DDNS issues

Alex Moen alexm at ndtel.com
Mon Mar 22 18:43:59 UTC 2010


First of all, forgive the cross post... You will understand why in a  
minute.

I am experiencing a problem with DDNS.  We have access equipment that  
is performing DHCP snooping, and adding circuit and client identifiers  
for CALEA purposes to the DHCP conversations.  Also, we make decisions  
based on the circuit id to determine what pool the client belongs in.

A change from the manufacturer has caused the client IDs to change if  
the client configuration is changed.  This change causes a couple of  
things to happen, and this is where my problem lies:

1. Client requests assigned IP address after provisioning has changed  
client ID.
2. DHCP server NAKs based on the changed client ID.
3. Client and server process DISCOVER, OFFER, REQUEST, and ACK  
sequence.  Client is given a new IP address.
4. DHCP server attempts to change the DDNS information to DNS server.
5. DDNS update fails, with these in the DNS server log file:
	Mar 18 10:55:46.770 update: info: client 10.4.0.4#44378: updating  
zone 'rg/IN': update failed: 'name not in use' prerequisite not  
satisfied (YXDOMAIN)
	Mar 18 10:55:46.774 update: info: client 10.4.0.4#44379: updating  
zone 'rg/IN': update failed: 'RRset exists (value dependent)'  
prerequisite not satisfied (NXRRSET)

Question: how do I fix this problem?  Can I somehow force the DHCP  
server to ignore the client ID and process only on the MAC address and  
Circuit ID?  And, why does the DNS server not accept the change from  
an authorized DHCP server?  How is a situation like this supposed to  
be handled?

I am currently running BIND 9.2.4 and DHCP 3.0.3.  I know these are  
both very old versions (servers have been up for 1585 days and 1494  
days respectively), and I plan on upgrading to current releases during  
tomorrow's maintenance period, but before doing that I would like to  
know if it will help...

TIA, and if anything else is needed, please let me know....  My  
configs are available if needed, don't wanna create such a long post  
if it's not needed.

Alex




More information about the bind-users mailing list