<div dir="ltr"><div><div><div>Hi Frank,<br><br></div>So... first thing you might check--is dhcpd configured to hand out leases for 157.yyy.6.171? Is there a valid lease for it? Do you have that IP configured statically anywhere (since you have update-static-leases on;)? Do you have <a href="http://supreme.lpdev.foo.com">supreme.lpdev.foo.com</a> configured statically somewhere?<br><br>Less likely: Have you ruled out any sort of caching issues (i.e. are you running your dig command from the nameserver itself)? With a 900-second TTL, it shouldn't be much of an issue, but still....<br><br></div>Likewise, unlikely but curious: if you're in a position to run rndc freeze <a href="http://lpdev.foo.com">lpdev.foo.com</a>, what record(s) actually shows up in the zone file?<br><br></div>John<br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 21, 2015 at 5:19 PM, Frank Price <span dir="ltr"><<a href="mailto:fprice@lexmark.com" target="_blank">fprice@lexmark.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">After staring at this for days, I throw myself at the feet of the list and beg for enlightenment.<div><br></div><div>ISC DHCP 4.2.5 on Centos 7, + BIND 9.9.4-RedHat-9.9.4-18.el7_1.1 (Extended Support Version)</div><div><br></div><div>relevant bits of dhcpd.conf:</div><div><div> ddns-update-style interim;</div><div> ignore client-updates;</div><div> update-static-leases on;</div><div> update-conflict-detection false;</div></div><div><br></div><div>I have a server which gets IP from dhcp. It gets a lease, the IP is set properly, it asks for dns updates, and the dns server does ... something ... which ends up in it having an A record that is completely wrong (the name is right but the IP is wrong).</div><div><br></div><div>Even if I freeze my zone and correct everything, after the TTL for the RR, something is setting the A RR back to the incorrect IP. I am really really losing it on this one.</div><div><br></div><div>Log snippets:</div><div>a) from the dhcp server. To me this looks pretty good. 10.xxx.145.177 is the addr of the server.</div><div><br></div><div><div><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div>Jul 21 14:05:10 dns2 dhcpd: DHCPREQUEST for 10.xxx.145.177 from f0:1f:af:ce:d9:34 via 10.xxx.144.3</div><div>Jul 21 14:05:10 dns2 dhcpd: DHCPACK on 10.xxx.145.177 to f0:1f:af:ce:d9:34 (supreme) via 10.xxx.144.3</div><div>Jul 21 14:05:10 dns2 dhcpd: DHCPREQUEST for 10.xxx.145.177 from f0:1f:af:ce:d9:34 (supreme) via 10.xxx.144.2</div><div>Jul 21 14:05:10 dns2 dhcpd: Added new forward map from <a href="http://supreme.lpdev.foo.com" target="_blank">supreme.lpdev.foo.com</a> to 10.xxx.145.177</div><div>Jul 21 14:05:10 dns2 dhcpd: Added reverse map from 177.145.xxx.10.in-addr.arpa. to <a href="http://supreme.lpdev.foo.com" target="_blank">supreme.lpdev.foo.com</a></div><div>Jul 21 14:05:10 dns2 dhcpd: bind update on 10.xxx.145.177 got ack from partner: xid mismatch.</div><div><br></div><div>b) from the dns server's updates logging. Also looks ok to me:</div><div>21-Jul-2015 14:05:10.479 update: info: client 10.xxx.21.46#56082/key lpdev.key: updating zone '<a href="http://lpdev.foo.com/IN" target="_blank">lpdev.foo.com/IN</a>': update unsuccessful: <a href="http://supreme.lpdev.foo.com" target="_blank">supreme.lpdev.foo.com</a>: 'name not in use' prerequisite not satisfied (YXDOMAIN)</div><div>21-Jul-2015 14:05:10.496 update: info: client 10.xxx.21.46#56082/key lpdev.key: updating zone '<a href="http://lpdev.foo.com/IN" target="_blank">lpdev.foo.com/IN</a>': update unsuccessful: <a href="http://supreme.lpdev.foo.com" target="_blank">supreme.lpdev.foo.com</a>: 'name not in use' prerequisite not satisfied (YXDOMAIN)</div><div>21-Jul-2015 14:05:10.508 update-security: info: client 10.xxx.21.46#56082/key lpdev.key: signer "lpdev.key" approved</div><div>21-Jul-2015 14:05:10.508 update: info: client 10.xxx.21.46#56082/key lpdev.key: updating zone '<a