DNS/DHCP Services in NetWare 5: Check Out an IP Address With DNS/DHCP Services in NetWare 5
Articles and Tips:
01 Aug 1998
If you implement TCP/IP on your company's network, you must provide users with two basic elements: an IP address and a directory service that resolves domain names (such as www.novell.com) to IP addresses (such as 184.108.40.206). To simplify the management of these elements, Novell has included services for both IP address management and directory services in NetWare 5.
For IP address management, NetWare 5 includes an industry-standard Dynamic Host Configuration Protocol (DHCP) server. A DHCP server automatically assigns IP addresses and other configuration information to workstations when they are booted or when they make a request. (For more information about DHCP, see "An Introduction to DHCP Services.")
For a directory service, NetWare 5 includes an industry-standard Domain Naming System (DNS) server. A DNS server provides a distributed database that maps domain names to IP resources (usually IP addresses) on a TCP/IP network. Using DNS, you can locate any computer on the Internet by knowing the computer's domain name. (For more information about DNS, see "An Introduction to DNS.")
Because NetWare 5's DNS and DHCP servers adhere to industry standards, they interoperate seamlessly with other DNS and DHCP servers, regardless of the platform on which these servers run. However, only NetWare 5 implements DNS and DHCP services through Novell Directory Services (NDS). These services can take advantage of the benefits of NDS, including a single point of administration and database replication.
This article describes the DNS/DHCP services in NetWare 5 and explains how you install and configure these services.
INSTALLING DNS/DHCP SERVICES
When you install NetWare 5 on a server, the installation program automatically installs the server and management components of DNS/DHCP services, including the following NetWare Loadable Modules (NLMs):
The DNIPINST NLM extends the NDS schema to include DNS and DHCP objects.
The NAMED NLM reads the DNS objects from the NDS tree and responds to workstations' DNS requests.
The DHCPSRVR NLM reads the DHCP objects from the NDS tree and responds to workstations' DHCP requests.
You must also install the management component of DNS/ DHCP services--the DNS/DHCP Management Console--on your workstation. To install this component, you run the SETUP.EXE file from the SYS:\PUBLIC\DNSDHCP directory on the NetWare 5 server. After you extend the NDS schema, you can then configure and manage the DNS and DHCP objects from your workstation.
EXTENDING THE NDS SCHEMA
Before a NetWare 5 server can provide DNS/DHCP services, you must extend the NDS schema to include NDS objects for these services. You can find step-by-step instructions for extending the NDS schema (and for all of the other procedures outlined in this article) on the NetWare 5 Online Documentation CD-ROM. SinceNetWare Connectionhas limited space, this article does not repeat the instructions that are available in the online documentation. (You should be aware that Novell inadvertently left out the instructions for extending the NDS schema in the beta 3 version of NetWare 5. You can download these instructions from http://www.novell.com/nwc.)
To extend the NDS schema, you run the DNIPINST utility, which creates three types of NDS objects:
Global DNS/DHCP objects
Global DNS/DHCP objects affect all of the DNS and DHCP services on your company's network. The DNIPINST utility creates two global DNS/DHCP objects in the NDS tree: the DNS/ DHCP Group object and the DNS/DHCP Locator object. Only one DNS/DHCP Group object and one DNS/DHCP Locator object can reside in any NDS tree.
The DNS/DHCP Management Console and all of the DNS and DHCP servers must have sufficient rights to access the global DNS/DHCP objects. By default, the DNIPINST utility and the DNS/DHCP Management Console maintain the necessary rights for DNS/DHCP services to function properly. As a result, you rarely have to change these rights.
Because so many components must access the global DNS/DHCP objects, you should place these objects near the [Root] object in the NDS tree. When you extend the NDS schema using the DNIPINST utility, you are prompted to specify where the global DNS/DHCP objects should be located in the NDS tree.
After you decide where you want to place the global DNS/DHCP objects, the DNIPINST utility creates a DNS/DHCP Group object and assigns this object the appropriate rights to other new DNS and DHCP objects. DNS and DHCP servers acquire rights to DNS and DHCP information because they are members of the DNS/DHCP Group object. When you use the DNS/DHCP Management Console to create DNS and DHCP servers, this console automatically makes the servers members of the DNS/DHCP Group object.
The DNS/DHCP Locator object contains global default settings, DHCP options, and lists of all DNS and DHCP servers, subnets, and zones in the NDS tree. Rather than searching the entire NDS tree to find DNS and DHCP objects, the DNS/DHCP Management Console uses the information stored in the DNS/DHCP Locator object to find these objects.
You cannot directly manipulate the DNS/DHCP Locator object. Instead, the DNS/DHCP Management Console automatically updates this object's properties to reflect any changes you make to other DNS and DHCP objects.
The specific DNS and DHCP objects are described in the next sections.
