need help with dynamic DNS updates

Glenn Satchell Glenn.Satchell at uniq.com.au
Sat Mar 11 10:53:31 UTC 2006 

Hi Ross,

Try adding:

  ignore client-updates;

Without this the default behaviour is for the dhcp client to attempt to
do the A record dns update itself. With this specified the dhcp server
will attempt the update.

I also suspect that there may be some issues with using Bind views, ie
how does the server know whether to update the external or internal
view? But I have never tested this so I can't be sure.

Also look up the Bind Administrator Reference (html pages that come
with th ebind distribution) and look up the section on logging.  Add
some logging to log all the dynamic updates - this will help you track
down what is going on.

regards,
-glenn

>Date: Fri, 10 Mar 2006 09:26:58 -0800
>To: Ross Boylan <RossBoylan at stanfordalumni.org>
>Cc: dhcp-server at isc.org
>Subject: Re: need help with dynamic DNS updates
>
>Does anybody have any more ideas about this?  I still haven't had any
>luck getting it working, or even getting signs that an update is being
>attempted.
>
>Ross
>
>On Sun, Mar 05, 2006 at 10:19:46PM -0800, Ross Boylan wrote:
>> I've been trying to get dynamic updates of DNS to work.  Though I
>> think I've followed all the steps, from what I can tell dhcpd is not
>> even attempting to contact my name server.  Can anyone suggest what
>> I'm doing wrong, or how to debug the problem?
>> dhcp3-server  3.0.3-6
>> bind9         9.3.2-2  
>> on Debian Gnu/Linux 2.4 kernel.  Apart from this, bind and dhcp seem
>> to be working.  I'm using views in bind to show different face to
>> internal and external networks.
>> 
>> dhcpd3 -f -d eth1
>> and the logs show requests coming in and being acknowledged:
>> ------------------------------------------
>> # dhcpd3 -f -d eth1
>> Internet Systems Consortium DHCP Server V3.0.3
>> Copyright 2004-2005 Internet Systems Consortium.
>> All rights reserved.
>> For info, please visit http://www.isc.org/sw/dhcp/
>> Wrote 0 deleted host decls to leases file.
>> Wrote 0 new dynamic host decls to leases file.
>> Wrote 7 leases to leases file.
>> Listening on LPF/eth1/00:13:46:66:27:d7/192.168.40/24
>> Sending on   LPF/eth1/00:13:46:66:27:d7/192.168.40/24
>> Sending on   Socket/fallback/fallback-net
>> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1
>> DHCPACK on 192.168.40.60 to 00:0e:0c:9b:e8:84 via eth1
>> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1
>> DHCPACK on 192.168.40.60 to 00:0e:0c:9b:e8:84 via eth1
>> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1
>> DHCPACK on 192.168.40.60 to 00:0e:0c:9b:e8:84 via eth1
>> 
>> wheat:/usr/local/rootlog# dhcpd3 -f -d eth1
>> Internet Systems Consortium DHCP Server V3.0.3
>> Copyright 2004-2005 Internet Systems Consortium.
>> All rights reserved.
>> For info, please visit http://www.isc.org/sw/dhcp/
>> Wrote 0 deleted host decls to leases file.
>> Wrote 0 new dynamic host decls to leases file.
>> Wrote 7 leases to leases file.
>> Listening on LPF/eth1/00:13:46:66:27:d7/192.168.40/24
>> Sending on   LPF/eth1/00:13:46:66:27:d7/192.168.40/24
>> Sending on   Socket/fallback/fallback-net
>> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1: unknown lease 
192.168.40.60.
>> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1: unknown lease 
192.168.40.60.
>> DHCPDISCOVER from 00:0e:0c:9b:e8:84 (Knoppix) via eth1
>> DHCPOFFER on 192.168.40.25 to 00:0e:0c:9b:e8:84 via eth1
>> DHCPREQUEST for 192.168.40.25 (192.168.40.1) from 00:0e:0c:9b:e8:84 via eth1
>> DHCPACK on 192.168.40.25 to 00:0e:0c:9b:e8:84 via eth1
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> 
>> I tested by starting up the client and the repeatedly bring the
>> appropriate interface down and up.  Initially dhcp was configured to
>> offer a fixed-address.  I discovered and added update-static-leases
