Unable to add forward map: bad DNS key

Calle Pettersson carlpett at kth.se
Mon Jun 2 07:27:47 UTC 2008 

Hello!
I am unable to get ddns to work, despite reading just about every guide
and article availible... My setup is like this: srv1 is gateway, and
"external" services such as apache etc., srv2 is dhcp and dns.
When I connect a client, client01 for example, and run dhcpcd, I get this
in /var/log/messages on srv2:

Jun  2 08:53:31 srv2 dhcpd: Unable to add forward map from
client01.mydomain.local. to 192.168.0.100: bad DNS key
Jun  2 08:53:31 srv2 dhcpd: DHCPREQUEST for 192.168.0.100 from
00:50:8b:8b:78:70 via eth0
Jun  2 08:53:31 srv2 dhcpd: DHCPACK on 192.168.0.100 to 00:50:8b:8b:78:70
via eth0

The "bad DNS key" error appears even if I shut down named. Also, named
does not log anything, neither in /var/log/messages or /var/log/named/*,
where I've setup logging, even if I set info-level trace.

Below are my named.conf and dhcpd.conf. If you need any additional
information, just ask.
Since I've read so many different guides, there is a good chance my
configs have a bit too many settings, or even conflicting ones. There
doesn't seem to be just one way to do this...

Best regards
Calle Pettersson

named.conf:
key srv2.mydomain.local. {
        algorithm hmac-md5;
        secret "mysecret";
};
key rndc-key {
       algorithm hmac-md5;
       secret "othersecret";
};
acl "mydomain" {
        192.168.0.0/24;
        127.0.0.1;
};

controls {
       inet 127.0.0.1 port 953
              allow { 127.0.0.1; 192.168.0.2; } keys { "rndc-key"; };
};


options {
        directory "/var/bind/";
        pid-file "/var/run/named/named.pid";
        forwarders {
                192.168.0.1;
        };
        listen-on {
                127.0.0.1;
                192.168.0.2;
        };
        allow-query { "mydomain"; };
};

zone "." {
        type hint;
        file "named.ca";
};

zone "mydomain.local" IN {
        type master;
        file "pri/mydomain.local";
        allow-update { key "srv2.mydomain.local."; };
};
zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "pri/192.168.0.rev";
        allow-update { key "srv2.mydomain.local."; };
};

zone "localhost" IN {
        type master;
        file "pri/localhost";
        allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "pri/localhost.rev";
        allow-update { none; };
};

dhcpd.conf:
server-identifier 192.168.0.2;
option domain-name-servers 192.168.0.2;

ddns-hostname=pick(option fqdn.hostname, option host-name);
ddns-domainname "mydomain.local.";
ddns-rev-domainname "in-addr.arpa.";
ddns-ttl 3600;
ddns-updates on;
ddns-update-style interim;
#allow client-updates;
authoritative;
update-static-leases on;

key srv2.mydomain.local. {
        algorithm hmac-md5;
        secret "mysecret";
}
key rndc-key {
        algorithm hmac-md5;
        secret "othersecret";
}

zone 0.168.192.in-addr.arpa. {
        primary 192.168.0.1;
        key srv2.mydomain.local.;
}
zone mydomain.local. {
        primary 192.168.0.1;
        key srv2.mydomain.local.;
}

default-lease-time 86400;
max-lease-time 86400;

subnet 192.168.0.0 netmask 255.255.255.0 {
        option domain-name "mydomain.local";
        option routers 192.168.0.1;
        range 192.168.0.10 192.168.0.100;

        group { # Servers
                host srv1 {
                        hardware ethernet 00:50:8B:8B:78:70;
                        fixed-address 192.168.0.1;
                }
                host srv2 {
                        hardware ethernet 00:08:C7:09:AC:F0;
                        fixed-address 192.168.0.2;
                }
        }
}

More information about the dhcp-users mailing list