<div dir="ltr">Have tested. Nope, the same error.<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-06-04 15:34 GMT+04:00 Glenn Satchell <span dir="ltr"><<a href="mailto:glenn.satchell@uniq.com.au" target="_blank">glenn.satchell@uniq.com.au</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Maybe move ddns-updates on; into the subnet definition. At the moment<br>
ddns-updates are off in the subnet, and so allow client-updates; doesn't<br>
make sense with that not turned on? Just guessing here.<br>
<br>
regards,<br>
-glenn<br>
<div><div class="h5"><br>
On Wed, June 4, 2014 2:39 am, Alexei V. Schukin wrote:<br>
> Thanks for the detailed explanations, Glenn!<br>
> I have tested configuration from your message by dhcpd -t but the daemon<br>
thrown me the following error:<br>
> -----------------------------------------------------------------------------------------------<br>
dhcpd -t -cf /etc/dhcp/dhcpd.conf<br>
> -----------------------------------------------------------------------------------------------<br>
Internet Systems Consortium DHCP Server 4.1.1-P1<br>
> Copyright 2004-2010 Internet Systems Consortium.<br>
> All rights reserved.<br>
> For info, please visit <a href="https://www.isc.org/software/dhcp/" target="_blank">https://www.isc.org/software/dhcp/</a><br>
> WARNING: Host declarations are global. They are not limited to the<br>
scope<br>
> you declared them in.<br>
> /etc/dhcp/dhcpd.conf line 76: expecting permit type.<br>
> allow client-updates;<br>
> ^<br>
> /etc/dhcp/dhcpd.conf line 77: semicolon expected.<br>
> range<br>
> ^<br>
> Configuration file errors encountered -- exiting<br>
> This version of ISC DHCP is based on the release available<br>
> on <a href="http://ftp.isc.org" target="_blank">ftp.isc.org</a>. Features have been added and other changes<br>
> have been made to the base software release in order to make<br>
> it work better with this distribution.<br>
> Please report for this software via the CentOS Bugs Database:<br>
> <a href="http://bugs.centos.org/" target="_blank">http://bugs.centos.org/</a><br>
> exiting.<br>
> ------------------------------------------------------------------------------------------------<br>
Obviously, it don't like "allow client-updates" option inside pool<br>
definition.<br>
> After my experiments most acceptable configuration looks like this:<br>
-----------------------------------------------------------------------------------------------<br>
dhcpd.conf<br>
> ------------------------------------------------------------------------------------------------<br>
authoritative;<br>
> ddns-update-style interim;<br>
> ddns-updates off;<br>
> deny unknown-clients;<br>
> update-static-leases off;<br>
> deny client-updates;<br>
> ddns-domainname "<a href="http://example.com" target="_blank">example.com</a>";<br>
> allow booting;<br>
> allow bootp;<br>
> next-server 192.168.0.21;<br>
> filename "pxelinux.0";<br>
> option root-path "192.168.0.21:/tftpboot";<br>
> option ntp-servers 192.168.0.1;<br>
> one-lease-per-client on;<br>
> option domain-name "<a href="http://example.com" target="_blank">example.com</a>";<br>
> subnet 192.168.0.0 netmask 255.255.255.0 {<br>
> option routers 192.168.0.1;<br>
> option domain-name-servers 192.168.0.1;<br>
> option broadcast-address 192.168.0.255;<br>
> allow client-updates;<br>
> allow unknown-clients;<br>
> # range for foreman<br>
> # 192.168.0.5 192.168.0.50<br>
> # dynamic address pool<br>
> pool {<br>
> ddns-updates on;<br>
> range 192.168.0.100 192.168.0.130;<br>
> }<br>
> # group for static host<br>
> group {<br>
> ddns-updates on;<br>
> deny client-updates;<br>
> use-host-decl-names on;<br>
> update-static-leases on;<br>
> host static-host {<br>
> hardware ethernet xx:xx:xx:xx:xx:xx;<br>
> fixed-address 192.168.0.132;<br>
> ddns-hostname "static-host";<br>
> }<br>
> ...<br>
> }<br>
> }<br>
> ...<br>
> ------------------------------------------------------------------------------------------------<br>
