BIND, DHCP & Dynamic DNS Updates

Aniruddha Shankar karim at sarai.net
Wed Jun 22 11:30:09 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am posting to both bind-users and dhcp-server since this appears to be a
problem that concerns both DHCP and BIND.

I'm trying to get Dynamic DNS Updates working with BIND 9.2.5 and DHCP
3.0.1 .

My non-publicly-routable internal domain name is rnd.cbm .

gateway (gateway.rnd.cbm) is a  DNS/DHCP/iptables box  and has the IP
address 192.168.0.51 .
bhim (bhim.rnd.cbm) is an LTSP server and has the IP address
192.168.0.254 .
korma (korma.rnd.cbm) is a machine that gets a DHCP lease from gateway.

Forward and reverse name resolution works fine and dhcp leases are duly
granted to clients requesting them, so I know that the basic dhcp / dns
functionality is working. Dynamic DNS Updates do not work, however and I
get logs like this :
Jun 21 17:00:48 gateway dhcpd: Unable to add forward map from
korma.rnd.cbm to 192.168.0.217: timed out
Jun 21 17:00:48 gateway dhcpd: Wrote 24 leases to leases file.
Jun 21 17:00:48 gateway dhcpd: DHCPREQUEST for 192.168.0.217 from
00:0c:6e:6d:fa:6d (korma) via eth1
Jun 21 17:00:48 gateway dhcpd: DHCPACK on 192.168.0.217 to
00:0c:6e:6d:fa:6d (korma) via eth1
Jun 21 17:00:51 gateway dhcpd: Unable to add forward map from
korma.rnd.cbm to 192.168.0.217: timed out
Jun 21 17:00:51 gateway dhcpd: DHCPREQUEST for 192.168.0.217 from
00:0c:6e:6d:fa:6d (korma) via eth1
Jun 21 17:00:51 gateway dhcpd: DHCPACK on 192.168.0.217 to
00:0c:6e:6d:fa:6d (korma) via eth1

dhcpd runs normally, outside a chroot .
named runs in a chroot , namely /chroot/dns/ .

All config files referred to are on gateway, unless otherwise noted.

Mark Andrews in his mail of on 21 Jun 2005 22:54:47 +0000 (UTC)
said that "The requests go the address associated with the MNAME in the
SOA record." AFAICS the only thing associated with the SOA record in my
zone file is the gateway.

Anyone have any suggestions as to what I should do now ?

Thanks,

Aniruddha "Karim" Shankar


Here's /etc/dhcpd.conf
- -------------START dhcpd.conf---------------------------
authoritative;
default-lease-time              21600;
max-lease-time                  21600;
ddns-updates                    on;
ddns-update-style               interim;
ddns-domainname                 "rnd.cbm";
ddns-rev-domainname             "in-addr.arpa";
ignore client-updates;
key rnd.cbm {
        algorithm hmac-md5;
        secret "U97GaENxBFQin9tdS/SI5Q==";
        };
allow booting;
allow bootp;
option subnet-mask            255.255.255.0;
option broadcast-address      192.168.0.255;
option routers                192.168.0.51;
option domain-name-servers    192.168.0.51;
option log-servers            192.168.0.254;
option domain-name            "rnd.cbm";

## LTSP Path Options
option root-path              "192.168.0.254:/opt/ltsp-4.1/i386";
filename                      "192.168.0.254:/lts/vmlinuz-2.4.26-ltsp-2";
shared-network WORKSTATIONS {
  subnet 192.168.0.0 netmask 255.255.255.0 {
    range 192.168.0.100 192.168.0.250;
    next-server 192.168.0.254;
    filename "/pxe/pxelinux.0";
  }
}
- ---------------END dhcpd.conf-------------------------

