DHCP server does not update DNS

Simon Hobson dhcp1 at thehobsons.co.uk
Tue Dec 20 19:23:44 UTC 2011

Richard Allen wrote:

>subnet netmask {
>         ddns-domainname "censored.com";
>         option domain-name "censored.com";
>         option domain-name-servers,;
>         authoritative;
>         ddns-update-style interim;
>         ddns-updates on;
>         deny client-updates;
>         option routers;
>         option subnet-mask;
>         option broadcast-address;
>         option time-offset 0;
>         option ntp-servers,;
>         option netbios-name-servers,;
>         one-lease-per-client on;
>         option ip-forwarding off;
>         default-lease-time 14400;
>         max-lease-time 14401;
>         next-server;
>         filename "\\OSChooser\\i386\\startrom.com";
>         pool {
>                 failover peer "dhcp-failover";
>                 range;
>                 host censored1 {
>                         hardware ethernet 18:a9:05:fc:6b:88;
>                         fixed-address censored1.censored.com;
>                         max-lease-time 28800;
>                         option host-name "censored1.censored.com";
>                 }
>                 host censored2 {
>                         hardware ethernet 18:a9:05:fc:6b:87;
>                         fixed-address censored2.censored.com;
>                         max-lease-time 28800;
>                         option host-name "censored2.censored.com";
>                 }
>         }
>         zone censored.com. {
>                 primary;
>         }
>         zone 100.23.172.in-addr.arpa. {
>                 primary;
>         }
>         if exists vendor-encapsulated-options {
>                 ddns-updates off;
>                 option vendor-encapsulated-options 3a:02:00:19:ff;
>         }

OK, several things here.
Move your host statements outside of the subnet. Host statements are 
global in scope but can still inherit options from where they are 
defined. Thus you can get strange problems where a host is in a 
different subnet but gets (almost certainly incorrect) options from 
the subnet where it's host statement is nested. There are very, very 
few cases where that sort of thing is actually desirable, so the 
simplest rule of thumb is to *never* nest host statements inside a 

I'd also suggest moving your zone declarations to the global scope. 
In fact, if the DNS server(s) listed in your DHCP server's resolver 
config return the right SOA record, then they can be omitted 
altogether. Ie, without zone statements, the DHCP server will query 
for the SOA records of the zone it wishes to update, and get the 
master server from that.

Also, you've duplicated several statements between global and subnet 
scope. It's not wrong, but my preference is to remove all redundancy 
- if you ever want to change something, it's easy to miss an instance 
if you duplicate it many times in the config.

>Multiple other subnets follow, all identical

See above about host statements !

>Everything seems to be working just right except for the fact that the dhcp
>server seems to have stopped registering anything into DNS.
>I tried doing "ipconfig /release" and "ipconfig /renew" on a windows box and
>that did not get the machine registered.
>Logs show some strange behavior.  Here are the logs from when I did the
>release and renew on the windows client:
>Dec 20 14:44:03 wanda dhcpd: DHCPRELEASE from 00:0f:fe:80:50:3e via
> unknown network segment
>Dec 20 14:44:03 wanda dhcpd: DHCPRELEASE of from
>00:0f:fe:80:50:3e (censored5) via eth0 (found)
>Dec 20 14:44:03 wanda dhcpd: DHCPRELEASE of from
>00:0f:fe:80:50:3e (censored5) via (found)

Your network config doesn't match what you told us and the DHCP server !

The server has received the release message via three routes (in order) :

Via a relay agent giving it's address as The DHCP 
server doesn't know about this network segment, hence why it 

Directly via a local interface - the client is attached to the same 
network (broadcast domain) as the server. At least I think that's the 
case, it may be a unicast packet (which could be routed from another 
network), but then I wouldn't expect to see the other two release 

Via another relay agent giving it's address as In 
this case, the relay agent is on the same network (broadcast domain) 
as the client and server. This is itself isn't "wrong", but it can 
cause some odd effects.

Or, I could be wrong about this, are there any intervening 
routers/switches configured to do anything with DHCP packets ?

>Dec 20 14:44:19 wanda dhcpd: DHCPDISCOVER from 00:0f:fe:80:50:3e via
>Dec 20 14:44:20 wanda dhcpd: DHCPOFFER on to
>00:0f:fe:80:50:3e (censored5) via
>Dec 20 14:44:20 wanda dhcpd: DHCPREQUEST for (
>from 00:0f:fe:80:50:3e (censored5) via
>Dec 20 14:44:20 wanda dhcpd: DHCPACK on to 00:0f:fe:80:50:3e
>(censored5) via
>Dec 20 14:44:22 wanda named[2897]: client update
>'censored.com/IN' denied
>Only the client itself tried to register to dns (inspite of the deny
>client-updates directive)

You'd want to check in the packets and see what the two ends sent. 
Also, I notice that there aren't duplicates this time - so what 
happened to the direct packet and other relay agent ?
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

More information about the dhcp-users mailing list