It seems works fine, except "update-static-leases" option, cause<br>
everytime<br>
> after removing host definition from configuration files, I should clean<br>
up<br>
> my dns zones manually. Unfortunately, I didn't find more elegant<br>
solution<br>
> yet.<br>
> --<br>
> Best wishes,<br>
> Alex<br>
> 2014-05-19 19:11 GMT+04:00 Glenn Satchell <<a href="mailto:glenn.satchell@uniq.com.au">glenn.satchell@uniq.com.au</a>>:<br>
>> Hi Alex<br>
>> The lease created by the omshell commands is a host statement, that is<br>
it's a static lease. so it is not part of the pool of dynamic leases<br>
where<br>
>> you have turned off ddns-updates, even though the Ip address happens to be<br>
>> in the pool's dynamic range.<br>
>> Probably the right way to fix this is to remove that pool altogether<br>
and<br>
>> put the commands in the subnet, but you don't need the range statement for<br>
>> 192.168.0.5 192.168.0.50. The host statement will inherit settings from<br>
the subnet, but not from the pool. You could use a pool for the range<br>
192.168.0.100 192.168.0.130 if you wanted different behaviour for those<br>
addresses.<br>
>> The range statement is for the dhcp server to allocate addresses<br>
itself.<br>
>> That function is being controlled by foreman, so you have two things<br>
conflicting with each other.<br>
>> By the way, no modern dhcp clients need dynamic-bootp setting for range<br>
these days. aLl that does is emulate bootp by allocating leases that<br>
never<br>
>> expire, so you will eventually run out of IPs due to old systems that are<br>
>> long gone still having anIp lease held for them.<br>
>> Perhaps something like this. Note I haven't tried this, so there may be<br>
syntax errors, etc, but hope this shows what I was trying to say above.<br>
subnet 192.168.0.0 netmask 255.255.255.0 {<br>
>> ddns-updates off;<br>
>> ignore client-updates;<br>
>> update-static-leases off;<br>
>> pool {<br>
>> range 192.168.0.100 192.168.0.130;<br>
>> ddns-updates on;<br>
>> allow client-updates;<br>
>> }<br>
>> option broadcast-address 192.168.0.255;<br>
>> option domain-name-servers 192.168.0.1;<br>
>> option domain-name "<a href="http://example.com" target="_blank">example.com</a>";<br>
>> option routers 192.168.0.1;<br>
>> default-lease-time 86400;<br>
>> max-lease-time 172800;<br>
>> ...<br>
>> }<br>
>> regards,<br>
>> -glenn<br>
>> On Tue, May 20, 2014 12:45 am, Alexei V. Schukin wrote:<br>
>> > Peter, thanks for the reply.<br>
>> > I'm trying to make friendship Foreman + DHCP (ddns updates) + BIND.<br>
DHCPD had configuration below, when I tested it work at last time.<br>
=============<br>
>> > dhcpd.conf<br>
>> > =============<br>
>> > authoritative;<br>
>> > ddns-update-style interim;<br>
>> > ddns-updates on;<br>
>> > ddns-domainname "<a href="http://example.com" target="_blank">example.com</a>";<br>
>> > allow booting;<br>
>> > allow bootp;<br>
>> > next-server 192.168.0.21;<br>
>> > filename "pxelinux.0";<br>
>> > option root-path "192.168.0.21:/tftpboot";<br>
>> > option ntp-servers 192.168.0.1;<br>
>> > allow unknown-clients;<br>
>> > update-static-leases on;<br>
>> > subnet 192.168.0.0 netmask 255.255.255.0 {<br>
>> > pool {<br>
>> > range 192.168.0.5 192.168.0.50;<br>
>> > deny unknown-clients;<br>
>> > ddns-updates off;<br>
>> > ddns-update-style none;<br>
>> > ignore client-updates;<br>
>> > update-static-leases off;<br>
>> > }<br>
>> > range dynamic-bootp 192.168.0.100 192.168.0.130;<br>
>> > option domain-name-servers 192.168.0.1;<br>
>> > option domain-name "<a href="http://example.com" target="_blank">example.com</a>";<br>
>> > option routers 192.168.0.1;<br>
>> > option broadcast-address 192.168.0.255;<br>
>> > allow client-updates;<br>
>> > default-lease-time 86400;<br>
>> > max-lease-time 172800;<br>
>> > ...<br>
>> > }<br>
>> > ...<br>
>> > -----------------<br>
>> > This is the rude scheme of interaction between services:<br>
