dhcp not updating dns server

Mon Dec 14 15:50:55 UTC 2009

I know the primary dns server will update the secondaries, but my concern is
that the primary will be down, so nothing gets updated.  It would be pretty
simple logic to try a series of dns servers and quit after the first
successful attempt.  Anyway, I took out the secondary statement and tcpdump
still doesn't show any traffice from the dhcp server to the dns server.

On Mon, Dec 14, 2009 at 9:23 AM, Glenn Satchell
<Glenn.Satchell at uniq.com.au>wrote:

>
> >From: James Dinkel <jdinkel at gmail.com>
> >Date: Mon, 14 Dec 2009 08:27:44 -0600
> >Subject: Re: dhcp not updating dns server
> >To: Glenn Satchell <Glenn.Satchell at uniq.com.au>, Users of ISC DHCP
> <dhcp-users at lists.isc.org>
> >X-BeenThere: dhcp-users at lists.isc.org
> >
> > oops, that range statement was a typo.
> >
> > So about defining the zone...  I found some blog post that used the
> > secondary statement that way, but I suspected it wouldn't work since I
> > couldn't find any reliable documentation that used it like that.  So if
> you
> > have two dns servers, how would you define them both as update
> recipients?
>
> The man pages that come with the dhcpd distribution are extensive and
> have examples. There is a specific section that has example
> configurations for dhcpd.conf and BIND's named.conf (see below).
>
> Suggested reading order is the man pages for dhcpd, dhcpd.conf,
> dhcp-options, and dhcp-eval. This is a total of about 100 printed
> pages - almost a small book.
>
> If you have more than one DNS server, one will be primary and the others
> secondary. It is the responsibility of the primary dns server to update
> the secondary, and this communication is nothing to do with dhcpd.
>
> dhcpd only talks to one dns server, the failure situations are too
> complicated to manage more than one. For example, what if you update
> one server, then the second update fails? Do you undo the first to try
> and bring them back into sync? What if you have 5, or 10 dns servers,
> and it starts failing part way through?
>
> You have the same problem if you are manually adding a new entry to
> your dns servers. You update the primary, then push the zones (or zone
> changes) to the secondaries.
>
> Note that if dhcpd's dynamic updates fail because the dns server is
> down or some other reason, next time it renews the client's lease it
> will attempt another dns update.
>
> regards,
> -glenn
>
> > James
> >
> > On Sat, Dec 12, 2009 at 6:13 AM, Glenn Satchell
> > <Glenn.Satchell at uniq.com.au>wrote:
> >
> > > Hi James
> > >
> > > Nice move from MS to Open Source!
> > >
> > > There's a couple of things with your config.
> > >
> > > The range statement gives the full range of IP addresses to be
> > > allocated. Thus, you should not include addresses in the range that
> > > will be allocated to other devices, or hosts with fixed addresses. So
> > > this is wrong:
> > >
> > >        range 192.168.100.0 192.168.101.254;
> > >
> > > It should not include the router's address, or the hosts with
> > > fixed-address, or the DNS servers. At least this:
> > >
> > >        range 192.168.1100.6 192.168.101.254;
> > >
> > > The other important gotcha is that a host that is allocated an address
> > > in a host statement does not go through the same processing on the
> > > server as a host that gets adynamic address. The effect of this is that
> > > no DNS updates are performed for the fixed-address hosts.
> > >
> > > There are example DNS configurations in the dhcpd.conf man page, look
> > > for the section titled "DYNAMIC DNS UPDATE SECURITY". The "secondary"
> > > statement is for configuring failover and has nothing to do with DNS.
> > > Due to the way the parser works, it may not throw an error when a
> > > statement appears out of context.
> > >
> > > You need to enable logging on the DNS server to see what is happenning
> > > there, the default behaviour for BIND and most DNS servers is to
> > > silently ignore updates from a client that is not allowed to do so.
> > >
> > > Finally, it is typical to define the host statements in the global
> > > scope, not inside the subnet. There are subtle inheritance rules, and
> > > the global definition is the one you usually want. Defining it in the
> > > subnet scope does not bind it only to that subnet.
> > >
> > > regards,
> > > -glenn
> > >
> > > >From: James Dinkel <jdinkel at gmail.com>
> > > >Date: Fri, 11 Dec 2009 16:36:27 -0600
> > > >Subject: dhcp not updating dns server
> > > >To: dhcp-users at lists.isc.org
> > > >X-BeenThere: dhcp-users at lists.isc.org
> > > >
> > > > I'm putting in an ISC DHCPD server to replace Microsoft DHCP server
> > > > because it is a pain in the neck managing reserved hosts in
> Microsoft's
> > > > DHCP.
> > > >
> > > > Anyway, it won't add the clients that it assigns addresses for to the
> > > > DNS servers. I've set the zones on the dns servers to accept secure
> and
> > > > non-secure updates, and here is my dhcpd.conf:
> > > > --------------------
> > > > ##### SERVER SETTINGS #####
> > > >
> > > > ddns-update-style interim;
> > > > ignore client-updates;
> > > > update-static-leases on;
> > > >
> > > > zone bucoks.com {
> > > > primary 192.168.100.2;
> > > > secondary 192.168.100.3;
> > > > }
> > > > zone 100.168.192.in-addr.arpa. {
> > > > primary 192.168.100.2;
> > > > secondary 192.168.100.3;
> > > > }
> > > >
> > > > option domain-name "company.com";
> > > > option domain-name-servers 192.168.100.2, 192.168.100.3;
> > > >
> > > > # 8-day leases
> > > > default-lease-time 69102;
> > > >
> > > > # disable bootp
> > > > deny bootp;
> > > > #deny dynamic bootp clients;
> > > >
> > > > ##### SUBNET SETTINGS #####
> > > >
> > > > subnet 192.168.100.0 netmask 255.255.254.0 {
> > > > option routers 192.168.100.1;
> > > > option subnet-mask 255.255.254.0;
> > > >
> > > > range 192.168.100.0 192.168.101.254;
> > > >
> > > > host server1 {
> > > > option host-name "server1.company.com";
> > > > hardware ethernet 00:XX:XX:XX:XX:XX;
> > > > fixed-address 192.168.100.4;
> > > > } # end of host
> > > >
> > > > host server2 {
> > > > option host-name "server2.company.com";
> > > > hardware ethernet 00:XX:XX:XX:XX:XX;
> > > > fixed-address 192.168.100.5;
> > > > } # end of host
> > > >
> > > > } # end of subnet
> > > > --------------------
> > >
> > > > I can't find anything about even attempting to update dns in the
> logs,
> > > just
> > > > that the dhcp addresses were requested and acknowledged, and all
> static
> > > and
> > > > dynamic clients are getting addresses just fine.
> > > >
> > > > Any ideas? I'm not even sure if it's really not even trying to do the
> dns
> > > > updates or if I just need to set something to get some better
> logging?  A
> > > > tcpdump shows that the dhcp server is not even attempting any
> > > communication
> > > > with the dns server.
> > >
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20091214/9a90a630/attachment.html>