DDNS. Allow clients to update bind dns ??
aries.ram at freenet.de
aries.ram at freenet.de
Mon Jan 9 08:57:23 UTC 2006
Hi,
i have a strange problem with dhcp and bind in a ddns enviroment. I am
running a suse 9.1 server with dns and dhcp services. The windows XP
and 2000 clients should get their ip adresses from the dhcp server and
register their hostnames via dynamic update function in the named
server database. The clients get their ip adresses but the dynamic
update is not running flawless ? I get the following syslogerrors:
Jan 8 19:03:16 gateway named[12349]: client 192.168.1.20#1069: update
'apollo.lokal/IN' denied
Jan 8 19:05:16 gateway named[12349]: client 192.168.1.20#1069: update
'apollo.lokal/IN' denied
Here are my config files:
/etc/dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
# if you do not use dynamical DNS updates:
#
# this statement is needed by dhcpd-3 needs at least this statement.
# you have to delete it for dhcpd-2, because it does not know it.
#
# if you want to use dynamical DNS updates, you should first read
# read /usr/share/doc/packages/dhcp-server/DDNS-howto.txt
ddns-update-style interim;
ignore client-updates;
ddns-updates on;
ddns-domainname "apollo.lokal";
allow unknown-clients;
ddns-rev-domainname "1.168.192.in-addr.arpa";
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative ;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option nis-domain "apollo.lokal";
option domain-name "apollo.lokal";
option domain-name-servers 192.168.1.1;
default-lease-time 43200;
max-lease-time 86400;
range 192.168.1.110 192.168.1.150;
}
key apollo.lokal {
algorithm hmac-md5;
secret 1234567890x==;
};
zone apollo.lokal. {
primary 192.168.1.1;
key apollo.lokal;
}
zone 1.168.192.in-addr.arpa. {
primary 192.168.1.1;
key apollo.lokal;
}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
#subnet 10.254.239.32 netmask 255.255.255.224 {
# range dynamic-bootp 10.254.239.40 10.254.239.60;
# option broadcast-address 10.254.239.31;
# option routers rtr-239-32-1.example.org;
#}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific
information
# will still come from the host declaration.
group {
host duke {
hardware ethernet 00:08:8E:28:88:AB;
fixed-address 192.168.1.30;
}
host blade {
hardware ethernet 00:12:5b:37:4b:2a;
fixed-address 192.168.1.20;
}
}
******************************************************************************************
/etc/named.conf
# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle at suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9. It
works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.
acl internals { 192.168.1.0/24;};
controls {
inet 127.0.0.1 port 953 allow { localhost; internals; } keys {
apollo.lokal; }
;
};
options {
# The directory statement defines the name server's working
directory
directory "/var/lib/named";
# Write dump and statistics file to the log subdirectory. The
# pathenames are relative to the chroot jail.
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
# The forwarders record contains a list of servers to which
queries
# should be forwarded. Enable this line and modify the IP
address to
# your provider's name server. Up to three servers may be
listed.
# Condor Nameserver : 194.120.164.22
forwarders { 194.25.2.129; };
# Enable the next entry to prefer usage of the name server
declared in
# the forwarders section.
#forward first;
forward only;
# The listen-on record contains a list of local network
interfaces to
# listen on. Optionally the port can be specified. Default is
to
# listen on all interfaces found on your system. The default
port is
# 53.
listen-on port 53 { 192.168.1.1; 127.0.0.1; };
# The listen-on-v6 record enables or disables listening on IPv6
# interfaces. Allowed values are 'any' and 'none' or a list of
# addresses.
listen-on-v6 { none; };
# The next three statements may be needed if a firewall stands
between
# the local server and the internet.
query-source address * port 53;
# transfer-source * port 53;
# notify-source * port 53;
# The allow-query record contains a list of networks or IP
addresses
# to accept and deny queries from. The default is to allow
queries
# from all hosts.
allow-query { internals; };
# If notify is set to yes (default), notify messages are sent
to other
# name servers when the the zone data is changed. Instead of
setting
# a global 'notify' statement in the 'options' section, a
separate
# 'notify' can be added to each zone definition.
notify no;
};
# To configure named's logging remove the leading '#' characters of the
# following examples.
#logging {
# # Log queries to a file limited to a size of 100 MB.
# channel query_logging {
# file "/var/log/named_querylog"
# versions 3 size 100M;
# print-time yes; // timestamp log
entries
# };
# category queries {
# query_logging;
# };
#
# # Or log this kind alternatively to syslog.
# channel syslog_queries {
# syslog user;
# severity info;
# };
# category queries { syslog_queries; };
#
# # Log general name server errors to syslog.
# channel syslog_errors {
# syslog user;
# severity error;
# };
# category default { syslog_errors; };
#
# # Don't log lame server messages.
# category lame-servers { null; };
#};
# The following zone definitions don't need any modification. The
first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.
key apollo.lokal {
algorithm hmac-md5;
secret 1234567890x==;
};
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
# Include the meta include file generated by SuSEconfig.named. This
includes
# all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named
# include "/etc/named.conf.include";
# You can insert further zone records for your own domains below or
create
# single files in /etc/named.d/ and add the file names to
# NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SuSE for more details.
zone "apollo.lokal" IN {
type master;
file "dyn/apollo.lokal.zone";
allow-update { key apollo.lokal; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "dyn/1.168.192.in-addr.arpa.zone";
allow-update { key apollo.lokal; };
};
Are the permissions ok ?
drwxr-xr-x 9 named named 4096 Dec 7 00:12 .
drwxr-xr-x 37 root root 4096 Dec 10 19:40 ..
-rw-r--r-- 1 named named 192 Apr 6 2004 127.0.0.zone
drwxr-xr-x 2 named named 4096 Jan 5 18:41 dev
drwxr-x--- 2 named named 4096 Jan 8 18:20 dyn
drwxr-xr-x 3 named named 4096 Nov 28 1996 etc
-rw-r--r-- 1 named named 158 Apr 6 2004 localhost.zone
drwxr-xr-x 2 named named 4096 Apr 6 2004 log
drwxr-xr-x 2 named named 4096 Nov 2 16:23 master
-rw-r--r-- 1 named named 2517 Apr 6 2004 root.hint
drwxr-xr-x 2 named named 4096 Apr 6 2004 slave
drwxr-xr-x 4 named named 4096 Dec 7 00:12 var
gateway:/var/lib/named #
4 drwxr-xr-x 9 named named 4096 Dec 7 00:12 ..
8 -rw------- 1 named named 771 Jan 8 18:20
1.168.192.in-addr.arpa.zone
8 -rw-r--r-- 1 named named 1097 Jan 8 18:03
1.168.192.in-addr.arpa.zone.jnl
8 -rw------- 1 named named 633 Jan 8 18:19 apollo.lokal.zone
gateway:/var/lib/named/dyn #
I don't know where the problem is ? How can I allow the windows XP /
2000 clients to update their hostnames in the named database ? I don't
want to disable the automatic update function in the windows XP/2000
network settings to prevent the update denied logmessages !! This is
only a workaround that doesn't fix the problem. The allow-update with a
security key should work, but it doesn't ?? Did i misunderstood
something ?
Regards
Frank. H
More information about the bind-users
mailing list