need help with dynamic DNS updates
Ross Boylan
RossBoylan at stanfordalumni.org
Fri Mar 10 17:26:58 UTC 2006
Does anybody have any more ideas about this? I still haven't had any
luck getting it working, or even getting signs that an update is being
attempted.
Ross
On Sun, Mar 05, 2006 at 10:19:46PM -0800, Ross Boylan wrote:
> I've been trying to get dynamic updates of DNS to work. Though I
> think I've followed all the steps, from what I can tell dhcpd is not
> even attempting to contact my name server. Can anyone suggest what
> I'm doing wrong, or how to debug the problem?
> dhcp3-server 3.0.3-6
> bind9 9.3.2-2
> on Debian Gnu/Linux 2.4 kernel. Apart from this, bind and dhcp seem
> to be working. I'm using views in bind to show different face to
> internal and external networks.
>
> dhcpd3 -f -d eth1
> and the logs show requests coming in and being acknowledged:
> ------------------------------------------
> # dhcpd3 -f -d eth1
> Internet Systems Consortium DHCP Server V3.0.3
> Copyright 2004-2005 Internet Systems Consortium.
> All rights reserved.
> For info, please visit http://www.isc.org/sw/dhcp/
> Wrote 0 deleted host decls to leases file.
> Wrote 0 new dynamic host decls to leases file.
> Wrote 7 leases to leases file.
> Listening on LPF/eth1/00:13:46:66:27:d7/192.168.40/24
> Sending on LPF/eth1/00:13:46:66:27:d7/192.168.40/24
> Sending on Socket/fallback/fallback-net
> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1
> DHCPACK on 192.168.40.60 to 00:0e:0c:9b:e8:84 via eth1
> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1
> DHCPACK on 192.168.40.60 to 00:0e:0c:9b:e8:84 via eth1
> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1
> DHCPACK on 192.168.40.60 to 00:0e:0c:9b:e8:84 via eth1
>
> wheat:/usr/local/rootlog# dhcpd3 -f -d eth1
> Internet Systems Consortium DHCP Server V3.0.3
> Copyright 2004-2005 Internet Systems Consortium.
> All rights reserved.
> For info, please visit http://www.isc.org/sw/dhcp/
> Wrote 0 deleted host decls to leases file.
> Wrote 0 new dynamic host decls to leases file.
> Wrote 7 leases to leases file.
> Listening on LPF/eth1/00:13:46:66:27:d7/192.168.40/24
> Sending on LPF/eth1/00:13:46:66:27:d7/192.168.40/24
> Sending on Socket/fallback/fallback-net
> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1: unknown lease 192.168.40.60.
> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1: unknown lease 192.168.40.60.
> DHCPDISCOVER from 00:0e:0c:9b:e8:84 (Knoppix) via eth1
> DHCPOFFER on 192.168.40.25 to 00:0e:0c:9b:e8:84 via eth1
> DHCPREQUEST for 192.168.40.25 (192.168.40.1) from 00:0e:0c:9b:e8:84 via eth1
> DHCPACK on 192.168.40.25 to 00:0e:0c:9b:e8:84 via eth1
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> I tested by starting up the client and the repeatedly bring the
> appropriate interface down and up. Initially dhcp was configured to
> offer a fixed-address. I discovered and added update-static-leases
> on;. I added the suggested (in the dhcpd.conf man page's discussion
> of logging options to bind under "DYNAMIC DNS UPDATE SECURITY".
> Finally, I commented out the host section giving the fixed address.
> You can see the result in the second session shown above. The address
> was used by the same system with a different system name previously.
>
> Every time I saw the dialogue requesting the IP address, but no
> messages or errors from bind. The logging files referred to in the
> previous paragraph remained empty. dig and dig -x never produced
> answers for the dhcp client systems.
>
> What am I missing? I assume that even if their were some security or
> communication problem there would be a sign of it in the logs; there
> is not. I also have firewalls, but they shouldn't get in the way
> local traffic.
>
> Here are some highlights of the configuration files, with secrets obscured.
>
> ---------------- dhcpd.cof ----------------------------------
#also with
ddns-updates on;
ddns-update-style interim;
ddns-domainname "betterworld.us";
> key DHCP_UPDATER {
> algorithm HMAC-MD5;
> secret xxxx;
> };
>
> update-static-leases on;
>
> zone betterworld.us. {
> primary 127.0.0.1;
> key DHCP_UPDATER;
> }
> # the example did not have ; after the zone {}, which seems odd.
>
> zone 192.in-addr.arpa. {
> primary 127.0.0.1;
> key DHCP_UPDATER;
> }
>
> option domain-name "betterworld.us";
> option domain-name-servers 192.168.40.1;
>
> option subnet-mask 255.255.255.0;
> default-lease-time 24000;
> max-lease-time 72000;
> authoritative;
> log-facility local7;
> allow booting;
> allow bootp;
>
> # No service will be given on this subnet, but declaring it helps the
> subnet 198.144.201.0 netmask 255.255.255.192 {
> }
>
> # Service the local network
> subnet 192.168.40.0 netmask 255.255.255.0 {
> range 192.168.40.20 192.168.40.50;
> option broadcast-address 192.168.40.255;
> option routers 192.168.40.1;
>
> # make WINS happy for MS
> option netbios-name-servers 192.168.40.1;
> option netbios-dd-server 192.168.40.1;
> option netbios-node-type 8;
> }
> # old host section giving fixed-address omitted
> # some bootp stuff omitted; it does refer to the client
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ---------------- named.conf -----------------------------
> acl internals { 127.0.0.1; 192.168.40.0/24; };
> acl externals { ! internals ; any; };
>
> # suggested logging statements omitted
>
> view "outside" {
> match-clients { externals; };
> # etc
> };
>
> view "inside" {
> match-clients { internals; };
> # note all is defined inside the view
> // allow dhcp to update me
> key DHCP_UPDATER {
> algorithm HMAC-MD5;
> secret xxxxx;
> };
>
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
> zone "192.in-addr.arpa" {
> type master;
> file "/etc/bind/db.192";
> allow-query { internals; };
> allow-transfer { internals; };
> allow-update { key DHCP_UPDATER;};
> };
>
> zone "betterworld.us" {
> notify no;
> type master;
> file "/etc/bind/inside-betterworld.us";
> };
>
> # some other zones omitted
> };
>
> # rndc keys and controls omitted
> # I do notice their key name and secrets are quoted
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^6
>
More information about the dhcp-users
mailing list