<div dir="ltr"><div><div>Thanks for the detailed explanations, Glenn!<br><br>I have tested configuration from your message by dhcpd -t but the daemon thrown me the following error:<br><br>-----------------------------------------------------------------------------------------------<br>
dhcpd -t -cf /etc/dhcp/dhcpd.conf<br>-----------------------------------------------------------------------------------------------<br>Internet Systems Consortium DHCP Server 4.1.1-P1<br>Copyright 2004-2010 Internet Systems Consortium.<br>
All rights reserved.<br>For info, please visit <a href="https://www.isc.org/software/dhcp/">https://www.isc.org/software/dhcp/</a><br>WARNING: Host declarations are global. They are not limited to the scope you declared them in.<br>
/etc/dhcp/dhcpd.conf line 76: expecting permit type.<br> allow client-updates;<br> ^<br>/etc/dhcp/dhcpd.conf line 77: semicolon expected.<br> range <br> ^<br>
Configuration file errors encountered -- exiting<br><br>This version of ISC DHCP is based on the release available<br>on <a href="http://ftp.isc.org">ftp.isc.org</a>. Features have been added and other changes<br>have been made to the base software release in order to make<br>
it work better with this distribution.<br><br>Please report for this software via the CentOS Bugs Database:<br> <a href="http://bugs.centos.org/">http://bugs.centos.org/</a><br><br>exiting.<br>------------------------------------------------------------------------------------------------<br>
<br>Obviously, it don't like "allow client-updates" option inside pool definition.<br><br>After my experiments most acceptable configuration looks like this:<br><br>-----------------------------------------------------------------------------------------------<br>
dhcpd.conf<br>------------------------------------------------------------------------------------------------<br>authoritative;<br>ddns-update-style interim;<br>ddns-updates off;<br>deny unknown-clients;<br>update-static-leases off;<br>
deny client-updates;<br>ddns-domainname "<a href="http://example.com">example.com</a>";<br>allow booting;<br>allow bootp;<br>next-server 192.168.0.21;<br>filename "pxelinux.0";<br>option root-path "192.168.0.21:/tftpboot";<br>
option ntp-servers 192.168.0.1;<br><br>one-lease-per-client on;<br><br>option domain-name "<a href="http://example.com">example.com</a>";<br><br>subnet 192.168.0.0 netmask 255.255.255.0 {<br><br> option routers 192.168.0.1;<br>
option domain-name-servers 192.168.0.1;<br> option broadcast-address 192.168.0.255;<br><br> allow client-updates;<br> allow unknown-clients;<br><br> # range for foreman<br> # 192.168.0.5 192.168.0.50<br>
<br> # dynamic address pool<br> pool {<br> ddns-updates on;<br><br> range 192.168.0.100 192.168.0.130;<br> }<br><br> # group for static host<br> group {<br>
ddns-updates on;<br> deny client-updates;<br> use-host-decl-names on;<br><br> update-static-leases on;<br><br> host static-host {<br> hardware ethernet xx:xx:xx:xx:xx:xx;<br>
fixed-address 192.168.0.132;<br> ddns-hostname "static-host";<br> }<br> ...<br><br> }<br>}<br><br>...<br>------------------------------------------------------------------------------------------------<br>
<br>It seems works fine, except "update-static-leases" option, cause everytime after removing host definition from configuration files, I should clean up my dns zones manually. Unfortunately, I didn't find more elegant solution yet.<br>
<br>--<br></div>Best wishes,<br></div>Alex<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-05-19 19:11 GMT+04:00 Glenn Satchell <span dir="ltr"><<a href="mailto:glenn.satchell@uniq.com.au" target="_blank">glenn.satchell@uniq.com.au</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Alex<br>