</div></div>>> > ​<br>
<div class="HOEnZb"><div class="h5">>> > __________ _________________________________<br>
>> > | | | |<br>
>> > | Host 1 | | Host 2 |<br>
>> > | | | (1) |<br>
>> > | Foreman | --> | Foreman-Proxy ------> DHCPD |<br>
>> > |_________| | | omshell |<br>
>> > | (2) | |<br>
>> > | | nsupdate |<br>
>> > | + |<br>
>> > | BIND |<br>
>> > |_________________________________|<br>
>> > 0. Creating host in Foreman...<br>
>> > 1. The Foreman tells foreman-proxy to reserve address for a new host<br>
>> via<br>
>> > omshell (1)<br>
>> > =================================<br>
>> > /var/log/foreman-proxy/proxy.log<br>
>> > =================================<br>
>> > D, [2014-05-15T19:47:03.286591 #7893] DEBUG -- : Lazy loaded<br>
>> > <a href="http://192.168.0.0/255.255.255.0" target="_blank">192.168.0.0/255.255.255.0</a> records<br>
>> > D, [2014-05-15T19:47:03.287669 #7893] DEBUG -- : Added<br>
>> > <a href="http://example-04.example.com" target="_blank">example-04.example.com</a> (192.168.0.25 / 00:50:56:90:72:22) to<br>
>> > <a href="http://192.168.0.0/255.255.255.0" target="_blank">192.168.0.0/255.255.255.0</a><br>
>> > D, [2014-05-15T19:47:03.288907 #7893] DEBUG -- : omshell: executed -<br>
>> set<br>
>> > name = "<a href="http://example-04.example.com" target="_blank">example-04.example.com</a>"<br>
>> > D, [2014-05-15T19:47:03.289097 #7893] DEBUG -- : true<br>
>> > D, [2014-05-15T19:47:03.289254 #7893] DEBUG -- : omshell: executed -<br>
>> set<br>
>> > ip-address = 192.168.0.25<br>
>> > D, [2014-05-15T19:47:03.289360 #7893] DEBUG -- : true<br>
>> > D, [2014-05-15T19:47:03.289510 #7893] DEBUG -- : omshell: executed -<br>
>> set<br>
>> > hardware-address = 00:50:56:90:72:22<br>
>> > D, [2014-05-15T19:47:03.289652 #7893] DEBUG -- : true<br>
>> > D, [2014-05-15T19:47:03.289819 #7893] DEBUG -- : omshell: executed -<br>
>> set<br>
>> > hardware-type = 1<br>
>> > D, [2014-05-15T19:47:03.289933 #7893] DEBUG -- : true<br>
>> > D, [2014-05-15T19:47:03.290285 #7893] DEBUG -- : omshell: executed -<br>
>> set<br>
>> > statements = "filename = \"pxelinux.0\"; next-server = c0:a8:00:cf;<br>
>> option<br>
>> > host-name = \"<a href="http://example-04.example.com" target="_blank">example-04.example.com</a>\";"<br>
>> > D, [2014-05-15T19:47:03.290396 #7893] DEBUG -- : true<br>
>> > D, [2014-05-15T19:47:03.290548 #7893] DEBUG -- : omshell: executed -<br>
create<br>
>> > D, [2014-05-15T19:47:03.290700 #7893] DEBUG -- : true<br>
>> > I, [2014-05-15T19:47:03.315293 #7893] INFO -- : Added DHCP<br>
>> reservation<br>
>> > for<br>
>> > <a href="http://example-04.example.com" target="_blank">example-04.example.com</a> (192.168.0.25 / 00:50:56:90:72:22)<br>
>> > ---------------------------------<br>
>> > ==================<br>
>> > /var/log/messages<br>
>> > ==================<br>
>> > May 15 19:47:36 ns dhcpd: DHCPOFFER on 192.168.0.25 to<br>
>> 00:50:56:90:72:22<br>
>> > via eth1<br>
>> > May 15 19:47:38 ns dhcpd: Dynamic and static leases present for<br>
192.168.0.25.<br>
>> > May 15 19:47:38 ns dhcpd: Remove host declaration<br>
>> <a href="http://example-04.example.com" target="_blank">example-04.example.com</a><br>
>> > or<br>
>> > remove 192.168.0.25<br>
>> > May 15 19:47:38 ns dhcpd: from the dynamic address pool for<br>
>> <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a><br>
>> > May 15 19:47:38 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1)<br>
>> from<br>
>> > 00:50:56:90:72:22 via eth1<br>
>> > May 15 19:47:38 ns dhcpd: DHCPACK on 192.168.0.25 to<br>
00:50:56:90:72:22<br>
>> via<br>
>> > eth1<br>
>> > ------------------<br>
>> > ==========================<br>
>> > /var/lib/dhcp/dhcpd.leases<br>
>> > ==========================<br>
>> > host <a href="http://example-04.example.com" target="_blank">example-04.example.com</a> {<br>
>> > dynamic;<br>
>> > hardware ethernet 00:50:56:90:72:22;<br>
>> > fixed-address 192.168.0.25;<br>
