Feature questions

Jason Gerfen jason.gerfen at scl.utah.edu
Tue Sep 23 17:06:08 UTC 2008 

So my next question is in regards to providing zone or dns zone options 
without the use of dnssec? Is this a valid example?

#### DNS Zone Definitions ####
zone "test.com" {
     type master;
     file "mmctest.zone";
};
zone "xxx.xxx.xxx.xxx.in-addr.arpa" {
     type master;
     file "test.zone";
};
zone test {
     primary 127.0.0.1;
}
zone xxx.xxx.xxx.xxx.in-addr.arpa {
     primary 127.0.0.1;
}


Glenn Satchell wrote:
> Hi Jason
>
> Check the dhcpd.conf man page (man dhcpd.conf) and scroll down to the
> section titled "DYNAMIC DNS UPDATE SECURITY" and follow the examples
> there.
>
> You need to generate your passphrase using dnssec-keygen, you can't
> just pick an arbitrary group of letters as it is base64 encoded.
>
> Also dhcpd.conf configuration is not the same as named.conf, for
> example quotes are used differently. The reference above has examples
> for both named.conf and dhcpd.conf.
>
> regards,
> -glenn
>
>   
>> Date: Mon, 22 Sep 2008 07:35:33 -0600
>> From: Jason Gerfen <jason.gerfen at scl.utah.edu>
>> To: dhcp-users at isc.org
>> Subject: Feature questions
>>
>> I have read the documentation regarding the use of DNSSEC and also 
>> utilizing DNS zone files within the dhcpd.conf. I am in need of a 
>> 'second set of eyes' in regards to my current configuration for these 
>> options as well as for the failover configuration syntax.
>>
>> If any one could assist me with this I would appreciate it.
>>
>> #### DNSSEC Key Definitions ####
>> key test {
>>     algorithm DSA;
>>     secret passphrase;
>> }
>>
>> #### DNS Zone Definitions ####
>> zone "scl.utah.edu" {
>>     type master;
>>     file "mmctest.zone";
>>     allow-update { key test; };
>> };
>> zone "145.17.97.155.in-addr.arpa" {
>>     type master;
>>     file "mmctest.zone";
>>     allow-update { key test; };
>> };
>> zone scl.utah.edu {
>>     primary 127.0.0.1;
>>     key test;
>> }
>> zone 145.17.97.155.in-addr.arpa {
>>     primary 127.0.0.1;
>>     key test;
>> }
>>
>> #### Failover configuration ####
>> failover peer "tyr" {
>>     primary;
>>     address 155.97.17.166;
>>     port 519;
>>     peer address 155.97.16.253;
>>     peer port 520;
>>     max-response-delay 60;
>>     max-unpacked-updates 10;
>>     mclt 300;
>>     split 128;
>>     load balance max seconds 3;
>> }
>>
>> The reason I am asking is because with this configuration (which look 
>> accurate according to the RFC documentation I have read) I receive some 
>> errors when restarting the dhcpd service. Details below:
>>
>> dhcpd.conf line 24: partial base64 value left over: 14.
>>        secret passphrase;
>>
>> dhcpd.conf line 28: expecting hostname.
>> zone "scl.utah.edu"
>>
>> dhcpd.conf line 32: expecting a parameter or declaration
>> };
>>
>> /dhcpd.conf line 33: expecting hostname.
>> zone "145.17.97.155.in-addr.arpa"
>>
>> dhcpd.conf line 37: expecting a parameter or declaration
>> };
>>
>> dhcpd.conf line 55: invalid statement in peer declaration
>>        max-unpacked-updates
>>
>>
>>
>>     
>
>
>

More information about the dhcp-users mailing list