dhcp not updating dns server

Mon Dec 14 15:23:56 UTC 2009

>From: James Dinkel <jdinkel at gmail.com>
>Date: Mon, 14 Dec 2009 08:27:44 -0600
>Subject: Re: dhcp not updating dns server
>To: Glenn Satchell <Glenn.Satchell at uniq.com.au>, Users of ISC DHCP 
<dhcp-users at lists.isc.org>
>X-BeenThere: dhcp-users at lists.isc.org
>
> oops, that range statement was a typo.
> 
> So about defining the zone...  I found some blog post that used the
> secondary statement that way, but I suspected it wouldn't work since I
> couldn't find any reliable documentation that used it like that.  So if you
> have two dns servers, how would you define them both as update recipients?

The man pages that come with the dhcpd distribution are extensive and
have examples. There is a specific section that has example
configurations for dhcpd.conf and BIND's named.conf (see below).

Suggested reading order is the man pages for dhcpd, dhcpd.conf,
dhcp-options, and dhcp-eval. This is a total of about 100 printed
pages - almost a small book.

If you have more than one DNS server, one will be primary and the others
secondary. It is the responsibility of the primary dns server to update
the secondary, and this communication is nothing to do with dhcpd.

dhcpd only talks to one dns server, the failure situations are too
complicated to manage more than one. For example, what if you update
one server, then the second update fails? Do you undo the first to try
and bring them back into sync? What if you have 5, or 10 dns servers,
and it starts failing part way through?

You have the same problem if you are manually adding a new entry to
your dns servers. You update the primary, then push the zones (or zone
changes) to the secondaries.

Note that if dhcpd's dynamic updates fail because the dns server is
down or some other reason, next time it renews the client's lease it
will attempt another dns update.

regards,
-glenn

> James
> 
> On Sat, Dec 12, 2009 at 6:13 AM, Glenn Satchell
> <Glenn.Satchell at uniq.com.au>wrote:
> 
> > Hi James
> >
> > Nice move from MS to Open Source!
> >
> > There's a couple of things with your config.
> >
> > The range statement gives the full range of IP addresses to be
> > allocated. Thus, you should not include addresses in the range that
> > will be allocated to other devices, or hosts with fixed addresses. So
> > this is wrong:
> >
> >        range 192.168.100.0 192.168.101.254;
> >
> > It should not include the router's address, or the hosts with
> > fixed-address, or the DNS servers. At least this:
> >
> >        range 192.168.1100.6 192.168.101.254;
> >
> > The other important gotcha is that a host that is allocated an address
> > in a host statement does not go through the same processing on the
> > server as a host that gets adynamic address. The effect of this is that
> > no DNS updates are performed for the fixed-address hosts.
> >
> > There are example DNS configurations in the dhcpd.conf man page, look
> > for the section titled "DYNAMIC DNS UPDATE SECURITY". The "secondary"
> > statement is for configuring failover and has nothing to do with DNS.
> > Due to the way the parser works, it may not throw an error when a
> > statement appears out of context.
> >
> > You need to enable logging on the DNS server to see what is happenning
> > there, the default behaviour for BIND and most DNS servers is to
> > silently ignore updates from a client that is not allowed to do so.
> >
> > Finally, it is typical to define the host statements in the global
> > scope, not inside the subnet. There are subtle inheritance rules, and
> > the global definition is the one you usually want. Defining it in the
> > subnet scope does not bind it only to that subnet.
> >
> > regards,
> > -glenn
> >
> > >From: James Dinkel <jdinkel at gmail.com>
> > >Date: Fri, 11 Dec 2009 16:36:27 -0600
> > >Subject: dhcp not updating dns server
> > >To: dhcp-users at lists.isc.org
> > >X-BeenThere: dhcp-users at lists.isc.org
> > >
> > > I'm putting in an ISC DHCPD server to replace Microsoft DHCP server
> > > because it is a pain in the neck managing reserved hosts in Microsoft's
> > > DHCP.
> > >
> > > Anyway, it won't add the clients that it assigns addresses for to the
> > > DNS servers. I've set the zones on the dns servers to accept secure and
> > > non-secure updates, and here is my dhcpd.conf:
> > > --------------------
> > > ##### SERVER SETTINGS #####
> > >
> > > ddns-update-style interim;
> > > ignore client-updates;
> > > update-static-leases on;
> > >
> > > zone bucoks.com {
> > > primary 192.168.100.2;
> > > secondary 192.168.100.3;
> > > }
> > > zone 100.168.192.in-addr.arpa. {
> > > primary 192.168.100.2;
> > > secondary 192.168.100.3;
> > > }
> > >
> > > option domain-name "company.com";
> > > option domain-name-servers 192.168.100.2, 192.168.100.3;
> > >
> > > # 8-day leases
> > > default-lease-time 69102;
> > >
> > > # disable bootp
> > > deny bootp;
> > > #deny dynamic bootp clients;
> > >
> > > ##### SUBNET SETTINGS #####
> > >
> > > subnet 192.168.100.0 netmask 255.255.254.0 {
> > > option routers 192.168.100.1;
> > > option subnet-mask 255.255.254.0;
> > >
> > > range 192.168.100.0 192.168.101.254;
> > >
> > > host server1 {
> > > option host-name "server1.company.com";
> > > hardware ethernet 00:XX:XX:XX:XX:XX;
> > > fixed-address 192.168.100.4;
> > > } # end of host
> > >
> > > host server2 {
> > > option host-name "server2.company.com";
> > > hardware ethernet 00:XX:XX:XX:XX:XX;
> > > fixed-address 192.168.100.5;
> > > } # end of host
> > >
> > > } # end of subnet
> > > --------------------
> >
> > > I can't find anything about even attempting to update dns in the logs,
> > just
> > > that the dhcp addresses were requested and acknowledged, and all static
> > and
> > > dynamic clients are getting addresses just fine.
> > >
> > > Any ideas? I'm not even sure if it's really not even trying to do the dns
> > > updates or if I just need to set something to get some better logging?  A
> > > tcpdump shows that the dhcp server is not even attempting any
> > communication
> > > with the dns server.
> >