<br>
The lease created by the omshell commands is a host statement, that is<br>
it's a static lease. so it is not part of the pool of dynamic leases where<br>
you have turned off ddns-updates, even though the Ip address happens to be<br>
in the pool's dynamic range.<br>
<br>
Probably the right way to fix this is to remove that pool altogether and<br>
put the commands in the subnet, but you don't need the range statement for<br>
192.168.0.5 192.168.0.50. The host statement will inherit settings from<br>
the subnet, but not from the pool. You could use a pool for the range<br>
192.168.0.100 192.168.0.130 if you wanted different behaviour for those<br>
addresses.<br>
<br>
The range statement is for the dhcp server to allocate addresses itself.<br>
That function is being controlled by foreman, so you have two things<br>
conflicting with each other.<br>
<br>
By the way, no modern dhcp clients need dynamic-bootp setting for range<br>
these days. aLl that does is emulate bootp by allocating leases that never<br>
expire, so you will eventually run out of IPs due to old systems that are<br>
long gone still having anIp lease held for them.<br>
<br>
Perhaps something like this. Note I haven't tried this, so there may be<br>
syntax errors, etc, but hope this shows what I was trying to say above.<br>
<br>
subnet 192.168.0.0 netmask 255.255.255.0 {<br>
<br>
ddns-updates off;<br>
ignore client-updates;<br>
update-static-leases off;<br>
<br>
pool {<br>
range 192.168.0.100 192.168.0.130;<br>
ddns-updates on;<br>
allow client-updates;<br>
}<br>
<br>
option broadcast-address 192.168.0.255;<br>
<div class=""> option domain-name-servers 192.168.0.1;<br>
option domain-name "<a href="http://example.com" target="_blank">example.com</a>";<br>
option routers 192.168.0.1;<br>
</div><div class=""> default-lease-time 86400;<br>
max-lease-time 172800;<br>
...<br>
}<br>
<br>
</div>regards,<br>
-glenn<br>
<div><div class="h5"><br>
On Tue, May 20, 2014 12:45 am, Alexei V. Schukin wrote:<br>
> Peter, thanks for the reply.<br>
><br>
> I'm trying to make friendship Foreman + DHCP (ddns updates) + BIND.<br>
><br>
> DHCPD had configuration below, when I tested it work at last time.<br>
><br>
> =============<br>
> dhcpd.conf<br>
> =============<br>
><br>
> authoritative;<br>
> ddns-update-style interim;<br>
> ddns-updates on;<br>
> ddns-domainname "<a href="http://example.com" target="_blank">example.com</a>";<br>
> allow booting;<br>
> allow bootp;<br>
> next-server 192.168.0.21;<br>
> filename "pxelinux.0";<br>
> option root-path "192.168.0.21:/tftpboot";<br>
> option ntp-servers 192.168.0.1;<br>
> allow unknown-clients;<br>
> update-static-leases on;<br>
><br>
> subnet 192.168.0.0 netmask 255.255.255.0 {<br>
> pool {<br>
> range 192.168.0.5 192.168.0.50;<br>
> deny unknown-clients;<br>
> ddns-updates off;<br>
> ddns-update-style none;<br>
> ignore client-updates;<br>
> update-static-leases off;<br>
> }<br>
><br>
> range dynamic-bootp 192.168.0.100 192.168.0.130;<br>
> option domain-name-servers 192.168.0.1;<br>
> option domain-name "<a href="http://example.com" target="_blank">example.com</a>";<br>
> option routers 192.168.0.1;<br>
> option broadcast-address 192.168.0.255;<br>
> allow client-updates;<br>
> default-lease-time 86400;<br>
> max-lease-time 172800;<br>
> ...<br>
> }<br>
><br>
> ...<br>
><br>
> -----------------<br>
><br>
><br>
> This is the rude scheme of interaction between services:<br>
><br>
</div></div>> ​<br>
<div class="HOEnZb"><div class="h5">> __________ _________________________________<br>
