[Kea-users] Kea DDNS - Forward Updates work, but reverse do not?

Rick Frey gribnut at gmail.com
Sun Jan 28 18:11:32 UTC 2024


The DNS response of RCODE 5 by your nameserver indicates the submitted DDNS update was refused by the nameserver.  May want to check your nameserver logs for cause.    Guessing it is not allowing your TSIG key used by Kea to make updates to the 10.168.192.in-addr.arpa zone.
BIND will not create a .jnl file until the first successful dynamic update (from any DDNS client).  Assuming this is a new BIND server as well since the jnl file for your reverse zone does not yet exist. 	

> On Jan 28, 2024, at 05:37, Ubence Quevedo (thatrat) <thatrat at gmail.com> wrote:
> 
> Hi All,
> 
> I’ve recently converted from the older ISC dhcpd with dynamic DNS configured and working properly with updating forward and reverse entries, but after converting to Kea, I can only get the forward entries to work and the reverse entries do not update.
> 
> This is a raspberry pi 4b running Ubuntu 22.04 LTS with Kea 2.0.2.  I can’t run the latest version since this is an arm system.
> 
> From what I can tell, things *look* correct, but when I do a journalctl -xeu kea-dhcp-ddns-server, in the below snippet, I get the following:
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: INFO  DHCP_DDNS_REMOVE_SUCCEEDED DHCP_DDNS Request ID 000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979: successfully removed the DNS mapping addition for this request: Type: 1 (CHG_REMOVE)
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Forward Change: yes
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Reverse Change: yes
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: FQDN: [lg-washer.totusmel.com.]
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: IP Address: [192.168.10.74]
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: DHCID: [000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979]
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Lease Expires On: 20240127223510
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Lease Length: 2400
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Conflict Resolution: yes
> Jan 27 16:28:37 raspi kea-dhcp-ddns[1542846]: ERROR DHCP_DDNS_REVERSE_REPLACE_REJECTED DNS Request ID 000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979: Server, 192.168.10.3 port:53, rejected a DNS update request to replace the reverse mapping for FQDN, lg-washer.totusmel.com., with an RCODE: 5
> Jan 27 16:28:37 raspi kea-dhcp-ddns[1542846]: ERROR DHCP_DDNS_ADD_FAILED DHCP_DDNS Request ID 000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979: Transaction outcome Status: Failed, Event: UPDATE_FAILED_EVT,  Forward change: completed,  Reverse change: failed,  request: Type: 0 (CHG_ADD)
> 
> The error entry shows a failure while the first and second entries show success.
> 
> I’m a bit baffled because in the kea-dhcp-ddns.conf, the forward and reverse are configured nearly the same and reference the same key to allow updates:
> "DhcpDdns":
> {
>   "ip-address": "127.0.0.1",
>   "port": 53001,
>   "control-socket": {
>       "socket-type": "unix",
>       "socket-name": "/tmp/kea-ddns-ctrl-socket"
>   },
> 
>   <?include "/etc/kea/tsig-keys.json"?>
> 
>   "forward-ddns" : {
>         "ddns-domains": [
>             {
>                 "name": "totusmel.com.",
>                 "key-name": "ddns-key",
>                 "dns-servers": [
>                     {
>                         "ip-address": "192.168.10.3",
>                         "port": 53
>                     }
>                 ]
>             }
>         ]
>     },
> 
>   "reverse-ddns" : {
>         "ddns-domains": [
>             {
>                 "name": "10.168.192.in-addr.arpa.",
>                 "key-name": "ddns-key",
>                 "dns-servers": [
>                     {
>                         "ip-address": "192.168.10.3",
>                         "port": 53
>                     }
>                 ]
>             }
>         ]
> }
> 
> 
> I’m also expecting there to be a .jnl file for the zone file in /var/lib/bind/ where the zone files reside, but the .jnl file I’m expecting never gets generated:
> root at raspi:/var/lib/bind# ls -la db*
> -rw-r--r-- 1 bind bind  6169 Jan 27 16:37 db.10.168.192.in-addr.arpa
> -rw-r--r-- 1 bind bind   295 Nov  6  2022 db.20.168.192.in-addr.arpa
> -rw-r--r-- 1 bind bind   347 Nov  6  2022 db.30.168.192.in-addr.arpa
> -rw-r--r-- 1 bind bind   278 Nov  6  2022 db.40.168.192.in-addr.arpa
> -rw-r--r-- 1 bind bind   276 Nov  6  2022 db.50.168.192.in-addr.arpa
> -rw-r--r-- 1 bind bind  1082 Jan 25 20:08 db.lab.totusmel.com
> -rw-r--r-- 1 bind bind  1372 Jan 25 19:56 db.lab.totusmel.com.jnl
> -rw-r--r-- 1 bind bind 22676 Jan 28 02:41 db.totusmel.com
> -rw-r--r-- 1 bind bind  3872 Jan 28 02:28 db.totusmel.com.jnl
> 
> Does anyone have any thoughts or suggestions on what might be wrong?  I can provide more information if needed, I just included the bits that I thought were relevant.
> 
> Any thoughts or suggestions would be greatly appreciated!
> 
> -Ubence
> 
> -- 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
> 
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240128/7c4c0325/attachment.htm>


More information about the Kea-users mailing list