DHCP and DNS are two essential services in IT networks. While a DHCP server sends out information that clients need to communicate with other machines and services, DNS ensures that servers, clients, and services can be found by their names.
The Dynamic Host Configuration Protocol dynamically assigns IP addresses and other configuration options to devices in a network. This way, it’s very easy to add new computers, tablets, or smartphones – administrators no longer have to configure every device manually, since the DHCP server does the job. This is why DHCP is great for larger networks with constantly changing clients, e.g. schools, companies, etc.
The DHCP server either distributes free IP addresses from a specific pool, or it assigns static addresses to the clients and identifies them via their MAC address (Media Access Control, unique identifier assigned to a network interface controller). In the first scenario, the clients can get different IPs, which can be convenient if the server hands out addresses from a small pool to a large number of devices (that are not active at the same time). If the DHCP server distributes static addresses, all clients always receive the same IP – ideal for network services or certain machines that have to be accessible around the clock.
The DHCP server also determines how long an IP address is valid. If the so-called lease time expires while a client is still active, it tries to automatically renew the lease time. Users don’t normally notice this exchange between the server and the client.
As I mentioned, the DHCP server can also transfer other information to the clients, such as subnet mask, name server, domain name, and gateway – even details for network booting (PXE boot, Preboot eXecution Environment), NTP (Network Time Protocol), or proxy configuration via WPAD (Web Proxy Auto-Discovery Protocol).
A unique feature of IPv6 is the stateless address configuration (SLAAC): Clients can pick their own addresses (based on the prefix being advertised on the connected network interface). A DHCP server can still be useful in IPv6 networks, as it can hand out information about the time server, domain names, DNS servers, etc. to clients.
Thanks to DNS nobody has to remember IP addresses – the Domain Name System is a hierarchical and decentralized naming system for computers, services, etc. connected to the internet or a private network. DNS works a bit like a telephone book: It assigns domain names like www.univention.de to numerical IP addresses (18.104.22.168) and vice versa. DNS consists of thousands of servers working together. If one server cannot resolve a name or IP, it can contact another server that can then ask the next one, and so on.
A DNS server in a private network is also responsible for the name resolution. It knows all IP addresses and names of the devices. For external queries, i.e. to the internet, the local name server can contact one or more external DNS servers.
What’s Dynamic DNS?
Dynamic DNS (DDNS) is a method of automatically updating DNS entries – particularly important when a DHCP and a DNS server interact. For example, after a DHCP server has assigned an IP to a requesting client, it can communicate this information to a DNS server which then automatically updates the DNS information.
Also, the client itself can transmit the information to the DNS server. This often happens with Windows clients. It is often referred to as DNS Update (RFC 2136) or Dynamic Update (Microsoft).
What’s a FQDN?
DNS is a hierarchical structure: The root is at the top and represented by a dot (.). The next level is called top-level domain (TLD), e.g. com, org, or a country code as de, at, or ch. After another dot there is the second-level domain (SLD), sometimes followed by a third-level domain or another subdomain, each separated by a dot. Up to 255 characters are allowed. In some countries (e.g. the UK) the SLDs are fixed (e.g. .co.uk. or .gov.uk.). In other countries (like in Germany) second-level domains can be registered via providers who are DENIC (Deutsches Network Information Center) members or work with a DENIC member. The last part of the address is the hostname.
An address like www.univention.de. (with the final dot!) is called Fully Qualified Domain Name (FQDN). A lot of applications (i.e. web browsers) don’t necessarily need the dot that’s representing the root. That’s different for name servers like BIND (see the next section): When you enter the hostname in the Univention Management Console (UMC) always put in the FQDN with the dot and not the IP address.
DHCP and DNS in Univention Corporate Server
In a UCS domain, there are different system roles: The domain controller master, the domain controller backup, and the domain controller slave all include a DNS server; the software is called BIND. It’s also possible to install a DHCP server on those machines (ISC DHCP). Please refer to the UCS manual for more information on how to set up those services.
The UCS OpenLDAP directory service is responsible for transmitting information about the DNS and DHCP services. You can use the UMC (Univention Management Console) and the UDM (Univention Directory Manager) to configure both services. All changes are automatically being sent to other UCS systems with the integrated listener/notifier replication mechanism.
Please note: If Samba is being used as an Active Directory domain controller, the DNS service uses Samba’s own directory service and no longer relies on OpenLDAP. This is a necessary prerequisite for the dynamic DNS update of Windows clients. The S4 connector makes sure that Samba’s and OpenLDAP’s DNS information remains consistent.
Install a DHCP Server on UCS
UCS offers a DHCP server app in the Univention App Center. After installing it, you can access its configuration via Domain / DHCP in the Univention Management Console.
Click on DHCP to configure the DHCP services for your domain. UCS automatically generates the services, e.g. when you install a UCS@school server. The next sections shows an example on how to set up a DHCP service for a school called Queen’s College.
UCS: Configure a DHCP Server
When you install the DHCP server via the Univention App Center, UCS automatically assigns the newly created DHCP services to the correct DHCP server. As a result, newly created clients (via UMC or UDM) turn up as new LDAP objects, as well as new DHCP objects (see win7-Client in the example).
You can assign a static IP address (default setting), which means that the client always receives the same IP. The DNS information is created accordingly and synchronized with the UCS DNS server (listener/notifier).
If you prefer dynamically assigned IP addresses, please create a new DHCP subnet and enter a range of IP addresses. The DHCP server now picks IPs from this pool and distributes them to the clients.
The Policies menu on the left allows you to submit the DHCP settings to the subnet. This is where you decide whether the DHCP server assigns dynamic or static IP addresses and whether clients not known to the LDAP directory service should also receive an address.
Alternatively, you can create several DHCP pools in the subnet. Each pool can manage its own range of IP addresses and other DHCP configuration options.
If you want to distribute IPs to all client computers – whether you created them in the directory service or not –, there are two things to keep in mind:
- The clients have to report their updated IP addresses to the DNS server (Dynamic DNS Update). This happens automatically in UCS.
- If you want to set up more than one DHCP server (HA = High Availabilty), then you need to configure a failover peer so that the DHCP servers don’t assign IP addresses twice.
Configure DHCP with UCS Policies
Like I said, it’s a good idea to work with UCS policies when configuring DHCP. The tree-like structure of LDAP directories is similar to that of a file system. Objects like users or computers are in a container. Policies are linked to those containers, so they can describe settings that are applied to more than one object. Using the Policies menu on the left, you can configure your DHCP objects, e.g. the lease time, boot options, etc. Of course, it’s possible to define policies for other DHCP objects, like DHCP services or subnets.
UCS automatically sets up DHCP, DNS, and DDNS for you which saves a lot of time and effort. Use administration tools like UMC (web interface) or UDM (on the command-line) to change the configuration and adjust the services to your own needs. Apart from the central administration, the UCS policies can be very helpful, especially in larger environments with many devices and services.