multiple subnets same ddns zone

Fri Aug 28 13:13:30 UTC 2009

>Date: Fri, 28 Aug 2009 06:51:53 -0500
>From: "Terry L. Inzauro" <tinzauro at ha-solutions.net>
>To: Glenn Satchell <Glenn.Satchell at uniq.com.au>, Users of ISC DHCP 
<dhcp-users at lists.isc.org>
>Subject: Re: multiple subnets same ddns zone
>X-Enigmail-Version: 0.96.0
>X-BeenThere: dhcp-users at lists.isc.org
>
>Glenn Satchell wrote:
>> This is from dhcpd.conf man page:
>> 
>>        ddns-rev-domainname name; The name parameter should be the
>>        domain name that will be appended to the client's reversed
>>        IP address to produce a name for use in the  client's  PTR
>>        record.    By  default,  this  is "in-addr.arpa.", but the
>>        default can be overridden here.
>> 
>>        The reversed IP address  to  which  this  domain  name  is
>>        appended is always the IP address of the client, in dotted
>>        quad notation, reversed - for example, if the  IP  address
>>        assigned  to  the client is 10.17.92.74, then the reversed
>>        IP address is 74.92.17.10.   So  a  client  with  that  IP
>>        address  would,  by  default,  be  given  a  PTR record of
>>        10.17.92.74.in-addr.arpa.
>> 
>> Usually you want the default value. In your case you are creating a
>> reverse of, for example, 4.1.0.10.1.0.10.in-addr.arpa.
>> 
>> Oh, and the subnet mask is not /27 for the first subnet.
>> 
>> regards,
>> -glenn
>> 
>>> Date: Thu, 27 Aug 2009 22:41:23 -0500
>>> From: "Terry L. Inzauro" <tinzauro at ha-solutions.net>
>>> To: Users of ISC DHCP <dhcp-users at lists.isc.org>
>>> Subject: multiple subnets same ddns zone
>>>
>>> is it possible to have multiple subnets defined (for instance 10.0.1.0/27 
and 
>> 10.0.1.32/27 within 10.0.1.0/24) and then have
>>> both subnets update the same reverse dns zone such as 1.0.10.in-addr.arpa?
>>>
>>> if so, can i have some pointers on how to do it?
>>>
>>>
>>> this is what i currently have:
>>>
>>> ddns-update-style interim;
>>> option domain-name-servers host1, host2;
>>> option ntp-servers pool.ntp.org;
>>> default-lease-time 2628000;
>>> max-lease-time 2628000;
>>> #authoritative;
>>> log-facility local7;
>>> one-lease-per-client on;
>>> option time-offset -6;
>>> do-forward-updates off;
>>>
>>>
>>> # define the key used for ddns updates to local bind9 server
>>> key dydns {
>>>        algorithm hmac-md5;
>>>        secret thisisthesecret;
>>>        }
>>> # primary reverse zone for 1.0.10.in-addr.arpa
>>> zone 1.0.10.in-addr.arpa. {
>>>        primary localhost;
>>>        key dydns;
>>>        }
>>>
>>> # 10.0.1.0/27
>> 
>> The netmask here doesn't match /27
>> 
>>> subnet 10.0.1.0 netmask 255.255.255.0 {
>>>        default-lease-time 2628000;
>>>        ddns-updates on;
>>>        #ddns-domainname "example.org";
>>>        ddns-rev-domainname "1.0.10.in-addr.arpa.";
>>>        authoritative;
>>>        deny client-updates;
>>>        allow unknown-clients;
>>>        option routers 10.0.1.1;
>>>
>>>        pool {
>>>                range 10.0.1.4 10.0.1.30;
>>>                }
>>>        }
>>> # 10.0.1./27
>>> subnet 10.0.1.32 netmask 255.255.255.224 {
>>>        default-lease-time 2628000;
>>>        ddns-updates on;
>>>        #ddns-domainname "example.org";
>>>        ddns-rev-domainname "1.0.10.in-addr.arpa.";
>>>        authoritative;
>>>        deny client-updates;
>>>        allow unknown-clients;
>>>        option routers 10.0.1.36;
>>>
>>>        pool {
>>>                range 72.22.210.228 72.22.210.254;
>>>        }
>>> }
>>>
>>>
>>> any help would be greatly appreciated.
>>>
>>>
>>>
>>>
>
>
>Thank you for your reply.
>
>
>After correcting the netmask and ddns-dmainname, is still does not work.  not 
even a failure messages in the log.
>
>It seems if I have only one subnet defined and place the zone declaration in 
the global scope, all works fine.  If I have two
>subnets and place the zone declaration inside each of the two subnet scopes, it 
fails to work.
>
>Should the zone definitions get defined inside the subnet or do they get placed 
in the global scope?

Whether you have one subnet or many, you only need one declaration for
each zone, and that should typically be in the global scope.

>Is it a requisite that I perform forward ddns if I perform reverse ddns?

I don't believe you have to do both.

Very important to pay attention to quotes in your zone and key
definitions. While the syntax looks similar, the quoting between dhcpd
and bind is different. If it is not right it will not work. There is an
example of dhcp and bind configuration in dhcpd.conf man page.

To troubleshoot this further you need to enable logging on your DNS
server, or sniff packets. An incorrect key or zone will simply be
ignored by a BIND server, so the dhcp server gets a timeout, which
doesn't help much working out what is wrong.

regards,
-glenn