Tag Archives: named.conf.options

Configure the DHCP server dynamically update the DNS records on Ubuntu 12.04LTS

 This tutorial is based on Ubuntu 12.04 LTS, in which I will try to show you that how to configure the DHCP server automatically update the DNS records, when it assigns a new lease to a client on local network. We will use the below network diagram as a base for this tutorial:

Before Starting this tutorial:

Before starting this tutorial, you can check my other tutorials to learn that, how i configure DHCP server and Gateway:

Ubuntu as a firewall/gateway router

How to Install the DHCP Server on Ubuntu 12.04LTS

Network Configuration for the Ubuntu Gateway:

Configure the DNS:

Install the DNS (bind9) using this command:

sudo apt-get install bind9 dnsutils

Also edit the hosts settings so that the server will be able to accepts the DNS requests. Here is an example of my server’s host file:

cat /etc/hosts

Move to the bind directory:

cd /etc/bind/

Next, we need to configure the forwards for bind, I am using Google’s DNS servers as an example:

sudo nano named.conf.options

forwarders {;;

Now we create a secret key that will be shared between the DHCP server and the DNS:

sudo dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER

Show the generated key:

sudo cat Kdhcp_updater.*.private|grep Key

Edit the named.conf.local file in /etc/bind/ directory:

sudo nano named.conf.local

Define the locations of the forward and reverse zone files as well as the secret shared key here:

Move to the /var/lib/bind/ directory:

cd /var/lib/bind/

Create the forward zone file for your doamin:

sudo nano tendo.local.db

Replace the tendo.local with your domain name. Here’s an example of my forward zone file:

$TTL 907200 ; 1 week 3 days 12 hours
tendo.local IN SOA dnssrv.tendo.local. arbab.tendo.local. (
                   2012071707 ; serial
                   10800 ; refresh (3 hours)
                   3600 ; retry (1 hour)
                   604800 ; expire (1 week)
                   38400 ; minimum (10 hours 40 minutes)
                   NS dnssrv.tendo.local.
$ORIGIN tendo.local.
dhcpsrv            A
dnssrv             A
gateway            A

Every time you make the changes to the zone file, you need to change the serial before reloading the bind.

Next, create the reverse zone file for your doamin:

sudo nano 10.16.172.rev

Here is my reverse zone file, replace the hosts and domain name with your own that match with the forward zone file just created above:

$TTL 907200 ; 1 week 3 days 12 hours
10.16.172.in-addr.arpa IN SOA dnssrv.tendo.local. arbab.tendo.local. (
                       2012071706 ; serial
                       10800 ; refresh (3 hours)
                       3600 ; retry (1 hour)
                       604800 ; expire (1 week)
                       38400 ; minimum (10 hours 40 minutes)
                       NS dnssrv.tendo.local.
$ORIGIN 10.16.172.in-addr.arpa.
1                      PTR dnssrv.tendo.local.
2                      PTR dhcpsrv.tendo.local.
254                    PTR gateway.tendo.local.

Restart the bind service:

sudo /etc/init.d/bind9 restart

Configure the DHCP server to send updates to the DNS:
sudo nano /etc/dhcp/dhcpd.conf

Add the secret key that we created on our dns server in the dhcpd.conf file and other option, some of the main configurations are mentioned below:

For given subnet, we need to define the zones and within the zones, we need to tell the DHCP server which key to use to update the DNS server:

Here is a DHCP scope that will be used to assign the IP configuration to the clients:

Restart the dhcp service:

sudo /etc/init.d/isc-dhcp-server restart

Once again, restart the bind service on DNS server:

sudo /etc/init.d/bind9 restart

Check the log messages on both dns and dhcp servers:
sudo tail -f /var/log/syslog

DHCP server successfully add the client to the forward and reverse zone.

DNS server accept the secret key and update it’s forward and reverse zone.

Verification on dhcp client:

Enjoy 🙂


I found some really nice troubleshooting steps regarding dhcp and dns server here (Thanks to original author):

  • error: zone [zone-name]/IN: NS ‘[dns-server-hostname]‘ has no address records (A or AAAA)
    You’ll probably encounter this if you forget to provide records for your DNS server in your zone files; e.g. [dns-server-name] IN A [dns-server-ip-address]
  • error: [some-zone-file]: create: permission denied
    Check to make sure that permissions on the given file are correct. Configuration files must be readable by the bind user, and zone/journal files must be writable by the bind user.
  • updating zone ‘[zone-name]/IN’: error: journal open failed: unexpected error
    It is possible that Ubuntu’s AppArmor is getting in the way of the zone updates. Make sure you check /var/log/syslog for related messages. Also check the AppArmor configuration at /etc/apparmor.d/usr.sbin.named.
  • error: zone [zone-name]/IN: [some-hostname]/A: bad owner name (check-names)
    The hostname that a client is requesting is invalid for use in a FQDN. Change the client’s hostname.
  • error: zone [zone-name]/IN: journal rollforward failed: journal out of sync with zone
    The zone journal file has gotten out of sync with the zone file (usually occurs with forced restarts, or modifying the zone file while BIND9 is running). Delete the .jnl file (in/var/lib/bind), and restart BIND9.

Hope this will help you!

Please Remember me in your prayers!

%d bloggers like this: