DHCPv6 isn't updating DNS
Bill Shirley
bill at c3po.polymerindustries.biz
Sun Jul 30 12:53:56 UTC 2017
I'm a bit confused because you appear to have two named.conf files, one for
IPv4 and one for IPv6. I only have one DNS server which handles both IPv4
and IPv6. My DHCP and DNS services run on the same machine. I have:
key DHCP_UPDATER { algorithm hmac-md5; secret <the_secret>; };
zone lan.example.com. { primary 127.0.0.1; key DHCP_UPDATER; }
Note the 127.0.0.1 for both IPv4 and IPv6.
I did have to set (in both dhcpd.conf):
update-conflict-detection off;
to enable both DHCPs to update the DNS.
Bill
On 7/29/2017 3:57 PM, Joshua Schaeffer wrote:
> TL;DR
> Sorry for the long email, but I'm having a very hard time getting my DHCP server that is setup to provide IPv6 address to update my DNS server. It seems that isc-dhcp doesn't have the functionality to do this. Is this a limitation of the protocol? I've read through the man pages for dhcpd, dhcpd.conf, dhcp-options, dhcp-eval, dhclient, and dhclient.conf as well as RFC 3315 and snippets of other RFC's related to DHCPv6 and IPv6. As far I can tell this should be possible, but maybe I'm missing something obvious. Does anybody have a working DHCPv6 server that is properly updating AAAA and PTR records? Full description of my issue is below.
>
> -------------------------------------------------------
>
> I've been running into a problem with getting my DHCPv6 server to update my DNS server and been asking around on how to fix this or what I have done wrong in my configuration, but so far I haven't been able to get this resolved. I've tried numerous settings and configuration changes, but nothing seems to work. When I have my DHCP server providing IPv6 addresses, it seems that the DHCP server never even attempts to communicate with the DNS server to update the AAAA and PTR records. Perhaps I'm missing something about the functionality between DHCPv6 and DNS. Is it possible to update DNS AAAA and PTR records from a DHCP server providing IPv6 addresses?
>
> I have setup a development environment in which I have two configurations. One for IPv4 (dhcpd.conf) and one for IPv6 (dhcpd6.conf). The two config files are as identical as they can be. When I serve IPv4, DNS gets updated, but when I serve IPv6, I it doesn't. I've tried debugging the code and set various breakpoints to see if I can find out what is going on, but I just don't have enough experience with programming and don't know enough about the program itself to get very far. I'm using isc-dhcp 4.3.5 that I compiled from source. Here is what I've setup in my dev environment:
>
> IPv6 configuration:
>
> ###############
> # DHCPD6.CONF #
> ###############
> authoritative;
>
> option dhcp6.domain-search "appendata.net";
> option dhcp6.name-servers fc01::a1;
> default-lease-time 86400;
> max-lease-time 604800;
>
> log-facility local7;
>
> ddns-updates on;
> ddns-update-style standard;
> ddns-domainname "appendata.net.";
> ddns-rev-domainname "ip6.arpa.";
> do-forward-updates on;
> deny client-updates;
> update-static-leases on;
> update-optimization off;
>
> include "/etc/keys/Kddns-aaaa-rrs.+157+02940.private";
> include "/etc/keys/Kddns-ptr-rrs.+157+36566.private";
>
> zone appendata.net. {
> primary6 fc01::a1;
> key "ddns-aaaa-rrs";
> }
> zone 0.0.0.0.0.0.0.0.0.0.0.0.1.0.c.f.ip6.arpa. {
> primary6 fc01::a1;
> key "ddns-ptr-rrs";
> }
>
> subnet6 fc01::/64 {
> default-lease-time 604800;
> max-lease-time 2419200;
>
> pool6 {
> range6 fc01::1:0:0:0/80;
> }
> }
>
> #########################
> # NAMED.CONF.LOCAL (IPV6) #
> #########################
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> include "/etc/bind/zones.rfc1918";
> include "/etc/bind/Kddns-aaaa-rrs.+157+02940.private";
> include "/etc/bind/Kddns-ptr-rrs.+157+36566.private";
>
> zone "appendata.net" in {
> type master;
> notify no;
> file "/var/lib/bind/db.appendata.net";
> allow-update {
> key ddns-aaaa-rrs;
> };
> };
>
> zone "0.0.0.0.0.0.0.0.0.0.0.0.1.0.c.f.ip6.arpa" in {
> type master;
> notify no;
> file "/var/lib/bind/db.fc01.0000.0000.0000";
> allow-update {
> key ddns-ptr-rrs;
> };
> };
>
> I then start the DHCPv6 server:
>
> root at dhcp01:~# dhcpd -6 -cf /etc/dhcp/dhcpd6.conf -lf /var/lib/dhcp/dhcpd6.leases -pf /run/dhcpd6.pid
>
> I have a test client as well. I issue the following command on the client:
>
> $ dhclient -6 -cf /etc/dhcp/dhclient.conf -lf /var/lib/dhcp/dhclient6.leases
>
> And this is what I see from the DHCPv6 server:
>
> [...]
> Server starting service.
