Issues with dhcpv6 and ddns updates
Thomas Markwalder
tmark at isc.org
Fri Dec 2 16:02:32 UTC 2016
On 12/2/16 10:07 AM, perl-list wrote:
> Robert,
>
> I don't know anything about DDNS updates as I have never used them,
> but I can confirm that on release {} in DHCPv6 does not seem to have
> access to any of the option data. I had the same problem and asked
> the list about it more than a week ago. I was met with silence. If a
> developer could comment on this being a bug or simply not implemented
> yet, that would be great. Target for inclusion of option data in on
> release {} statements?
>
> ------------------------------------------------------------------------
>
> *From: *"Robert Senger" <robert.senger at lists.microscopium.de>
> *To: *"Users of ISC DHCP" <dhcp-users at lists.isc.org>
> *Sent: *Friday, December 2, 2016 10:01:31 AM
> *Subject: *Issues with dhcpv6 and ddns updates
>
> Hi there,
>
> I am running isc-dhcp-server in ipv6 mode, and I'd like to update the
> local internal dns zones hosted by bind9 with dhcpv6 client's
> names and
> ipv6 addresses.
>
> The built-in ddns seems to be completely unable to remove entries from
> the dns upon expiry or release, so I ended up doing ddns stuff on my
> own using "on commit|expiry|release" event handlers and corresponding
> scripts.
>
> But this also has issues with expiry and release events. While
> (almost...) everything is fine with commits, I am having trouble
> getting enough information about which hosts lease has expired or was
> released.
>
> This is the code I have in the dhcpd6.conf global scope:
>
> on commit
> {
>
> set ClientMac =
> "n/a";
>
> set ClientIP = pick-first-value(binary-to-ascii(16, 16, ":",
> substring(option dhcp6.ia-na, 16, 16)),
> "n/a");
> set ClientID = pick-first-value(binary-to-ascii(16, 8, ":",
> option dhcp6.client-id),
> "n/a");
> set ClientName = pick-first-value(ddns-hostname, option
> fqdn.hostname, option host-name,
> "n/a");
> log(concat("Commit (global): Mac: ", ClientMac, ", IP: ",
> ClientIP, ", Name: ", ClientName, ", ID: ",
> ClientID));
> #execute("/etc/dhcp/dhcp6commit.sh", ClientMac, ClientIP,
> ClientName,
> ClientID);
> }
>
>
> on expiry
> {
>
> set ClientMac =
> "n/a";
>
> set ClientIP = pick-first-value(binary-to-ascii(16, 16, ":",
> substring(option dhcp6.ia-na, 16, 16)),
> "n/a");
> set ClientID = pick-first-value(binary-to-ascii(16, 8, ":",
> option dhcp6.client-id),
> "n/a");
> set ClientName = pick-first-value(ddns-hostname, option
> fqdn.hostname, option host-name,
> "n/a");
> log(concat("Expiry (global): Mac: ", ClientMac, ", IP: ",
> ClientIP, ", Name: ", ClientName, ", ID: ",
> ClientID));
> #execute("/etc/dhcp/dhcp6expiry.sh", ClientMac, ClientIP,
> ClientName,
> ClientID);
> }
>
>
> on release
> {
>
> set ClientMac =
> "n/a";
>
> set ClientIP = pick-first-value(binary-to-ascii(16, 16, ":",
> substring(option dhcp6.ia-na, 16, 16)),
> "n/a");
> set ClientID = pick-first-value(binary-to-ascii(16, 8, ":",
> option dhcp6.client-id),
> "n/a");
> set ClientName = pick-first-value(ddns-hostname, option
> fqdn.hostname, option host-name,
> "n/a");
> log(concat("Release (global): Mac: ", ClientMac, ", IP: ",
> ClientIP, ", Name: ", ClientName, ", ID: ",
> ClientID));
> #execute("/etc/dhcp/dhcp6release.sh", ClientMac, ClientIP,
> ClientName,
> ClientID);
> }
>
>
>
>
> (I've commented the "execute" statement to not mess up ddns while
> testing).
>
> And this is what I see in the dhcp log:
>
> Commit:
>
> Dec 2 15:02:02 prokyon dhcpd: Reply NA: address
> fd10:2842:f0d1:414:b64e:8a55:154d:ad6 to client with duid
> 00:01:00:01:1e:dd:f7:4d:00:12:f0:90:5a:49 iaid = 1 valid for 1200
> seconds
> Dec 2 15:02:02 prokyon dhcpd: Commit (global): Mac: n/a, IP:
> fd10:2842:f0d1:414:b64e:8a55:154d:ad6, Name: n/a, ID:
> 0:1:0:1:1e:dd:f7:4d:0:12:f0:90:5a:49
>
> Release:
>
> Dec 2 15:03:39 prokyon dhcpd: Client
> 00:01:00:01:1e:dd:f7:4d:00:12:f0:90:5a:49 releases address
> fd10:2842:f0d1:414:b64e:8a55:154d:ad6
> Dec 2 15:03:39 prokyon dhcpd: Release (global): Mac: n/a, IP: n/a,
> Name: n/a, ID: n/a
>
> Expiry:
>
> Dec 2 15:14:04 prokyon dhcpd: Expiry (global): Mac: n/a, IP: n/a,
> Name: n/a, ID: n/a
>
> So, everything is alright for commit events, except that there's no
> hostname available. I know how to create a custom hostname from
> address
> or id, so this is not really a problem.
>
> But for expiry and release events, there's simply nothing that can be
> passed on to the scripts. No address, no name, no id. It's impossible
> to remove dns entries.
>
>
> Next, if I move the "set ClientIP = " lines from inside the "on
> commit|expiry|release" event handlers above those into the global
> scope, I magically get the address for expiry, but not for release:
>
> Dec 2 15:35:55 prokyon dhcpd: Expiry (global): Mac: n/a, IP:
> fd10:2842:f0d1:414:b64e:8a55:154d:ad6, Name: n/a, ID: n/a
> Dec 2 15:38:17 prokyon dhcpd: Release (global): Mac: n/a, IP: n/a,
> Name: n/a, ID: n/a
>
>
> Moving all this code into a host statement (works for known hosts
> only,
> of course), finally makes it possible to get a hostname and to perform
> clean ddns updates for commit and expiry, but it requires at least one
> dns lookup in the script to get the address from the hostname for
> release events, which is a really, really ugly hack.
>
> Am I doing something wrong, did I miss something, or ist this
> intended behavior or even a bug?
>
> Thanks for help,
>
> Robert
>
>
> --
> Robert Senger
>
>
> --
> Robert Senger
>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
Hello Robert:
Sorry for the belated reply, ISC is a small non-profit with limited
resources and we do what we can. Contributions are always welcome. In
order to make options available during releases, regardless of whether
we're discussing v4 of v6, the server would have to execute all of the
configuration statements down to appropriate scope as is done when
granting or renewing leases. The same applies to lease expiration
processing.
As to why this has never been added I cannot say, however adding it
might have unintended consequences. It is something we we would have to
examine closely and if we were to add, it would be disabled by default,
enabled with a run time option. If you submit a feature request by
emailing dhcp-suggest at isc.org, I will add it to the list of items under
consideration for inclusion in 4.4.0 release, due sometime in 2017 (date
is TBD).
Sincerely,
Thomas Markwalder
ISC Software Engineering
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20161202/42a1da7e/attachment-0001.html>
More information about the dhcp-users
mailing list