y
Downloading packages:
dhcp-4.2.5-42.el7.centos.x86_64.rpm | 511 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 12:dhcp-4.2.5-42.el7.centos.x86_64 1/1
Verifying : 12:dhcp-4.2.5-42.el7.centos.x86_64 1/1
Installed:
dhcp.x86_64 12:4.2.5-42.el7.centos
Complete!
[root@localhost ovs]#
This step is signficantly different in CentOS7. The steps used to get DHCP to listen to interface sw1 are shown below.
[root@localhost dnssec-keys]# cat /etc/sysconfig/dhcpd
# WARNING: This file is NOT used anymore.
# If you are here to restrict what interfaces should dhcpd listen on,
# be aware that dhcpd listens *only* on interfaces for which it finds subnet
# declaration in dhcpd.conf. It means that explicitly enumerating interfaces
# also on command line should not be required in most cases.
# If you still insist on adding some command line options,
# copy dhcpd.service from /lib/systemd/system to /etc/systemd/system and modify
# it there.
# https://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
# example:
# $ cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system/
# $ vi /etc/systemd/system/dhcpd.service
# $ ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid <your_interface_name(s)>
# $ systemctl --system daemon-reload
# $ systemctl restart dhcpd.service
[root@localhost dnssec-keys]# cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system
[root@localhost dnssec-keys]# vi /etc/systemd/system/dhcpd.service
[root@localhost dnssec-keys]# systemctl --system daemon-reload
[root@localhost dnssec-keys]# systemctl restart dhcpd.service
[root@localhost dnssec-keys]# service dhcpd status
Redirecting to /bin/systemctl status dhcpd.service
● dhcpd.service - DHCPv4 Server Daemon
Loaded: loaded (/etc/systemd/system/dhcpd.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2016-08-14 17:40:55 CDT; 14s ago
Docs: man:dhcpd(8)
man:dhcpd.conf(5)
Main PID: 11171 (dhcpd)
Status: "Dispatching packets..."
CGroup: /system.slice/dhcpd.service
└─11171 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid sw1 <-- Listening on sw1
Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: Internet Systems Consortium DHCP Server 4.2.5
Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: Copyright 2004-2013 Internet Systems Consortium.
Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: All rights reserved.
Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: For info, please visit https://www.isc.org/software/dhcp/
Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: Wrote 0 leases to leases file.
Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: Listening on LPF/sw1/82:61:03:22:40:48/10.207.39.0/24
Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: Sending on LPF/sw1/82:61:03:22:40:48/10.207.39.0/24
Aug 14 17:40:55 localhost.localdomain dhcpd[11171]: Sending on Socket/fallback/fallback-net
Aug 14 17:40:55 localhost.localdomain systemd[1]: Started DHCPv4 Server Daemon.
[root@localhost dnssec-keys]#