Looking for a pointer on getting reverse mapping with DDNS to work with DHCPD & Named.
Jim Glassford
jmglass at iup.edu
Thu Mar 28 20:00:32 UTC 2013
Hi Jim,
Looking at your config files, believe the keys do not match in
named.conf and dhcpd.conf but maybe they were adjusted for the posting
to the list. Alan Clegg's link shows creating the key and adding it to
the files and also some nsupdate examples.
Would want like the following, only with your key in each file, cut and
paste that key! :-)
~~~ inside dhcpd.conf this ~~~~~
key DHCP_UPDATER {
algorithm HMAC-MD5;
secret xxxxxxxxxxxxxxxxxxxxxxxx;
};
~~~ inside named.conf this ~~~~~
key DHCP_UPDATER {
algorithm HMAC-MD5;
secret xxxxxxxxxxxxxxxxxxxxxxxx;
};
On 3/28/2013 3:05 PM, Jim Bucks wrote:
> Hi All (sorry for the top-posting)....
>
> Alan - thanks for the link. I'll be checking it out / looking it over.
>
> Jim,
>
> Based on the nsupdate output (below), it looks like I've hosed up
> something in my "key". I used the key string from the .private key
> file (I've found some search results that say to use the .key and
> others say to use the .private).
>
> Jim
>
> [root at dns04 chroot]# nsupdate -d
> > server 127.0.0.1
> > key DHCP_UPDATE
> TrlaHSJXel+L5hqtfev5Gdlwj7B+HqcXQiqXMdZ/8mGXhznkRXf6yMDaQ9rXbx45gFgVpW7PFRHXGsZfUKrFlw==
> > update add 101.20.10.172.in-addr.arpa. 3600 in ptr
> dhcp.coloradostudios.com <http://dhcp.coloradostudios.com>.
> >
> Reply from SOA query:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11212
> ;; flags: qr aa ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;101.20.10.172.in-addr.arpa. IN SOA
>
> ;; AUTHORITY SECTION:
> 20.10.172.in-addr.arpa. 0 IN SOA dns04.coloradostudios.com
> <http://dns04.coloradostudios.com>. sysmgr.hd.net
> <http://sysmgr.hd.net>. 2013032600 10800 3600 604800 86400
>
> Found zone name: 20.10.172.in-addr.arpa
> The master is: dns04.coloradostudios.com
> <http://dns04.coloradostudios.com>
> Sending update to 127.0.0.1#53
> Outgoing update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 25308
> ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
> ;; UPDATE SECTION:
> 101.20.10.172.in-addr.arpa. 3600 IN PTR dhcp.coloradostudios.com
> <http://dhcp.coloradostudios.com>.
>
> ;; TSIG PSEUDOSECTION:
> dhcp_update. 0 ANY TSIG hmac-md5.sig-alg.reg.int
> <http://hmac-md5.sig-alg.reg.int>. 1364496936 300 16
> qUBZdqVmksNQtmb1mb9gNQ== 25308 NOERROR 0
>
> ; TSIG error with server: tsig indicates error
>
> Reply from update query:
> ;; ->>HEADER<<- opcode: UPDATE, status: NOTAUTH, id: 25308
> ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
> ;; ZONE SECTION:
> ;20.10.172.in-addr.arpa. IN SOA
>
> ;; TSIG PSEUDOSECTION:
> dhcp_update. 0 ANY TSIG hmac-md5.sig-alg.reg.int
> <http://hmac-md5.sig-alg.reg.int>. 1364496936 300 0 25308 BADKEY 0
>
> > quit
> [root at dns04 chroot]#
>
>
> On Thu, Mar 28, 2013 at 12:03 PM, Jim Glassford <jmglass at iup.edu
> <mailto:jmglass at iup.edu>> wrote:
>
> Hi Jim,
>
> No, sorry, wrong IP address, the real IP address of the dns
> server, not the client.
>
> zone dhcp.coloradostudios.com <http://dhcp.coloradostudios.com>. {
> primary your_dns_server_IP_address; <----- change from 127.0.0.1
> key DHCP_UPDATER;
> }
>
> Also do you have a /var/log/named.log file or debug log file for
> named, other than messages, might have more information.
> Can try nsupdate with debug to see if this gives any clue also.
> nsupdate -d
> > server your_dns_server_here
> > key your_key_here
> > update add 101.20.10.172.in-addr.arpa. 3600 in ptr
> dhcp-172-10-20-101.coloradostudios.com
> <http://dhcp-172-10-20-101.coloradostudios.com>.
> > do extra CR to get it to go
>
> should see lots of debug information here
> >
> > quit
>
> man nsupdate
>
> best!
> jim
>
> On 3/28/2013 1:52 PM, Jim Bucks wrote:
>> No I have not tried that, but .101 is a leased IP address for a
>> Windows workstation.
>>
>> I'm willing to try it, but it seems like that would mean I would
>> need a zone like this for all of my leased addresses???
>>
>>
>> Jim
>>
>> On Thu, Mar 28, 2013 at 11:42 AM, Jim Glassford <jmglass at iup.edu
>> <mailto:jmglass at iup.edu>> wrote:
>>
>> Hi Jim,
>>
>> Lost track but have you tried using the IP address of the
>> server for the primary, 172.10.20.101 instead of 127.0.0.1?
>>
>> zone dhcp.coloradostudios.com
>> <http://dhcp.coloradostudios.com>. {
>> primary 172.10.20.101; <----- change from 127.0.0.1
>> key DHCP_UPDATER;
>> }
>>
>>
>> best!
