ISC-DHCP and BIND 9 DNS: DDNS update fails for /27 subnet

Sat Dec 11 05:04:42 UTC 2021

No idea if this is the best way. It is a way.

Do you control any other zone? Let’s say you own “example.com.” You can
tell ISC DHCP to build the reverse zone at an arbitrary base name instead
of in-addr.arpa.

Configure DHCP to put the reverse records at say, “rev.example.com.” So
you’ll get records at,

193.186.198.193.rev.example.com
194.186.198.193.rev.example.com
…

And in your RFC 2317-style delegation, you then enumerate another CNAME
layer,

$ORIGIN 192-27.186.198.193.in-addr.arpa.
193  IN CNAME 193.186.198.193.rev.example.com.
194  IN CNAME 194.186.198.193.rev.example.com.
…

On Fri, Dec 10, 2021 at 2:51 PM Mirsad Goran Todorovac <
mirsad.todorovac at alu.unizg.hr> wrote:

> Hello,
>
> I have a problem with DHCP DDNS update to BIND 9 reverse PTR zone subnet
> that is owned by several organizations, so I can't get a direct DHCP DDNS
> update access with a key or with hostname.
>
> I have been delegated domain name 192-27.186.198.193.in-addr.arpa from
> the upper level admins, and that appears to be immutable.
>
> However, my subnet is 193.198.186.192/27, and DHCP only knows how to
> perform DDNS update to 186.198.193.in-addr.arpa. (See here:
> https://serverfault.com/questions/806875/how-to-tell-isc-dhcp-correct-zone-for-reverse-zone-ddns-update
> and here:
> https://lists.isc.org/mailman/htdig/dhcp-users/2006-August/001422.html ).
>
> (This setup is because we have DHCP addresses that are not over NAT, but
> /24 subnet is shared with other organizations, even under another Minstry.)
>
> I want to have the effect of delegating the same database to upper level
> under their zone name, while updating the same database under my
> DHCP-understood zone name.
>
> I tried this /etc/bind/named.conf.local:
>
> zone "192-27.186.198.193.in-addr.arpa" in {
>         type master;
>         file "/var/cache/bind/192-27.186.198.193.in-addr.arpa.db";
> };
>
> zone "186.198.193.in-addr.arpa" in {
>         type master;
>         file "/var/cache/bind/192-27.186.198.193.in-addr.arpa.db";
>         allow-update { key DDNS_UPDATE; };
> };
>
> (Two zones with the same file.)
>
> What I got was:
>
> root at domac:/etc/bind# named-checkconf
> /etc/bind/named.conf.local:49: writeable file '/var/cache/bind/192-27.186.198.193.in-addr.arpa.db': already in use: /etc/bind/named.conf.local:44
> root at domac:/etc/bind#
>
> Can you please tell me is there a way to achieve the effect of the above (illegal) setup?
> I can't change DHCP nor I know an option to tell it to accept update to 192-27.186.198.193.in-addr.arpa
>  (it is a syntax error).
>
> The DHCP dhcpd.conf subnet configuration is:
> subnet 193.198.186.192 netmask 255.255.255.224 {
>   range 193.198.186.200 193.198.186.222; # MT 20211210
>   option subnet-mask 255.255.255.224;
>   option domain-name-servers 161.53.235.3, 161.53.2.70;
>   option domain-name "slava.alu.hr";
>   ddns-domainname "slava.alu.hr";
>   zone slava.alu.hr. {
>    primary 127.0.0.1;
>    key DDNS_UPDATE;
>   }
>   zone 186.198.193.in-addr.arpa. {
>    primary 127.0.0.1;
>    key DDNS_UPDATE;
>   }
>   option broadcast-address 193.198.186.223;
>   option routers 193.198.186.193;
>   default-lease-time 43200;
>   max-lease-time 86400;
> }
> Thank you very much for your time reading this mail and help.
>
> Kind regards,
>
> --
> Mirsad Goran Todorovac
> Academy of Fine Arts | Faculty of Graphic Arts
> University of Zagreb
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20211210/e9dd3b4e/attachment.htm>