<div dir="ltr"><div>I'm about to go insane. It's probably an obvious problem, but for the life of me, I can't find it.</div><div><br></div><div>I'm trying to setup Bind9 + DHCPd + DDNS (forward and reverses)</div>
<div>I've got DHCP working for multiple subnets etc, and doing BIND DDNS updates, at least for forward records.</div><div><br></div><div>I get the following in the logs:</div><div>---</div><div>Jul 23 20:17:17 dns-dhcp-01 dhcpd: Added new forward map from ABCD-R61.somedom.local to 10.1.0.221</div>
<div>Jul 23 20:17:18 dns-dhcp-01 dhcpd: unable to add reverse map from 221.0.1.10.in-addr.arpa. to ABCD-R61.somedom.local: timed out</div><div>---</div><div><br></div><div>Turning up the verbosity level in BIND to debug doesn't produce anything useful I can find. The DHCP logs don't shed any more light on things either.</div>
<div>[Perhaps it does produce useful stuff but, if so, I can not find it.]</div><div><br></div><div>Here's the environment.</div><div>Ubuntu 12.04 [Running in a VM, with the eth interface bridged - though it shouldn't matter, it's VirtualBox]</div>
<div>DHCPd 4.1-R4</div><div>BIND 9.8.1-P1 </div><div>Both standard Ubuntu packages, installed from the Ubuntu repositories.</div><div><br></div><div>Here are my configs:</div><div>---</div><div>/etc/bind/named.conf.local</div>
<div>---</div><div>// Do any local configuration here</div><div>//</div><div><br></div><div>// Consider adding the 1918 zones here, if they are not used in your</div><div>// organization</div><div>//include "/etc/bind/zones.rfc1918";</div>
<div><br></div><div>acl "local-nets" {</div><div><span class="" style="white-space:pre"> </span><a href="http://10.1.0.0/22">10.1.0.0/22</a>;</div><div>};</div><div><br></div><div>acl "dns-dhcp-servers" {</div>
<div><span class="" style="white-space:pre"> </span>10.1.0.5; 10.1.0.6;</div><div>};</div><div><br></div><div>zone "somedom.local" {</div><div> type master;</div><div> file "/var/lib/bind/somedom.local.hosts";</div>
<div><span class="" style="white-space:pre"> </span>// update-policy { grant rndc-key zonesub ANY; };<span class="" style="white-space:pre"> </span></div><div><span class="" style="white-space:pre"> </span>allow-update { key rndc-key; };</div>
<div> };</div><div><br></div><div>zone "0.1.10.in-addr.arpa" {</div><div> type master;</div><div> file "/var/lib/bind/10.1.0.rev";</div><div><span class="" style="white-space:pre"> </span>//update-policy { grant rndc-key zonesub ANY; };<span class="" style="white-space:pre"> </span></div>
<div><span class="" style="white-space:pre"> </span>allow-update { key rndc-key; };</div><div><span class="" style="white-space:pre"> </span>allow-query { any; };</div><div> };</div><div><br></div><div>zone "1.1.10.in-addr.arpa" {</div>
<div> type master;</div><div> file "/var/lib/bind/10.1.1.rev";</div><div><span class="" style="white-space:pre"> </span>//update-policy { grant rndc-key zonesub ANY; };<span class="" style="white-space:pre"> </span></div>
<div><span class="" style="white-space:pre"> </span>allow-update { key rndc-key; };</div><div> };</div><div><br></div><div>zone "2.1.10.in-addr.arpa" {</div><div> type master;</div><div> file "/var/lib/bind/10.1.2.rev";</div>
<div><span class="" style="white-space:pre"> </span>//update-policy { grant rndc-key zonesub ANY; };<span class="" style="white-space:pre"> </span></div><div><span class="" style="white-space:pre"> </span>allow-update { key rndc-key; };</div>
