Issues with dhcpv6 and ddns updates

Robert Senger robert.senger at lists.microscopium.de
Fri Dec 2 15:36:58 UTC 2016


Thanks for the confirmation!

For the moment I can live with this, since I only got a limited number
of known clients I need to create host { } statements for, and a very
limited number of guest clients (for now, I ignore them for ddns).

Well, once dhcpv6 becomes more common in enterprise environments, I
would consider this as a severe issue.

Robert


Am Freitag, den 02.12.2016, 10:07 -0500 schrieb perl-list:
> Robert, 
> 
> I don't know anything about DDNS updates as I have never used them,
> but I can confirm that on release {} in DHCPv6 does not seem to have
> access to any of the option data. I had the same problem and asked
> the list about it more than a week ago. I was met with silence. If a
> developer could comment on this being a bug or simply not implemented
> yet, that would be great. Target for inclusion of option data in on
> release {} statements? 
> 
> > 
> > From: "Robert Senger" <robert.senger at lists.microscopium.de>
> > To: "Users of ISC DHCP" <dhcp-users at lists.isc.org>
> > Sent: Friday, December 2, 2016 10:01:31 AM
> > Subject: Issues with dhcpv6 and ddns updates
> > 
> > Hi there,
> > 
> > I am running isc-dhcp-server in ipv6 mode, and I'd like to update
> > the
> > local internal dns zones hosted by bind9 with dhcpv6 client's names
> > and
> > ipv6 addresses.
> > 
> > The built-in ddns seems to be completely unable to remove entries
> > from
> > the dns upon expiry or release, so I ended up doing ddns stuff on
> > my
> > own using "on commit|expiry|release" event handlers and
> > corresponding
> > scripts.
> > 
> > But this also has issues with expiry and release events. While
> > (almost...) everything is fine with commits, I am having trouble
> > getting enough information about which hosts lease has expired or
> > was
> > released.
> > 
> > This is the code I have in the dhcpd6.conf global scope:
> > 
> > on commit
> > {
> > 
> > set ClientMac =
> > "n/a";
> > 
> > set ClientIP = pick-first-value(binary-to-ascii(16, 16, ":",
> > substring(option dhcp6.ia-na, 16, 16)),
> > "n/a");
> > set ClientID = pick-first-value(binary-to-ascii(16, 8, ":",
> > option dhcp6.client-id),
> > "n/a");
> > set ClientName = pick-first-value(ddns-hostname, option
> > fqdn.hostname, option host-name,
> > "n/a");
> > log(concat("Commit (global): Mac: ", ClientMac, ", IP: ",
> > ClientIP, ", Name: ", ClientName, ", ID: ",
> > ClientID));
> > #execute("/etc/dhcp/dhcp6commit.sh", ClientMac, ClientIP,
> > ClientName,
> > ClientID);
> > }
> > 
> > on expiry
> > {
> > 
> > set ClientMac =
> > "n/a";
> > 
> > set ClientIP = pick-first-value(binary-to-ascii(16, 16, ":",
> > substring(option dhcp6.ia-na, 16, 16)),
> > "n/a");
> > set ClientID = pick-first-value(binary-to-ascii(16, 8, ":",
> > option dhcp6.client-id),
> > "n/a");
> > set ClientName = pick-first-value(ddns-hostname, option
> > fqdn.hostname, option host-name,
> > "n/a");
> > log(concat("Expiry (global): Mac: ", ClientMac, ", IP: ",
> > ClientIP, ", Name: ", ClientName, ", ID: ",
> > ClientID));
> > #execute("/etc/dhcp/dhcp6expiry.sh", ClientMac, ClientIP,
> > ClientName,
> > ClientID);
> > }
> > 
> > on release
> > {
> > 
> > set ClientMac =
> > "n/a";
> > 
> > set ClientIP = pick-first-value(binary-to-ascii(16, 16, ":",
> > substring(option dhcp6.ia-na, 16, 16)),
> > "n/a");
> > set ClientID = pick-first-value(binary-to-ascii(16, 8, ":",
> > option dhcp6.client-id),
> > "n/a");
> > set ClientName = pick-first-value(ddns-hostname, option
> > fqdn.hostname, option host-name,
> > "n/a");
> > log(concat("Release (global): Mac: ", ClientMac, ", IP: ",
> > ClientIP, ", Name: ", ClientName, ", ID: ",
> > ClientID));
> > #execute("/etc/dhcp/dhcp6release.sh", ClientMac, ClientIP,
> > ClientName,
> > ClientID);
> > }
> > 
> > (I've commented the "execute" statement to not mess up ddns while
> > testing).
> > 
> > And this is what I see in the dhcp log:
> > 
> > Commit:
> > 
> > Dec 2 15:02:02 prokyon dhcpd: Reply NA: address
> > fd10:2842:f0d1:414:b64e:8a55:154d:ad6 to client with duid
> > 00:01:00:01:1e:dd:f7:4d:00:12:f0:90:5a:49 iaid = 1 valid for 1200
> > seconds
> > Dec 2 15:02:02 prokyon dhcpd: Commit (global): Mac: n/a, IP:
> > fd10:2842:f0d1:414:b64e:8a55:154d:ad6, Name: n/a, ID:
> > 0:1:0:1:1e:dd:f7:4d:0:12:f0:90:5a:49
> > 
> > Release:
> > 
> > Dec 2 15:03:39 prokyon dhcpd: Client
> > 00:01:00:01:1e:dd:f7:4d:00:12:f0:90:5a:49 releases address
> > fd10:2842:f0d1:414:b64e:8a55:154d:ad6
> > Dec 2 15:03:39 prokyon dhcpd: Release (global): Mac: n/a, IP: n/a,
> > Name: n/a, ID: n/a
> > 
> > Expiry:
> > 
> > Dec 2 15:14:04 prokyon dhcpd: Expiry (global): Mac: n/a, IP: n/a,
> > Name: n/a, ID: n/a
> > 
> > So, everything is alright for commit events, except that there's no
> > hostname available. I know how to create a custom hostname from
> > address
> > or id, so this is not really a problem.
> > 
> > But for expiry and release events, there's simply nothing that can
> > be
> > passed on to the scripts. No address, no name, no id. It's
> > impossible
> > to remove dns entries.
> > 
> > Next, if I move the "set ClientIP = " lines from inside the "on
> > commit|expiry|release" event handlers above those into the global
> > scope, I magically get the address for expiry, but not for release:
> > 
> > Dec 2 15:35:55 prokyon dhcpd: Expiry (global): Mac: n/a, IP:
> > fd10:2842:f0d1:414:b64e:8a55:154d:ad6, Name: n/a, ID: n/a
> > Dec 2 15:38:17 prokyon dhcpd: Release (global): Mac: n/a, IP: n/a,
> > Name: n/a, ID: n/a
> > 
> > Moving all this code into a host statement (works for known hosts
> > only,
> > of course), finally makes it possible to get a hostname and to
> > perform
> > clean ddns updates for commit and expiry, but it requires at least
> > one
> > dns lookup in the script to get the address from the hostname for
> > release events, which is a really, really ugly hack.
> > 
> > Am I doing something wrong, did I miss something, or ist this
> > intended behavior or even a bug?
> > 
> > Thanks for help,
> > 
> > Robert
> > 
> > --
> > Robert Senger
> > 
> > --
> > Robert Senger
> > 
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-- 
Robert Senger





More information about the dhcp-users mailing list