Dynamic update to the wrong DNS zone file - Bind View - dhcp-client-identifier - multiple network cards with multiple differents subnets
Flex Banana
flex.banana at bluewin.ch
Thu Apr 21 14:17:37 UTC 2011
hello list,
I use dhcpd-4.2.1 with bind-9.7.3 on a SuSE system.
I have 3 network cards with under 700 differents subnets declared in the dhcpd.conf.
eth0 = 10.1.1.50
eth1 = 172.16.1.50
eth2 = 192.168.1.50
We use Dynamic DNS update with the dhcp-client-identifier option to set settings to my different clients.
We also use Bind View to differentiate all differents zones with differents subnets (we have almost 90 zones)
This is a part of our dhcpd.conf file:
if substring (lcase (option dhcp-client-identifier), 1, 9) = "marketing"
{
option domain-name "marketing.example.com";
option domain-search "marketing.example.com";
zone marketing.example.com. { primary 10.1.1.50; key OUR_KEY; }
}
elsif substring (lcase (option dhcp-client-identifier), 1, 6) = "design"
{
option domain-name "design.example.com";
option domain-search "design.example.com";
zone design.example.com. { primary 10.1.1.50; key OUR_KEY; }
}
else
{
option domain-search "publisher.example.com";
}
Another part of dhcpd.conf with subnet declarations:
subnet 10.1.1.0 netmask 255.255.255.0
{
option routers 10.1.1.1;
range 10.1.1.20 10.1.1.199;
option subnet-mask 255.255.255.0;
option domain-name-servers 10.1.1.50;
zone 1.1.10.in-addr.arpa. { primary 10.1.1.50; key OUR_KEY; }
}
subnet 172.16.1.0 netmask 255.255.255.0
{
option routers 172.16.1.1;
range 172.16.1.20 172.16.1.199;
option subnet-mask 255.255.255.0;
option domain-name-servers 172.16.1.50;
zone 1.16.172.in-addr.arpa. { primary 172.16.1.50; key OUR_KEY; }
}
subnet 192.168.1.0 netmask 255.255.255.0
{
option routers 192.168.1.1;
range 192.168.1.20 192.168.1.199;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.1.50;
zone 1.168.192.in-addr.arpa. { primary 192.168.1.50; key OUR_KEY; }
}
This is a part of the named.conf file:
view "10.1" {
match-destinations { 10.1.1.50; };
match-clients { 10.1.1.0/24; };
zone "marketing.example.com" in {
allow-update { key OUR_KEY; };
allow-transfer { none; };
file "dyn/marketing.exemple.com_10.1";
type master;
};
zone "design.example.com" in {
allow-update { key OUR_KEY; };
allow-transfer { none; };
file "dyn/design.example.com_10.1";
type master;
};
view "172.16" {
match-destinations { 172.16.1.50; };
match-clients { 172.16.1.0/24; };
zone "marketing.example.com" in {
allow-update { key OUR_KEY; };
allow-transfer { none; };
file "dyn/marketing.exemple.com_172.16";
type master;
};
zone "design.example.com" in {
allow-update { key OUR_KEY; };
allow-transfer { none; };
file "dyn/design.example.com_172.16";
type master;
};
view "192.168" {
match-destinations { 192.168.1.50; };
match-clients { 192.168.1.0/24; };
zone "marketing.example.com" in {
allow-update { key OUR_KEY; };
allow-transfer { none; };
file "dyn/marketing.exemple.com_192.168";
type master;
};
zone "design.example.com" in {
allow-update { key OUR_KEY; };
allow-transfer { none; };
file "dyn/design.example.com_192.168";
type master;
};
The problem is that when i use a client in the others subnets than 10.1.1.0/24, all dynamics updates harent writed to the zone (marketing.example.com or design.example.com) with the primary address of 10.1.1.50 and a message of "Forward map from .... FAILED: Has an address record but no DHCID, not mine."
And when you read the forward zone (e. g with nano or cat) the A adress is entered but from the wrong subnet.
Example for the file desing.example.com_10.1 (zone dedicated
laptop A 172.16.1.17 // updated dynamically
The solution, i think, is to test the client (with dhcp-server-identifier ?) when DHCPDISCOVER message appaers and modify the statement "{ primary 10.1.1.50; key OUR_KEY; }" with { primary 172.16.1.50; key OUR_KEY; } and { primary 192.168.1.50; key OUR_KEY; } before DHCPREQUEST.
How a do that ?
Any idea are much appreciated.
Thank you very mutch list.
Banana
More information about the bind-users
mailing list