allow-update ???
FISCHER BERNHARD
BERNHARD.FISCHER at ZEPPELIN.COM
Fri Dec 10 14:33:00 UTC 2004
--- Erhalten von ZBM.ZSFBE 089/32000-466 10-12-04 15=
.33 ------------------
I am currently testing with BIND 9.2.3 and dhcp 3.0 on SuSE Linux 9.x.
Both demons are running on the same box.
I am experiencing problems with Dynamic DNS Update and probably not unde=
rstanding
the behavior of "ddns-update-style interim;"
For DHCP Clients not sending a FQDN the Dynamic Update works fine, but i=
've got
a W2K Client where the update does not work as i expected.
I would not want to make configuration changes on my W2K Client it shoul=
d keep
the entry for the domain "xxxx.priv" for other purposes.
I specified "ignore client-updates;" in my dhcpd.conf to get the W2K =
clients A records
in the my zone "se-test.own"
I set up a matching TSIG key in both files.
I cannot not get a DNS A record for but always see messages like these o=
ne in /var/log/messages
Dec 10 15:07:44 master01 named[3574]: client 192.168.197.10#32772: query=
: pc0632.se-test.own IN SOA
Dec 10 15:07:44 master01 named[3574]: client 192.168.197.10#32772: query=
: se-test.own IN NS
Dec 10 15:07:44 master01 named[3574]: client 192.168.197.10#32772: updat=
e 'se-test.own/IN' denied
Dec 10 15:07:44 master01 dhcpd: Unable to add forward map from pc0632.se=
-test.own. to
192.168.197.191: timed out
Dec 10 15:07:44 master01 dhcpd: DHCPREQUEST for 192.168.197.191 from 00:=
e0:98:75:3f:0a (pc0632) via
eth1
Dec 10 15:07:44 master01 dhcpd: DHCPACK on 192.168.197.191 to 00:e0:98:7=
5:3f:0a (pc0632) via eth1
The only way to get around this is, to add "localhost;" to the addressli=
st of the "allow-update"
statement. What did i do wrong or what did i misunderstand (my native la=
nguage is not English)??
I still supposing my dhcpd to update the A record for my W2K client in z=
oe se-test.own caused by
"ignore client-updates;" using the string specified in the secret parame=
ter for security purposes.
Thanks for yout answers
Bernhard
########################################################################=
##########################
# dhcpd.conf
#
option domain-name "se-test.own";
option domain-name-servers 192.168.197.10, 192.168.197.11;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style interim;
ddns-domainname "se-test.own.";
#
ignore client-updates;
#
log-facility local7;
set vendor_class_identifier =3D option vendor-class-identifier;
#
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret SlKrg7XuoxiFUFz3TxULxw=3D=3D;
};
#
zone se-test-own. { primary 192.168.197.10; key DHCP_UPD=
ATER; }
zone 197.168.192.in-addr.arpa. { primary 192.168.197.10; =
key DHCP_UPDATER; }
#
subnet 192.168.196.0 netmask 255.255.255.0 {
}
# This is a very basic subnet declaration.
subnet 192.168.197.0 netmask 255.255.255.0 {
option routers 192.168.197.11;
option broadcast-address 192.168.197.255;
range 192.168.197.128 192.168.197.191;
default-lease-time 600;
max-lease-time 7200;
host knecht01 {
option host-name "knecht01";
hardware ethernet 00:E0:98:74:B6:FC;
fixed-address 192.168.197.100;
}
########################################################################=
####################
#
# /etc/named.conf
#
options {
directory "/var/lib/named";
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
notify no;
};
logging {
channel syslog_queries {
syslog user;
severity info;
};
category queries { syslog_queries; };
#
# # Log general name server errors to syslog.
channel syslog_errors {
syslog user;
severity error;
};
category default { syslog_errors; };
---- 10-12-04 15.33 ---- Gesendet an ---------------------------------=
----------------------------
-> bind-users at isc.org
More information about the bind-users
mailing list