CONFIGURING DNS SERVICES
Each DNS server maintains a database of the domain names within that server's zone of authority--the subtree of domain names for which the DNS server is responsible. Rather than storing DNS records in a text file, however, the NetWare 5 DNS server stores these records as objects in the NDS tree.
The extended NDS schema supports three DNS-specific objects:
DNS Server object
DNS Zone object
DNS Resource Record Set (RRSet) object
DNS Server Object
Before you can configure DNS information, you must use the DNS/DHCP Management Console to create a DNS Server object. This object represents the NAMED NLM that is running on a NetWare 5 server. If you load this NLM on multiple NetWare 5 servers, you must create a DNS Server object for each NAMED NLM.
The DNS Server object stores configuration parameters, including the parameters listed below. (See Figure 1.)
Figure 1: After the NDS schema is extended, you can use the DNS/DHCP Management Console to view or modify information about DNS services on a NetWare 5 server.
The Zone List parameter is a list of all zones for which the DNS server is responsible.
The DNS Server IP Address parameter is the IP address of the NetWare 5 server running the NAMED NLM associated with the DNS Server object.
The DNS Server Options parameter enables or disables event logging and auditing.
The Forwarding List parameter lists the IP addresses of other DNS servers to which the local DNS server can send queries that it cannot resolve.
The No Forwarding List parameter lists the DNS domain name requests that should not be forwarded.
After you have created a DNS Server object, you can import DNS information directly into NDS from a BIND master file. For example, if you were replacing a UNIX-based DNS server with a NetWare 5 DNS server, you could use the DNS/ DHCP Management Console to import the DNS information from the UNIX-based DNS server's BIND master file. The DNS/DHCP Management Console automatically creates all of the NDS objects that correspond to the DNS information in the BIND master file. The NetWare 5 DNS server then has a complete copy of the DNS information and can take over the DNS services previously provided by the UNIX-based DNS server.
DNS Zone Object
If you don't have a BIND master file that contains DNS information or if you need to expand the DNS server to include more zones, you use the DNS/DHCP Management Console to create new DNS Zone objects. Each DNS Zone object is a container object that holds the DNS information for one zone. Each zone stores DNS RRSet objects for one of the following types of DNS information: standard, IPv6, and IN-ADDR ARPA.
A standard zone enables a DNS server to resolve domain names to four-octet IP addresses, such as 220.127.116.11. An IPv6 zone, on the other hand, enables a DNS server to resolve domain names to IP addresses from the next-generation IP address format. This format allows for 128-bit IP addresses, rather than the 32-bit (four-octet) IP addresses commonly used today.
An IN-ADDR ARPA zone enables a DNS server to resolve IP addresses to domain names. DNS servers use theinverse addressing (IN-ADDR) domain to resolve IP addresses to domain names. An IN-ADDR domain is represented by the entire network's IP address in reverse. For example, the IN-ADDR domain for the 18.104.22.168 network is represented as 67.45.123.IN-ADDR.ARPA.
All inverse addressing belongs to the top-level ARPA domain. Thus, all inverse addressing domains end with IN-ADDR.ARPA.
You should typically create one or more IN-ADDR ARPA zones for each standard zone. In this way, the DNS servers you implement can resolve each computer's name to its assigned IP address and resolve IP addresses to the corresponding domain name.
You can also configure parameters for DNS Zone objects, including the parameters listed below.
The Domain Name parameter is the name in which the zone resides.
The Zone Type parameter determines whether the zone is a primary or secondary zone.
The DNS Servers parameter is the DNS name server that services this zone.
The Start of Authority (SOA) parameters contain the domain name over which the DNS server has authority, the e-mail address of the person responsible for this zone, and other information the DNS server uses to resolve conflicts between DNS servers serving the same zones. You can also configure parameters that tell secondary zones when to retrieve updates from the primary zone.
DNS RRSet Object
After you have created at least one DNS Zone object, you can add specific DNS information to this object. Each DNS Zone object stores address mappings in a DNS RRSet object, which represents an individual domain name or IP address within a zone. You can set properties that associate the DNS RRSet object with an NDS object, such as workstations or servers, and you can store any comments you might have about the DNS RRSet object.
The DNS RRSet object stores one or more resource records. Each record maps a domain name to an IP address. On non-NetWare DNS servers, the BIND master file contains the list of resource records. In NDS, each resource record gets stored in an RRSet object.
The most common types of resource records are A (address) records, which map a domain name to an IP address, and PTR (pointer) records, which map an IP address to a domain name within an IN-ADDR.ARPA zone. If you have a standard zone and a corresponding IN-ADDR.ARPA zone, each time you create a resource record in one zone, the DNS/ DHCP Management Console automatically creates a corresponding record in the other zone.
