Dynamic update to the wrong DNS zone file - Bind View - dhcp-client-identifier - multiple network cards with multiple differents subnets
Flex Banana
flex.banana at bluewin.ch
Tue Apr 26 13:14:04 UTC 2011
hello,
The goals is simple:
1. Distribute addresses with DHCP
2. Update client's hostname with dynamic DNS based on their identifier
3. View the contents of zone only in the connected subnet, not all subnets
On Apr 21, 2011, at 5:19 PM, Simon Hobson wrote:
>> We also use Bind View to differentiate all differents zones with differents subnets (we have almost 90 zones)
>>
>> This is a part of our dhcpd.conf file:
>>
>> if substring (lcase (option dhcp-client-identifier), 1, 9) = "marketing"
The client can write marketing in all forms (Marketing, MARKETING, markETING), i need to check before with the "if substring lcase"
>> {
>> option domain-name "marketing.example.com";
>> option domain-search "marketing.example.com";
>> zone marketing.example.com. { primary 10.1.1.50; key OUR_KEY; }
This is the zone that hare updated with the key from the DNS, Dynamic DNS
>> }
>> elsif substring (lcase (option dhcp-client-identifier), 1, 6) = "design"
Same here, but with the work "design"
>> {
>> option domain-name "design.example.com";
>> option domain-search "design.example.com";
>> zone design.example.com. { primary 10.1.1.50; key OUR_KEY; }
>> }
>> else
If not "Marketing" or "Design", do another domain-search:
>> {
>> option domain-search "publisher.example.com";
>> }
>
> Sorry, but I'm completely lost on what you are trying to achieve here. It appears you are confusing the use of a zone declaration to enable secure updates with the location of the zone declaration to control access.
I don't confuse anything, all it's okay for me thank you
> I can't see any reason all your zone statements shouldn't be in the global scope and let the dhcp service work out which zone to update.
>
> That is something separate to setting the domain name by scope.
This is a more complexe scenario of the DHCP
>
>
>> This is a part of the named.conf file:
>>
>> view "10.1" {
>> match-destinations { 10.1.1.50; };
>> match-clients { 10.1.1.0/24; };
>>
>> zone "marketing.example.com" in {
>> allow-update { key OUR_KEY; };
>> allow-transfer { none; };
>> file "dyn/marketing.exemple.com_10.1";
>> type master;
>> };
>> zone "design.example.com" in {
>> allow-update { key OUR_KEY; };
>> allow-transfer { none; };
>> file "dyn/design.example.com_10.1";
>> type master;
>> };
>>
>> view "172.16" {
>> match-destinations { 172.16.1.50; };
>> match-clients { 172.16.1.0/24; };
>>
>> zone "marketing.example.com" in {
>> allow-update { key OUR_KEY; };
>> allow-transfer { none; };
>> file "dyn/marketing.exemple.com_172.16";
>> type master;
>> };
>> zone "design.example.com" in {
>> allow-update { key OUR_KEY; };
>> allow-transfer { none; };
>> file "dyn/design.example.com_172.16";
>> type master;
>> };
>
> Ditto, I'm not sure what you are trying to achieve here.
Simple:
view "172.16" if a simple Bind View statement, all clients queries from the subnet 172.16.1.1/24 can see the zones that harent inside the statement.
I have three zones with the same name: design.example.com, but i need the Bind View statement to offer the possibility to view only what the subnet can. If you have one machine with the address 10.1.1.17 and one machine with 172.16.1.33 in the same domain you have to update one domain per subnet.
The file desing.example.com_10.1 contain the following record:
desktop1 A 10.1.1.17
and the file design.example.com_172.16 contain the following records:
desktop2 A 172.16.1.33
You can host all machines:
$host desktop1
desktop1.design.example.com as address 10.1.1.17
$ host desktop2
desktop2.design.example.com as address 172.16.1.33
>
>
>> The problem is that when i use a client in the others subnets than 10.1.1.0/24, all dynamics updates harent writed to the zone (marketing.example.com or design.example.com) with the primary address of 10.1.1.50 and a message of "Forward map from .... FAILED: Has an address record but no DHCID, not mine."
>> And when you read the forward zone (e. g with nano or cat) the A adress is entered but from the wrong subnet.
>>
>> Example for the file desing.example.com_10.1 (zone dedicated
>>
>> laptop A 172.16.1.17 // updated dynamically
>>
>>
>> The solution, i think, is to test the client (with dhcp-server-identifier ?) when DHCPDISCOVER message appaers and modify the statement "{ primary 10.1.1.50; key OUR_KEY; }" with { primary 172.16.1.50; key OUR_KEY; } and { primary 192.168.1.50; key OUR_KEY; } before DHCPREQUEST.
>
> Sorry, but I really cannot follow that.
>
> I'm going to take a bit of a stab in the dark and guess that you are trying to run three separate realms (for want of a better word), and have a different DNS view updated depending on the client that's connecting or it's location ?
I would like to update the zone with the address from the client subnet:
All clients tring to update the ddns from the subnet 172.16.1.1/24 use the adress from the server eth1
All clients tring to update the ddns from the subnet 10.1.1/24 use the adress from the server eth0
> If that is the case, then I cannot see any way you'd do that with one server. Zone definitions aren't dynamic.
Zone definition is not the problem, their are static
>
> I don't think you can use client access controls on the DNS server since all the updates will be coming from one address.
>
> My suspicion is that you'd have to run multiple instances of DHCP - one for each realm.
I don't want this, i want only 1 server running all instances.
>
> But it would help enormously if you stated what you want to happen, not how you've tried (and failed) to do it.
Thank you ver much
Banana
>
> --
> Simon Hobson
>
> Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list