<div dir="ltr">Hi,<div><br></div><div>I have never personally setup DDNS in ISC DHCP, so I am not able to offer effective assistance in this area. ISC DHCP is now EOL, however, and if you are doing a new deployment here (it sounded like you were), you may want to consider starting with Kea (<a href="https://www.isc.org/kea/">https://www.isc.org/kea/</a>) as that is the replacement for ISC DHCP. </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 25, 2023 at 11:48 AM Jeremey Wise <<a href="mailto:jerewis@cdw.com">jerewis@cdw.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-2294850722351162762">
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Greetings, and sorry up front for large email. But joining this forum and wanted to be comprehensive in my posting. I googled around and seems I am not the only one with questions on how to do this task, as things have changed with certs and updates. Hopefully
this email formats in a means to make it easy for others to review and toss out ideas / links to where I can RTFM.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
I am being tasked to help out with a POC / Demo lab. It is a pair of VMs, running Ubuntu 22.04 fully updated / patched.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
###</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
dnsuser@ps-dns-01:~$ named -v
<div>BIND 9.18.12-0ubuntu0.22.04.1-Ubuntu (Extended Support Version) <id:></div>
<div>dnsuser@ps-dns-01:~$ apt list |grep dhcp</div>
<div><br>
</div>
<div>WARNING: apt does not have a stable CLI interface. Use with caution in scripts.</div>
<div><br>
</div>
<div>dhcp-helper/jammy 1.2-3 amd64</div>
<div>dhcp-probe/jammy 1.3.0-10.1build2 amd64</div>
<div>dhcpcanon/jammy 0.8.5-2 all</div>
<div>dhcpcd-dbus/jammy 0.6.1-2 amd64</div>
<div>dhcpcd-gtk/jammy 0.7.8-1 amd64</div>
<div>dhcpcd5/jammy 7.1.0-2build1 amd64</div>
<div>dhcpd-pools/jammy 2.29-1.1 amd64</div>
<div>dhcpdump/jammy 1.8-2.2 amd64</div>
<div>dhcpig/jammy 1.5-3 all</div>
<div>dhcping/jammy 1.2-5 amd64</div>
<div>dhcpoptinj/jammy 0.5.3-1 amd64</div>
<div>dhcpstarv/jammy 0.2.2-2 amd64</div>
<div>dhcpy6d/jammy 1.0.7-1 all</div>
<div>freeradius-dhcp/jammy-updates,jammy-security 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1 amd64</div>
<div>fusiondirectory-plugin-dhcp-schema/jammy 1.3-4build1 all</div>
<div>fusiondirectory-plugin-dhcp/jammy 1.3-4build1 all</div>
<div>golang-github-d2g-dhcp4-dev/jammy 0.0~git20150413-3 all</div>
<div>golang-github-d2g-dhcp4client-dev/jammy 1.0.0-2 all</div>
<div>golang-github-insomniacslk-dhcp-dev/jammy 0.0~git20200621.d74cd86-1 all</div>
<div>golang-github-mdlayher-dhcp6-dev/jammy 0.0~git20190311.2a67805-2 all</div>
<div>gosa-plugin-dhcp-schema/jammy 2.7.4+reloaded3-16build1 all</div>
<div>gosa-plugin-dhcp/jammy 2.7.4+reloaded3-16build1 all</div>
<div>isc-dhcp-client-ddns/jammy-updates 4.4.1-2.3ubuntu2.4 amd64</div>
<div>isc-dhcp-client/jammy-updates,now 4.4.1-2.3ubuntu2.4 amd64 [installed,automatic]</div>
<div>isc-dhcp-common/jammy-updates,now 4.4.1-2.3ubuntu2.4 amd64 [installed,automatic]</div>
<div>isc-dhcp-dev/jammy-updates 4.4.1-2.3ubuntu2.4 amd64</div>
<div>isc-dhcp-relay/jammy-updates 4.4.1-2.3ubuntu2.4 amd64</div>
<div>isc-dhcp-server-ldap/jammy-updates 4.4.1-2.3ubuntu2.4 amd64</div>
<div>isc-dhcp-server/jammy-updates,now 4.4.1-2.3ubuntu2.4 amd64 [installed]</div>
<div>kea-dhcp-ddns-server/jammy 2.0.2-1 amd64</div>
<div>kea-dhcp4-server/jammy 2.0.2-1 amd64</div>
<div>kea-dhcp6-server/jammy 2.0.2-1 amd64</div>
<div>libnet-dhcp-perl/jammy 0.696+dfsg-1 all</div>
<div>libnet-dhcpv6-duid-parser-perl/jammy 1.01-2.1 all</div>
<div>librust-dhcp4r-dev/jammy 0.2.0-1 amd64</div>
<div>libtext-dhcpleases-perl/jammy 1.0-2.1 all</div>