For example, suppose that your company's network included the mydomain.com zone and the 24.156.208.IN-ADDR.ARPA zones and that the IP address for mydomain.com were located in the 22.214.171.124 network. If you created a DNS RRSet object with an A resource record within the mydomain.com zone, the DNS/DHCP Management Console would automatically create the corresponding DNS RRSet object in the 24.156.208.IN-ADDR.ARPA zone.
The NetWare 5 DNS server supports all standard types of resource records, such as CNAME records, which allow you to assign more than one domain name to the same IP address. For example, suppose that you created an A record that mapped server1.mydomain.com to 126.96.36.199. If the same server also ran your company's World-Wide Web server, you would want that server to respond to www.mydomain.com in addition to its domain name defined in the A record. If you created a CNAME record that mapped www.mydomain.com to server1.mydomain.com, users could access the server by either domain name. (For more information about resource records, see "Common Types of Resource Records.")
CONFIGURING DHCP SERVICES
DHCP services can help you manage your company's IP addresses. (For more information about DHCP, see "An Introduction to DHCP Services.") Like the DNS server, the NetWare 5 DHCP server stores information in NDS. The extended NDS schema supports five DHCP-specific objects:
DHCP Server object
Address Range object
IP Address object
Subnet Pool object
DHCP Server Object
Before you can configure DHCP information, you must use the DNS/DHCP Management Console to create a DHCP Server object. The DHCP Server object represents the DHCPSRVR NLM running on a NetWare 5 server. If you load the DHCPSRVR NLM on multiple NetWare 5 servers, you must create a DHCP Server object for each DHCPSRVR NLM.
The DHCP Server object stores parameters that allow you to configure information such as the following. (See Figure 2.)
Figure 2: You can use the DNS/DHCP Management Console to configure DNS services.
Subnet IP address ranges serviced by the DHCP server
Subnets serviced by the DHCP server
Network administrator's comments
Global DHCP options such as the default DNS server, the gateway IP address, and the subnet mask
The Subnet object represents an entire subnet of IP addresses and acts as a container object for the Address Range and IP Address objects. The DHCP options and configuration parameters for a Subnet object apply to the entire subnet and override any global options you set in the DHCP Server object.
The NetWare 5 DNS/DHCP servers are tightly integrated. For example, you can use the Subnet object to configure the DHCP server to dynamically update the DNS server's information whenever a workstation leases an IP address. The DNS server can then always direct services that refer to workstations by their domain names to the correct IP address, even if the workstation leases a different IP address each time the workstation is booted.
You can set the types of leases you want the DHCP server to make to the workstations. You can choose to have the DHCP server make permanent IP address assignments or timed assignments. With permanent assignments, workstations keep the first IP address they are assigned by the DHCP server, and this assignment never expires. With timed assignments, you specify the length of time workstations can lease an IP address.
If you specify a lease time of three or more days, most workstations keep the same IP address. Each time these workstations are booted, they attempt to renew the lease on the IP address they received during the previous session.
If you have fewer IP addresses than workstations on a subnet, you should set a short lease time (usually for a few hours) so workstations can share the IP addresses within the subnet.
Address Range Object
The Address Range object defines a range of IP addresses within a subnet, creating a pool of addresses that the DHCP server can dynamically assign. An Address Range object can also define a range of IP addresses that should not be dynamically assigned. For example, you might want servers to have permanent IP addresses. To prevent the DHCP server from assigning servers' IP addresses to workstations, you would create an Address Range object, directing the DHCP server to exclude the IP addresses in the range that includes your company's servers.
Because the DHCP server is tightly integrated with the DNS server, you can assign a base domain name, and the DHCP server dynamically assigns this domain name to workstations and reports the domain name to the DNS server. For example, suppose that you specified workstation.site.com as the base domain name. When the first workstation requested an IP address, the DHCP server would assign that workstation an IP address from the Address Range object, assign the workstation the domain name workstation01.site.com, and report the IP address and domain name assignment to the DNS server. On subsequent requests from workstations, the DHCP server would increment the numeric portion of the domain name for each IP address assignment.
The configuration parameters you set for the Address Range object override any global options you set in the Subnet Range object.
IP Address Object
The IP Address object performs similar functions as the Address Range object, except the IP Address object refers to only one IP address rather than to a range of IP addresses. With the IP Address object, you can direct the DHCP server to exclude one IP address from a range of IP addresses, preventing this server from assigning that IP address to a workstation. You can also manually assign an IP address to a workstation based on that workstation's media access control (MAC) address. For example, if you knew a workstation's Ethernet or Token Ring address, you could configure the IP Address object so the DHCP server always assigned this workstation the same IP address.
The configuration parameters you set for the Address Range object override any DHCP options you set in the DHCP Server object or the Address object.