> | | | |<br>
> | Host 1 | | Host 2 |<br>
> | | | (1) |<br>
> | Foreman | --> | Foreman-Proxy ------> DHCPD |<br>
> |_________| | | omshell |<br>
> | (2) | |<br>
> | | nsupdate |<br>
> | + |<br>
> | BIND |<br>
> |_________________________________|<br>
><br>
> 0. Creating host in Foreman...<br>
> 1. The Foreman tells foreman-proxy to reserve address for a new host via<br>
> omshell (1)<br>
><br>
> =================================<br>
> /var/log/foreman-proxy/proxy.log<br>
> =================================<br>
> D, [2014-05-15T19:47:03.286591 #7893] DEBUG -- : Lazy loaded<br>
> <a href="http://192.168.0.0/255.255.255.0" target="_blank">192.168.0.0/255.255.255.0</a> records<br>
> D, [2014-05-15T19:47:03.287669 #7893] DEBUG -- : Added<br>
> <a href="http://example-04.example.com" target="_blank">example-04.example.com</a> (192.168.0.25 / 00:50:56:90:72:22) to<br>
> <a href="http://192.168.0.0/255.255.255.0" target="_blank">192.168.0.0/255.255.255.0</a><br>
> D, [2014-05-15T19:47:03.288907 #7893] DEBUG -- : omshell: executed - set<br>
> name = "<a href="http://example-04.example.com" target="_blank">example-04.example.com</a>"<br>
> D, [2014-05-15T19:47:03.289097 #7893] DEBUG -- : true<br>
> D, [2014-05-15T19:47:03.289254 #7893] DEBUG -- : omshell: executed - set<br>
> ip-address = 192.168.0.25<br>
> D, [2014-05-15T19:47:03.289360 #7893] DEBUG -- : true<br>
> D, [2014-05-15T19:47:03.289510 #7893] DEBUG -- : omshell: executed - set<br>
> hardware-address = 00:50:56:90:72:22<br>
> D, [2014-05-15T19:47:03.289652 #7893] DEBUG -- : true<br>
> D, [2014-05-15T19:47:03.289819 #7893] DEBUG -- : omshell: executed - set<br>
> hardware-type = 1<br>
> D, [2014-05-15T19:47:03.289933 #7893] DEBUG -- : true<br>
> D, [2014-05-15T19:47:03.290285 #7893] DEBUG -- : omshell: executed - set<br>
> statements = "filename = \"pxelinux.0\"; next-server = c0:a8:00:cf; option<br>
> host-name = \"<a href="http://example-04.example.com" target="_blank">example-04.example.com</a>\";"<br>
> D, [2014-05-15T19:47:03.290396 #7893] DEBUG -- : true<br>
> D, [2014-05-15T19:47:03.290548 #7893] DEBUG -- : omshell: executed -<br>
> create<br>
> D, [2014-05-15T19:47:03.290700 #7893] DEBUG -- : true<br>
> I, [2014-05-15T19:47:03.315293 #7893] INFO -- : Added DHCP reservation<br>
> for<br>
> <a href="http://example-04.example.com" target="_blank">example-04.example.com</a> (192.168.0.25 / 00:50:56:90:72:22)<br>
> ---------------------------------<br>
><br>
> ==================<br>
> /var/log/messages<br>
> ==================<br>
> May 15 19:47:36 ns dhcpd: DHCPOFFER on 192.168.0.25 to 00:50:56:90:72:22<br>
> via eth1<br>
> May 15 19:47:38 ns dhcpd: Dynamic and static leases present for<br>
> 192.168.0.25.<br>
> May 15 19:47:38 ns dhcpd: Remove host declaration <a href="http://example-04.example.com" target="_blank">example-04.example.com</a><br>
> or<br>
> remove 192.168.0.25<br>
> May 15 19:47:38 ns dhcpd: from the dynamic address pool for <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a><br>
> May 15 19:47:38 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1) from<br>
> 00:50:56:90:72:22 via eth1<br>
> May 15 19:47:38 ns dhcpd: DHCPACK on 192.168.0.25 to 00:50:56:90:72:22 via<br>
> eth1<br>
> ------------------<br>
><br>
> ==========================<br>
> /var/lib/dhcp/dhcpd.leases<br>
> ==========================<br>
> host <a href="http://example-04.example.com" target="_blank">example-04.example.com</a> {<br>
> dynamic;<br>
> hardware ethernet 00:50:56:90:72:22;<br>
> fixed-address 192.168.0.25;<br>
> supersede server.filename = "pxelinux.0";<br>