>> on;.  I added the suggested (in the dhcpd.conf man page's discussion
>> of logging options to bind under "DYNAMIC DNS UPDATE SECURITY".
>> Finally, I commented out the host section giving the fixed address.
>> You can see the result in the second session shown above.  The address
>> was used by the same system with a different system name previously.
>> 
>> Every time I saw the dialogue requesting the IP address, but no
>> messages or errors from bind.  The logging files referred to in the
>> previous paragraph remained empty.  dig and dig -x never produced
>> answers for the dhcp client systems.
>> 
>> What am I missing?  I assume that even if their were some security or
>> communication problem there would be a sign of it in the logs; there
>> is not.  I also have firewalls, but they shouldn't get in the way
>> local traffic.
>> 
>> Here are some highlights of the configuration files, with secrets obscured.
>> 
>> ---------------- dhcpd.cof ----------------------------------
>#also with
>ddns-updates on;
>ddns-update-style interim;
>ddns-domainname "betterworld.us";
>
>> key DHCP_UPDATER {
>> 	algorithm HMAC-MD5;
>> 	secret xxxx;
>> };
>> 
>> update-static-leases on;
>> 
>> zone betterworld.us. {
>> 	primary 127.0.0.1;
>> 	key DHCP_UPDATER;
>> }
>> # the example did not have ; after the zone {}, which seems odd.
>> 
>> zone 192.in-addr.arpa. {
>> 	primary 127.0.0.1;
>> 	key DHCP_UPDATER;
>> }
>> 
>> option domain-name "betterworld.us";
>> option domain-name-servers 192.168.40.1;
>> 
>> option subnet-mask 255.255.255.0;
>> default-lease-time 24000;
>> max-lease-time 72000;
>> authoritative;
>> log-facility local7;
>> allow booting;
>> allow bootp;
>> 
>> # No service will be given on this subnet, but declaring it helps the 
>>   subnet 198.144.201.0 netmask 255.255.255.192 {
>>   }
>> 
>> # Service the local network
>>   subnet 192.168.40.0 netmask 255.255.255.0 {
>>     range 192.168.40.20 192.168.40.50;
>>     option broadcast-address 192.168.40.255;
>>     option routers 192.168.40.1;
>> 
>> 	# make WINS happy for MS
>> 	option netbios-name-servers 192.168.40.1;
>> 	option netbios-dd-server 192.168.40.1;
>> 	option netbios-node-type 8;
>>   }
>> # old host section giving fixed-address omitted
>> # some bootp stuff omitted; it does refer to the client
>> 
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> 
>> ---------------- named.conf -----------------------------
>> acl internals { 127.0.0.1; 192.168.40.0/24; };
>> acl externals { ! internals ; any; };
>> 
>> # suggested logging statements omitted
>> 
>> view "outside" {
>> 	match-clients { externals; };
>> # etc
>> };
>> 
>> view "inside" {
>> 	match-clients { internals; };
>> # note all is defined inside the view
>> 	// allow dhcp to update me
>> 	key DHCP_UPDATER {
>> 		algorithm HMAC-MD5;
>> 		secret xxxxx;
>> 	};
>> 
>> 	zone "." {
>> 		type hint;
>> 		file "/etc/bind/db.root";
>> 	};
>> 
>> 	zone "localhost" {
>> 		type master;
>> 		file "/etc/bind/db.local";
>> 	};
>> 
>> 	zone "127.in-addr.arpa" {
>> 		type master;
>> 		file "/etc/bind/db.127";
>> 	};
>> 
>> 	zone "0.in-addr.arpa" {
>> 		type master;
>> 		file "/etc/bind/db.0";
>> 	};
>> 
>> 	zone "255.in-addr.arpa" {
>> 		type master;
>> 		file "/etc/bind/db.255";
>> 	};
>> 
>> 	zone "192.in-addr.arpa" {
>> 		type master;
>> 		file "/etc/bind/db.192";
>> 		allow-query { internals; };
>> 		allow-transfer { internals; };
>> 		allow-update { key DHCP_UPDATER;};
>> 	};
>> 
>> 	zone "betterworld.us" {
>> 		notify no;
>> 		type master;
>> 		file "/etc/bind/inside-betterworld.us";
>> 	};
>> 
>> # some other zones omitted
>> };
>> 
>> # rndc keys and controls omitted
>> # I do notice their key name and secrets are quoted
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^6
>> 
>

More information about the dhcp-users mailing list