Fwd: ddns-updates off; within pool doesn't work
Alexei V. Schukin
alex.v.schukin at gmail.com
Wed Jun 4 12:19:27 UTC 2014
Have tested. Nope, the same error.
2014-06-04 15:34 GMT+04:00 Glenn Satchell <glenn.satchell at uniq.com.au>:
> Maybe move ddns-updates on; into the subnet definition. At the moment
> ddns-updates are off in the subnet, and so allow client-updates; doesn't
> make sense with that not turned on? Just guessing here.
>
> regards,
> -glenn
>
> On Wed, June 4, 2014 2:39 am, Alexei V. Schukin wrote:
> > Thanks for the detailed explanations, Glenn!
> > I have tested configuration from your message by dhcpd -t but the daemon
> thrown me the following error:
> >
> -----------------------------------------------------------------------------------------------
> dhcpd -t -cf /etc/dhcp/dhcpd.conf
> >
> -----------------------------------------------------------------------------------------------
> Internet Systems Consortium DHCP Server 4.1.1-P1
> > Copyright 2004-2010 Internet Systems Consortium.
> > All rights reserved.
> > For info, please visit https://www.isc.org/software/dhcp/
> > WARNING: Host declarations are global. They are not limited to the
> scope
> > you declared them in.
> > /etc/dhcp/dhcpd.conf line 76: expecting permit type.
> > allow client-updates;
> > ^
> > /etc/dhcp/dhcpd.conf line 77: semicolon expected.
> > range
> > ^
> > Configuration file errors encountered -- exiting
> > This version of ISC DHCP is based on the release available
> > on ftp.isc.org. Features have been added and other changes
> > have been made to the base software release in order to make
> > it work better with this distribution.
> > Please report for this software via the CentOS Bugs Database:
> > http://bugs.centos.org/
> > exiting.
> >
> ------------------------------------------------------------------------------------------------
> Obviously, it don't like "allow client-updates" option inside pool
> definition.
> > After my experiments most acceptable configuration looks like this:
>
> -----------------------------------------------------------------------------------------------
> dhcpd.conf
> >
> ------------------------------------------------------------------------------------------------
> authoritative;
> > ddns-update-style interim;
> > ddns-updates off;
> > deny unknown-clients;
> > update-static-leases off;
> > deny client-updates;
> > ddns-domainname "example.com";
> > allow booting;
> > allow bootp;
> > next-server 192.168.0.21;
> > filename "pxelinux.0";
> > option root-path "192.168.0.21:/tftpboot";
> > option ntp-servers 192.168.0.1;
> > one-lease-per-client on;
> > option domain-name "example.com";
> > subnet 192.168.0.0 netmask 255.255.255.0 {
> > option routers 192.168.0.1;
> > option domain-name-servers 192.168.0.1;
> > option broadcast-address 192.168.0.255;
> > allow client-updates;
> > allow unknown-clients;
> > # range for foreman
> > # 192.168.0.5 192.168.0.50
> > # dynamic address pool
> > pool {
> > ddns-updates on;
> > range 192.168.0.100 192.168.0.130;
> > }
> > # group for static host
> > group {
> > ddns-updates on;
> > deny client-updates;
> > use-host-decl-names on;
> > update-static-leases on;
> > host static-host {
> > hardware ethernet xx:xx:xx:xx:xx:xx;
> > fixed-address 192.168.0.132;
> > ddns-hostname "static-host";
> > }
> > ...
> > }
> > }
> > ...
> >
> ------------------------------------------------------------------------------------------------
> It seems works fine, except "update-static-leases" option, cause
> everytime
> > after removing host definition from configuration files, I should clean
> up
> > my dns zones manually. Unfortunately, I didn't find more elegant
> solution
> > yet.
> > --
> > Best wishes,
> > Alex
> > 2014-05-19 19:11 GMT+04:00 Glenn Satchell <glenn.satchell at uniq.com.au>:
> >> Hi Alex
> >> The lease created by the omshell commands is a host statement, that is
> it's a static lease. so it is not part of the pool of dynamic leases
> where
> >> you have turned off ddns-updates, even though the Ip address happens to
> be
> >> in the pool's dynamic range.
> >> Probably the right way to fix this is to remove that pool altogether
> and
> >> put the commands in the subnet, but you don't need the range statement
> for
> >> 192.168.0.5 192.168.0.50. The host statement will inherit settings from
> the subnet, but not from the pool. You could use a pool for the range
> 192.168.0.100 192.168.0.130 if you wanted different behaviour for those
> addresses.
> >> The range statement is for the dhcp server to allocate addresses
> itself.
> >> That function is being controlled by foreman, so you have two things
> conflicting with each other.