href="http://lpdev.foo.com/IN" target="_blank">lpdev.foo.com/IN</a>': deleting rrset at '<a href="http://supreme.lpdev.foo.com" target="_blank">supreme.lpdev.foo.com</a>' TXT</div><div>21-Jul-2015 14:05:10.508 update: info: client 10.xxx.21.46#56082/key lpdev.key: updating zone '<a href="http://lpdev.foo.com/IN" target="_blank">lpdev.foo.com/IN</a>': adding an RR at '<a href="http://supreme.lpdev.foo.com" target="_blank">supreme.lpdev.foo.com</a>' TXT</div><div>21-Jul-2015 14:05:10.508 update: info: client 10.xxx.21.46#56082/key lpdev.key: updating zone '<a href="http://lpdev.foo.com/IN" target="_blank">lpdev.foo.com/IN</a>': deleting rrset at '<a href="http://supreme.lpdev.foo.com" target="_blank">supreme.lpdev.foo.com</a>' A</div><div>21-Jul-2015 14:05:10.508 update: info: client 10.xxx.21.46#56082/key lpdev.key: updating zone '<a href="http://lpdev.foo.com/IN" target="_blank">lpdev.foo.com/IN</a>': adding an RR at '<a href="http://supreme.lpdev.foo.com" target="_blank">supreme.lpdev.foo.com</a>' A</div><div>21-Jul-2015 14:05:10.532 update-security: info: client 10.xxx.21.46#56082/key lpdev.key: signer "lpdev.key" approved</div><div>21-Jul-2015 14:05:10.532 update: info: client 10.xxx.21.46#56082/key lpdev.key: updating zone '145.xxx.10.in-addr.arpa/IN': deleting rrset at '177.145.xxx.10.in-addr.arpa' PTR</div><div>21-Jul-2015 14:05:10.532 update: info: client 10.xxx.21.46#56082/key lpdev.key: updating zone '145.xxx.10.in-addr.arpa/IN': adding an RR at '177.145.xxx.10.in-addr.arpa' PTR</div><div><br></div><div>c) here's the lease. Things still match up.</div><div><div>lease 10.xxx.145.177 {</div><div> starts 2 2015/07/21 18:05:10;</div><div> ends 3 2015/07/22 18:05:10;</div><div> tstp 4 2015/07/23 06:05:10;</div><div> tsfp 4 2015/07/23 06:05:10;</div><div> atsfp 4 2015/07/23 06:05:10;</div><div> cltt 2 2015/07/21 18:05:10;</div><div> binding state active;</div><div> next binding state expired;</div><div> hardware ethernet f0:1f:af:ce:d9:34;</div><div> uid "\001\360\037\257\316\3314";</div><div> set ddns-rev-name = "177.145.xxx.10.in-addr.arpa.";</div><div> set ddns-txt = "313e29237150b143ecae66d87b9f881997";</div><div> set ddns-fwd-name = "<a href="http://supreme.lpdev.foo.com" target="_blank">supreme.lpdev.foo.com</a>";</div><div> client-hostname "supreme";</div><div>}</div></div><div><br></div><div>Now the kicker: dig -t any <a href="http://supreme.lpdev.foo.com" target="_blank">supreme.lpdev.foo.com</a>. The TXT record is the same as the lease, but the IP is 157.yyy.6.171 -- not 10.xxx.145.177.</div><div><br></div><div>; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.1 <<>> -t any <a href="http://supreme.lpdev.foo.com" target="_blank">supreme.lpdev.foo.com</a></div><div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27655</div><div>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 7</div><div><br></div><div>;; OPT PSEUDOSECTION:</div><div>; EDNS: version: 0, flags:; udp: 4096</div><div>;; QUESTION SECTION:</div><div>;<a href="http://supreme.lpdev.foo.com" target="_blank">supreme.lpdev.foo.com</a>. IN ANY</div><div><br></div><div>;; ANSWER SECTION:</div><div><a href="http://supreme.lpdev.foo.com" target="_blank">supreme.lpdev.foo.com</a>. 900 IN A 157.yyy.6.171</div><div><a href="http://supreme.lpdev.foo.com" target="_blank">supreme.lpdev.foo.com</a>. 900 IN TXT "319f076f60d81714bcd70f25de57df86b1"</div><div><br></div><div>Any clues will be very much appreciated!</div><div><br></div><div>-Frank<br></div></div><div>--<br></div>Frank Price <br></div></div></div></div></div></div>
</div></div>
<br>_______________________________________________<br>
dhcp-users mailing list<br>
<a href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/dhcp-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">John Miller<br>Systems Engineer<br>Brandeis University<br><a href="mailto:johnmill@brandeis.edu" target="_blank">johnmill@brandeis.edu</a><br><br></div>
</div></div>