Fwd: ddns-updates off; within pool doesn't work

Glenn Satchell glenn.satchell at uniq.com.au
Mon May 19 15:11:40 UTC 2014 

Hi Alex

The lease created by the omshell commands is a host statement, that is
it's a static lease. so it is not part of the pool of dynamic leases where
you have turned off ddns-updates, even though the Ip address happens to be
in the pool's dynamic range.

Probably the right way to fix this is to remove that pool altogether and
put the commands in the subnet, but you don't need the range statement for
192.168.0.5 192.168.0.50. The host statement will inherit settings from
the subnet, but not from the pool. You could use a pool for the range
192.168.0.100 192.168.0.130 if you wanted different behaviour for those
addresses.

The range statement is for the dhcp server to allocate addresses itself.
That function is being controlled by foreman, so you have two things
conflicting with each other.

By the way, no modern dhcp clients need dynamic-bootp setting for range
these days. aLl that does is emulate bootp by allocating leases that never
expire, so you will eventually run out of IPs due to old systems that are
long gone still having anIp lease held for them.

Perhaps something like this. Note I haven't tried this, so there may be
syntax errors, etc, but hope this shows what I was trying to say above.

subnet 192.168.0.0 netmask 255.255.255.0   {

    ddns-updates off;
    ignore client-updates;
    update-static-leases off;

    pool {
        range 192.168.0.100 192.168.0.130;
        ddns-updates on;
        allow client-updates;
    }

        option broadcast-address 192.168.0.255;
        option domain-name-servers 192.168.0.1;
        option domain-name "example.com";
        option routers 192.168.0.1;
        default-lease-time 86400;
        max-lease-time 172800;
        ...
}

