[SOLVED] Re: DDNS, ISC-DHCPD, and Bind... not working because of strange error messages

Tue Apr 1 00:02:32 UTC 2008

Just to finish things off:

I finally got the ddns to work, although my biggest sticking point was
with the forward mapping in dns. Something to note on this was that I'm
using linux clients; what this means then is that they send the fqdn to
the dhcp server. This aspect I haven't changed yet in the actual
configs, but during testing I used dhclient -H $hostname and it finally
worked- -F $fqdn only did the reverse mapping.

I'm not sure why, but most how-tos don't mention all the directives to
use in the dhcpd.conf. One that was missing was ddns-updates, and
do-forward-updates, without these it wouldn't work. Not sure if that is
expected... Also during testing I turned optimizations off so that
mappings were immediate.

Hope this helps someone else. Might save a few hairs and wrinkles...

Thanks for the help with this - it all started with a simple error.

On Mon, 2008-03-31 at 15:33 +1000, Da Rock wrote:
> Apologies- 2 things:
> 
> 1. I was looking at the wrong config for dhcpd (my server only; FreeBSD
> uses /usr/local/etc instead of just /etc, and I had a config in both).
> Therefore, only one of my configs had an entry: option ntp-servers
> pool.ntp.org. Also, I don't remember putting that entry there- probably
> from an obscure how-to site.
> 
> 2. Split horizon was throwing off my dig. Internally my dns was throwing
> back an entry- externally not. Weird...
> 
> I'm still having trouble getting ddns to work, but dhcpd is working ok,
> and bind is working fine, so I'm still happy- I'll just plodding along
> working out the ddns.
> 
> An odd problem though; I just about had ddns working the other day, the
> rev.arpa file had a ptr record for the client but no A record, and it
> was the wrong ip address. Haven't worked that one out...
> 
> And if I may, I would like to get the update logging happening for bind,
> and followed the directions in the dhcpd.conf but its not working (I
> figure it may be helpful setting up the ddns). I've completely stopped
> bind and restarted but nogo. Any ideas? Should I ask the bind list?
> 
> Thanks again guys.
> 
> 
> On Sun, 2008-03-30 at 14:15 +1000, Da Rock wrote:
> > I'm just looking through that info now. I don't have man pages installed
> > on my server, and I only just stumbled on obtaining man pages for ports
> > on the freebsd site.
> > 
> > I'm still confused as to what the pool.ntp.org entry in the messages log
> > for dhcpd could mean though. This is a global (worldwide) server pool
> > for time servers. Why is that causing a problem for dhcpd?
> > 
> > dhcpd: pool.ntp.org: no A record associated with address
> > 
> > Also, what is this entry supposed to mean? Does this mean it can't
> > update the ddns because of A records missing?
> > 
> > Thanks
> > 
> > 
> > On Sun, 2008-03-30 at 13:38 +1100, Glenn Satchell wrote:
> > > >We can top post here?
> > > 
> > > If you like - whatever gets the job done :) 
> > > 
> > > There is a section in the dhcpd.conf man page (DYNAMIC DNS UPDATE
> > > SECURITY) which gives samples for dhcpd.conf and named.conf. Double
> > > check that agrees with what is in your files. Be careful with quotes -
> > > there are very similar sections in both files except for quotes!
> > > 
> > > >I have a question too. I set this up based on very basic info found
> > > >through a google search. Should the hostname be set by the client and
> > > >updated in the dns by dhcpd? Or should (can I) setup the hostname from
> > > >the dns by dhcpd on the client? What is the correct way to do this?
> > > 
> > > You can do either. If you trust your clients to use sensible hostnames,
> > > or you can construct a hostname. There are a few examples in the list
> > > archive that use pick-first-value() (covered in dhcp-eval man page) to
> > > use the client's hostname and then make one up if it doesn't supply
> > > it.
> > > 
> > > regards,
> > > -glenn
> > > 
> > > >Subject: Re: DDNS, ISC-DHCPD, and Bind... not working because of strange error 
> > > messages
> > > >From: Da Rock <rock_on_the_web at comcen.com.au>
> > > >To: dhcp-users at isc.org
> > > >Date: Sun, 30 Mar 2008 08:53:37 +1000
> > > >
> > > >We can top post here?
> > > 
> > > If you like - whatever gets the job done :) 
> > > 
> > > >Thank you! Finally a response... :)
> > > >In order of questioning:
> > > >No- the pool.ntp.org is what truely confuses me.