Here's /chroot/dns/etc/bind/named.conf
- ----------------START named.conf------------------------
acl     internal { 192.168.0.0/24; };
key rnd.cbm {
        algorithm hmac-md5;
        secret "U97GaENxBFQin9tdS/SI5Q==";
        };
controls {
        inet 127.0.0.1 port 953
        allow { 127.0.0.1; 192.168.0.51; } keys { "rnd.cbm";
        };
        };
options {
        directory "/var/bind";
        pid-file "/var/run/named/named.pid";
        recursion yes;
        version "defigo per occultus";
        allow-query {"internal";};
        };
logging {
        channel update_debug    {
                file "/var/log/update-debug.log";
                severity debug 3;
                print-category  yes;
                print-severity  yes;
                print-time      yes;
        };
        channel security_info   {
                file "/var/log/named-auth.info";
                severity info;
                print-category  yes;
                print-severity  yes;
                print-time      yes;
        };
        };
zone "rnd.cbm" in {
        allow-update {key rnd.cbm; };
        type master;
        file "pri/db.rnd";
        };
zone "0.168.192.in-addr.arpa" in {
        type master;
        file "pri/db.192.168.0";
        allow-update {key rnd.cbm; };
        };
zone "0.0.127.in-addr.arpa" in {
        type master;
        file "pri/db.127.0.0";
        };
zone "." in {
        type hint;
        file "pri/db.cache";
        };
- ----------------END named.conf------------------------

here's /chroot/dns/var/bind/pri/db.rnd:
- ----------------START db.rnd------------------------
$TTL 3h
@       IN      SOA     gateway.rnd.cbm.        karim.sarai.net. (
                1       ; Serial
                3h      ; Refresh after 3 hours
                1h      ; Retry after 1 hour
                1w      ; Expire after 1 week
                1h )    ; Negative caching of TTL of 1 day

        IN      NS      gateway.rnd.cbm.
        IN      NS      bhim.rnd.cbm.


;
; Host addresses
;

localhost       IN      A       127.0.0.1
bhim            IN      A       192.168.0.254
dwaar           IN      A       192.168.0.177
gateway         IN      A       192.168.0.51

bheem           IN      CNAME   bhim
- ----------------END db.rnd------------------------

here's /chroot/dns/var/bind/pri/db.192.168.0:
- ----------------START db.192.168.0------------------------
$TTL 3h
@       IN      SOA     gateway.rnd.cbm.        karim.sarai.net. (
                                1       ; Serial
                                3h      ; Refresh after 3 hours
                                1h      ; Retry after 1 hour
                                1w      ; Expire after 1 week
                                1h )    ; Negative caching of TTL of 1 day

        IN      NS      gateway.rnd.cbm.
        IN      NS      bhim.rnd.cbm.

254     IN      PTR     bhim.rnd.cbm.
177     IN      PTR     dwaar.rnd.cbm.
51      IN      PTR     gateway.rnd.cbm.
- ----------------END db.192.168.0------------------------
As you've noticed, I'm using TSIG keys (not for any particular reasons
of security, it's just the way that most documents were written).

here's /chroot/dns/etc/bind/rndc.conf:
- ----------------START rndc.conf------------------------
key rnd.cbm {
        algorithm hmac-md5;
        secret "U97GaENxBFQin9tdS/SI5Q==";
        };

options {
        default-key rnd.cbm;
        default-server 127.0.0.1;
        default-port 953;
        };
- ----------------END rndc.conf---------------------------

here's /chroot/dns/etc/bind/rndc.key:
- ----------------START rndc.key------------------------
key "rnd.cbm" {
        algorithm hmac-md5;
        secret "U97GaENxBFQin9tdS/SI5Q==";
};
- ----------------END rndc.key------------------------


For good measure, I've placed identical files in /etc:

gateway bind # md5sum /etc/bind/rndc.*
805018daa4e27911e58cae93360ba58c  /etc/bind/rndc.conf
dc960a0810a017d9ef082d5b7e2e7cd7  /etc/bind/rndc.key
gateway bind # md5sum /chroot/dns/etc/bind/rndc.*
805018daa4e27911e58cae93360ba58c  /chroot/dns/etc/bind/rndc.conf
dc960a0810a017d9ef082d5b7e2e7cd7  /chroot/dns/etc/bind/rndc.key


Here's /etc/resolv.conf:
- ----------------START resolv.conf------------------------
domain rnd.cbm
nameserver 203.145.184.13
nameserver 202.56.215.6
- ----------------END resolv.conf--------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCuUvBhJkrd6A3rSsRAkoHAJ4y1EyRrEvPeZa3Y2mTShbfOGen4wCfcoq5
6gQsvUPs6WQTbZYNKGTlpJc=
=I5IS
-----END PGP SIGNATURE-----



More information about the bind-users mailing list