> Solicit message from fe80::a00:27ff:fefc:35fa port 546, transaction ID 0xC9E2BF00
> Picking pool address fc01::1:a9f1:2990:24b9
> Advertise NA: address fc01::1:a9f1:2990:24b9 to client with duid 00:01:00:01:21:0f:82:c6:08:00:27:fc:35:fa iaid = 670840314 valid for 604800 seconds
> Sending Advertise to fe80::a00:27ff:fefc:35fa port 546
> Request message from fe80::a00:27ff:fefc:35fa port 546, transaction ID 0x14153D00
> Reply NA: address fc01::1:a9f1:2990:24b9 to client with duid 00:01:00:01:21:0f:82:c6:08:00:27:fc:35:fa iaid = 670840314 valid for 604800 seconds
> Sending Reply to fe80::a00:27ff:fefc:35fa port 546
>
> The DHCP server is working just fine in the sense that it hands out addresses, but it never updates DNS. When I sniff the wire, there isn't a single packet that the DHCP server sends to the DNS server. I also have the DNS server log set to DEBUG, I don't ever see anything in the log. Now when I start my DHCP server using my IPv4 configuration, DHCP updates the DNS server. I only have minor change between the configuration files.
>
> ##############
> # DHCPD.CONF #
> ##############
> authoritative;
>
> option domain-name "appendata.net";
> option domain-name-servers 172.16.0.2;
> default-lease-time 86400;
> max-lease-time 604800;
>
> log-facility local7;
>
> ddns-updates on;
> ddns-update-style standard;
> ddns-domainname "appendata.net.";
> ddns-rev-domainname "in-addr.arpa.";
> do-forward-updates on;
> deny client-updates;
> update-static-leases on;
> update-optimization off;
>
> include "/etc/keys/Kddns-a-rrs.+157+41383.private";
> include "/etc/keys/Kddns-ptr-rrs.+157+36566.private";
>
> zone appendata.net. {
> primary 172.16.0.2;
> key "ddns-a-rrs";
> }
> zone 0.16.172.in-addr.arpa. {
> primary 172.16.0.2;
> key "ddns-ptr-rrs";
> }
>
> subnet 172.16.0.0 netmask 255.255.255.0 {
> default-lease-time 604800;
> max-lease-time 2419200;
>
> pool {
> range 172.16.0.10 172.16.0.20;
> }
> }
>
> #########################
> # NAMED.CONF.LOCAL (IPV4) #
> #########################
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> include "/etc/bind/zones.rfc1918";
> include "/etc/bind/Kddns-a-rrs.+157+41383.private";
> include "/etc/bind/Kddns-ptr-rrs.+157+36566.private";
>
> zone "appendata.net" in {
> type master;
> notify no;
> file "/var/lib/bind/db.appendata.net";
> allow-update {
> key "ddns-a-rrs";
> };
> };
>
> zone "0.16.172.in-addr.arpa" in {
> type master;
> notify no;
> file "/var/lib/bind/db.172.16.0";
> allow-update {
> key "ddns-ptr-rrs";
> };
> };
>
> I start the DHCP server then run the client again. However, this time I can see that A and PTR records are getting updated:
>
> $ dhcpd -4 -cf /etc/dhcp/dhcpd.conf -lf /var/lib/dhcp/dhcpd.leases -pf /run/dhcpd.pid
>
> $ dhclient -4 -cf /etc/dhcp/dhclient.conf -lf /var/lib/dhcp/dhclient.leases
>
> Here is the output from the DHCP server:
>
> [...]
> Server starting service.
> DHCPDISCOVER from 08:00:27:05:95:af via enp0s8
> Ping timeout: 1
> DHCPOFFER on 172.16.0.10 to 08:00:27:05:95:af (dhcpclient01) via enp0s8
> DHCPREQUEST for 172.16.0.10 (172.16.0.3) from 08:00:27:05:95:af (dhcpclient01) via enp0s8
> DHCPACK on 172.16.0.10 to 08:00:27:05:95:af (dhcpclient01) via enp0s8
> Added new forward map from dhcpclient01.appendata.net. to 172.16.0.10
> Added reverse map from 10.0.16.172.in-addr.arpa. to dhcpclient01.appendata.net
>
> And from the DNS log:
>
> Jul 29 13:34:11 dns01 named[3432]: update-security: info: client 172.16.0.3#20083/key ddns-a-rrs: signer "ddns-a-rrs" approved
> Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-a-rrs: updating zone 'appendata.net/IN': deleting rrset at 'dhcpclient01.appendata.net' A
> Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-a-rrs: updating zone 'appendata.net/IN': adding an RR at 'dhcpclient01.appendata.net' A 172.16.0.10
> Jul 29 13:34:11 dns01 named[3432]: update-security: info: client 172.16.0.3#20083/key ddns-ptr-rrs: signer "ddns-ptr-rrs" approved
> Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-ptr-rrs: updating zone '0.16.172.in-addr.arpa/IN': deleting rrset at '10.0.16.172.in-addr.arpa' PTR
> Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-ptr-rrs: updating zone '0.16.172.in-addr.arpa/IN': adding an RR at '10.0.16.172.in-addr.arpa' PTR dhcpclient01.appendata.net.
>
> I'm just not sure what I'm missing here. To me it looks like DNS server's can be updated from DHCPv6 servers. Any help would be much appreciated.
>
> Thanks,
> Joshua Schaeffer
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20170730/f78e9bfb/attachment.html>
More information about the dhcp-users
mailing list