Dynamic DNS via DHCP

Scott Rowley scottro at netins.net
Thu Oct 22 21:58:27 UTC 2009


All,

It looks like we've nearly got this working but we've got one last issue
to sort out.  We have two nameservers that need updating.  Is it
possible to have more than one primary or do we have to figure out some
other trickery?  If its not possible does anyone have any suggestions on
tricks to get it moved over to the second server ok?

I have tried the following tests and all either gave errors or did
nothing

Primary only:
zone sub.example.com {
 primary <primary DNS server IP>;
 key <key name>;
}

First try:
zone sub.example.com {
 primary <primary DNS server IP>;
 secondary <secondary DNS server IP>; 
key <key name>;
}

Second try:
zone sub.example.com {
 primary <primary DNS server IP>, <secondary DNS server IP>;
 key <key name>;
}

Another try:
zone sub.example.com {
 primary <primary DNS server IP> <secondary DNS server IP>; (a space
instead of a comma)
 key <key name>;
}

None of these worked for me and both google and bing have failed me.

Thanks in advance!
Scott Rowley <scottro at netins.net>
netINS Systems Administrator
> You probably want to allow only the DHCP server to do DNS updates, so in
> global you want:
> 
> ddns-update-style interim;
> ddns-updates off;
> deny client-updates;
> 
> and in the particular subnet you want:
> 
> ddns-updates on;
> 
> regards,
> -glenn
> 
> >Date: Mon, 19 Oct 2009 14:52:42 -0500
> >From: Scott Rowley <scottro at netins.net>
> >
> >Hello All,
> >
> >I'm running into a problem when trying to setup Dynamic DNS via DHCP.  
> >I've got it running ok in a test environment but once I move it over to
> >the production server and turn it on my log file starts blowing up and
> >DHCP starts to seriously slow down.  Below is a modified example of the
> >log entry we started getting hammered with.  Over the course of the day
> >we figured that we would end up with around 1 million entries.
> >
> >Oct 16 07:12:16 dns-prim named[6723]: [ID 873579 local3.error] update-security: 
> error: client 10.x.x.x#53308: update '<our main domain>/IN' denied
> >
> >The 10.x IP address above is the DHCP servers own private IP address. 
> >
> >In the global information in dhcpd.conf I have the following options
> >set:
> >
> >ddns-update-style interim;
> >ddns-updates on;
> >allow client-updates;
> >
> ># Include file for Dynamic DNS zones
> >include "/isp/dhcp/dhcp.allow.dynamic";
> >
> >Then inside dhcp.allow.dynamic I have the following (modified for
> >security).
> >
> >key <key name> {
> >  algorithm hmac-md5;
> >  secret "<secret>";
> >};
> >
> >zone sub.example.com {
> > primary <primary DNS server IP>;
> > key <key name>;
> >}
> >
> >zone x.x.10.in-addr.arpa {
> >  primary <primary DNS server IP>;
> >  key <key name>;
> >}
> >
> >Then within my subnet I have the following (pertinent) entries:
> >
> > option domain-name "sub.example.com";
> > option docsis-mta.dhcp-server-1 <primary DNS server IP>;
> >
> >option host-name "<code>;
> >ddns-domainname "sub.example.com";
> >ddns-hostname "<code>";
> >
> >Again, everything is working fine but once we move it to production
> >everything on the planet seems to want to update through us and
> >everything gets bogged down, I suspect that it may be too busy denying
> >everyone to respond quickly to legit DHCP requests.
> >
> >In summary my question is:  Can we turn ddns off globally but then turn
> >it on for this one subnet?  I have tried a few tests with this but no
> >updates ever showed up in logs, denied or accepted.  Once I put it back
> >to Global being on and the subnet being on then the dns updates started
> >occuring again.  But again, if I do this on production we get litterally
> >millions of denied updates.
> >
> >I hope this wasn't clear as mud and thanks in advance for any assistance.
> >
> >Thank you,
> >Scott Rowley <scottro at netins.net>
> >netINS Systems Administrator
> >
> >_______________________________________________
> >dhcp-users mailing list
> >dhcp-users at lists.isc.org
> >https://lists.isc.org/mailman/listinfo/dhcp-users
> 
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users




More information about the dhcp-users mailing list