>> > supersede server.filename = "pxelinux.0";<br>
>> > supersede server.next-server = c0:a8:00:cf;<br>
>> > supersede host-name = "<a href="http://example-04.example.com" target="_blank">example-04.example.com</a>";<br>
>> > }<br>
>> > --------------------------<br>
>> > 2. The Foreman tells foreman-proxy to create A and PTR records at<br>
>> BIND's<br>
>> > zones for a new host via nsupdate (2)<br>
>> > =================================<br>
>> > /var/log/foreman-proxy/proxy.log<br>
>> > =================================<br>
>> > D, [2014-05-15T19:47:03.464086 #7893] DEBUG -- : running<br>
>> /usr/bin/nsupdate<br>
>> > -k /etc/foreman-proxy/foreman_proxy.key<br>
>> > D, [2014-05-15T19:47:03.465195 #7893] DEBUG -- : nsupdate: executed -<br>
server 127.0.0.1<br>
>> > D, [2014-05-15T19:47:03.470943 #7893] DEBUG -- : nsupdate: executed -<br>
update add <a href="http://example-04.example.com" target="_blank">example-04.example.com</a>. 86400 A 192.168.0.25<br>
>> > D, [2014-05-15T19:47:03.658748 #7893] DEBUG -- : running<br>
>> /usr/bin/nsupdate<br>
>> > -k /etc/foreman-proxy/foreman_proxy.key<br>
>> > D, [2014-05-15T19:47:03.659858 #7893] DEBUG -- : nsupdate: executed -<br>
server 127.0.0.1<br>
>> > D, [2014-05-15T19:47:03.662425 #7893] DEBUG -- : nsupdate: executed -<br>
update add 25.0.168.192.in-addr.arpa. 86400 IN PTR<br>
>> > <a href="http://example-04.example.com" target="_blank">example-04.example.com</a>.<br>
>> > ---------------------------------<br>
>> > ===================<br>
>> > /var/lib/named.run<br>
>> > ===================<br>
>> > 15-May-2014 19:47:03.474 update: info: client 127.0.0.1#1904:<br>
updating<br>
>> > zone<br>
>> > '<a href="http://example.com/IN" target="_blank">example.com/IN</a>': adding an RR at '<a href="http://example-04.example.com" target="_blank">example-04.example.com</a>' A<br>
>> > 15-May-2014 19:47:03.669 update: info: client 127.0.0.1#34958:<br>
>> updating<br>
>> > zone '0.168.192.in-addr.arpa/IN': adding an RR at<br>
>> > '25.0.168.192.in-addr.arpa' PTR<br>
>> > 3. When host completely configured, it try to boot by pxe:<br>
>> > ===========================<br>
>> > /var/log/messages<br>
>> > ===========================<br>
>> > May 15 19:48:11 ns dhcpd: DHCPDISCOVER from 00:50:56:90:72:22 via<br>
eth1<br>
>> > May 15 19:48:11 ns dhcpd: DHCPOFFER on 192.168.0.25 to<br>
>> 00:50:56:90:72:22<br>
>> > via eth1<br>
>> > May 15 19:48:11 ns dhcpd: Dynamic and static leases present for<br>
192.168.0.25.<br>
>> > May 15 19:48:11 ns dhcpd: Remove host declaration<br>
>> <a href="http://example-04.example.com" target="_blank">example-04.example.com</a><br>
>> > or<br>
>> > remove 192.168.0.25<br>
>> > May 15 19:48:11 ns dhcpd: from the dynamic address pool for<br>
>> <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a><br>
>> > May 15 19:48:11 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1)<br>
>> from<br>
>> > 00:50:56:90:72:22 via eth1<br>
>> > May 15 19:48:11 ns dhcpd: DHCPACK on 192.168.0.25 to<br>
00:50:56:90:72:22<br>
>> via<br>
>> > eth1<br>
>> > 4. When host starts to configure its network interface and received<br>
address, dhcpd initiates update bind's zones (I hope I understand<br>
this<br>
>> > mechanism properly):<br>
>> > ===========================<br>
>> > /var/log/messages<br>
>> > ===========================<br>
>> > May 15 19:48:20 ns dhcpd: DHCPDISCOVER from 00:50:56:90:72:22 via<br>
eth1<br>
>> > May 15 19:48:20 ns dhcpd: DHCPOFFER on 192.168.0.25 to<br>
>> 00:50:56:90:72:22<br>
>> > via eth1<br>
>> > May 15 19:48:20 ns dhcpd: Dynamic and static leases present for<br>
192.168.0.25.<br>
>> > May 15 19:48:20 ns dhcpd: Remove host declaration<br>
>> <a href="http://example-04.example.com" target="_blank">example-04.example.com</a><br>
>> > or<br>
>> > remove 192.168.0.25<br>
>> > May 15 19:48:20 ns dhcpd: from the dynamic address pool for<br>
>> <a href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a><br>
