DHCPv6 and DDNS

Nicolas C. dhcp at nryc.fr
Sat Jun 20 18:22:53 UTC 2015 

Le 19/06/2015 02:48, Philippe Clérié a écrit :
> On 06/18/2015 01:38 PM, Nicolas C. wrote:
>>
>> Hello Philippe,
>>
>> Maybe the problem isn't on the servers sides. Keep in mind that, in
>> order to work, the CLIENT has to use the same identifier for DHCPv4 and
>> DHCPv6 transactions (RFC 4361).
>
> Ok! But I do not want the clients to update DNS. I want DHCP to take
> care of that.

When the DHCP server is doing the DDNS update, it has to authenticate 
one way or the other the client. If not, what would happened if two 
clients were using the same hostname ?

This is called "conflict-detection" : the client provides a hostname and 
an identifier (historically client-identifier with DHCPv4, DUID with 
DHCPv6), the DHCP server provides an IP address to the client and it 
does the DDNS work only after validating that there are no conflicts 
(duplicates) with the hostname.

>> That means that the client must run a recent version of ISC-DHCP and the
>> DHCPv6 and DHCPv4 should be configured to both use the DUID has
>> identifier.
>>
> Debian uses by default ISC's DHCP client. In this case version 4.3.1.
> That should be recent enough I think. Since I did nothing on the client
> side, and since my test clients are getting their addresses, static and
> dynamic, correctly assigned, I presume the clients are not the problem.

Yes but the correct use of the same identifier by both DHCPv4/6 client 
is the answer to your problem.

Apparently, you need to use the "-i" option of "dhclient" :

"Use a DUID with DHCPv4 clients. If no DUID is available in the lease 
file one will be constructed and saved. The DUID will be used to 
construct a RFC4361 style client id that will be included in the 
client’s messages. This client id can be overridden by setting a client 
id in the configuration file. Overridding the client id in this fashion 
is discouraged."

>> This is not a problem for the DHCPv6 client but using the DUID instead
>> of the client-identifier on DHCPv4 may require some tweaking on the
>> client OS.
>>
>> If you understand French, I wrote an article and did a presentation on
>> this topic :
>>
>> https://conf-ng.jres.org/2013/planning.html#article_27
>>
>
> I took a quick look (I'm rushed! Got to take a plane tomorrow!). Anyway,
> it seems to me that you had to make up a solution and you did not use
> whatever built-in facility there is in the DHCP server.

We had to workaround because our clients are mostly Windows workstations 
and printers. If we had only Linux Debian clients we would have used 
DHCPv4 + DHCPv6 has you are trying to do.

One test that you can do is :

  - Configure the client with DHCPv4 only
  - See what records are added to the forward DNS zone (normally you'll 
end up with one "A" holding the IPv4 address and one "TXT" holding the 
hash of the DHCPv4 identifier)
  - Stop the DHCPv4 client, clean the records
  - Configure the client with DHCPv6 only
  - See what records are added to the forward DNS zone (normally you'll 
end up with one "AAAA" holding the IPv6 address and one "TXT" holding 
the hash of the DHCPv6 identifier)

Compare the content of the TXT record, it must be the same in both cases.

Regards,

Nicolas C.

More information about the dhcp-users mailing list