ddns updates when using failover?

Tue Jan 14 22:04:01 UTC 2014

On Tue, Jan 14, 2014 at 4:00 PM, Nicolas C. <dhcp at nryc.fr> wrote:

> On 14/01/2014 17:07, John Miller wrote:
>
>> Hello folks,
>>
>> I'm digging into how ISC dhcpd (we're running 4.2.4-P2) handles dynamic
>> updates when acting as part of a failover pair.  Thus far, I'm seeing
>> _both_ servers in the failover pair send ddns updates when a new lease
>> is generated, rather than only the server sending the DHCPACK.  Is this
>> normal behavior?
>>
>
> I don't think so, in failover mode both server reply but in the end only
> one gives the lease and do the DDNS update.
>
> Can you give us some of your logs ?
>
> Be careful with DDNS and failover : when a server dies and the other goes
> into "partner down", it works, but when the "dead" server comes back, it
> will purge all the expired leases it was managing.
>
> So basically a DHCP back from "partner down" mode after the lease time
> will do a *massive* cleanup in the DNS, even if the leases were correctly
> handled by the other DHCP.
>
>
Thanks, Nicolas.  Glad to hear multiple updates isn't default behavior.
Here's the pertinent logs, as well as the DDNS-specific pieces of our DHCP
config.  Any help would be welcome!

John

Logs:

1st DHCP server (129.64.102.14):
Jan 14 10:51:08 dhcp1-dev dhcpd: DHCPREQUEST for 129.64.102.250 from
a6:b2:b0:77:ed:ff via eth0: lease 129.64.102.250 unavailable.
Jan 14 10:51:08 dhcp1-dev dhcpd: DHCPNAK on 129.64.102.250 to
a6:b2:b0:77:ed:ff via eth0
Jan 14 10:51:15 dhcp1-dev dhcpd: DHCPDISCOVER from a6:b2:b0:77:ed:ff via
eth0
Jan 14 10:51:15 dhcp1-dev dhcpd: DHCPOFFER on 129.64.102.100 to
a6:b2:b0:77:ed:ff via eth0
Jan 14 10:51:15 dhcp1-dev dhcpd: DHCPREQUEST for 129.64.102.100
(129.64.102.14) from a6:b2:b0:77:ed:ff via eth0
Jan 14 10:51:15 dhcp1-dev dhcpd: DHCPACK on 129.64.102.100 to
a6:b2:b0:77:ed:ff via eth0
Jan 14 10:51:15 dhcp1-dev dhcpd: Added new forward map from
johnmill-jm-ddns-client-devel.dyn-dev.brandeis.edu to 129.64.102.100

2nd DHCP server (129.64.102.15):
Jan 14 10:51:15 dhcp2-dev dhcpd: DHCPDISCOVER from a6:b2:b0:77:ed:ff via
eth0
Jan 14 10:51:15 dhcp2-dev dhcpd: DHCPOFFER on 129.64.102.100 to
a6:b2:b0:77:ed:ff via eth0
Jan 14 10:51:15 dhcp2-dev dhcpd: DHCPREQUEST for 129.64.102.100
(129.64.102.14) from a6:b2:b0:77:ed:ff via eth0
Jan 14 10:51:15 dhcp2-dev dhcpd: DHCPACK on 129.64.102.100 to
a6:b2:b0:77:ed:ff via eth0
Jan 14 10:51:15 dhcp2-dev dhcpd: Added new forward map from
johnmill-jm-ddns-client-devel.dyn-dev.brandeis.edu to 129.64.102.100

Primary DDNS server:
Jan 14 10:51:15 dns-ext-dev1 named[7894]: client 129.64.102.14#36493:
updating zone 'dyn-dev.brandeis.edu/IN': update unsuccessful:
johnmill-jm-ddns-client-devel.dyn-dev.brandeis.edu: 'name not in use'
prerequisite not satisfied (YXDOMAIN)
Jan 14 10:51:15 dns-ext-dev1 named[7894]: client 129.64.102.15#64204:
updating zone 'dyn-dev.brandeis.edu/IN': update unsuccessful:
johnmill-jm-ddns-client-devel.dyn-dev.brandeis.edu: 'name not in use'
prerequisite not satisfied (YXDOMAIN)
Jan 14 10:51:15 dns-ext-dev1 named[7894]: client 129.64.102.15#64204:
signer "dhcp2-dev.brandeis.edu" approved
Jan 14 10:51:15 dns-ext-dev1 named[7894]: client 129.64.102.15#64204:
updating zone 'dyn-dev.brandeis.edu/IN': deleting rrset at '
johnmill-jm-ddns-client-devel.dyn-dev.brandeis.edu' A
Jan 14 10:51:15 dns-ext-dev1 named[7894]: client 129.64.102.15#64204:
updating zone 'dyn-dev.brandeis.edu/IN': adding an RR at '
johnmill-jm-ddns-client-devel.dyn-dev.brandeis.edu' A
Jan 14 10:51:15 dns-ext-dev1 named[7894]: zone dyn-dev.brandeis.edu/IN:
sending notifies (serial 1385157532)
Jan 14 10:51:15 dns-ext-dev1 named[7894]: client 129.64.101.52#39397:
updating zone 'dyn-dev.brandeis.edu/IN': update unsuccessful:
johnmill-jm-ddns-client-devel.dyn-dev.brandeis.edu: 'name not in use'
prerequisite not satisfied (YXDOMAIN)
Jan 14 10:51:15 dns-ext-dev1 named[7894]: client 129.64.102.14#36493:
signer "dhcp1-dev.brandeis.edu" approved
Jan 14 10:51:15 dns-ext-dev1 named[7894]: client 129.64.102.14#36493:
updating zone 'dyn-dev.brandeis.edu/IN': deleting rrset at
'johnmill-jm-ddns-client-dev
el.dyn-dev.brandeis.edu' A
Jan 14 10:51:15 dns-ext-dev1 named[7894]: client 129.64.102.14#36493:
updating zone 'dyn-dev.brandeis.edu/IN': adding an RR at
'johnmill-jm-ddns-client-devel
.dyn-dev.brandeis.edu' A

DHCP Configs:

--dhcp1-dev--
ddns-update-style interim;
ddns-domainname "dyn-dev.brandeis.edu";
deny client-updates;
do-forward-updates true;
update-conflict-detection true;

key "dhcp1-dev.brandeis.edu" {
        algorithm hmac-md5;
        secret "NotReallyOurSecret";
};

zone dyn-dev.brandeis.edu. {
        primary 129.64.101.51;
        secondary 129.64.101.52;
        key dhcp1-dev.brandeis.edu;
}

update-static-leases on;

--dhcp2-dev--
ddns-update-style interim;
ddns-domainname "dyn-dev.brandeis.edu";
deny client-updates;
do-forward-updates true;
update-conflict-detection true;

key "dhcp2-dev.brandeis.edu" {
        algorithm hmac-md5;
        secret "NotReallyOurSecret";
};

zone dyn-dev.brandeis.edu. {
        primary 129.64.101.51;
        key dhcp2-dev.brandeis.edu;
}

update-static-leases on;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20140114/f14d9985/attachment.html>