Fwd: ddns-updates off; within pool doesn't work

Alexei V. Schukin alex.v.schukin at gmail.com
Mon May 19 14:45:14 UTC 2014


Peter, thanks for the reply.

I'm trying to make friendship Foreman + DHCP (ddns updates) + BIND.

DHCPD had configuration below, when I tested it work at last time.

=============
dhcpd.conf
=============

authoritative;
ddns-update-style interim;
ddns-updates on;
ddns-domainname "example.com";
allow booting;
allow bootp;
next-server 192.168.0.21;
filename "pxelinux.0";
option root-path "192.168.0.21:/tftpboot";
option ntp-servers 192.168.0.1;
allow unknown-clients;
update-static-leases on;

subnet 192.168.0.0 netmask 255.255.255.0   {
        pool {
                range 192.168.0.5 192.168.0.50;
                deny unknown-clients;
                ddns-updates off;
                ddns-update-style none;
                ignore client-updates;
                update-static-leases off;
        }

        range dynamic-bootp 192.168.0.100 192.168.0.130;
        option domain-name-servers 192.168.0.1;
        option domain-name "example.com";
        option routers 192.168.0.1;
        option broadcast-address 192.168.0.255;
        allow client-updates;
        default-lease-time 86400;
        max-lease-time 172800;
        ...
}

...

-----------------


This is the rude scheme of interaction between services:

​
__________        _________________________________
|         |      |                                 |
|  Host 1 |      |            Host 2               |
|         |      |                   (1)           |
| Foreman | -->  | Foreman-Proxy   ------>   DHCPD |
|_________|      |        |        omshell         |
                 |    (2) |                        |
                 |        | nsupdate               |
                 |        +                        |
                 |       BIND                      |
                 |_________________________________|

0. Creating host in Foreman...
1. The Foreman tells foreman-proxy to reserve address for a new host via
omshell (1)

=================================
/var/log/foreman-proxy/proxy.log
=================================
D, [2014-05-15T19:47:03.286591 #7893] DEBUG -- : Lazy loaded
192.168.0.0/255.255.255.0 records
D, [2014-05-15T19:47:03.287669 #7893] DEBUG -- : Added
example-04.example.com (192.168.0.25 / 00:50:56:90:72:22) to
192.168.0.0/255.255.255.0
D, [2014-05-15T19:47:03.288907 #7893] DEBUG -- : omshell: executed - set
name = "example-04.example.com"
D, [2014-05-15T19:47:03.289097 #7893] DEBUG -- : true
D, [2014-05-15T19:47:03.289254 #7893] DEBUG -- : omshell: executed - set
ip-address = 192.168.0.25
D, [2014-05-15T19:47:03.289360 #7893] DEBUG -- : true
D, [2014-05-15T19:47:03.289510 #7893] DEBUG -- : omshell: executed - set
hardware-address = 00:50:56:90:72:22
D, [2014-05-15T19:47:03.289652 #7893] DEBUG -- : true
D, [2014-05-15T19:47:03.289819 #7893] DEBUG -- : omshell: executed - set
hardware-type = 1
D, [2014-05-15T19:47:03.289933 #7893] DEBUG -- : true
D, [2014-05-15T19:47:03.290285 #7893] DEBUG -- : omshell: executed - set
statements = "filename = \"pxelinux.0\"; next-server = c0:a8:00:cf; option
host-name = \"example-04.example.com\";"
D, [2014-05-15T19:47:03.290396 #7893] DEBUG -- : true
D, [2014-05-15T19:47:03.290548 #7893] DEBUG -- : omshell: executed - create
D, [2014-05-15T19:47:03.290700 #7893] DEBUG -- : true
I, [2014-05-15T19:47:03.315293 #7893]  INFO -- : Added DHCP reservation for
example-04.example.com (192.168.0.25 / 00:50:56:90:72:22)
---------------------------------

==================
/var/log/messages
==================
May 15 19:47:36 ns dhcpd: DHCPOFFER on 192.168.0.25 to 00:50:56:90:72:22
via eth1
May 15 19:47:38 ns dhcpd: Dynamic and static leases present for
192.168.0.25.
May 15 19:47:38 ns dhcpd: Remove host declaration example-04.example.com or
remove 192.168.0.25
May 15 19:47:38 ns dhcpd: from the dynamic address pool for 192.168.0.0/24
May 15 19:47:38 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1) from
00:50:56:90:72:22 via eth1
May 15 19:47:38 ns dhcpd: DHCPACK on 192.168.0.25 to 00:50:56:90:72:22 via
eth1
------------------

==========================
/var/lib/dhcp/dhcpd.leases
==========================
host example-04.example.com {
  dynamic;
  hardware ethernet 00:50:56:90:72:22;
  fixed-address 192.168.0.25;
        supersede server.filename = "pxelinux.0";
        supersede server.next-server = c0:a8:00:cf;
        supersede host-name = "example-04.example.com";
}
--------------------------