<div>neutron-dhcp-agent/jammy-updates 2:20.2.0-0ubuntu1 all</div>
<div>opendrim-lmp-dhcp/jammy 1.0.0-0ubuntu2 amd64</div>
<div>python3-isc-dhcp-leases/jammy 0.9.1-2 all</div>
<div>udhcpc/jammy 1:1.30.1-7ubuntu3 amd64</div>
<div>udhcpd/jammy 1:1.30.1-7ubuntu3 amd64</div>
<div>wide-dhcpv6-client/jammy 20080615-23build1 amd64</div>
<div>wide-dhcpv6-relay/jammy 20080615-23build1 amd64</div>
<div>wide-dhcpv6-server/jammy 20080615-23build1 amd64</div>
<div>dnsuser@ps-dns-01:~$</div>
###</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Goal: </div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<ol>
<li><span>HA DNS and DHCP (failover / fail back)</span></li><li><span>DDNS updates from registered DHCP clients for PTR and A records (ipv4 only for now)</span></li></ol>
<div><span><br>
</span></div>
<div><span>Issues: </span></div>
<div>
<ol>
<li><span><span></span>Getting flooding in /var/log/syslog , every update .. </span></li></ol>
</div>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
###</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Apr 25 14:51:34 ps-dns-02 dhcpd[202599]: DHCPACK on 10.89.132.129 to 00:50:56:97:2b:f7 (op-web2) via 10.89.132.1
<div>Apr 25 14:51:34 ps-dns-02 dhcpd[202599]: bind update on 10.89.132.129 from dhcpfailover rejected: incoming update is less critical than outgoing update</div>
<div>Apr 25 14:51:34 ps-dns-02 dhcpd[202599]: Unable to add forward map from op-web2.ps.labs.local to <a href="http://10.89.132.129" target="_blank">10.89.132.129</a>: REFUSED</div>
<div>Apr 25 14:51:35 ps-dns-02 dhcpd[202599]: DHCPREQUEST for 10.89.132.130 from 00:50:56:97:df:98 (easytravel) via ens160</div>
<div>Apr 25 14:51:35 ps-dns-02 dhcpd[202599]: DHCPACK on 10.89.132.130 to 00:50:56:97:df:98 (easytravel) via ens160</div>
<div>Apr 25 14:51:35 ps-dns-02 dhcpd[202599]: DHCPREQUEST for 10.89.132.130 from 00:50:56:97:df:98 (easytravel) via 10.89.132.1</div>
<div>Apr 25 14:51:35 ps-dns-02 dhcpd[202599]: DHCPACK on 10.89.132.130 to 00:50:56:97:df:98 (easytravel) via 10.89.132.1</div>
<div>Apr 25 14:51:35 ps-dns-02 dhcpd[202599]: bind update on 10.89.132.130 from dhcpfailover rejected: incoming update is less critical than outgoing update</div>
<div>Apr 25 14:51:35 ps-dns-02 dhcpd[202599]: bind update on 10.89.132.130 from dhcpfailover rejected: incoming update is less critical than outgoing update</div>
<div>Apr 25 14:51:35 ps-dns-02 dhcpd[202599]: Unable to add forward map from easytravel.ps.labs.local to <a href="http://10.89.132.130" target="_blank">10.89.132.130</a>: REFUSED</div>
<div>Apr 25 14:51:38 ps-dns-02 named[184617]: client @0x7f20082400b8 10.89.132.90#50112 (mdbrtr-cisco-assist-00-ps-labs-local-svc): query (cache) 'mdbrtr-cisco-assist-00-ps-labs-local-svc/AAAA/IN' denied (allow-query-cache did not match)</div>
<div>Apr 25 14:51:39 ps-dns-02 dhcpd[202599]: reuse_lease: lease age 122 (secs) under 25% threshold, reply with unaltered, existing lease for 10.89.135.132</div>
<div>Apr 25 14:51:39 ps-dns-02 dhcpd[202599]: DHCPREQUEST for 10.89.135.132 from 00:50:56:8b:a5:85 via ens160</div>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
###</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Similar posting was made with note that this would require configuration file review for what was / is misconfigured: <a href="https://dhcp-users.isc.narkive.com/KngCfNx3/rejected-incoming-update-is-less-critical-than-outgoing-update" id="m_-2294850722351162762LPlnk542970" target="_blank">https://dhcp-users.isc.narkive.com/KngCfNx3/rejected-incoming-update-is-less-critical-than-outgoing-update</a> </div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
As such below is sample of zone and DHCP /DNS configuration.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
