Feature questions
Jason Gerfen
jason.gerfen at scl.utah.edu
Tue Sep 23 17:06:08 UTC 2008
So my next question is in regards to providing zone or dns zone options
without the use of dnssec? Is this a valid example?
#### DNS Zone Definitions ####
zone "test.com" {
type master;
file "mmctest.zone";
};
zone "xxx.xxx.xxx.xxx.in-addr.arpa" {
type master;
file "test.zone";
};
zone test {
primary 127.0.0.1;
}
zone xxx.xxx.xxx.xxx.in-addr.arpa {
primary 127.0.0.1;
}
Glenn Satchell wrote:
> Hi Jason
>
> Check the dhcpd.conf man page (man dhcpd.conf) and scroll down to the
> section titled "DYNAMIC DNS UPDATE SECURITY" and follow the examples
> there.
>
> You need to generate your passphrase using dnssec-keygen, you can't
> just pick an arbitrary group of letters as it is base64 encoded.
>
> Also dhcpd.conf configuration is not the same as named.conf, for
> example quotes are used differently. The reference above has examples
> for both named.conf and dhcpd.conf.
>
> regards,
> -glenn
>
>
>> Date: Mon, 22 Sep 2008 07:35:33 -0600
>> From: Jason Gerfen <jason.gerfen at scl.utah.edu>
>> To: dhcp-users at isc.org
>> Subject: Feature questions
>>
>> I have read the documentation regarding the use of DNSSEC and also
>> utilizing DNS zone files within the dhcpd.conf. I am in need of a
>> 'second set of eyes' in regards to my current configuration for these
>> options as well as for the failover configuration syntax.
>>
>> If any one could assist me with this I would appreciate it.
>>
>> #### DNSSEC Key Definitions ####
>> key test {
>> algorithm DSA;
>> secret passphrase;
>> }
>>
>> #### DNS Zone Definitions ####
>> zone "scl.utah.edu" {
>> type master;
>> file "mmctest.zone";
>> allow-update { key test; };
>> };
>> zone "145.17.97.155.in-addr.arpa" {
>> type master;
>> file "mmctest.zone";
>> allow-update { key test; };
>> };
>> zone scl.utah.edu {
>> primary 127.0.0.1;
>> key test;
>> }
>> zone 145.17.97.155.in-addr.arpa {
>> primary 127.0.0.1;
>> key test;
>> }
>>
>> #### Failover configuration ####
>> failover peer "tyr" {
>> primary;
>> address 155.97.17.166;
>> port 519;
>> peer address 155.97.16.253;
>> peer port 520;
>> max-response-delay 60;
>> max-unpacked-updates 10;
>> mclt 300;
>> split 128;
>> load balance max seconds 3;
>> }
>>
>> The reason I am asking is because with this configuration (which look
>> accurate according to the RFC documentation I have read) I receive some
>> errors when restarting the dhcpd service. Details below:
>>
>> dhcpd.conf line 24: partial base64 value left over: 14.
>> secret passphrase;
>>
>> dhcpd.conf line 28: expecting hostname.
>> zone "scl.utah.edu"
>>
>> dhcpd.conf line 32: expecting a parameter or declaration
>> };
>>
>> /dhcpd.conf line 33: expecting hostname.
>> zone "145.17.97.155.in-addr.arpa"
>>
>> dhcpd.conf line 37: expecting a parameter or declaration
>> };
>>
>> dhcpd.conf line 55: invalid statement in peer declaration
>> max-unpacked-updates
>>
>>
>>
>>
>
>
>
More information about the dhcp-users
mailing list