DDNS Forward Update fails with error: no DHCID, not mine - DHCPv6

Carlos Vicente cvicente at network-services.uoregon.edu
Fri Aug 6 16:36:54 UTC 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you want the DHCP server to update domain.com, why not use:

deny client-updates;

I may be wrong, but the error message seems to suggest that a AAAA
record already exists for the host in domain.com, but the corresponding
TXT record containing the DHCID (which the DHCP server adds) is not
there, so the server won't touch the AAAA record.

See the section "THE INTERIM DNS UPDATE SCHEME" in dhcpd.conf for a good
explanation.

cv

Christopher D Haakinson wrote:
> 
> Hello, I am starting to setup and learn DHCPv6. I have things working
> somewhat well, except for the fact that I cannot get Forward DDNS updates
> to work. Reverse works great, and the machines that fail to update the
> Forward map are receiving a valid IPv6 address from the range6 declaration
> in my dhcpd.conf file.
> 
> Here is the error I am getting in /var/log/messages :
> 
> Aug  6 09:59:06 dhcphostname dhcpd: Forward map from
> WIN-U7QR32NL3M5.domain.com to fd80:1010::2cba FAILED: Has an address record
> but no DHCID, not mine.
> Aug  6 08:41:10 dhcphostname dhcpd: Forward map from WIN-78C6C0I.domain.com
> to fd80:1010::19ab FAILED: Has an address record but no DHCID, not mine.
> Aug  6 08:37:46 dhcphostname dhcpd: Forward map from WIN-VSGHN2L.domain.com
> to fd80:1010::16a6 FAILED: Has an address record but no DHCID, not mine.
> Aug  6 08:35:09 dhcphostname dhcpd: Forward map from WIN-700IAVP.domain.com
> to fd80:1010::2df8 FAILED: Has an address record but no DHCID, not mine.
> 
> Here are the relevant sections of conf files:
> DHCPD------------------------:
> dynamic-bootp-lease-length 600;
> use-host-decl-names on;
> allow booting;
> allow bootp;
> allow client-updates;
> ddns-updates on;
> ddns-update-style interim;
> ddns-domainname "domain.com";
> ddns-rev-domainname "in-addr.arpa.";
> option dhcp-lease-time 3600;
> option domain-name "domain.com";
> option dhcp6.domain-search "domain.com", "ipv4domain.com";
> option dhcp6.name-servers fd80:1010::1;
> #option ntp-servers fd80:1010::1;
> option subnet-mask 255.255.0.0;
> 
> default-lease-time 3600;
> max-lease-time 3900;
> 
> key "rndc-key" {
> algorithm hmac-md5;
> secret "secret_key";
> };
> zone 0.0.0.0.0.0.0.0.0.1.0.1.0.8.d.f.ip6.arpa. {
> primary ntp.domain.com;
> key rndc-key;
> }
> zone domain.com. {
> primary ntp.domain.com;
> key rndc-key;
> }
> 
> # REMOVE this for now since IPv6 PXE isn't supported yet...  next-server
> fd80:1010::1;
> subnet6 fd80:1010::/64 {
> range6 fd80:1010::1000 fd80:1010::3000;
> update-static-leases on;
> }
> --------------- End DHCP
> 
> NAMED-----------------:
> acl "rndc-users" {
>      10.10/16;
>      127.0.0.1;
>      fd80:1010::/64;
>  };
> //
> // named.conf for Red Hat caching-nameserver
> //
> 
> options {
> 	directory "/var/named";
> 	dump-file "/var/named/data/cache_dump.db";
>         statistics-file "/var/named/data/named_stats.txt";
> 	listen-on-v6 { any; };
> 	/*
> 	 * If there is a firewall between you and nameservers you want
> 	 * to talk to, you might need to uncomment the query-source
> 	 * directive below.  Previous versions of BIND always asked
> 	 * questions using port 53, but BIND 8.1 uses an unprivileged
> 	 * port by default.
> 	 */
> 	 // query-source address * port 53;
> };
> 
> //
> // a caching only nameserver config
> //
> controls {
> 	inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
> };
> zone "." IN {
> 	type hint;
> 	file "named.ca";
> };
> 
> zone "localdomain" IN {
> 	type master;
> 	file "localdomain.zone";
> 	allow-update { key "rndc-key"; };
> 	notify yes;
> };
> 
> zone "localhost" IN {
> 	type master;
> 	file "localhost.zone";
> 	allow-update { key "rndc-key"; };
>         notify yes;
> };
> 
> zone "0.0.127.in-addr.arpa" IN {
> 	type master;
> 	file "named.local";
> 	allow-update { key "rndc-key"; };
>         notify yes;
> };
> 
> zone "255.in-addr.arpa" IN {
> 	type master;
> 	file "named.broadcast";
> 	allow-update { key "rndc-key"; };
>         notify yes;
> };
> 
> zone "0.in-addr.arpa" IN {
> 	type master;
> 	file "named.zero";
> 	allow-update { key "rndc-key"; };
>         notify yes;
> };
> 
> include "/etc/rndc.key";
> 
> zone "0.0.0.0.0.0.0.0.0.1.0.1.0.8.d.f.ip6.arpa" {
> 	type master;
> 	file "reverse-fd80-1010_64.IP6.ARPA";
> 	allow-update { any; };
>         notify yes;
> };
> zone "10.10.in-addr.arpa" {
> 	type master;
> 	file "/var/named/10.10.rev";
> 	allow-update { key "rndc-key"; };
>         notify yes;
> 	};
> 
> zone "domain.com" {
> 	type master;
> 	file "/var/named/domain.com.hosts";
> 	allow-update { any; };
> 	notify yes;
> 	};
> ---------------- End NAMED
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFMXDomDADXcoYj2ZwRAuw+AJ4qTq0eDaITnLtz01XEX+ddpmZxSQCeO1Ar
lCfWCOoeroe3D1/qqEp5/Uo=
=KO1o
-----END PGP SIGNATURE-----

More information about the dhcp-users mailing list