2. The Foreman tells foreman-proxy to create A and PTR records at BIND's
zones for a new host via nsupdate (2)

=================================
/var/log/foreman-proxy/proxy.log
=================================
D, [2014-05-15T19:47:03.464086 #7893] DEBUG -- : running /usr/bin/nsupdate
-k /etc/foreman-proxy/foreman_proxy.key
D, [2014-05-15T19:47:03.465195 #7893] DEBUG -- : nsupdate: executed -
server 127.0.0.1
D, [2014-05-15T19:47:03.470943 #7893] DEBUG -- : nsupdate: executed -
update add example-04.example.com.  86400 A 192.168.0.25
D, [2014-05-15T19:47:03.658748 #7893] DEBUG -- : running /usr/bin/nsupdate
-k /etc/foreman-proxy/foreman_proxy.key
D, [2014-05-15T19:47:03.659858 #7893] DEBUG -- : nsupdate: executed -
server 127.0.0.1
D, [2014-05-15T19:47:03.662425 #7893] DEBUG -- : nsupdate: executed -
update add 25.0.168.192.in-addr.arpa.  86400 IN PTR example-04.example.com.
---------------------------------

===================
/var/lib/named.run
===================
15-May-2014 19:47:03.474 update: info: client 127.0.0.1#1904: updating zone
'example.com/IN': adding an RR at 'example-04.example.com' A
15-May-2014 19:47:03.669 update: info: client 127.0.0.1#34958: updating
zone '0.168.192.in-addr.arpa/IN': adding an RR at
'25.0.168.192.in-addr.arpa' PTR


3. When host completely configured, it try to boot by pxe:

===========================
/var/log/messages
===========================
May 15 19:48:11 ns dhcpd: DHCPDISCOVER from 00:50:56:90:72:22 via eth1
May 15 19:48:11 ns dhcpd: DHCPOFFER on 192.168.0.25 to 00:50:56:90:72:22
via eth1
May 15 19:48:11 ns dhcpd: Dynamic and static leases present for
192.168.0.25.
May 15 19:48:11 ns dhcpd: Remove host declaration example-04.example.com or
remove 192.168.0.25
May 15 19:48:11 ns dhcpd: from the dynamic address pool for 192.168.0.0/24
May 15 19:48:11 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1) from
00:50:56:90:72:22 via eth1
May 15 19:48:11 ns dhcpd: DHCPACK on 192.168.0.25 to 00:50:56:90:72:22 via
eth1


4. When host starts to configure its network interface and received
address, dhcpd initiates update bind's zones (I hope I understand this
mechanism properly):

===========================
/var/log/messages
===========================
May 15 19:48:20 ns dhcpd: DHCPDISCOVER from 00:50:56:90:72:22 via eth1
May 15 19:48:20 ns dhcpd: DHCPOFFER on 192.168.0.25 to 00:50:56:90:72:22
via eth1
May 15 19:48:20 ns dhcpd: Dynamic and static leases present for
192.168.0.25.
May 15 19:48:20 ns dhcpd: Remove host declaration example-04.example.com or
remove 192.168.0.25
May 15 19:48:20 ns dhcpd: from the dynamic address pool for 192.168.0.0/24
May 15 19:48:20 ns dhcpd: Added new forward map from
example-04.example.com.example.com to 192.168.0.25
May 15 19:48:20 ns dhcpd: added reverse map from 25.0.168.192.in-addr.arpa.
to example-04.example.com.example.com
May 15 19:48:20 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1) from
00:50:56:90:72:22 via eth1
May 15 19:48:20 ns dhcpd: DHCPACK on 192.168.0.25 to 00:50:56:90:72:22 via
eth1
---------------------------

===================
/var/lib/named.run
===================
15-May-2014 19:48:20.229 update: info: client 192.168.0.1#55653: updating
zone 'example.com/IN': adding an RR at 'example-04.example.com.example.com'
A
15-May-2014 19:48:20.229 update: info: client 192.168.0.1#55653: updating
zone 'example.com/IN': adding an RR at 'example-04.example.com.example.com'
TXT
15-May-2014 19:48:20.274 update: info: client 192.168.0.1#38704: updating
zone '0.168.192.in-addr.arpa/IN': deleting rrset at
'25.0.168.192.in-addr.arpa' PTR
15-May-2014 19:48:20.274 update: info: client 192.168.0.1#38704: updating
zone '0.168.192.in-addr.arpa/IN': adding an RR at
'25.0.168.192.in-addr.arpa' PTR
-------------------

So, I can't figure out: if I told dhcpd "do not attempt any updates when
the client received address or this is a static lease etc.", why it
continue updates zones?

Alex

2014-05-12 10:29 GMT+04:00 Peter Rathlev <peter at rathlev.dk>:
> On Mon, 2014-04-28 at 17:14 +0400, Alexei V. Schukin wrote:
>> I'm trying to exclude one pool of subnet from dynamic updates.
> ...
>> subnet 192.168.0.1 netmask 255.255.255.0 {
>>   pool {
>>     range 192.168.0.10 192.168.0.20;
>>     deny unknown-clients;
>>     ddns-updates off;
>>     ignore client-updates;
> ...
>> But it doesn't work: dhcpd still updating dns within this address pool.
>> What I'm missing?
>
> Are you sure it's dhcpd that does the updating? Does it say so in the
> logs? The above configuration would make the client try updating itself.
> It of course needs permission to do this.
>
> --
> Peter
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20140519/5f04b5e8/attachment.html>


More information about the dhcp-users mailing list