DHCP+BIND+DDNS, reverse creation timeout
Greg Sloop <gregs@sloop.net>
gregs at sloop.net
Wed Jul 24 05:39:44 UTC 2013
I'm about to go insane. It's probably an obvious problem, but for the life
of me, I can't find it.
I'm trying to setup Bind9 + DHCPd + DDNS (forward and reverses)
I've got DHCP working for multiple subnets etc, and doing BIND DDNS
updates, at least for forward records.
I get the following in the logs:
---
Jul 23 20:17:17 dns-dhcp-01 dhcpd: Added new forward map from
ABCD-R61.somedom.local to 10.1.0.221
Jul 23 20:17:18 dns-dhcp-01 dhcpd: unable to add reverse map from
221.0.1.10.in-addr.arpa. to ABCD-R61.somedom.local: timed out
---
Turning up the verbosity level in BIND to debug doesn't produce anything
useful I can find. The DHCP logs don't shed any more light on things either.
[Perhaps it does produce useful stuff but, if so, I can not find it.]
Here's the environment.
Ubuntu 12.04 [Running in a VM, with the eth interface bridged - though it
shouldn't matter, it's VirtualBox]
DHCPd 4.1-R4
BIND 9.8.1-P1
Both standard Ubuntu packages, installed from the Ubuntu repositories.
Here are my configs:
---
/etc/bind/named.conf.local
---
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
acl "local-nets" {
10.1.0.0/22;
};
acl "dns-dhcp-servers" {
10.1.0.5; 10.1.0.6;
};
zone "somedom.local" {
type master;
file "/var/lib/bind/somedom.local.hosts";
// update-policy { grant rndc-key zonesub ANY; };
allow-update { key rndc-key; };
};
zone "0.1.10.in-addr.arpa" {
type master;
file "/var/lib/bind/10.1.0.rev";
//update-policy { grant rndc-key zonesub ANY; };
allow-update { key rndc-key; };
allow-query { any; };
};
zone "1.1.10.in-addr.arpa" {
type master;
file "/var/lib/bind/10.1.1.rev";
//update-policy { grant rndc-key zonesub ANY; };
allow-update { key rndc-key; };
};
zone "2.1.10.in-addr.arpa" {
type master;
file "/var/lib/bind/10.1.2.rev";
//update-policy { grant rndc-key zonesub ANY; };
allow-update { key rndc-key; };
};
logging {
channel default_file {
file "/var/log/named/default.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel general_file {
file "/var/log/named/general.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel database_file {
file "/var/log/named/database.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel security_file {
file "/var/log/named/security.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel config_file {
file "/var/log/named/config.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel resolver_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel xfer-in_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel xfer-out_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel notify_file {
file "/var/log/named/notify.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel client_file {
file "/var/log/named/client.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel unmatched_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel queries_file {
file "/var/log/named/queries.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel network_file {
file "/var/log/named/network.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel update_file {
file "/var/log/named/update.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel dispatch_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel dnssec_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
channel lame-servers_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
//severity dynamic;
severity debug 3;
print-time yes;
};
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
};
---
The zone file for the problem zone above. [There are three zones, but I'm
having the problem in this zone I haven't tested the others, but if I get
this zone working, I'm sure the others will work too. So I'll just give
this one zone.]
*** /var/lib/bind/10.1.0.rev
---
;#/var/lib/bind/10.1.0.rev
$ttl 38400
0.1.10.in-addr.arpa. IN SOA dns-dhcp-01. root.somedom.com. (
2013072301 ;serial
10800 ;slave-refresh, 3h
3600 ;slave-retry, update, 1h
604800 ;slave-expire, 7d
120 ;minimum [negative response TTL], 2m
)
0.1.10.in-addr.arpa. IN NS dns-dhcp-01.somedom.local.
0.1.10.in-addr.arpa. IN NS dns-dhcp-02.somedom.local.
---
*** The DHCPd.conf file
---
authoritative;
key "rndc-key" {
algorithm hmac-md5;
secret "SOMESECRET";
};
ddns-update-style interim;
ddns-domainname "somedom.local";
log-facility local7;
log debug;
option time-offset -18000; # Pacific Standard Time
one-lease-per-client off;
use-host-decl-names on;
option ntp-servers time.somedom.local;
option time-servers time.somedom.local;
option domain-name-servers 10.1.0.5, 10.1.0.6;
option domain-name "somedom.local";
option netbios-name-servers 10.1.0.17;
option routers 10.1.0.190;
#1h lease
default-lease-time 3600;
max-lease-time 3600;
option ip-forwarding off;
zone somedom.local. {
primary 10.1.0.5;
key rndc-key;
}
zone 0.1.10.in-addr.arpa. {
primary 10.1.0.5;
key rndc-key;
}
zone 1.1.10.in-addr.arpa. {
primary 10.1.0.5;
key rndc-key;
}
zone 2.1.10.in-addr.arpa. {
primary 10.1.0.5;
key rndc-key;
}
# Subnet for internal hosts
subnet 10.1.0.0 netmask 255.255.255.0 {
option routers 10.1.0.190;
option subnet-mask 255.255.255.0;
# block unknowns for .60 - .113
pool {
range 10.1.0.60 10.1.0.113;
allow unknown-clients;
}
# block unknowns for 10.1.0.114 - .115
pool {
range 10.1.0.114 10.1.0.114;
deny unknown-clients;
}
# allow unknowns for 10.1.0.115 - .153
pool {
range 10.1.0.115 10.1.0.153;
allow unknown-clients;
}
# block unknowns for 10.1.0.154 - .194
pool {
range 10.1.0.154 10.1.0.194;
deny unknown-clients;
}
# allow unknowns for 10.1.0.195 - .222
pool {
range 10.1.0.195 10.1.0.222;
allow unknown-clients;
}
# block unknowns for 10.1.0.223 - .254
pool {
range 10.1.0.223 10.1.0.254;
deny unknown-clients;
}
}
subnet 10.1.1.0 netmask 255.255.255.0 {
option routers 10.1.1.1;
option subnet-mask 255.255.255.0;
pool {
#failover peer "dhcp-failover";
max-lease-time 14400;
range 10.1.1.21 10.1.1.240;
allow unknown-clients;
}
}
subnet 10.1.2.0 netmask 255.255.255.0 {
option routers 10.1.2.1;
option subnet-mask 255.255.255.0;
pool {
#failover peer "dhcp-failover";
max-lease-time 14400;
range 10.1.2.50 10.1.2.250;
allow unknown-clients;
}
}
---
named.conf
---
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
#512 bit key
key "rndc-key" {
algorithm hmac-md5;
secret "SOMESECRET";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
inet 10.1.0.5 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
---
To keep the clutter down, I won't give any more config files:
But syntax checks of both the BIND and DHCPd config files is clean, and
both BIND and DHCPd appear to load and run fine.
The only problem I have is the failed [timed out] problem for creating the
PTR record for the reverse.
I've spent hours on this, looking the docs, examples, google-foo, and more.
I'm quite sure it's something stupid, but as I said above, I can't find it
and I'm desperate!
TIA
-Greg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20130723/449c2ce3/attachment-0001.html>
More information about the dhcp-users
mailing list