need help with dynamic DNS updates

Ross Boylan RossBoylan at stanfordalumni.org
Fri Mar 10 17:26:58 UTC 2006 

Does anybody have any more ideas about this?  I still haven't had any
luck getting it working, or even getting signs that an update is being
attempted.

Ross

On Sun, Mar 05, 2006 at 10:19:46PM -0800, Ross Boylan wrote:
> I've been trying to get dynamic updates of DNS to work.  Though I
> think I've followed all the steps, from what I can tell dhcpd is not
> even attempting to contact my name server.  Can anyone suggest what
> I'm doing wrong, or how to debug the problem?
> dhcp3-server  3.0.3-6
> bind9         9.3.2-2  
> on Debian Gnu/Linux 2.4 kernel.  Apart from this, bind and dhcp seem
> to be working.  I'm using views in bind to show different face to
> internal and external networks.
> 
> dhcpd3 -f -d eth1
> and the logs show requests coming in and being acknowledged:
> ------------------------------------------
> # dhcpd3 -f -d eth1
> Internet Systems Consortium DHCP Server V3.0.3
> Copyright 2004-2005 Internet Systems Consortium.
> All rights reserved.
> For info, please visit http://www.isc.org/sw/dhcp/
> Wrote 0 deleted host decls to leases file.
> Wrote 0 new dynamic host decls to leases file.
> Wrote 7 leases to leases file.
> Listening on LPF/eth1/00:13:46:66:27:d7/192.168.40/24
> Sending on   LPF/eth1/00:13:46:66:27:d7/192.168.40/24
> Sending on   Socket/fallback/fallback-net
> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1
> DHCPACK on 192.168.40.60 to 00:0e:0c:9b:e8:84 via eth1
> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1
> DHCPACK on 192.168.40.60 to 00:0e:0c:9b:e8:84 via eth1
> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1
> DHCPACK on 192.168.40.60 to 00:0e:0c:9b:e8:84 via eth1
> 
> wheat:/usr/local/rootlog# dhcpd3 -f -d eth1
> Internet Systems Consortium DHCP Server V3.0.3
> Copyright 2004-2005 Internet Systems Consortium.
> All rights reserved.
> For info, please visit http://www.isc.org/sw/dhcp/
> Wrote 0 deleted host decls to leases file.
> Wrote 0 new dynamic host decls to leases file.
> Wrote 7 leases to leases file.
> Listening on LPF/eth1/00:13:46:66:27:d7/192.168.40/24
> Sending on   LPF/eth1/00:13:46:66:27:d7/192.168.40/24
> Sending on   Socket/fallback/fallback-net
> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1: unknown lease 192.168.40.60.
> DHCPREQUEST for 192.168.40.60 from 00:0e:0c:9b:e8:84 via eth1: unknown lease 192.168.40.60.
> DHCPDISCOVER from 00:0e:0c:9b:e8:84 (Knoppix) via eth1
> DHCPOFFER on 192.168.40.25 to 00:0e:0c:9b:e8:84 via eth1
> DHCPREQUEST for 192.168.40.25 (192.168.40.1) from 00:0e:0c:9b:e8:84 via eth1
> DHCPACK on 192.168.40.25 to 00:0e:0c:9b:e8:84 via eth1
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> I tested by starting up the client and the repeatedly bring the
> appropriate interface down and up.  Initially dhcp was configured to
> offer a fixed-address.  I discovered and added update-static-leases
> on;.  I added the suggested (in the dhcpd.conf man page's discussion
> of logging options to bind under "DYNAMIC DNS UPDATE SECURITY".
> Finally, I commented out the host section giving the fixed address.
> You can see the result in the second session shown above.  The address
> was used by the same system with a different system name previously.
> 
> Every time I saw the dialogue requesting the IP address, but no
> messages or errors from bind.  The logging files referred to in the
> previous paragraph remained empty.  dig and dig -x never produced
> answers for the dhcp client systems.
> 
> What am I missing?  I assume that even if their were some security or
> communication problem there would be a sign of it in the logs; there
> is not.  I also have firewalls, but they shouldn't get in the way
> local traffic.
> 
> Here are some highlights of the configuration files, with secrets obscured.
> 
> ---------------- dhcpd.cof ----------------------------------
#also with
ddns-updates on;
ddns-update-style interim;
ddns-domainname "betterworld.us";

> key DHCP_UPDATER {
> 	algorithm HMAC-MD5;
> 	secret xxxx;
> };
> 
> update-static-leases on;
> 
> zone betterworld.us. {
> 	primary 127.0.0.1;
> 	key DHCP_UPDATER;
> }
> # the example did not have ; after the zone {}, which seems odd.
> 
> zone 192.in-addr.arpa. {
> 	primary 127.0.0.1;
> 	key DHCP_UPDATER;
> }
> 
> option domain-name "betterworld.us";
> option domain-name-servers 192.168.40.1;
> 
> option subnet-mask 255.255.255.0;
> default-lease-time 24000;
> max-lease-time 72000;
> authoritative;
> log-facility local7;
> allow booting;
> allow bootp;
> 
> # No service will be given on this subnet, but declaring it helps the 
>   subnet 198.144.201.0 netmask 255.255.255.192 {
>   }
> 
> # Service the local network
>   subnet 192.168.40.0 netmask 255.255.255.0 {
>     range 192.168.40.20 192.168.40.50;
>     option broadcast-address 192.168.40.255;
>     option routers 192.168.40.1;
> 
> 	# make WINS happy for MS
> 	option netbios-name-servers 192.168.40.1;
> 	option netbios-dd-server 192.168.40.1;
> 	option netbios-node-type 8;
>   }
> # old host section giving fixed-address omitted
> # some bootp stuff omitted; it does refer to the client
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> ---------------- named.conf -----------------------------
> acl internals { 127.0.0.1; 192.168.40.0/24; };
> acl externals { ! internals ; any; };
> 
> # suggested logging statements omitted
> 
> view "outside" {
> 	match-clients { externals; };
> # etc
> };
> 
> view "inside" {
> 	match-clients { internals; };
> # note all is defined inside the view
> 	// allow dhcp to update me
> 	key DHCP_UPDATER {
> 		algorithm HMAC-MD5;
> 		secret xxxxx;
> 	};
> 
> 	zone "." {
> 		type hint;
> 		file "/etc/bind/db.root";
> 	};
> 
> 	zone "localhost" {
> 		type master;
> 		file "/etc/bind/db.local";
> 	};
> 
> 	zone "127.in-addr.arpa" {
> 		type master;
> 		file "/etc/bind/db.127";
> 	};
> 
> 	zone "0.in-addr.arpa" {
> 		type master;
> 		file "/etc/bind/db.0";
> 	};
> 
> 	zone "255.in-addr.arpa" {
> 		type master;
> 		file "/etc/bind/db.255";
> 	};
> 
> 	zone "192.in-addr.arpa" {
> 		type master;
> 		file "/etc/bind/db.192";
> 		allow-query { internals; };
> 		allow-transfer { internals; };
> 		allow-update { key DHCP_UPDATER;};
> 	};
> 
> 	zone "betterworld.us" {
> 		notify no;
> 		type master;
> 		file "/etc/bind/inside-betterworld.us";
> 	};
> 
> # some other zones omitted
> };
> 
> # rndc keys and controls omitted
> # I do notice their key name and secrets are quoted
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^6
>

More information about the dhcp-users mailing list