[Kea-users] ddns fails with powerDNS (Failed PreRequisites check)
Jason Guy
jguy at cumulusnetworks.com
Wed Feb 6 17:03:26 UTC 2019
I am currently using Kea DDNS with TSIG to a powerdns 4.2 authoritative
server. If the TSIG string in the Kea-D2 config, matches the PDNS activated
TSIG key for the various domain-id's.
The other gotcha here is the Kea D2 uses the RFC4703 conflict resolution
strategy (by adding the DHCID records). In a lab environment, things that
can happen where you want to 'move things around' or some other unnatural
event, where the DDNS starts failing for an address because the previous
ownership exists in the PDNS database with the DHCID records. It would be
nice if there was a knob in kea-dhcp-ddns configuration to turn off the
creation of DHCID records.
HTH,
Jason
On Wed, Feb 6, 2019 at 6:47 AM Thomas Markwalder <tmark at isc.org> wrote:
> Hello:
>
> We migrated to gitlab, the old Trac ticket can be found here:
>
> https://oldkea.isc.org/ticket/5071#ticket
>
> We did correct that particular issue in Kea 1.2. If you are using an
> earlier version, please upgrade.
> If you are already using 1.2 or later you may have uncovered something
> new, in which case I would
> encourage you to open a issue in gitlab:
>
> https://gitlab.isc.org
>
> You'll need to register (if you haven't already) and then select the Kea
> project.
> We would need PCAPs of the DDNS messages plus whatever logs from
> PowerDNS to start with.
>
> Regards,
>
> Thomas Markwalder
> ISC Software Engineering
>
>
> On 2/6/19 3:44 AM, MRob wrote:
> >
> >> Has anyone found how to make kea-ddns work with PowerDNS? pdns logs
> >> suggest:
> >>
> >> pdns[20989]: UPDATE (50855) from 10.10.1.254 for lan.: Failed
> >> PreRequisites check, returning 6
> >>
> >> The query log shows only some normal SELECT statements. If it's not a
> >> known problem can anyone show how to find what the DNS UPDATE command is
> >> being sent to the DNS server to diagnose?
> >>
> >> Someone else had problem but couldn't get resolution:
> >> https://github.com/PowerDNS/pdns/issues/5830
> >
> > Problem seems to be using TSIG signed DNSUPDATE requests. There used
> > to be a Kea bug
> >
> > http://kea.isc.org/ticket/5071#ticket
> >
> > But the link is dead. Is that bug fixed? Is the problem with Kea or
> > maybe the older version of powerDNS?
> >
> >
> > Question - after I removed TSIG the initial forward and reverse
> > DNSUPDATE commands succeed:
> > DHCP_DDNS_ADD_SUCCEEDED DHCP_DDNS Request ID xxx: successfully added
> > the DNS mapping addition for this request: Type: 0 (CHG_ADD)
> >
> > But Kea does another CHG_ADD only a minute later and it fails:
> > DHCP_DDNS_FORWARD_REPLACE_REJECTED DNS Request ID yyy: Server,
> > 10.10.1.254 port:5353, rejected a DNS update request to replace the
> > address mapping for FQDN, wkst4.lan., with an RCODE: 8
> > DHCP_DDNS_ADD_FAILED DHCP_DDNS Request ID yyy: Transaction outcome
> > Status: Failed, Event: UPDATE_FAILED_EVT, Forward change: failed,
> > Reverse change: failed, request: Type: 0 (CHG_ADD)
> >
> > Is this a problem or can it be ignored? Is it due to setting
> > "override-no-update": true and "override-client-update": true?
> > _______________________________________________
> > Kea-users mailing list
> > Kea-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/kea-users
>
>
> _______________________________________________
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20190206/4ca2adf0/attachment.htm>
More information about the Kea-users
mailing list