> > > >Yes- dig ran fine, got an authoritative answer.
> > > >Yes- I can get everything. I have an IP address and I can also resolve
> > > >all entries in my zone files on bind. I just can't update entries it
> > > >seems.
> > > >
> > > >I can understand your point. I'm trying to do the same. Based on these
> > > >answers does this mean it dhcpd or bind? I suspect its dhcpd myself.
> > > >
> > > >dhcpd.conf:
> > > >server-identifier $serverip
> > > >authoritative;
> > > >ddns-update-style interim;
> > > >ddns-ttl 14400;
> > > >
> > > >key $domain.key {
> > > >        algorithm hmac-md5;
> > > >        secret "$secret";
> > > >};
> > > >
> > > >zone $domain {
> > > >        primary $serverip;
> > > >        key $domain.key;
> > > >};
> > > >
> > > >zone $rev-domain {
> > > >        primary $serverip;
> > > >};
> > > >
> > > >subnet $private-net netmask 255.255.255.0 {
> > > >        range $private-net-range $private-net-range;
> > > >        option subnet-mask 255.255.255.0;
> > > >        option broadcast-address $private-net-bcast;
> > > >        option domain-name "$domain";
> > > >        one-lease-per-client on;
> > > >        default-lease-time 14400;
> > > >        max-lease-time 14401;
> > > >        option ip-forwarding off;
> > > >        option time-offset -18000;
> > > >        option routers $gateway;
> > > > 	option domain-name-servers $serverip;
> > > >};
> > > >
> > > >I have a question too. I set this up based on very basic info found
> > > >through a google search. Should the hostname be set by the client and
> > > >updated in the dns by dhcpd? Or should (can I) setup the hostname from
> > > >the dns by dhcpd on the client? What is the correct way to do this?
> > > >
> > > >Cheers
> > > >
> > > >On Sun, 2008-03-30 at 00:19 +1100, Glenn Satchell wrote:
> > > >> You'll need to post your dhcpd.conf. The list software strips
> > > >> attachments, so include it in the body of the email.
> > > >> 
> > > >> A couple of general questions:
> > > >> 
> > > >> Is pool.ntp.org mentioned anywhere in your dhcpd.conf?
> > > >> 
> > > >> Can you resolve that name using, say, dig or nslookup?
> > > >> 
> > > >> Can you resolve other internet IP addresses (eg www.isc.org,
> > > >> www.google.com, etc)?
> > > >> 
> > > >> Just trying to work out if it's a general dns resolution issue, or
> > > >> something specific about dhcpd.
> > > >> 
> > > >> regards,
> > > >> -glenn
> > > >> 
> > > >> >Subject: DDNS, ISC-DHCPD, and Bind... not working because of strange error 
> > > >> messages
> > > >> >From: Da Rock <rock_on_the_web at comcen.com.au>
> > > >> >To: dhcp-users at isc.org
> > > >> >Date: Sat, 29 Mar 2008 11:07:41 +1000
> > > >> >
> > > >> >I did actually manage to get this to work, and I can't exactly work out
> > > >> >what changed to cause this error.
> > > >> >
> > > >> >I'm running FreeBSD 6.3, and sent this to the net and questions list
> > > >> >there, but no one seems to know what is going on because I have received
> > > >> >no response at all (posted around a week ago). So I thought I should go
> > > >> >to the top - and ask the pros.
> > > >> >
> > > >> >I set this up at the end of last year, and it worked- kind of. The
> > > >> >failure was my own by not using a proper FQDN, but it worked
> > > >> >unofficially anyway. Records were updating etc: all happy.
> > > >> >
> > > >> >Anyway, I finally got the FQDN worked out (split horizon dns- external
> > > >> >and internal views), but I find that the ddns is not working: and not
> > > >> >because of the changes I made. I looked back and found the problem going
> > > >> >on for month. My messages file has these entries, and no amount of
> > > >> >googling has brought me any closer to finding out what they could mean,
> > > >> >or why my clients aren't updating:
> > > >> >
> > > >> >Mar 27 16:18:54 {$HOSTNAME} dhcpd: pool.ntp.org: no A record associated
> > > >> >with address
> > > >> >
> > > >> >I've edited the hostname to protect the innocent.
> > > >> >
> > > >> >What I can't figure out is why would dhcpd be looking at pool.ntp.org? I
> > > >> >ran a dig on pool.ntp.org on the off chance it was busted- but of course
> > > >> >it was not. And this record pops up everytime I renew my ip addresses.
> > > >> >Weird...
> > > >> >
> > > >> >Little help anyone?
> > > >> >
> > > >> >Cheers
> > > >> >
> > > >> >
> > > >> >
> > > >> 
> > > >> 
> > > >> 
> > > >
> > > >
> > > 
> > > 
> > > 
> > 
> > 
> > 
> 
> 
> 