> supersede server.next-server = c0:a8:00:cf;<br>
> supersede host-name = "<a href="http://example-04.example.com" target="_blank">example-04.example.com</a>";<br>
> }<br>
> --------------------------<br>
><br>
><br>
><br>
> 2. The Foreman tells foreman-proxy to create A and PTR records at BIND's<br>
> zones for a new host via nsupdate (2)<br>
><br>
> =================================<br>
> /var/log/foreman-proxy/proxy.log<br>
> =================================<br>
> D, [2014-05-15T19:47:03.464086 #7893] DEBUG -- : running /usr/bin/nsupdate<br>
> -k /etc/foreman-proxy/foreman_proxy.key<br>
> D, [2014-05-15T19:47:03.465195 #7893] DEBUG -- : nsupdate: executed -<br>
> server 127.0.0.1<br>
> D, [2014-05-15T19:47:03.470943 #7893] DEBUG -- : nsupdate: executed -<br>
> update add <a href="http://example-04.example.com" target="_blank">example-04.example.com</a>. 86400 A 192.168.0.25<br>
> D, [2014-05-15T19:47:03.658748 #7893] DEBUG -- : running /usr/bin/nsupdate<br>
> -k /etc/foreman-proxy/foreman_proxy.key<br>
> D, [2014-05-15T19:47:03.659858 #7893] DEBUG -- : nsupdate: executed -<br>
> server 127.0.0.1<br>
> D, [2014-05-15T19:47:03.662425 #7893] DEBUG -- : nsupdate: executed -<br>
> update add 25.0.168.192.in-addr.arpa. 86400 IN PTR<br>
> <a href="http://example-04.example.com" target="_blank">example-04.example.com</a>.<br>
> ---------------------------------<br>
><br>
> ===================<br>
> /var/lib/named.run<br>
> ===================<br>
> 15-May-2014 19:47:03.474 update: info: client 127.0.0.1#1904: updating<br>
> zone<br>
> '<a href="http://example.com/IN" target="_blank">example.com/IN</a>': adding an RR at '<a href="http://example-04.example.com" target="_blank">example-04.example.com</a>' A<br>
> 15-May-2014 19:47:03.669 update: info: client 127.0.0.1#34958: updating<br>
> zone '0.168.192.in-addr.arpa/IN': adding an RR at<br>
> '25.0.168.192.in-addr.arpa' PTR<br>
><br>
><br>
> 3. When host completely configured, it try to boot by pxe:<br>
><br>
> ===========================<br>
> /var/log/messages<br>
> ===========================<br>
> May 15 19:48:11 ns dhcpd: DHCPDISCOVER from 00:50:56:90:72:22 via eth1<br>
> May 15 19:48:11 ns dhcpd: DHCPOFFER on 192.168.0.25 to 00:50:56:90:72:22<br>
> via eth1<br>
> May 15 19:48:11 ns dhcpd: Dynamic and static leases present for<br>
> 192.168.0.25.<br>
> May 15 19:48:11 ns dhcpd: Remove host declaration <a href="http://example-04.example.com" target="_blank">example-04.example.com</a><br>
> or<br>
> remove 192.168.0.25<br>
> May 15 19:48:11 ns dhcpd: from the dynamic address pool for <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a><br>
> May 15 19:48:11 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1) from<br>
> 00:50:56:90:72:22 via eth1<br>
> May 15 19:48:11 ns dhcpd: DHCPACK on 192.168.0.25 to 00:50:56:90:72:22 via<br>
> eth1<br>
><br>
><br>
> 4. When host starts to configure its network interface and received<br>
> address, dhcpd initiates update bind's zones (I hope I understand this<br>
> mechanism properly):<br>
><br>
> ===========================<br>
> /var/log/messages<br>
> ===========================<br>
> May 15 19:48:20 ns dhcpd: DHCPDISCOVER from 00:50:56:90:72:22 via eth1<br>
> May 15 19:48:20 ns dhcpd: DHCPOFFER on 192.168.0.25 to 00:50:56:90:72:22<br>
> via eth1<br>
> May 15 19:48:20 ns dhcpd: Dynamic and static leases present for<br>
> 192.168.0.25.<br>
> May 15 19:48:20 ns dhcpd: Remove host declaration <a href="http://example-04.example.com" target="_blank">example-04.example.com</a><br>
> or<br>
> remove 192.168.0.25<br>