I read through documents <a href="https://kb.isc.org/docs/aa-01588" id="m_-2294850722351162762LPNoLPOWALinkPreview" target="_blank">https://kb.isc.org/docs/aa-01588</a> But did not see where their is misconfiguration in my configurations. </div>
<div></div>
<br>
<div id="m_-2294850722351162762Signature">
<div>
<p style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">
<u></u> cat /etc/dhcp/dhcpd.conf<u></u></p>
<table cellspacing="0" cellpadding="1" style="border-collapse:collapse;box-sizing:border-box;height:4371.25px">
<tbody>
<tr>
<td style="width:804.266px;border-width:1px;border-style:solid;border-color:rgb(171,171,171);box-sizing:border-box;height:24.0937px;word-break:break-word;white-space:normal;background-color:transparent" scope="">
ps-dns-01</td>
<td style="width:1109.09px;border-width:1px;border-style:solid;border-color:rgb(171,171,171);box-sizing:border-box;word-break:break-word;white-space:normal;height:24.0937px;background-color:transparent" scope="">
<span style="font-size:medium;color:rgb(0,0,0);background-color:rgb(255,255,255);display:inline">ps-dns-02</span><br>
</td>
</tr>
<tr>
<td style="width:804.266px;border-width:1px;border-style:solid;border-color:rgb(171,171,171);box-sizing:border-box;height:4346.17px;word-break:break-word;white-space:normal;background-color:transparent" scope="">
<div># option definitions common to all supported networks...</div>
<div>option domain-name "ps.labs.local";</div>
<div>option domain-search "ps.labs.local";</div>
<div>option domain-name-servers 10.89.100.152, 10.89.100.153;</div>
<div>option time-offset -6;</div>
<div>option ntp-servers 10.89.66.1;</div>
<div>option time-servers 10.89.66.1;</div>
<div>#ddns-domainname "ps.labs.local";</div>
<div>default-lease-time 600;</div>
<div>max-lease-time 7200;</div>
<div><br>
</div>
<div><br>
</div>
<div># Failover declaration</div>
<div>failover peer "dhcpfailover" {</div>
<div> primary; # primary server declaration</div>
<div> address 10.89.100.152;</div>
<div> port 647;</div>
<div> peer address 10.89.100.153;</div>
<div> peer port 647;</div>
<div> max-response-delay 60;</div>
<div> max-unacked-updates 10;</div>
<div> mclt 3600;</div>
<div> split 128;</div>
<div> load balance max seconds 3;</div>
<div>}</div>
<div><br>
</div>
<div><br>
</div>
<div>key pslabslocal {</div>
<div> secret cHNsYWJzbG9jYWw=;</div>
<div> algorithm hmac-md5;</div>
<div> }</div>
<div><br>
</div>
<div># The ddns-updates-style parameter controls whether or not the server will</div>
<div># attempt to do a DNS update when a lease is confirmed. We default to the</div>
<div># behavior of the version 2 packages ('none', since DHCP v2 didn't</div>
<div># have support for DDNS.)</div>
<div>ddns-update-style standard;</div>
<div><br>
</div>
<div># If this DHCP server is the official DHCP server for the local</div>
<div># network, the authoritative directive should be uncommented.</div>
<div>authoritative;</div>
<div><br>
</div>
<div># Use this to send dhcp log messages to a different log file (you also</div>
<div># have to hack syslog.conf to complete the redirection).</div>
<div>#log-facility local7;</div>
<div><br>
</div>
<div># No service will be given on this subnet, but declaring it helps the</div>
<div># DHCP server to understand the network topology. This is for local NIC listening to dhcp broadcasts.</div>
<div>subnet 10.89.100.0 netmask 255.255.255.0 {</div>
<div>}</div>
<div><br>
</div>
<div># ps_labs_local_infrastructure</div>
<div>subnet 10.89.128.0 netmask 255.255.255.0 {</div>
<div>}</div>
<div><br>
</div>
<div># hx06 dynamic</div>
<div>subnet 10.89.130.0 netmask 255.255.255.0 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.130.1;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.130.10 10.89.130.254;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># hx07 dynamic</div>
