DDNS Forward Update fails with error: no DHCID, not mine - DHCPv6

Christopher D Haakinson cdhaakin at us.ibm.com
Fri Aug 6 17:09:03 UTC 2010


Changing the client-updates line made no difference. I am still getting the
same errors. Also, I looked and both the AAAA and TXT records are being
created and populated with data:

chrisipv6		TXT	"028ff5580662832d91d43dc453c3deba8d"
			AAAA	fd80:1010::2274

Thanks


|------------>
| From:      |
|------------>
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Carlos Vicente <cvicente at network-services.uoregon.edu>                                                                                            |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To:        |
|------------>
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Users of ISC DHCP <dhcp-users at lists.isc.org>                                                                                                      |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date:      |
|------------>
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |08/06/2010 12:39 PM                                                                                                                               |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject:   |
|------------>
  >--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Re: DDNS Forward Update fails with error: no DHCID, not mine - DHCPv6                                                                             |
  >--------------------------------------------------------------------------------------------------------------------------------------------------|





-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you want the DHCP server to update domain.com, why not use:

deny client-updates;

I may be wrong, but the error message seems to suggest that a AAAA
record already exists for the host in domain.com, but the corresponding
TXT record containing the DHCID (which the DHCP server adds) is not
there, so the server won't touch the AAAA record.

See the section "THE INTERIM DNS UPDATE SCHEME" in dhcpd.conf for a good
explanation.

cv

Christopher D Haakinson wrote:
>
> Hello, I am starting to setup and learn DHCPv6. I have things working
> somewhat well, except for the fact that I cannot get Forward DDNS updates
> to work. Reverse works great, and the machines that fail to update the
> Forward map are receiving a valid IPv6 address from the range6
declaration
> in my dhcpd.conf file.
>
> Here is the error I am getting in /var/log/messages :
>
> Aug  6 09:59:06 dhcphostname dhcpd: Forward map from
> WIN-U7QR32NL3M5.domain.com to fd80:1010::2cba FAILED: Has an address
record
> but no DHCID, not mine.
> Aug  6 08:41:10 dhcphostname dhcpd: Forward map from
WIN-78C6C0I.domain.com
> to fd80:1010::19ab FAILED: Has an address record but no DHCID, not mine.
> Aug  6 08:37:46 dhcphostname dhcpd: Forward map from
WIN-VSGHN2L.domain.com
> to fd80:1010::16a6 FAILED: Has an address record but no DHCID, not mine.
> Aug  6 08:35:09 dhcphostname dhcpd: Forward map from
WIN-700IAVP.domain.com
> to fd80:1010::2df8 FAILED: Has an address record but no DHCID, not mine.
>
> Here are the relevant sections of conf files:
> DHCPD------------------------:
> dynamic-bootp-lease-length 600;
> use-host-decl-names on;
> allow booting;
> allow bootp;
> allow client-updates;
> ddns-updates on;
> ddns-update-style interim;
> ddns-domainname "domain.com";
> ddns-rev-domainname "in-addr.arpa.";
> option dhcp-lease-time 3600;
> option domain-name "domain.com";
> option dhcp6.domain-search "domain.com", "ipv4domain.com";
> option dhcp6.name-servers fd80:1010::1;
> #option ntp-servers fd80:1010::1;
> option subnet-mask 255.255.0.0;
>
> default-lease-time 3600;
> max-lease-time 3900;
>
> key "rndc-key" {
> algorithm hmac-md5;
> secret "secret_key";
> };
> zone 0.0.0.0.0.0.0.0.0.1.0.1.0.8.d.f.ip6.arpa. {
> primary ntp.domain.com;
> key rndc-key;
> }
> zone domain.com. {
> primary ntp.domain.com;
> key rndc-key;
> }
>
> # REMOVE this for now since IPv6 PXE isn't supported yet...  next-server
> fd80:1010::1;
> subnet6 fd80:1010::/64 {
> range6 fd80:1010::1000 fd80:1010::3000;
> update-static-leases on;
> }
> --------------- End DHCP
>
> NAMED-----------------:
> acl "rndc-users" {
>      10.10/16;
>      127.0.0.1;
>      fd80:1010::/64;
>  };
> //
> // named.conf for Red Hat caching-nameserver
> //
>
> options {
> 		 directory "/var/named";
> 		 dump-file "/var/named/data/cache_dump.db";
>         statistics-file "/var/named/data/named_stats.txt";
> 		 listen-on-v6 { any; };
> 		 /*
> 		  * If there is a firewall between you and nameservers you want
> 		  * to talk to, you might need to uncomment the query-source
> 		  * directive below.  Previous versions of BIND always asked
> 		  * questions using port 53, but BIND 8.1 uses an unprivileged
> 		  * port by default.
> 		  */
> 		  // query-source address * port 53;
> };
>
> //
> // a caching only nameserver config
> //
> controls {
> 		 inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
> };
> zone "." IN {
> 		 type hint;
> 		 file "named.ca";
> };
>
> zone "localdomain" IN {
> 		 type master;
> 		 file "localdomain.zone";
> 		 allow-update { key "rndc-key"; };
> 		 notify yes;
> };
>
> zone "localhost" IN {
> 		 type master;
> 		 file "localhost.zone";
> 		 allow-update { key "rndc-key"; };
>         notify yes;
> };
>
> zone "0.0.127.in-addr.arpa" IN {
> 		 type master;
> 		 file "named.local";
> 		 allow-update { key "rndc-key"; };
>         notify yes;
> };
>
> zone "255.in-addr.arpa" IN {
> 		 type master;
> 		 file "named.broadcast";
> 		 allow-update { key "rndc-key"; };
>         notify yes;
> };
>
> zone "0.in-addr.arpa" IN {
> 		 type master;
> 		 file "named.zero";
> 		 allow-update { key "rndc-key"; };
>         notify yes;
> };
>
> include "/etc/rndc.key";
>
> zone "0.0.0.0.0.0.0.0.0.1.0.1.0.8.d.f.ip6.arpa" {
> 		 type master;
> 		 file "reverse-fd80-1010_64.IP6.ARPA";
> 		 allow-update { any; };
>         notify yes;
> };
> zone "10.10.in-addr.arpa" {
> 		 type master;
> 		 file "/var/named/10.10.rev";
> 		 allow-update { key "rndc-key"; };
>         notify yes;
> 		 };
>
> zone "domain.com" {
> 		 type master;
> 		 file "/var/named/domain.com.hosts";
> 		 allow-update { any; };
> 		 notify yes;
> 		 };
> ---------------- End NAMED
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFMXDomDADXcoYj2ZwRAuw+AJ4qTq0eDaITnLtz01XEX+ddpmZxSQCeO1Ar
lCfWCOoeroe3D1/qqEp5/Uo=
=KO1o
-----END PGP SIGNATURE-----
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20100806/985634ac/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20100806/985634ac/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20100806/985634ac/attachment-0001.gif>


More information about the dhcp-users mailing list