>> jim
>>
>>
>> On 3/28/2013 1:31 PM, Jim Bucks wrote:
>>> Hi Sten,
>>>
>>> Thanks for the response, I only dabble in DNS setups every
>>> 5 years (or so). I really thought this would be a "no
>>> brainer", and most likely have some simple command / syntax
>>> error causing all of this.
>>>
>>> From /var/log/messages
>>>
>>> Mar 28 11:22:57 dns04 dhcpd: DHCPOFFER on 172.10.20.101 to
>>> 00:0b:cd:33:b6:49 (proccilapxp) via eth1
>>> Mar 28 11:22:57 dns04 dhcpd: Unable to add forward map from
>>> dhcp-172-10-20-101.coloradostudios.com
>>> <http://dhcp-172-10-20-101.coloradostudios.com> to
>>> 172.10.20.101 <http://172.10.20.101>: timed out
>>> Mar 28 11:22:57 dns04 dhcpd: DHCPREQUEST for 172.10.20.101
>>> (172.10.5.5) from 00:0b:cd:33:b6:49 (proccilapxp) via eth1
>>> Mar 28 11:22:57 dns04 dhcpd: DHCPACK on 172.10.20.101 to
>>> 00:0b:cd:33:b6:49 (proccilapxp) via eth1
>>>
>>>
>>> On Thu, Mar 28, 2013 at 11:26 AM, Sten Carlsen
>>> <stenc at s-carlsen.dk <mailto:stenc at s-carlsen.dk>> wrote:
>>>
>>> Apparently the DHCP server tries to put the change into
>>> BIND but times out. What does the named log tell about this?
>>>
>>> Either it did see the request or it will have an
>>> explanation why it won't do it.
>>>
>>> On 28/03/13 18:18, Jim Bucks wrote:
>>>> Hi Mark, Graham, & others.
>>>>
>>>> I've spent the last day trying all sorts of things to
>>>> get this working (to no avail). I'm still at the stage
>>>> of DHCP offering the lease IP address, but the DNS is
>>>> not automatically updating the two "zones" files with
>>>> the newly leased addresses.
>>>>
>>>> Here is a grief summary of what I tried/changed.
>>>> - Added the group named to the dhcpd user
>>>> - moved the two zones files into
>>>> /var/named/chroot/var/named/slaves/ (was internal/)
>>>> - added ENABLE_ZONE_WRITE=yes to /etc/sysconfig/named
>>>> - grabbed a current version named.conf file and
>>>> added the bare minimum config into into it.
>>>>
>>>> Attached are my configs.
>>>>
>>>> Any ideas on what I've hosed up?
>>>>
>>>> Thanks,
>>>>
>>>> Jim
>>>>
>>>>
>>>>
>>>> --
>>>> Jim Bucks - IT Director
>>>> Colorado Studios <http://www.coloradostudios.com>,
>>>> Mobile TV Group <http://www.mobiletvgroup.com>, HDNet
>>>> <http://www.hd.net>, AXS.tv <http://www.axs.tv/>
>>>> 8269 E. 23rd Ave. Denver, CO 80238 Main 303-388-8500
>>>> <tel:303-388-8500>
>>>> jbucks at coloradostudios.com
>>>> <mailto:jbucks at coloradostudios.com> Direct
>>>> 303-542-5520 <tel:303-542-5520>
>>>>
>>>>
>>>> _______________________________________________
>>>> Please visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>>>
>>>> bind-users mailing list
>>>> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>>>> https://lists.isc.org/mailman/listinfo/bind-users
>>>
>>> --
>>> Best regards
>>>
>>> Sten Carlsen
>>>
>>> No improvements come from shouting:
>>>
>>> "MALE BOVINE MANURE!!!"
>>>
>>>
>>> _______________________________________________
>>> Please visit
>>> https://lists.isc.org/mailman/listinfo/bind-users to
>>> unsubscribe from this list
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>>
>>>
>>>
>>>
>>> --
>>> Jim Bucks - IT Director
>>> Colorado Studios <http://www.coloradostudios.com>, Mobile TV
>>> Group <http://www.mobiletvgroup.com>, HDNet
>>> <http://www.hd.net>, AXS.tv <http://www.axs.tv/>
>>> 8269 E. 23rd Ave. Denver, CO 80238 Main 303-388-8500
>>> <tel:303-388-8500>
>>> jbucks at coloradostudios.com
>>> <mailto:jbucks at coloradostudios.com> Direct 303-542-5520
>>> <tel:303-542-5520>
>>>
>>>
>>> _______________________________________________
>>> Please visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>> _______________________________________________
>> Please visit
>> https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>>
>>
>> --
>> Jim Bucks - IT Director
>> Colorado Studios <http://www.coloradostudios.com>, Mobile TV
>> Group <http://www.mobiletvgroup.com>, HDNet <http://www.hd.net>,
>> AXS.tv <http://www.axs.tv/>
>> 8269 E. 23rd Ave. Denver, CO 80238 Main 303-388-8500
>> <tel:303-388-8500>
>> jbucks at coloradostudios.com <mailto:jbucks at coloradostudios.com>
>> Direct 303-542-5520 <tel:303-542-5520>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
>
> --
> Jim Bucks - IT Director
> Colorado Studios <http://www.coloradostudios.com>, Mobile TV Group
> <http://www.mobiletvgroup.com>, HDNet <http://www.hd.net>, AXS.tv
> <http://www.axs.tv/>
> 8269 E. 23rd Ave. Denver, CO 80238 Main 303-388-8500
> jbucks at coloradostudios.com <mailto:jbucks at coloradostudios.com>
> Direct 303-542-5520
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130328/8b8a5650/attachment.html>
More information about the bind-users
mailing list