<div>subnet 10.89.132.0 netmask 255.255.255.0 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.132.1;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.132.10 10.89.132.254;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># UCSX dynamic</div>
<div>subnet 10.89.134.0 netmask 255.255.255.0 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.134.1;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.134.10 10.89.134.254;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># The following three network are for Tanzu work in hx06</div>
<div># Update 20221004 by JW. Data is all static as is mgmt. Workload is all DHCP</div>
<div># subnet 10.89.135.0 netmask 255.255.255.224</div>
<div><br>
</div>
<div># k8s-tz-data-hx06 dynamic</div>
<div>subnet 10.89.135.0 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.135.1;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.2 10.89.135.30;</div>
<div> }</div>
<div> }</div>
<div><br>
</div>
<div># k8s-tz-workload-hx06 dynamic</div>
<div>subnet 10.89.135.32 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.135.33;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.34 10.89.135.63;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># k8s-tz-mgmt-hx06 dynamic</div>
<div>subnet 10.89.135.64 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.135.65;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.66 10.89.135.94;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># k8s-ocp-data-hx06</div>
<div>subnet 10.89.135.96 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.135.97;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.98 10.89.135.126;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># k8s-ocp-workload-hx06</div>
<div>subnet 10.89.135.128 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.135.129;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.130 10.89.135.158;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># k8s-rke-mgmt-hx06</div>
<div>subnet 10.89.135.160 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.135.161;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.162 10.89.135.190;</div>
<div> }</div>
<div> # ocpbastion</div>
<div> host ocpbastion {</div>
<div> hardware ethernet 00:50:56:8b:db:a4;</div>
<div> fixed-address 10.89.135.190;</div>
<div> }</div>
<div> }</div>
<div><br>
</div>
<div># k8s-rke-data-hx06</div>
<div>subnet 10.89.135.192 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.135.193;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.194 10.89.135.222;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># k8s-rke-workload-hx06</div>
<div>subnet 10.89.135.224 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.225;</div>
<div> option routers 10.89.135.193;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.226 10.89.135.253;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div><br>
</div>
<div># Host reservations</div>
<div> host tanzuprod-service-control-plane-bbwwb {</div>
<div> hardware ethernet 00:50:56:8b:71:bf;</div>
<div> fixed-address 10.89.135.48;</div>
<div> }</div>
<div><snip></div>
<div> host tanzuprod-workload-control-plane-zvm6t {</div>
<div> hardware ethernet 00:50:56:8b:75:83;</div>
<div> fixed-address 10.89.135.50;</div>
<div> }</div>
<div><br>
</div>
<div># DV Presales Lab</div>
<div>zone ps.labs.local. {</div>
<div> primary 10.89.100.152;</div>
<div> key pslabslocal;</div>
<div> }</div>
<br>
</td>
<td style="width:1109.09px;border-width:1px;border-style:solid;border-color:rgb(171,171,171);box-sizing:border-box;word-break:break-word;white-space:normal;height:4346.17px;background-color:transparent">