Subnet Pool Object
A DHCP server can support multiple subnets, including remote subnets outside the DHCP server's local subnet. The Subnet Pool object specifies a pool of subnets that DHCP servers can use to assign IP addresses to workstations located on remote subnets.
In addition to creating the Subnet Pool object, you must configure your company's routers or set up a DHCP forwarder on the remote subnets so workstations' requests on these remote subnets can reach the DHCP server.
The NetWare 5 DNS/DHCP servers interoperate seamlessly with other Internet servers and hosts--regardless of their platform. By providing DNS/DHCP services on your company's network, you control your company's portion of the Internet, and you can make changes that meet your company's needs. For example, instead of contacting an ISP each time you want to make DNS configuration changes, you can make these changes to the NetWare 5 DNS server whenever necessary.
Terry L Jeffress works for Niche Associates, an agency that specializes in technical writing and editing.
NetWare Connection,August 1998, pp. 36-42
An Introduction to DHCP Services
Dynamic Host Configuration Protocol (DHCP) addresses two major issues in managing a TCP/IP network: assigning IP addresses to workstations and having more workstations than IP addresses.
If you assign a static IP address to workstations, you usually have to manually configure each workstation with its own IP address. By setting up a DHCP server and configuring workstations to get their IP addresses from the DHCP server, you eliminate the need to manually assign static IP addresses to workstations. When a workstation that has been configured to get its IP address from a DHCP server is booted, this workstation requests an IP address--and other information, such as the default Domain Naming System (DNS) server, the gateway IP address, and the subnet mask--from the DHCP server. If this is the first time the workstation has asked for an IP address, the DHCP server assigns this workstation an IP address from a pool of IP addresses. In other words, the DHCP server "leases" an IP address to the workstation.
Depending on how the DHCP server is configured, the workstation's lease is for a long time or a short time. If you have enough IP addresses for each workstation, you would probably set a long lease time. If a workstation is booted and its lease is still in effect, the DHCP server reassigns the same IP address to that workstation.
If you don't have enough IP addresses for every workstation on a subnet, you could set a short lease time. By using a short lease time, you can make more IP addresses available in the IP address pool, allowing a group of workstations to share a limited number of available IP addresses.
NetWare Connection, August 1998, p. 42
An Introduction to DNS
Domain Naming System (DNS) enables you to assign names to IP addresses. You could enter IP addresses in your browser, but IP addresses are more difficult to remember than names. Also, if a company changed its web server's IP address, the original IP address would no longer take you to the company's site. However, the name would always take you to this web site because the company would associate this name with the new IP address.
In some ways, DNS works much like a file system's directory tree. A name such as milo.sales.wigit.com shows a directory path from a particular host on the directory tree to the root of this tree.
Unlike a file system that can store all of its directory information in one file, however, DNS delegates the responsibility for resolving IP addresses to many DNS servers across the Internet. Third parties--usually an Internet service provider (ISP) or the owner of a particular name--assume the responsibility for resolving names for a small section of this directory tree, called a domain.
For example, Novell runs DNS servers that resolve all of the names in the novell.com domain. Novell can create subdomains (such as developer.novell.com) within the domain, as long as Novell provides DNS servers that can resolve these subdomains. Novell can also set up a DNS server that resolves only the names within a particular subdomain. The subtree of domain names managed by a particular DNS server is called that server's zone of authority.
Each host on the Internet must be able to resolve domain names. For example, you must configure each workstation connected to the Internet with the IP address of one or more DNS servers. Some companies maintain their own DNS servers, while other companies rely on an ISP's DNS servers.
If you entered http://developer.novell.com in your web browser, the web browser would ask one of the DNS servers your workstation knows about to resolve the domain name. If this DNS server could not resolve the domain name, this server would forward your request to a DNS server higher in the directory tree. The DNS servers would continue to forward your request until a DNS server could resolve the domain name or until your request reached the top of the directory tree.
Root DNS servers reside at the top of the directory tree. These DNS servers know the IP addresses of two or more DNS servers that can resolve each domain name. In this example, root DNS servers would forward your request to a DNS server that could resolve the domain name. The DNS servers would send the resulting IP address back along the request's path to your web browser, which could then send a request to access the DeveloperNet web site.
DNS also resolves IP addresses to host names. For example, you could use a DNS server to find out that 188.8.131.52 corresponds to www.whitehouse.gov.
NetWare Connection, August 1998, p. 40
Common Types of Resource Records
Resource Record Type
Maps a name to an IP address
CNAME (canonical name)
Maps an additional domain name to a host
MX (mail exchanger)
The name of the server that handles mail for that domain
NS (name server)
The name of the DNS server that should be authoritative for the domain
Maps an IP address to a domain name
SOA (start of authority)
The name of the DNS server that contains the original, or primary, DNS information for the zone
NetWare Connection, August 1998, p. 41
* Originally published in Novell Connection Magazine
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.