> >> By the way, no modern dhcp clients need dynamic-bootp setting for range
> these days. aLl that does is emulate bootp by allocating leases that
> never
> >> expire, so you will eventually run out of IPs due to old systems that
> are
> >> long gone still having anIp lease held for them.
> >> Perhaps something like this. Note I haven't tried this, so there may be
> syntax errors, etc, but hope this shows what I was trying to say above.
> subnet 192.168.0.0 netmask 255.255.255.0 {
> >> ddns-updates off;
> >> ignore client-updates;
> >> update-static-leases off;
> >> pool {
> >> range 192.168.0.100 192.168.0.130;
> >> ddns-updates on;
> >> allow client-updates;
> >> }
> >> option broadcast-address 192.168.0.255;
> >> option domain-name-servers 192.168.0.1;
> >> option domain-name "example.com";
> >> option routers 192.168.0.1;
> >> default-lease-time 86400;
> >> max-lease-time 172800;
> >> ...
> >> }
> >> regards,
> >> -glenn
> >> On Tue, May 20, 2014 12:45 am, Alexei V. Schukin wrote:
> >> > Peter, thanks for the reply.
> >> > I'm trying to make friendship Foreman + DHCP (ddns updates) + BIND.
> DHCPD had configuration below, when I tested it work at last time.
> =============
> >> > dhcpd.conf
> >> > =============
> >> > authoritative;
> >> > ddns-update-style interim;
> >> > ddns-updates on;
> >> > ddns-domainname "example.com";
> >> > allow booting;
> >> > allow bootp;
> >> > next-server 192.168.0.21;
> >> > filename "pxelinux.0";
> >> > option root-path "192.168.0.21:/tftpboot";
> >> > option ntp-servers 192.168.0.1;
> >> > allow unknown-clients;
> >> > update-static-leases on;
> >> > subnet 192.168.0.0 netmask 255.255.255.0 {
> >> > pool {
> >> > range 192.168.0.5 192.168.0.50;
> >> > deny unknown-clients;
> >> > ddns-updates off;
> >> > ddns-update-style none;
> >> > ignore client-updates;
> >> > update-static-leases off;
> >> > }
> >> > range dynamic-bootp 192.168.0.100 192.168.0.130;
> >> > option domain-name-servers 192.168.0.1;
> >> > option domain-name "example.com";
> >> > option routers 192.168.0.1;
> >> > option broadcast-address 192.168.0.255;
> >> > allow client-updates;
> >> > default-lease-time 86400;
> >> > max-lease-time 172800;
> >> > ...
> >> > }
> >> > ...
> >> > -----------------
> >> > This is the rude scheme of interaction between services:
> >> > ​
> >> > __________ _________________________________
> >> > | | | |
> >> > | Host 1 | | Host 2 |
> >> > | | | (1) |
> >> > | Foreman | --> | Foreman-Proxy ------> DHCPD |
> >> > |_________| | | omshell |
> >> > | (2) | |
> >> > | | nsupdate |
> >> > | + |
> >> > | BIND |
> >> > |_________________________________|
> >> > 0. Creating host in Foreman...
> >> > 1. The Foreman tells foreman-proxy to reserve address for a new host
> >> via
> >> > omshell (1)
> >> > =================================
> >> > /var/log/foreman-proxy/proxy.log
> >> > =================================
> >> > D, [2014-05-15T19:47:03.286591 #7893] DEBUG -- : Lazy loaded
> >> > 192.168.0.0/255.255.255.0 records
> >> > D, [2014-05-15T19:47:03.287669 #7893] DEBUG -- : Added
> >> > example-04.example.com (192.168.0.25 / 00:50:56:90:72:22) to
> >> > 192.168.0.0/255.255.255.0
> >> > D, [2014-05-15T19:47:03.288907 #7893] DEBUG -- : omshell: executed -
> >> set
> >> > name = "example-04.example.com"
> >> > D, [2014-05-15T19:47:03.289097 #7893] DEBUG -- : true
> >> > D, [2014-05-15T19:47:03.289254 #7893] DEBUG -- : omshell: executed -
> >> set
> >> > ip-address = 192.168.0.25
> >> > D, [2014-05-15T19:47:03.289360 #7893] DEBUG -- : true
> >> > D, [2014-05-15T19:47:03.289510 #7893] DEBUG -- : omshell: executed -
> >> set
> >> > hardware-address = 00:50:56:90:72:22
> >> > D, [2014-05-15T19:47:03.289652 #7893] DEBUG -- : true
> >> > D, [2014-05-15T19:47:03.289819 #7893] DEBUG -- : omshell: executed -
> >> set
> >> > hardware-type = 1
> >> > D, [2014-05-15T19:47:03.289933 #7893] DEBUG -- : true
> >> > D, [2014-05-15T19:47:03.290285 #7893] DEBUG -- : omshell: executed -
> >> set
> >> > statements = "filename = \"pxelinux.0\"; next-server = c0:a8:00:cf;
> >> option
> >> > host-name = \"example-04.example.com\";"
> >> > D, [2014-05-15T19:47:03.290396 #7893] DEBUG -- : true
> >> > D, [2014-05-15T19:47:03.290548 #7893] DEBUG -- : omshell: executed -
> create
> >> > D, [2014-05-15T19:47:03.290700 #7893] DEBUG -- : true
> >> > I, [2014-05-15T19:47:03.315293 #7893] INFO -- : Added DHCP
> >> reservation
> >> > for
> >> > example-04.example.com (192.168.0.25 / 00:50:56:90:72:22)
> >> > ---------------------------------
> >> > ==================
> >> > /var/log/messages
> >> > ==================
> >> > May 15 19:47:36 ns dhcpd: DHCPOFFER on 192.168.0.25 to
> >> 00:50:56:90:72:22
> >> > via eth1
> >> > May 15 19:47:38 ns dhcpd: Dynamic and static leases present for
> 192.168.0.25.