# option definitions common to all supported networks...
<div>option domain-name "ps.labs.local";</div>
<div>option domain-search "ps.labs.local";</div>
<div>option domain-name-servers 10.89.100.152, 10.89.100.153;</div>
<div>option time-offset -6;</div>
<div>option ntp-servers 10.89.66.1;</div>
<div>option time-servers 10.89.66.1;</div>
<div>#ddns-domainname "ps.labs.local";</div>
<div>default-lease-time 600;</div>
<div>max-lease-time 7200;</div>
<div><br>
</div>
<div><br>
</div>
<div># Failover declaration</div>
<div>failover peer "dhcpfailover" {</div>
<div> secondary; # secondary server declaration</div>
<div> address 10.89.100.153;</div>
<div> port 647;</div>
<div> peer address 10.89.100.152;</div>
<div> peer port 647;</div>
<div> max-response-delay 60;</div>
<div> max-unacked-updates 10;</div>
<div> load balance max seconds 3;</div>
<div>}</div>
<div><br>
</div>
<div><br>
</div>
<div>key pslabslocal {</div>
<div> secret cHNsYWJzbG9jYWw=;</div>
<div> algorithm hmac-md5;</div>
<div> }</div>
<div><br>
</div>
<div># The ddns-updates-style parameter controls whether or not the server will</div>
<div># attempt to do a DNS update when a lease is confirmed. We default to the</div>
<div># behavior of the version 2 packages ('none', since DHCP v2 didn't</div>
<div># have support for DDNS.)</div>
<div>ddns-update-style standard;</div>
<div><br>
</div>
<div># If this DHCP server is the official DHCP server for the local</div>
<div># network, the authoritative directive should be uncommented.</div>
<div>authoritative;</div>
<div><br>
</div>
<div># Use this to send dhcp log messages to a different log file (you also</div>
<div># have to hack syslog.conf to complete the redirection).</div>
<div>#log-facility local7;</div>
<div><br>
</div>
<div># No service will be given on this subnet, but declaring it helps the</div>
<div># DHCP server to understand the network topology. This is for local NIC listening to dhcp broadcasts.</div>
<div>subnet 10.89.100.0 netmask 255.255.255.0 {</div>
<div>}</div>
<div><br>
</div>
<div># ps_labs_local_infrastructure</div>
<div>subnet 10.89.128.0 netmask 255.255.255.0 {</div>
<div>}</div>
<div><br>
</div>
<div># hx06 dynamic</div>
<div>subnet 10.89.130.0 netmask 255.255.255.0 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.130.1;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.130.10 10.89.130.254;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># hx07 dynamic</div>
<div>subnet 10.89.132.0 netmask 255.255.255.0 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.132.1;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.132.10 10.89.132.254;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># UCSX dynamic</div>
<div>subnet 10.89.134.0 netmask 255.255.255.0 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.134.1;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.134.10 10.89.134.254;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># The following three network are for Tanzu work in hx06</div>
<div># Update 20221004 by JW. Data is all static as is mgmt. Workload is all DHCP</div>
<div># subnet 10.89.135.0 netmask 255.255.255.224</div>
<div><br>
</div>
<div># k8s-tz-data-hx06 dynamic</div>
<div>subnet 10.89.135.0 netmask 255.255.255.224 {</div>
<div> ddns-updates on;</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.135.1;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.2 10.89.135.30;</div>
<div> }</div>
<div> }</div>
<div><br>
</div>
<div># k8s-tz-workload-hx06 dynamic</div>
<div>subnet 10.89.135.32 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.135.33;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.34 10.89.135.63;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># k8s-tz-mgmt-hx06 dynamic</div>
<div>subnet 10.89.135.64 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.135.65;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.66 10.89.135.94;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># k8s-ocp-data-hx06</div>
<div>subnet 10.89.135.96 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.135.97;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.98 10.89.135.126;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># k8s-ocp-workload-hx06</div>
