why am I seeing update denied in Bind9 logs for dhcp clients ?
Glenn Satchell
glenn.satchell at uniq.com.au
Fri Mar 2 13:06:45 UTC 2012
You need to add this to the appropriate scope (usually global):
ignore client-updates;
The reasons are explained inthe dhcpdconf manpage in the section titled
"THE INTERIM DNS UPDATE SCHEME". Essentially it sends an option to the
client to tell it that the server will do the DNS updates, rather than the
client.
There are some extra details, but they are covered in the man page.
regards,
-glenn
> Gregory Machin wrote:
>
>>I have a ddns configuration with the dhcpd server writing dhcp clients
>>hostname and ip to the bind9 dns server. But i'm seeing a lot of
>>dhcp clients trying to writing into zones
>
> Windows clients by any chance ?
>
>> zone "69.168.192.in-addr.arpa" {
>> type master;
>> file "/var/lib/bind/192.168.69.interenal.rev";
>> update-policy { grant dhcp-server-key subdomain
>>69.168.192.in-addr.arpa. ANY;
>> grant * self * A TXT;
>> };
>> };
>
> All I have is :
> zone "0.168.192.in-addr.arpa" in {
> allow-update { key DHCP_UPDATER ; };
> file "192.168.0";
> type master;
> };
>
> Default on Windows clients is for the client to attempt to update the
> DNS - because "that's the way MS does it". You need to add "deny
> client-updates" (I think, check the man page) to your DHCP config for
> it to ignore clients requests to do their own updates.
>
> --
> Simon Hobson
>
> Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
More information about the dhcp-users
mailing list