Feature questions

Glenn Satchell Glenn.Satchell at uniq.com.au
Mon Sep 22 13:58:17 UTC 2008 

Hi Jason

Check the dhcpd.conf man page (man dhcpd.conf) and scroll down to the
section titled "DYNAMIC DNS UPDATE SECURITY" and follow the examples
there.

You need to generate your passphrase using dnssec-keygen, you can't
just pick an arbitrary group of letters as it is base64 encoded.

Also dhcpd.conf configuration is not the same as named.conf, for
example quotes are used differently. The reference above has examples
for both named.conf and dhcpd.conf.

regards,
-glenn

>Date: Mon, 22 Sep 2008 07:35:33 -0600
>From: Jason Gerfen <jason.gerfen at scl.utah.edu>
>To: dhcp-users at isc.org
>Subject: Feature questions
>
>I have read the documentation regarding the use of DNSSEC and also 
>utilizing DNS zone files within the dhcpd.conf. I am in need of a 
>'second set of eyes' in regards to my current configuration for these 
>options as well as for the failover configuration syntax.
>
>If any one could assist me with this I would appreciate it.
>
>#### DNSSEC Key Definitions ####
>key test {
>     algorithm DSA;
>     secret passphrase;
>}
>
>#### DNS Zone Definitions ####
>zone "scl.utah.edu" {
>     type master;
>     file "mmctest.zone";
>     allow-update { key test; };
>};
>zone "145.17.97.155.in-addr.arpa" {
>     type master;
>     file "mmctest.zone";
>     allow-update { key test; };
>};
>zone scl.utah.edu {
>     primary 127.0.0.1;
>     key test;
>}
>zone 145.17.97.155.in-addr.arpa {
>     primary 127.0.0.1;
>     key test;
>}
>
>#### Failover configuration ####
>failover peer "tyr" {
>     primary;
>     address 155.97.17.166;
>     port 519;
>     peer address 155.97.16.253;
>     peer port 520;
>     max-response-delay 60;
>     max-unpacked-updates 10;
>     mclt 300;
>     split 128;
>     load balance max seconds 3;
>}
>
>The reason I am asking is because with this configuration (which look 
>accurate according to the RFC documentation I have read) I receive some 
>errors when restarting the dhcpd service. Details below:
>
>dhcpd.conf line 24: partial base64 value left over: 14.
>        secret passphrase;
>
>dhcpd.conf line 28: expecting hostname.
>zone "scl.utah.edu"
>
>dhcpd.conf line 32: expecting a parameter or declaration
>};
>
>/dhcpd.conf line 33: expecting hostname.
>zone "145.17.97.155.in-addr.arpa"
>
>dhcpd.conf line 37: expecting a parameter or declaration
>};
>
>dhcpd.conf line 55: invalid statement in peer declaration
>        max-unpacked-updates
>
>
>

More information about the dhcp-users mailing list