> >> > May 15 19:47:38 ns dhcpd: Remove host declaration
> >> example-04.example.com
> >> > or
> >> > remove 192.168.0.25
> >> > May 15 19:47:38 ns dhcpd: from the dynamic address pool for
> >> 192.168.0.0/24
> >> > May 15 19:47:38 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1)
> >> from
> >> > 00:50:56:90:72:22 via eth1
> >> > May 15 19:47:38 ns dhcpd: DHCPACK on 192.168.0.25 to
> 00:50:56:90:72:22
> >> via
> >> > eth1
> >> > ------------------
> >> > ==========================
> >> > /var/lib/dhcp/dhcpd.leases
> >> > ==========================
> >> > host example-04.example.com {
> >> > dynamic;
> >> > hardware ethernet 00:50:56:90:72:22;
> >> > fixed-address 192.168.0.25;
> >> > supersede server.filename = "pxelinux.0";
> >> > supersede server.next-server = c0:a8:00:cf;
> >> > supersede host-name = "example-04.example.com";
> >> > }
> >> > --------------------------
> >> > 2. The Foreman tells foreman-proxy to create A and PTR records at
> >> BIND's
> >> > zones for a new host via nsupdate (2)
> >> > =================================
> >> > /var/log/foreman-proxy/proxy.log
> >> > =================================
> >> > D, [2014-05-15T19:47:03.464086 #7893] DEBUG -- : running
> >> /usr/bin/nsupdate
> >> > -k /etc/foreman-proxy/foreman_proxy.key
> >> > D, [2014-05-15T19:47:03.465195 #7893] DEBUG -- : nsupdate: executed -
> server 127.0.0.1
> >> > D, [2014-05-15T19:47:03.470943 #7893] DEBUG -- : nsupdate: executed -
> update add example-04.example.com. 86400 A 192.168.0.25
> >> > D, [2014-05-15T19:47:03.658748 #7893] DEBUG -- : running
> >> /usr/bin/nsupdate
> >> > -k /etc/foreman-proxy/foreman_proxy.key
> >> > D, [2014-05-15T19:47:03.659858 #7893] DEBUG -- : nsupdate: executed -
> server 127.0.0.1
> >> > D, [2014-05-15T19:47:03.662425 #7893] DEBUG -- : nsupdate: executed -
> update add 25.0.168.192.in-addr.arpa. 86400 IN PTR
> >> > example-04.example.com.
> >> > ---------------------------------
> >> > ===================
> >> > /var/lib/named.run
> >> > ===================
> >> > 15-May-2014 19:47:03.474 update: info: client 127.0.0.1#1904:
> updating
> >> > zone
> >> > 'example.com/IN': adding an RR at 'example-04.example.com' A
> >> > 15-May-2014 19:47:03.669 update: info: client 127.0.0.1#34958:
> >> updating
> >> > zone '0.168.192.in-addr.arpa/IN': adding an RR at
> >> > '25.0.168.192.in-addr.arpa' PTR
> >> > 3. When host completely configured, it try to boot by pxe:
> >> > ===========================
> >> > /var/log/messages
> >> > ===========================
> >> > May 15 19:48:11 ns dhcpd: DHCPDISCOVER from 00:50:56:90:72:22 via
> eth1
> >> > May 15 19:48:11 ns dhcpd: DHCPOFFER on 192.168.0.25 to
> >> 00:50:56:90:72:22
> >> > via eth1
> >> > May 15 19:48:11 ns dhcpd: Dynamic and static leases present for
> 192.168.0.25.
