Problem with DDNS update to BIND 9.16.27 from ISC DHCPv6
Mirsad Goran Todorovac
mirsad.todorovac at alu.unizg.hr
Tue Jun 7 15:40:04 UTC 2022
Hello all,
I have a problem that my DHCPv6 DDNS update which works reliably with
IPv4 doesn't work at all when we implemented
the dual-stack operation. There is not even a warning, notice or error
in the log. No syntax errors in the config /etc/dhcp/dhcpd6.conf file.
We are running Debian 10 Buster server with BIND 9.16.27 and ISC DHCPd
4.4.1
root at domac:# dpkg -l ...
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============-===========================-============-=================================
ii bind9 1:9.16.27-1~deb11u1~bpo10+1 amd64 Internet Domain
Name Server
ii isc-dhcp-server 4.4.1-2+deb10u1 amd64 ISC DHCP server for
automatic IP address assignment
Here is a typical example of DHCPv6 transactions found in the log:
Jun 7 16:53:27 domac dhcpd[2971]: Solicit message from
fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
2001:b68:2:2800::10:1208
Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid for
3600 seconds
Jun 7 16:53:27 domac dhcpd[2971]: Sending Advertise to
fe80::8aad:43ff:fefa:3f96 port 546
Jun 7 16:53:27 domac dhcpd[2971]: Solicit message from
fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
2001:b68:2:2800::10:1208
Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid for
3600 seconds
Jun 7 16:53:27 domac dhcpd[2971]: Sending Advertise to
fe80::8aad:43ff:fefa:3f96 port 546
Jun 7 16:53:27 domac dhcpd[2971]: Relay-forward message from
fe80::babe:bfff:fe26:9542 port 547, link address 2001:b68:2:2800::1,
peer address fe80::8aad:43ff:fefa:3f96
Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
2001:b68:2:2800::10:1208
Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid for
3600 seconds
Jun 7 16:53:27 domac dhcpd[2971]: Sending Relay-reply to
fe80::babe:bfff:fe26:9542 port 547
fe80::babe:bfff:fe26:9542 is local-link address of our router.
Our DNS/DHCP server is 161.53.235.3 or 2001:b68:2:2800::3, LLA for eth1
is fe80::f21f:afff:fef1:420a/64
Here is our /etc/dhcp/dhcpd6.conf:
default-lease-time 3600;
preferred-lifetime 604800;
option dhcp-renewal-time 3600;
option dhcp-rebinding-time 7200;
allow leasequery;
option dhcp6.name-servers 2001:b68:2:2800::3,2001:b68:c:2::70:0;
option dhcp6.domain-search "alu.hr";
option dhcp6.info-refresh-time 21600;
ddns-update-style standard;
ddns-dual-stack-mixed-mode true;
update-conflict-detection false;
update-optimization false;
deny client-updates;
ddns-updates on;
authoritative;
log-facility local7;
ddns-domainname "local.alu.hr.";
ddns-rev-domainname "ip6.arpa.";
include "/etc/bind/ddns.key";
shared-network ilica85.alu.hr {
subnet6 2001:b68:2:2800::/64 {
range6 2001:b68:2:2800::10:1000 2001:b68:2:2800::10:13ff;
option dhcp6.domain-search "local.alu.hr","alu.hr";
option dhcp6.name-servers 2001:b68:2:2800::3,2001:b68:c:2::70:0;
ddns-domainname "local.alu.hr";
zone local.alu.hr. {
# primary6 2001:b68:2:2800::3;
primary 127.0.0.1;
key DDNS_UPDATE;
}
zone 0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa. {
# primary6 2001:b68:2:2800::3;
primary 127.0.0.1;
key DDNS_UPDATE;
}
}
}
subnet6 2001:b68:2:2a00::/64 {
range6 2001:b68:2:2a00::1000 2001:b68:2:2a00::10ff;
option dhcp6.domain-search "slava.alu.hr","alu.hr";
option dhcp6.name-servers 2001:b68:2:2800::3,2001:b68:c:2::70:0;
ddns-domainname "slava.alu.hr";
zone slava.alu.hr. {
primary6 2001:b68:2:2800::3;
key DDNS_UPDATE;
}
zone 0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa. {
primary6 2001:b68:2:2800::3;
key DDNS_UPDATE;
}
}
The corresponding entries in /etc/bind/named.conf.local are:
zone "0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa" in {
type master;
file
"/var/cache/bind/0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa.db";
allow-update { key DDNS_UPDATE; };
allow-transfer { 31.147.205.54; 161.53.2.70; };
also-notify { 31.147.205.54; 161.53.2.70; };
forwarders {};
};
zone "0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa" in {
type master;
file
"/var/cache/bind/0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa.db";
allow-update { key DDNS_UPDATE; };
allow-transfer { 31.147.205.54; 161.53.2.70; };
also-notify { 31.147.205.54; 161.53.2.70; };
forwarders {};
};
zone "local.alu.hr" in {
type master;
file "/var/cache/bind/local.alu.hr.db";
allow-update { key DDNS_UPDATE; };
allow-transfer { 31.147.205.54; 161.53.2.70; };
also-notify { 31.147.205.54; 161.53.2.70; };
forwarders {};
};
zone "slava.alu.hr" in {
type master;
file "/var/cache/bind/slava.alu.hr.db";
allow-update { key DDNS_UPDATE; };
allow-transfer { 31.147.205.54; 161.53.2.70; };
also-notify { 31.147.205.54; 161.53.2.70; };
dnssec-policy "standard";
key-directory "/var/cache/bind/keys";
forwarders {};
};
We are also using views in BIND9, but they work well updating the
"internal" and "universe" zones with DHCPv4, i.e.:
Jun 7 16:48:21 domac dhcpd[986]: DHCPREQUEST for 192.168.100.215 from
9c:3d:cf:11:aa:a6 (R7000P) via eth1
Jun 7 16:48:21 domac dhcpd[986]: DHCPACK on 192.168.100.215 to
9c:3d:cf:11:aa:a6 (R7000P) via eth1
Jun 7 16:48:21 domac dhcpd[986]: Added new forward map from
R7000P.local.alu.hr to 192.168.100.215
Jun 7 16:48:21 domac dhcpd[986]: Added reverse map from
215.100.168.192.in-addr.arpa. to R7000P.local.alu.hr
As you can see in the options, I tried various combinations, and I seem
to be out of options. But we are new to IPv6
and DHCPv6, so there may be something obvious to you I cannot see (like
DDNS not being enabled in ISC dhcpd binary
with option -6)?
I am very interested personally in IPv6 adoption for we are expecting a
surge in multimedia content provided,
possibly broadcasted, additional options with IoT, security,
surveillance cameras (requiring public IP we are short of).
All of this would be greatly simplified and more adopted if the users,
professors, staff and students wouldn't
have to remember IPv6 address like 2001:b68:2:2800::3 but used an
automatically assigned domain name instead.
Manual IPv6 configuration and static tables for this would be an
overkill, we are understaffed to maintain it.
Thank you very much for your time and help.
Kind regards,
Mirsad Todorovac
--
Mirsad Todorovac
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
--
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220607/51489a33/attachment-0001.htm>
More information about the bind-users
mailing list