Unable to add forward map...

Tue Sep 18 14:50:06 UTC 2007

>X-Greylist: delayed 1148 seconds by postgrey-1.27 at post.isc.org; Tue, 18 Sep 
2007 14:24:13 UTC
>X-AuditID: 0a666446-affc8bb0000026f8-e7-46efdb0ff7f0
>Content-class: urn:content-classes:message
>Subject: RE: Unable to add forward map...
>Date: Tue, 18 Sep 2007 10:05:01 -0400
>X-MS-Has-Attach: 
>X-MS-TNEF-Correlator: 
>Thread-Topic: Unable to add forward map...
>From: "Todd Snyder" <tsnyder at rim.com>
>To: <dhcp-users at isc.org>
>X-OriginalArrivalTime: 18 Sep 2007 14:05:03.0148 (UTC) 
FILETIME=[E88566C0:01C7F9FC]
>X-Brightmail-Tracker: AAAAAA==
>X-archive-position: 4597
>X-ecartis-version: Ecartis v1.0.0
>X-original-sender: tsnyder at rim.com
>List-software: Ecartis version 1.0.0
>X-List-ID: <dhcp-users.isc.org>
>X-list: dhcp-users
>X-MIME-Autoconverted: from quoted-printable to 8bit by mail.uniq.com.au id 
l8IEOXnx004786
>
>
>>>I have almost successfully setup DHCP to update DNS zones on lease,
>but 
>>>in my messages file I am seeing:
>>>
>>>Unable to add forward map from sbp6003.china.prov.tools.staging to
>>>172.16.19.61: timed out
>
>>This suggests that bind is rejecting the update - what does it log ?
>
>Sadly, nothing intereating.  I think I've got it set to debug, but I'
>getting:
>
>Sep 18 10:02:09 bl-utl02 dhcpd: Unable to add forward map from
>log6001.china.prov.tools.staging to 172.16.19.46: timed out
>Sep 18 10:02:09 bl-utl02 dhcpd: No hostname for 172.16.19.46
>
>From dhcp
>
>And from named:
>
>Sep 18 10:02:09.521 queries: client 10.255.19.245#35427: query:
>46.19.16.172.in-addr.arpa IN PTR
>
>That's the only thing logged.  My named.conf logging section is below,
>stolen from der interwebs.
>
>logging {
>        category "default" { "debug"; };
>        category "general" { "debug"; };
>        category "database" { "debug"; };
>        category "security" { "debug"; };
>        category "config" { "debug"; };
>        category "resolver" { "debug"; };
>        category "xfer-in" { "debug"; };
>        category "xfer-out" { "debug"; };
>        category "notify" { "debug"; };
>        category "client" { "debug"; };
>        category "unmatched" { "debug"; };
>        category "network" { "debug"; };
>        category "update" { "debug"; };
>        category "queries" { "debug"; };
>        category "dispatch" { "debug"; };
>        category "dnssec" { "debug"; };
>        category "lame-servers" { "debug"; };
>        channel "debug" {
>        	  file "/tmp/nameddbg" versions 2 size 50m;
>	        print-time yes;
>      	  print-category yes;
>	  };
>};

You might need

	severity debug;

in the channel definition to get some more log messages.

This situation is typically always caused by named.conf not allowing
dhcpd to do the dynamic updates. In this situation named simply ignores
the request and does not log it unless a high enough logging level is
enabled.

Note that in named.conf you need quotes around zone names in the
definitions, but in dhcpd.conf you don't - the quotes become part of
the string.

See the section DYNAMIC DNS UPDATE SECURITY in the dhcpd.conf man page
which has examples for both. This is a note from that section:

     Also keep in mind that zone names in your DHCP configuration
     should  end  in a "."; this is the preferred syntax.  If you
     do not end your zone name in a ".",  the  DHCP  server  will
     figure  it  out.   Also note that in the DHCP configuration,
     zone names are not encapsulated in quotes where there are in
     the DNS configuration.

regards,
-glenn