> >> > May 15 19:48:11 ns dhcpd: Remove host declaration
> >> example-04.example.com
> >> > or
> >> > remove 192.168.0.25
> >> > May 15 19:48:11 ns dhcpd: from the dynamic address pool for
> >> 192.168.0.0/24
> >> > May 15 19:48:11 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1)
> >> from
> >> > 00:50:56:90:72:22 via eth1
> >> > May 15 19:48:11 ns dhcpd: DHCPACK on 192.168.0.25 to
> 00:50:56:90:72:22
> >> via
> >> > eth1
> >> > 4. When host starts to configure its network interface and received
> address, dhcpd initiates update bind's zones (I hope I understand
> this
> >> > mechanism properly):
> >> > ===========================
> >> > /var/log/messages
> >> > ===========================
> >> > May 15 19:48:20 ns dhcpd: DHCPDISCOVER from 00:50:56:90:72:22 via
> eth1
> >> > May 15 19:48:20 ns dhcpd: DHCPOFFER on 192.168.0.25 to
> >> 00:50:56:90:72:22
> >> > via eth1
> >> > May 15 19:48:20 ns dhcpd: Dynamic and static leases present for
> 192.168.0.25.
> >> > May 15 19:48:20 ns dhcpd: Remove host declaration
> >> example-04.example.com
> >> > or
> >> > remove 192.168.0.25
> >> > May 15 19:48:20 ns dhcpd: from the dynamic address pool for
> >> 192.168.0.0/24
> >> > May 15 19:48:20 ns dhcpd: Added new forward map from
> >> > example-04.example.com.example.com to 192.168.0.25
> >> > May 15 19:48:20 ns dhcpd: added reverse map from
> >> > 25.0.168.192.in-addr.arpa.
> >> > to example-04.example.com.example.com
> >> > May 15 19:48:20 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1)
> >> from
> >> > 00:50:56:90:72:22 via eth1
> >> > May 15 19:48:20 ns dhcpd: DHCPACK on 192.168.0.25 to
> 00:50:56:90:72:22
> >> via
> >> > eth1
> >> > ---------------------------
> >> > ===================
> >> > /var/lib/named.run
> >> > ===================
> >> > 15-May-2014 19:48:20.229 update: info: client 192.168.0.1#55653:
> >> updating
> >> > zone 'example.com/IN': adding an RR at
> >> > 'example-04.example.com.example.com'
> >> > A
> >> > 15-May-2014 19:48:20.229 update: info: client 192.168.0.1#55653:
> >> updating
> >> > zone 'example.com/IN': adding an RR at
> >> > 'example-04.example.com.example.com'
> >> > TXT
> >> > 15-May-2014 19:48:20.274 update: info: client 192.168.0.1#38704:
> >> updating
> >> > zone '0.168.192.in-addr.arpa/IN': deleting rrset at
> >> > '25.0.168.192.in-addr.arpa' PTR
> >> > 15-May-2014 19:48:20.274 update: info: client 192.168.0.1#38704:
> >> updating
> >> > zone '0.168.192.in-addr.arpa/IN': adding an RR at
> >> > '25.0.168.192.in-addr.arpa' PTR
> >> > -------------------
> >> > So, I can't figure out: if I told dhcpd "do not attempt any updates
> >> when
> >> > the client received address or this is a static lease etc.", why it
> continue updates zones?
> >> > Alex
> >> > 2014-05-12 10:29 GMT+04:00 Peter Rathlev <peter at rathlev.dk>:
> >> >> On Mon, 2014-04-28 at 17:14 +0400, Alexei V. Schukin wrote:
> >> >>> I'm trying to exclude one pool of subnet from dynamic updates.
> >> >> ...
> >> >>> subnet 192.168.0.1 netmask 255.255.255.0 {
> >> >>> pool {
> >> >>> range 192.168.0.10 192.168.0.20;
> >> >>> deny unknown-clients;
> >> >>> ddns-updates off;
> >> >>> ignore client-updates;
> >> >> ...
> >> >>> But it doesn't work: dhcpd still updating dns within this address
> >> pool.
> >> >>> What I'm missing?
> >> >> Are you sure it's dhcpd that does the updating? Does it say so in
> the
> >> >> logs? The above configuration would make the client try updating
> >> itself.
> >> >> It of course needs permission to do this.
> >> >> --
> >> >> Peter
> >> >> _______________________________________________
> >> >> dhcp-users mailing list
> >> >> dhcp-users at lists.isc.org
> >> >> https://lists.isc.org/mailman/listinfo/dhcp-users
> >> > _______________________________________________
> >> > dhcp-users mailing list
> >> > dhcp-users at lists.isc.org
> >> > https://lists.isc.org/mailman/listinfo/dhcp-users
> >> _______________________________________________
> >> dhcp-users mailing list
> >> dhcp-users at lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20140604/ef7be3dc/attachment-0001.html>
More information about the dhcp-users
mailing list