regards,
-glenn

On Tue, May 20, 2014 12:45 am, Alexei V. Schukin wrote:
> Peter, thanks for the reply.
>
> I'm trying to make friendship Foreman + DHCP (ddns updates) + BIND.
>
> DHCPD had configuration below, when I tested it work at last time.
>
> =============
> dhcpd.conf
> =============
>
> authoritative;
> ddns-update-style interim;
> ddns-updates on;
> ddns-domainname "example.com";
> allow booting;
> allow bootp;
> next-server 192.168.0.21;
> filename "pxelinux.0";
> option root-path "192.168.0.21:/tftpboot";
> option ntp-servers 192.168.0.1;
> allow unknown-clients;
> update-static-leases on;
>
> subnet 192.168.0.0 netmask 255.255.255.0   {
>         pool {
>                 range 192.168.0.5 192.168.0.50;
>                 deny unknown-clients;
>                 ddns-updates off;
>                 ddns-update-style none;
>                 ignore client-updates;
>                 update-static-leases off;
>         }
>
>         range dynamic-bootp 192.168.0.100 192.168.0.130;
>         option domain-name-servers 192.168.0.1;
>         option domain-name "example.com";
>         option routers 192.168.0.1;
>         option broadcast-address 192.168.0.255;
>         allow client-updates;
>         default-lease-time 86400;
>         max-lease-time 172800;
>         ...
> }
>
> ...
>
> -----------------
>
>
> This is the rude scheme of interaction between services:
>
> ​
> __________        _________________________________
> |         |      |                                 |
> |  Host 1 |      |            Host 2               |
> |         |      |                   (1)           |
> | Foreman | -->  | Foreman-Proxy   ------>   DHCPD |
> |_________|      |        |        omshell         |
>                  |    (2) |                        |
>                  |        | nsupdate               |
>                  |        +                        |
>                  |       BIND                      |
>                  |_________________________________|
>
> 0. Creating host in Foreman...
> 1. The Foreman tells foreman-proxy to reserve address for a new host via
> omshell (1)
>
> =================================
> /var/log/foreman-proxy/proxy.log
> =================================
> D, [2014-05-15T19:47:03.286591 #7893] DEBUG -- : Lazy loaded
> 192.168.0.0/255.255.255.0 records
> D, [2014-05-15T19:47:03.287669 #7893] DEBUG -- : Added
> example-04.example.com (192.168.0.25 / 00:50:56:90:72:22) to
> 192.168.0.0/255.255.255.0
> D, [2014-05-15T19:47:03.288907 #7893] DEBUG -- : omshell: executed - set
> name = "example-04.example.com"
> D, [2014-05-15T19:47:03.289097 #7893] DEBUG -- : true
> D, [2014-05-15T19:47:03.289254 #7893] DEBUG -- : omshell: executed - set
> ip-address = 192.168.0.25
> D, [2014-05-15T19:47:03.289360 #7893] DEBUG -- : true
> D, [2014-05-15T19:47:03.289510 #7893] DEBUG -- : omshell: executed - set
> hardware-address = 00:50:56:90:72:22
> D, [2014-05-15T19:47:03.289652 #7893] DEBUG -- : true
> D, [2014-05-15T19:47:03.289819 #7893] DEBUG -- : omshell: executed - set
> hardware-type = 1
> D, [2014-05-15T19:47:03.289933 #7893] DEBUG -- : true
> D, [2014-05-15T19:47:03.290285 #7893] DEBUG -- : omshell: executed - set
> statements = "filename = \"pxelinux.0\"; next-server = c0:a8:00:cf; option
> host-name = \"example-04.example.com\";"
> D, [2014-05-15T19:47:03.290396 #7893] DEBUG -- : true
> D, [2014-05-15T19:47:03.290548 #7893] DEBUG -- : omshell: executed -
> create
> D, [2014-05-15T19:47:03.290700 #7893] DEBUG -- : true
> I, [2014-05-15T19:47:03.315293 #7893]  INFO -- : Added DHCP reservation
> for
> example-04.example.com (192.168.0.25 / 00:50:56:90:72:22)
> ---------------------------------
>
> ==================
> /var/log/messages
> ==================
> May 15 19:47:36 ns dhcpd: DHCPOFFER on 192.168.0.25 to 00:50:56:90:72:22
> via eth1
> May 15 19:47:38 ns dhcpd: Dynamic and static leases present for
> 192.168.0.25.
> May 15 19:47:38 ns dhcpd: Remove host declaration example-04.example.com
> or
> remove 192.168.0.25
> May 15 19:47:38 ns dhcpd: from the dynamic address pool for 192.168.0.0/24
> May 15 19:47:38 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1) from
> 00:50:56:90:72:22 via eth1
> May 15 19:47:38 ns dhcpd: DHCPACK on 192.168.0.25 to 00:50:56:90:72:22 via
> eth1
> ------------------
>
> ==========================
> /var/lib/dhcp/dhcpd.leases
> ==========================
> host example-04.example.com {
>   dynamic;
>   hardware ethernet 00:50:56:90:72:22;
>   fixed-address 192.168.0.25;
>         supersede server.filename = "pxelinux.0";
>         supersede server.next-server = c0:a8:00:cf;
>         supersede host-name = "example-04.example.com";
> }
> --------------------------
>
>
>
> 2. The Foreman tells foreman-proxy to create A and PTR records at BIND's
