ddns update not working getting a timed out

Kevin Darcy kcd at daimlerchrysler.com
Tue Nov 5 00:41:12 UTC 2002 

joe wrote:

> I am trying to resolve dhcp clients via ddns update.  My dhcp and dns
> (bind 9.2.1) seem to be working fine independently.  However when dhcp
> tries to update dns i get:
>
> Nov  4 18:27:24 higgins dhcpd: if IN A tc.closet6.com domain doesn't
> exist add 300 IN A tc.closet6.com 192.168.1.198 add 300 IN TXT
> tc.closet6.com "00a1fc24e2fea1fc05cbb4ad9f6a0983cf": timed out.
> Nov  4 18:27:24 higgins dhcpd: DHCPREQUEST for 192.168.1.198 from
> 00:10:5a:5d:b2:07 (tc) via eth0
> Nov  4 18:27:24 higgins dhcpd: DHCPACK on 192.168.1.198 to
> 00:10:5a:5d:b2:07 (tc) via eth0
>
> I think i have set up bind correctly to accept them because when i start the the
> service i get:
>
> Nov  4 18:30:39 higgins named[8587]: zone 'closet6.com' allows updates by IP add
> ress, which is insecure
> Nov  4 18:30:39 higgins named[8587]: zone '1.168.192.in-addr.arpa' allows update
> s by IP address, which is insecure
> Nov  4 18:31:10 higgins named[8587]: shutting down: flushing changes
> Nov  4 18:31:10 higgins named[8587]: stopping command channel on 127.0.0.1#953
> Nov  4 18:31:10 higgins named[8587]: no longer listening on 127.0.0.1#53
> Nov  4 18:31:10 higgins named[8587]: no longer listening on 192.168.1.2#53
> Nov  4 18:31:10 higgins named[8584]: exiting
> Nov  4 18:31:10 higgins named[8625]: starting BIND 9.2.1 -u named
> Nov  4 18:31:10 higgins named[8625]: using 1 CPU
> Nov  4 18:31:10 higgins named[8628]: loading configuration from '/etc/named.conf
> '
> Nov  4 18:31:10 higgins named[8628]: no IPv6 interfaces found
> Nov  4 18:31:10 higgins named[8628]: listening on IPv4 interface lo, 127.0.0.1#5
> 3
> Nov  4 18:31:10 higgins named[8628]: listening on IPv4 interface eth0, 192.168.1
> ...2#53
> Nov  4 18:31:10 higgins named[8628]: zone 'closet6.com' allows updates by IP add
> ress, which is insecure
> Nov  4 18:31:10 higgins named[8628]: zone '1.168.192.in-addr.arpa' allows update
> s by IP address, which is insecure
> Nov  4 18:31:10 higgins named[8628]: command channel listening on 127.0.0.1#953
> Nov  4 18:31:10 higgins named[8628]: zone 0.0.127.in-addr.arpa/IN: loaded serial
>  2002110306
> Nov  4 18:31:10 higgins named[8628]: zone 1.168.192.in-addr.arpa/IN: loaded seri
> al 2002110306
> Nov  4 18:31:10 higgins named: named startup succeeded
> Nov  4 18:31:10 higgins named[8628]: zone closet6.com/IN: loaded serial 20021103
> 06
> Nov  4 18:31:10 higgins named[8628]: running
> Nov  4 18:31:10 higgins named[8628]: zone 0.0.127.in-addr.arpa/IN: sending notif
> ies (serial 2002110306)
>
> Do i need to use dns-keygen and dnssec-keygen to get me a key to do the
> updates?  I wasn't planning on using any security as i am just trying to
> play with bind at home.  I found some doc's for bind 8 but none for bind
> 9, does anyone know where I can find some for bind 9?
> If i don't have to do the above does anyone think this might be a
> permissions issue?
> Thanks in advance,
> joe
> (conf files below)
>
> ## named.custom - custom configuration for bind
> #
> # Any changes not currently supported by redhat-config-bind should be put
> # in this file.
> #
>
> options {
>         directory "/var/named";
> };
>
> zone "." {
>         type hint;
>         file "root.cache";
> };
>
> zone "closet6.com" {
>         type master;
>         file "shortcut/db.closet6";
>         allow-update { 192.168.1/24; };
>         allow-query  { any; };
>                         /*  This file is in /var/named you must
>                          *      create it or the zone will not be loaded
>                          */
> };
>
> zone "1.168.192.in-addr.arpa" {
>         type master;
>         file "shortcut/db.192.168.1";
>         allow-update { 192.168.1/24; };
>         allow-query  { any; };
>                         /* This is an example entry for a generic
>                          * subnet, it's syntax will be the same as
>                          * the localhost.db as they serve similar
>                          * functions
>                          */
> };
>
> zone "0.0.127.in-addr.arpa" {
>         type master;
>         file "shortcut/db.127.0.0";
>                         /* This file is the reverse file for your
>                          * local network, it is essential that this
>                          * is in place or dns may be flakey.
>                          */
> };
> # sample /etc/dhcpd.conf
> # (add your comments here)
>
> server-identifier higgins.closet6.com;
> authoritative;
> ddns-update-style interim;
>
> subnet 192.168.1.0 netmask 255.255.255.0 {
>         range 192.168.1.50  192.168.1.200;
>         default-lease-time 600;
>         max-lease-time 7200;
>         option subnet-mask 255.255.255.0;
>         option broadcast-address 192.168.1.255;
>         option routers 192.168.1.1;
>         option domain-name-servers 192.168.1.2;
>         #option domain-name-servers 24.48.44.2, 24.48.44.2;
>         option domain-name "closet6.com";
>
> }

What server name do you have in the MNAME (first) field of the SOA record for these
zones? My guess is that the server name resolves to something that the DHCP server
cannot reach. Therefore it times out.

Then again, I don't know what "authoritative" and "ddns-update-style interim" mean
in your dhcpd.conf file. Maybe those settings are incorrect (??)


- Kevin

More information about the bind-users mailing list