ddns frustration

Glenn Satchell Glenn.Satchell at uniq.com.au
Sun Oct 15 14:18:23 UTC 2006


>Date: Sun, 15 Oct 2006 17:02:10 +1300
>From: Ian Collins <ian.collins at kiwiplan.co.nz>
>To: dhcp-users at isc.org
>Subject: ddns frustration
>
>I used to have ddns working, so clients getting a dhcp address would 
>have dns updated.
>Maybe it was a suse10 upgrade, but it stopped working (both at home and 
>at work).
>
>Out of frustration, I have downloaded the bind and dhcp from isc.
>I got bind-9.3.2-P1 and dhcp-3.0.5
>I uninstalled my suse10 rpm for bind and dhcp-server and 
>compiled/installed the new ones (with no particular options).

This has worked for a long time, from early 3.0 and bind 8, so the suse
packages should be ok, but of course the new ones are "better" (ie more
functionality, security fixes, etc).

>(I'm testing this all at home before putting it into production) -
>My home dhcp happily passes out addresses.
>My home dns happily hands out dns queries.
>I can use rndc to control bind.
>I can use nsupdate to added dynamic addresses on the fly.
>
>But I CANT get dhcp to update dns. I see in the syslog the DHCPREQUEST, 
>DHCPACK, messages. I never see anything about updating dns (which I'm 
>sure I used to see). It feels that dhcp isn't even trying to update dns. 
>If it were (and failing), then I'd see logs.

In dhcpd logs you'd see 'timed out' type messages. In named's logs,
depending on log settings, you should see the real reason.

>My dhcp.conf is,
>
>key "rndc-key" {
>       algorithm hmac-md5;
>       secret "......";
>};

In my ddns configs I don't have quotes around the key name or the
secret. The quotes are part of the similar named config, so it makes
for a little confusion.  So it would look like:

key rndc-key {
       algorithm hmac-md5;
       secret ......;
};

>ddns-update-style interim;
>
>subnet 192.168.1.0 netmask 255.255.255.0 {
>  range 192.168.1.10 192.168.1.30;
>  default-lease-time 36000;
>  max-lease-time 2419200;
>  option domain-name "family.homelinux.org";
>  option domain-name-servers 192.168.1.2,192.168.1.1;
>  option routers 192.168.1.1;
>  option ntp-servers 192.168.1.1;
>
>  ignore client-updates;
>  ddns-rev-domainname "in-addr.arpa";
>  default-lease-time 600;
>  log-facility syslog;
>  authoritative;
>  ddns-updates on;
>  ddns-domainname "family.homelinux.org";
>
>  zone family.homelinux.org {
>    primary 127.0.0.1;
>    key rndc-key;
>  }
>
>  zone 1.168.192.in-addr.arpa {
>    primary 127.0.0.1;
>    key rndc-key;
>  }
>

I have a trailing '.' on the end of the domain name in the zone
statement. This is shown in the dhcpd.conf man page which has examples
for named.conf and dhcpd.conf, ie:

zone family.homelinux.org. {
...
zone 1.168.192.in-addr.arpa. {
...

Not so sure about putting the zone definitions in the subnet scope.
I've always put them in the global scope, ie define them before the
subnet definition. This may or may not be required.

>Please help. This should just work, so either it's broken or I'm doing 
>something really really dumb. I'll take the embarrassment to get it working.

Not really. ddns is tricky to get working, and judging from the
relatively large numbers of questions to the list, a fairly common area
of difficulty. However, once it's running it usually stays that way.

regards,
-glenn
--
Glenn Satchell     mailto:glenn.satchell at uniq.com.au | Some days we are
Uniq Advances Pty Ltd         http://www.uniq.com.au | the flies;  some
PO Box 70 Paddington NSW Australia 2021              | days we  are the
tel:0409-458-580  tel:02-9380-6360  fax:02-9380-6416 | windscreens...


More information about the dhcp-users mailing list