<div>subnet 10.89.135.128 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.135.129;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.130 10.89.135.158;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># k8s-rke-mgmt-hx06</div>
<div>subnet 10.89.135.160 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.135.161;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.162 10.89.135.190;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># k8s-rke-data-hx06</div>
<div>subnet 10.89.135.192 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.152;</div>
<div> option routers 10.89.135.193;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.194 10.89.135.222;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># k8s-rke-workload-hx06</div>
<div>subnet 10.89.135.224 netmask 255.255.255.224 {</div>
<div> option domain-name-servers 10.89.100.225;</div>
<div> option routers 10.89.135.193;</div>
<div> pool {</div>
<div> failover peer "dhcpfailover";</div>
<div> range 10.89.135.226 10.89.135.253;</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div># Host reservations</div>
<div> host tanzuprod-service-control-plane-bbwwb {</div>
<div> hardware ethernet 00:50:56:8b:71:bf;</div>
<div> fixed-address 10.89.135.48;</div>
<div> }</div>
<div><snip></div>
<div> host tanzuprod-workload-control-plane-zvm6t {</div>
<div> hardware ethernet 00:50:56:8b:75:83;</div>
<div> fixed-address 10.89.135.50;</div>
<div> }</div>
<div><br>
</div>
<div># DV Presales Lab</div>
<div>zone ps.labs.local. {</div>
<div> primary 10.89.100.152;</div>
<div> key pslabslocal;</div>
<div> }</div>
<div>dnsuser@ps-dns-02:~$</div>
<br>
</td>
</tr>
</tbody>
</table>
<p></p>
<p style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">
<u></u><br>
<u></u></p>
<p style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">
<u></u><br>
<u></u></p>
<p style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">
<u></u>DDNS <u></u></p>
<p style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">
<u></u>cat /etc/bind/named.conf<br>
<u></u></p>
<p style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">
<u></u><u></u></p>
<table cellspacing="0" cellpadding="1" style="border-collapse:collapse" id="m_-2294850722351162762tableSelected0">
<tbody>
<tr>
<td style="width:804.266px;border-width:1px;border-style:solid;border-color:rgb(171,171,171);box-sizing:border-box;height:24.0937px;word-break:break-word;background-color:transparent" scope="">
ps-dns-01</td>
<td style="width:804.266px;border-width:1px;border-style:solid;border-color:rgb(171,171,171);box-sizing:border-box;height:24.0937px;word-break:break-word;background-color:transparent" scope="">
ps-dns-02</td>
</tr>
<tr>
<td style="width:120px;border-width:1px;border-style:solid;border-color:rgb(171,171,171);color:rgb(0,0,0);background-color:transparent" scope="">
<div>include "/etc/bind/named.conf.options";</div>
<div>include "/etc/bind/named.conf.local";</div>
<div>include "/etc/bind/named.conf.default-zones";</div>
<div>server 10.89.9.10 {</div>
<div> };</div>
<div>server 10.89.9.107 {</div>
<div> };</div>
<div>key pslabslocal {</div>
<div> algorithm hmac-md5;</div>
<div> secret "c<snip>w=";</div>
<div> };</div>
<br>
</td>
<td style="width:120px;border-width:1px;border-style:solid;border-color:rgb(171,171,171);color:rgb(0,0,0);background-color:transparent">
include "/etc/bind/named.conf.options";
<div>include "/etc/bind/named.conf.local";</div>
<div>include "/etc/bind/named.conf.default-zones";</div>
<div>key pslabslocal {</div>
<div> algorithm hmac-md5;</div>
<div> secret "c<span style="font-size:medium;color:rgb(0,0,0);background-color:rgb(255,255,255);display:inline"><snip></span>w=";</div>
<div> };</div>
<div>server 10.89.100.153 {</div>
<div> transfer-format many-answers;</div>
<div> keys {</div>
<div> pslabslocal;</div>
<div> };</div>
<div> };</div>
<br>
</td>
</tr>
<tr>
<td style="width:120px;border-width:1px;border-style:solid;border-color:rgb(171,171,171);color:rgb(0,0,0);background-color:transparent" scope="">
" /etc/bind/named.conf.options" <br>
listen-on-v6 { any; };