> May 15 19:48:20 ns dhcpd: from the dynamic address pool for <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a><br>
> May 15 19:48:20 ns dhcpd: Added new forward map from<br>
> <a href="http://example-04.example.com.example.com" target="_blank">example-04.example.com.example.com</a> to 192.168.0.25<br>
> May 15 19:48:20 ns dhcpd: added reverse map from<br>
> 25.0.168.192.in-addr.arpa.<br>
> to <a href="http://example-04.example.com.example.com" target="_blank">example-04.example.com.example.com</a><br>
> May 15 19:48:20 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1) from<br>
> 00:50:56:90:72:22 via eth1<br>
> May 15 19:48:20 ns dhcpd: DHCPACK on 192.168.0.25 to 00:50:56:90:72:22 via<br>
> eth1<br>
> ---------------------------<br>
><br>
> ===================<br>
> /var/lib/named.run<br>
> ===================<br>
> 15-May-2014 19:48:20.229 update: info: client 192.168.0.1#55653: updating<br>
> zone '<a href="http://example.com/IN" target="_blank">example.com/IN</a>': adding an RR at<br>
> '<a href="http://example-04.example.com.example.com" target="_blank">example-04.example.com.example.com</a>'<br>
> A<br>
> 15-May-2014 19:48:20.229 update: info: client 192.168.0.1#55653: updating<br>
> zone '<a href="http://example.com/IN" target="_blank">example.com/IN</a>': adding an RR at<br>
> '<a href="http://example-04.example.com.example.com" target="_blank">example-04.example.com.example.com</a>'<br>
> TXT<br>
> 15-May-2014 19:48:20.274 update: info: client 192.168.0.1#38704: updating<br>
> zone '0.168.192.in-addr.arpa/IN': deleting rrset at<br>
> '25.0.168.192.in-addr.arpa' PTR<br>
> 15-May-2014 19:48:20.274 update: info: client 192.168.0.1#38704: updating<br>
> zone '0.168.192.in-addr.arpa/IN': adding an RR at<br>
> '25.0.168.192.in-addr.arpa' PTR<br>
> -------------------<br>
><br>
> So, I can't figure out: if I told dhcpd "do not attempt any updates when<br>
> the client received address or this is a static lease etc.", why it<br>
> continue updates zones?<br>
><br>
> Alex<br>
><br>
> 2014-05-12 10:29 GMT+04:00 Peter Rathlev <<a href="mailto:peter@rathlev.dk">peter@rathlev.dk</a>>:<br>
>> On Mon, 2014-04-28 at 17:14 +0400, Alexei V. Schukin wrote:<br>
>>> I'm trying to exclude one pool of subnet from dynamic updates.<br>
>> ...<br>
>>> subnet 192.168.0.1 netmask 255.255.255.0 {<br>
>>> pool {<br>
>>> range 192.168.0.10 192.168.0.20;<br>
>>> deny unknown-clients;<br>
>>> ddns-updates off;<br>
>>> ignore client-updates;<br>
>> ...<br>
>>> But it doesn't work: dhcpd still updating dns within this address pool.<br>
>>> What I'm missing?<br>
>><br>
>> Are you sure it's dhcpd that does the updating? Does it say so in the<br>
>> logs? The above configuration would make the client try updating itself.<br>
>> It of course needs permission to do this.<br>
>><br>
>> --<br>
>> Peter<br>
>><br>
>><br>
>> _______________________________________________<br>
>> dhcp-users mailing list<br>
>> <a href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a><br>
>> <a href="https://lists.isc.org/mailman/listinfo/dhcp-users" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><br>
> _______________________________________________<br>
> dhcp-users mailing list<br>
> <a href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a><br>
> <a href="https://lists.isc.org/mailman/listinfo/dhcp-users" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><br>
<br>
<br>
_______________________________________________<br>
dhcp-users mailing list<br>
<a href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/dhcp-users" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><br>
</div></div></blockquote></div><br></div>