<div> };</div><div><br></div><div>logging {</div><div> channel default_file {</div><div> file "/var/log/named/default.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel general_file {</div><div> file "/var/log/named/general.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel database_file {</div><div> file "/var/log/named/database.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel security_file {</div><div> file "/var/log/named/security.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel config_file {</div><div> file "/var/log/named/config.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel resolver_file {</div><div> file "/var/log/named/resolver.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel xfer-in_file {</div><div> file "/var/log/named/xfer-in.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel xfer-out_file {</div><div> file "/var/log/named/xfer-out.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel notify_file {</div><div> file "/var/log/named/notify.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel client_file {</div><div> file "/var/log/named/client.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel unmatched_file {</div><div> file "/var/log/named/unmatched.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel queries_file {</div><div> file "/var/log/named/queries.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel network_file {</div><div> file "/var/log/named/network.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel update_file {</div><div> file "/var/log/named/update.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel dispatch_file {</div><div> file "/var/log/named/dispatch.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel dnssec_file {</div><div> file "/var/log/named/dnssec.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div><span class="" style="white-space:pre"> </span>severity debug 3;</div>
<div> print-time yes;</div><div> };</div><div> channel lame-servers_file {</div><div> file "/var/log/named/lame-servers.log" versions 3 size 5m;</div><div> //severity dynamic;</div><div>
<span class="" style="white-space:pre"> </span>severity debug 3;</div><div> print-time yes;</div><div> };</div><div><br></div><div> category default { default_file; };</div><div> category general { general_file; };</div>
<div> category database { database_file; };</div><div> category security { security_file; };</div><div> category config { config_file; };</div><div> category resolver { resolver_file; };</div><div> category xfer-in { xfer-in_file; };</div>
<div> category xfer-out { xfer-out_file; };</div><div> category notify { notify_file; };</div><div> category client { client_file; };</div><div> category unmatched { unmatched_file; };</div><div> category queries { queries_file; };</div>
<div> category network { network_file; };</div><div> category update { update_file; };</div><div> category dispatch { dispatch_file; };</div><div> category dnssec { dnssec_file; };</div><div> category lame-servers { lame-servers_file; };</div>
<div>};</div><div><br></div><div>---</div><div>The zone file for the problem zone above. [There are three zones, but I'm having the problem in this zone I haven't tested the others, but if I get this zone working, I'm sure the others will work too. So I'll just give this one zone.]</div>
<div>*** /var/lib/bind/10.1.0.rev</div><div>---</div><div>;#/var/lib/bind/10.1.0.rev</div><div>$ttl 38400</div><div>0.1.10.in-addr.arpa. IN SOA dns-dhcp-01. <a href="http://root.somedom.com">root.somedom.com</a>. (</div>
<div> 2013072301 ;serial</div><div> 10800 ;slave-refresh, 3h</div><div> 3600 ;slave-retry, update, 1h</div><div> 604800 ;slave-expire, 7d</div>
<div> 120 ;minimum [negative response TTL], 2m</div><div> )</div><div>0.1.10.in-addr.arpa. IN NS dns-dhcp-01.somedom.local.</div><div>0.1.10.in-addr.arpa. IN NS dns-dhcp-02.somedom.local.</div>
<div><br></div><div>---<br></div><div><br></div><div>*** The DHCPd.conf file</div><div>---</div><div>authoritative;</div><div><br></div><div>key "rndc-key" {</div><div> algorithm hmac-md5;</div><div> secret "SOMESECRET";</div>
<div>};</div><div><br></div><div>ddns-update-style interim;</div><div>ddns-domainname "somedom.local";</div><div><br></div><div>log-facility local7;</div><div>log debug;</div><div><br></div><div>option time-offset -18000; # Pacific Standard Time</div>
<div>one-lease-per-client off;</div><div><br></div><div>use-host-decl-names on;</div><div>option ntp-servers time.somedom.local;</div><div>option time-servers time.somedom.local;</div><div>option domain-name-servers 10.1.0.5, 10.1.0.6;</div>