>> > May 15 19:48:20 ns dhcpd: Added new forward map from<br>
>> > <a href="http://example-04.example.com.example.com" target="_blank">example-04.example.com.example.com</a> to 192.168.0.25<br>
>> > May 15 19:48:20 ns dhcpd: added reverse map from<br>
>> > 25.0.168.192.in-addr.arpa.<br>
>> > to <a href="http://example-04.example.com.example.com" target="_blank">example-04.example.com.example.com</a><br>
>> > May 15 19:48:20 ns dhcpd: DHCPREQUEST for 192.168.0.25 (192.168.0.1)<br>
>> from<br>
>> > 00:50:56:90:72:22 via eth1<br>
>> > May 15 19:48:20 ns dhcpd: DHCPACK on 192.168.0.25 to<br>
00:50:56:90:72:22<br>
>> via<br>
>> > eth1<br>
>> > ---------------------------<br>
>> > ===================<br>
>> > /var/lib/named.run<br>
>> > ===================<br>
>> > 15-May-2014 19:48:20.229 update: info: client 192.168.0.1#55653:<br>
>> updating<br>
>> > zone '<a href="http://example.com/IN" target="_blank">example.com/IN</a>': adding an RR at<br>
>> > '<a href="http://example-04.example.com.example.com" target="_blank">example-04.example.com.example.com</a>'<br>
>> > A<br>
>> > 15-May-2014 19:48:20.229 update: info: client 192.168.0.1#55653:<br>
>> updating<br>
>> > zone '<a href="http://example.com/IN" target="_blank">example.com/IN</a>': adding an RR at<br>
>> > '<a href="http://example-04.example.com.example.com" target="_blank">example-04.example.com.example.com</a>'<br>
>> > TXT<br>
>> > 15-May-2014 19:48:20.274 update: info: client 192.168.0.1#38704:<br>
>> updating<br>
>> > zone '0.168.192.in-addr.arpa/IN': deleting rrset at<br>
>> > '25.0.168.192.in-addr.arpa' PTR<br>
>> > 15-May-2014 19:48:20.274 update: info: client 192.168.0.1#38704:<br>
>> updating<br>
>> > zone '0.168.192.in-addr.arpa/IN': adding an RR at<br>
>> > '25.0.168.192.in-addr.arpa' PTR<br>
>> > -------------------<br>
>> > So, I can't figure out: if I told dhcpd "do not attempt any updates<br>
>> when<br>
>> > the client received address or this is a static lease etc.", why it<br>
continue updates zones?<br>
>> > Alex<br>
>> > 2014-05-12 10:29 GMT+04:00 Peter Rathlev <<a href="mailto:peter@rathlev.dk">peter@rathlev.dk</a>>:<br>
>> >> On Mon, 2014-04-28 at 17:14 +0400, Alexei V. Schukin wrote:<br>
>> >>> I'm trying to exclude one pool of subnet from dynamic updates.<br>
>> >> ...<br>
>> >>> subnet 192.168.0.1 netmask 255.255.255.0 {<br>
>> >>> pool {<br>
>> >>> range 192.168.0.10 192.168.0.20;<br>
>> >>> deny unknown-clients;<br>
>> >>> ddns-updates off;<br>
>> >>> ignore client-updates;<br>
>> >> ...<br>
>> >>> But it doesn't work: dhcpd still updating dns within this address<br>
>> pool.<br>
>> >>> What I'm missing?<br>
>> >> Are you sure it's dhcpd that does the updating? Does it say so in<br>
the<br>
>> >> logs? The above configuration would make the client try updating<br>
>> itself.<br>
>> >> It of course needs permission to do this.<br>
>> >> --<br>
>> >> Peter<br>
>> >> _______________________________________________<br>
>> >> dhcp-users mailing list<br>
>> >> <a href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a><br>
>> >> <a href="https://lists.isc.org/mailman/listinfo/dhcp-users" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><br>
>> > _______________________________________________<br>
>> > dhcp-users mailing list<br>
>> > <a href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a><br>
>> > <a href="https://lists.isc.org/mailman/listinfo/dhcp-users" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><br>
>> _______________________________________________<br>
>> dhcp-users mailing list<br>
>> <a href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a><br>
>> <a href="https://lists.isc.org/mailman/listinfo/dhcp-users" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
dhcp-users mailing list<br>
<a href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/dhcp-users" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><br>
</div></div></blockquote></div><br></div>