> zones for a new host via nsupdate (2)
>
> =================================
> /var/log/foreman-proxy/proxy.log
> =================================
> D, [2014-05-15T19:47:03.464086 #7893] DEBUG -- : running /usr/bin/nsupdate
> -k /etc/foreman-proxy/foreman_proxy.key
> D, [2014-05-15T19:47:03.465195 #7893] DEBUG -- : nsupdate: executed -
> server 127.0.0.1
> D, [2014-05-15T19:47:03.470943 #7893] DEBUG -- : nsupdate: executed -
> update add example-04.example.com.  86400 A 192.168.0.25
> D, [2014-05-15T19:47:03.658748 #7893] DEBUG -- : running /usr/bin/nsupdate
> -k /etc/foreman-proxy/foreman_proxy.key
> D, [2014-05-15T19:47:03.659858 #7893] DEBUG -- : nsupdate: executed -
> server 127.0.0.1
> D, [2014-05-15T19:47:03.662425 #7893] DEBUG -- : nsupdate: executed -
> update add 25.0.168.192.in-addr.arpa.  86400 IN PTR
> example-04.example.com.
> ---------------------------------
>
> ===================
> /var/lib/named.run
> ===================
> 15-May-2014 19:47:03.474 update: info: client 127.0.0.1#1904: updating
> zone
> 'example.com/IN': adding an RR at 'example-04.example.com' A
> 15-May-2014 19:47:03.669 update: info: client 127.0.0.1#34958: updating
> zone '0.168.192.in-addr.arpa/IN': adding an RR at
> '25.0.168.192.in-addr.arpa' PTR
>
>
> 3. When host completely configured, it try to boot by pxe:
>
> ===========================
> /var/log/messages
> ===========================
> May 15 19:48:11 ns dhcpd: DHCPDISCOVER from 00:50:56:90:72:22 via eth1
> May 15 19:48:11 ns dhcpd: DHCPOFFER on 192.168.0.25 to 00:50:56:90:72:22
> via eth1
> May 15 19:48:11 ns dhcpd: Dynamic and static leases present for
> 192.168.0.25.
> May 15 19:48:11 ns dhcpd: Remove host declaration example-04.example.com
> or
> remove 192.168.0.25
> May 15 19:48:11 ns dhcpd: from the dynamic address pool for 192.168.0.0/24
> May 15 19:48:11 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1) from
> 00:50:56:90:72:22 via eth1
> May 15 19:48:11 ns dhcpd: DHCPACK on 192.168.0.25 to 00:50:56:90:72:22 via
> eth1
>
>
> 4. When host starts to configure its network interface and received
> address, dhcpd initiates update bind's zones (I hope I understand this
> mechanism properly):
>
> ===========================
> /var/log/messages
> ===========================
> May 15 19:48:20 ns dhcpd: DHCPDISCOVER from 00:50:56:90:72:22 via eth1
> May 15 19:48:20 ns dhcpd: DHCPOFFER on 192.168.0.25 to 00:50:56:90:72:22
> via eth1
> May 15 19:48:20 ns dhcpd: Dynamic and static leases present for
> 192.168.0.25.
> May 15 19:48:20 ns dhcpd: Remove host declaration example-04.example.com
> or
> remove 192.168.0.25
> May 15 19:48:20 ns dhcpd: from the dynamic address pool for 192.168.0.0/24
> May 15 19:48:20 ns dhcpd: Added new forward map from
> example-04.example.com.example.com to 192.168.0.25
> May 15 19:48:20 ns dhcpd: added reverse map from
> 25.0.168.192.in-addr.arpa.
> to example-04.example.com.example.com
> May 15 19:48:20 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1) from
> 00:50:56:90:72:22 via eth1
> May 15 19:48:20 ns dhcpd: DHCPACK on 192.168.0.25 to 00:50:56:90:72:22 via
> eth1
> ---------------------------
>
> ===================
> /var/lib/named.run
> ===================
> 15-May-2014 19:48:20.229 update: info: client 192.168.0.1#55653: updating
> zone 'example.com/IN': adding an RR at
> 'example-04.example.com.example.com'
> A
> 15-May-2014 19:48:20.229 update: info: client 192.168.0.1#55653: updating
> zone 'example.com/IN': adding an RR at
> 'example-04.example.com.example.com'
> TXT
> 15-May-2014 19:48:20.274 update: info: client 192.168.0.1#38704: updating
> zone '0.168.192.in-addr.arpa/IN': deleting rrset at
> '25.0.168.192.in-addr.arpa' PTR
> 15-May-2014 19:48:20.274 update: info: client 192.168.0.1#38704: updating
> zone '0.168.192.in-addr.arpa/IN': adding an RR at
> '25.0.168.192.in-addr.arpa' PTR
> -------------------
>
> So, I can't figure out: if I told dhcpd "do not attempt any updates when
> the client received address or this is a static lease etc.", why it
> continue updates zones?
>
> Alex
>
> 2014-05-12 10:29 GMT+04:00 Peter Rathlev <peter at rathlev.dk>:
>> On Mon, 2014-04-28 at 17:14 +0400, Alexei V. Schukin wrote:
>>> I'm trying to exclude one pool of subnet from dynamic updates.
>> ...
>>> subnet 192.168.0.1 netmask 255.255.255.0 {
>>>   pool {
>>>     range 192.168.0.10 192.168.0.20;
>>>     deny unknown-clients;
>>>     ddns-updates off;
>>>     ignore client-updates;
>> ...
>>> But it doesn't work: dhcpd still updating dns within this address pool.
>>> What I'm missing?
>>
>> Are you sure it's dhcpd that does the updating? Does it say so in the
>> logs? The above configuration would make the client try updating itself.
>> It of course needs permission to do this.
>>
>> --
>> Peter
>>
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list