<div>option domain-name "somedom.local";</div><div>option netbios-name-servers 10.1.0.17;</div><div>option routers 10.1.0.190;</div><div><br></div><div>#1h lease</div><div>default-lease-time 3600;</div><div>max-lease-time 3600;</div>
<div>option ip-forwarding off;</div><div><br></div><div>zone somedom.local. {</div><div> primary 10.1.0.5;</div><div> key rndc-key;<br></div><div>}</div><div><br></div><div>zone 0.1.10.in-addr.arpa. {</div><div>
primary 10.1.0.5;</div><div> key rndc-key;</div><div>}</div><div><br></div><div>zone 1.1.10.in-addr.arpa. {</div><div> primary 10.1.0.5;</div><div> key rndc-key;</div><div>}</div><div><br></div>
<div>zone 2.1.10.in-addr.arpa. {</div><div> primary 10.1.0.5;</div><div> key rndc-key;</div><div>}</div><div><br></div><div># Subnet for internal hosts</div><div> subnet 10.1.0.0 netmask 255.255.255.0 {</div>
<div> option routers 10.1.0.190;</div><div> option subnet-mask 255.255.255.0;</div><div><br></div><div> # block unknowns for .60 - .113</div><div> pool {</div>
<div> range 10.1.0.60 10.1.0.113;</div><div> allow unknown-clients;</div><div> }</div><div> # block unknowns for 10.1.0.114 - .115</div>
<div> pool {</div><div> range 10.1.0.114 10.1.0.114;</div><div> deny unknown-clients;</div><div> }</div><div> # allow unknowns for 10.1.0.115 - .153</div>
<div> pool {</div><div> range 10.1.0.115 10.1.0.153;</div><div> allow unknown-clients;</div><div> }</div><div>
# block unknowns for 10.1.0.154 - .194</div><div> pool {</div><div> range 10.1.0.154 10.1.0.194;</div><div> deny unknown-clients;</div>
<div> }</div><div> # allow unknowns for 10.1.0.195 - .222</div><div> pool {</div><div> range 10.1.0.195 10.1.0.222;</div><div>
allow unknown-clients;</div><div> }</div><div> # block unknowns for 10.1.0.223 - .254</div><div> pool {</div><div> range 10.1.0.223 10.1.0.254;</div>
<div> deny unknown-clients;</div><div> }</div><div> }</div><div><br></div><div> subnet 10.1.1.0 netmask 255.255.255.0 {</div><div> option routers 10.1.1.1;</div>
<div> option subnet-mask 255.255.255.0;</div><div> pool {</div><div> #failover peer "dhcp-failover";</div><div> max-lease-time 14400; </div>
<div> range 10.1.1.21 10.1.1.240;</div><div><span class="" style="white-space:pre"> </span>allow unknown-clients;</div><div> }</div><div> }</div><div><br></div><div> subnet 10.1.2.0 netmask 255.255.255.0 {</div>
<div> option routers 10.1.2.1;</div><div> option subnet-mask 255.255.255.0;</div><div> pool {</div><div> #failover peer "dhcp-failover";</div>
<div> max-lease-time 14400; </div><div> range 10.1.2.50 10.1.2.250;</div><div><span class="" style="white-space:pre"> </span>allow unknown-clients;</div><div> }</div>
<div> }</div><div><br></div><div><br></div><div>---</div><div>named.conf</div><div>---</div><div>include "/etc/bind/named.conf.options";</div><div>include "/etc/bind/named.conf.local";</div><div>include "/etc/bind/named.conf.default-zones";</div>
<div><br></div><div>#512 bit key</div><div>key "rndc-key" {</div><div> algorithm hmac-md5;</div><div> secret "SOMESECRET";</div><div>};</div><div><br></div><div>controls {</div><div> inet 127.0.0.1 port 953</div>
<div> allow { 127.0.0.1; } keys { "rndc-key"; };</div><div><br></div><div> inet 10.1.0.5 port 953</div><div> allow { 127.0.0.1; } keys { "rndc-key"; };</div><div>};</div>
<div>---</div><div><br></div><div>To keep the clutter down, I won't give any more config files:</div><div>But syntax checks of both the BIND and DHCPd config files is clean, and both BIND and DHCPd appear to load and run fine.</div>
<div>The only problem I have is the failed [timed out] problem for creating the PTR record for the reverse.</div><div><br></div><div>I've spent hours on this, looking the docs, examples, google-foo, and more. I'm quite sure it's something stupid, but as I said above, I can't find it and I'm desperate!</div>
<div><br></div><div>TIA</div><div>-Greg</div></div>