For those running a DNS that want to be able to have local private IP addresses associated with names then the dynamic DNS/DHCP combination is ideal. DNS has been in use here for years but only recently has it been linked to DHCP address assignments.

A number of config changes are involved to achieve this. The named.conf file for DNS needs changes along with the dchpd.conf file. The system here allocates addresses for three subnets. All internal users are directed towards the internal DNS. The DNS serves domains through the use of zones and a number of domains are hosted here - zones are used for this purpose. The requirement was to ensure dhcp based PCs and other devices were given host names ( or multiple host names where more than one interface was involved ) through the use of DNS and that the business domains in use were not compromised in any way. The need to achieve ddns is geared to devices that come and go within the network on a dynamic basis but need to be referred to by name by server processes rather than IP addresses. Examples would be a client subscribed for camera monitoring where on a timed basis they are active and have IP addresses but when not in use they drop out and any IP addresses used are open to reallocation to other dynamic devices.

DHCP

The changes needed to the dhcpd.config are straighforward.

The file opens with

ddns-update-style interim;
ddns-updates on;
ignore client-updates;
authoritative;

In a group declaration we have known devices (by MAC address) that will be allocated a dynamic address. Note the purpose here is to provide a name for each device that has a unique MAC - so a lap top with 3 interfaces can have 3 different names two allocated here and one taken from the laptop's host name.

group {
host dev-1 {
hardware ethernet xx:xx:xx:xx:xx:xx;
ddns-hostname dev-1-name;
}
host dev-2 {
hardware ethernet xx:xx:xx:xx:xx:xx;
ddns-hostname dev-2-name;
}
host laptop {
hardware ethernet xx:xx:xx:xx:xx:xx;
}
}

Hosts (or interfaces) are being declared against a known MAC address and a name is being assigned for ddns purposes.

For each subnet for which dhcp addresses are served there must be a subnet declaration that includes the ddns component.

subnet 10.10.200.0 netmask 255.255.255.0 {

ddns-domainname "our-domain.com";
ddns-rev-domainname "in-addr.arpa";
option routers 10.10.200.6, 10.10.200.7;
option subnet-mask 255.255.255.0;
option router-discovery true;
option ip-forwarding off;
etc
etc
.
.
}

DNS

In the named.conf file you will need to include a controls declaration as follows:

controls {
inet 127.0.0.1 port 953
allow { localnets; } keys { "key"; };
};

named listens for dynamic update commands on port 953 so make sure firewalls recognise this. That port is secured by the use of the keys part of the controls declaration.

Within each zone declared that you are intending to have dynamic updates for insert:

allow-update { key "key"; }; //use whatever variable name you have chosen for your key

e.g.

zone "our-domain.com." IN {
type master;
file "our-domain.db";
allow-query { any; };
allow-update { key "key"; };
allow-transfer { 10.10.201.10; };
notify yes;
};

and the reverse lookup

zone "200.10.10.in-addr.arpa." IN {
type master;
file "10.10.200.db";
allow-query { any; };
allow-transfer { 10.10.201.10; };
allow-update { key "key" ; };
notify yes;
};

Make sure you do not compromise any views you have that form part of your securing your DNS