<div> forwarders {</div>
<div> 10.89.9.10;</div>
<div> 10.89.9.107;</div>
<div> };</div>
<div> recursion yes;</div>
<div> allow-query {</div>
<div> any;</div>
<div> };</div>
<div> allow-recursion {</div>
<div> any;</div>
<div> };</div>
<div>};</div>
</td>
<td style="width:120px;border-width:1px;border-style:solid;border-color:rgb(171,171,171);color:rgb(0,0,0);background-color:transparent">
<div>"<span style="font-size:medium;color:rgb(0,0,0);background-color:rgb(255,255,255);display:inline">/etc/bind/named.conf.options"<br>
</span></div>
options {
<div> directory "/var/cache/bind";</div>
<div><br>
</div>
<div><span style="font-size:medium;color:rgb(0,0,0);background-color:rgb(255,255,255);display:inline"><br>
</span></div>
<div> listen-on-v6 { any; };</div>
<div>};</div>
</td>
</tr>
<tr>
<td style="width:120px;border-width:1px;border-style:solid;border-color:rgb(171,171,171);color:rgb(0,0,0);background-color:transparent" scope="">
"/etc/bind/named.conf.local"<br>
<div>zone "ps.labs.local" {</div>
<div> type master;</div>
<div> file "/var/lib/bind/ps.labs.local.hosts";</div>
<div> also-notify {</div>
<div> 10.89.100.153;</div>
<div> };</div>
<div> allow-transfer {</div>
<div> 10.89.100.153;</div>
<div> };</div>
<div> };</div>
<div>zone "128.89.10.in-addr.arpa" {</div>
<div> type master;</div>
<div> file "/var/lib/bind/10.89.128.rev";</div>
<div> also-notify {</div>
<div> 10.89.100.153;</div>
<div> };</div>
<div> allow-transfer {</div>
<div> 10.89.100.153;</div>
<div> };</div>
<div> };</div>
<div>zone "129.89.10.in-addr.arpa" {</div>
<div> type master;</div>
<div> file "/var/lib/bind/10.89.129.rev";</div>
<div> also-notify {</div>
<div> 10.89.100.153;</div>
<div> };</div>
<div> allow-transfer {</div>
<div> 10.89.100.153;</div>
<div> };</div>
<div> };</div>
<snip other zones but all structured same><br>
</td>
<td style="width:120px;border-width:1px;border-style:solid;border-color:rgb(171,171,171);color:rgb(0,0,0);background-color:transparent">
<div>"<span style="font-size:medium;color:rgb(0,0,0);background-color:rgb(255,255,255);display:inline">/etc/bind/named.conf.local"<br>
</span></div>
zone "130.89.10.in-addr.arpa" {
<div> type slave;</div>
<div> masters {</div>
<div> 10.89.100.152;</div>
<div> };</div>
<div> allow-transfer {</div>
<div> 10.89.100.152;</div>
<div> };</div>
<div> file "/var/lib/bind/10.89.130.rev";</div>
<div> };</div>
<div>zone "ps.labs.local" {</div>
<div> type slave;</div>
<div> masters {</div>
<div> 10.89.100.152;</div>
<div> };</div>
<div> allow-transfer {</div>
<div> 10.89.100.152;</div>
<div> };</div>
<div> file "/var/lib/bind/ps.labs.local.hosts";</div>
<div> };</div>
<div>zone "128.89.10.in-addr.arpa" {</div>
<div> type slave;</div>
<div> masters {</div>
<div> 10.89.100.152;</div>
<div> };</div>
<div> allow-transfer {</div>
<div> 10.89.100.152;</div>
<div> };</div>
<div> file "/var/lib/bind/10.89.128.rev";</div>
<div> };</div>
<div><span style="font-size:medium;color:rgb(0,0,0);background-color:rgb(255,255,255);display:inline"><<span style="font-size:medium;color:rgb(0,0,0);background-color:rgb(255,255,255);display:inline">snip
other zones but all structured same></span></span></div>
</td>
</tr>
<tr>
<td style="width:120px;border-width:1px;border-style:solid;border-color:rgb(171,171,171);color:rgb(0,0,0);background-color:transparent" scope="">
<div>"<span style="font-size:medium;color:rgb(0,0,0);background-color:rgb(255,255,255);display:inline">/etc/bind/named.conf.default-zones"<br>
</span></div>
<span style="font-size:medium;color:rgb(0,0,0);background-color:rgb(255,255,255);display:inline"><br>
// prime the server with knowledge of the root servers
<div>zone "." {</div>
<div> type hint;</div>
<div> file "/usr/share/dns/root.hints";</div>
<div>};</div>
<div><br>
</div>
<div>// be authoritative for the localhost forward and reverse zones, and for</div>
<div>// broadcast zones as per RFC 1912</div>
<div><br>
</div>
<div>zone "localhost" {</div>
<div> type master;</div>
<div> file "/etc/bind/db.local";</div>
<div> also-notify {</div>
<div> 10.89.100.153;</div>
<div> };</div>
<div> allow-transfer {</div>
<div> 10.89.100.153;</div>
<div> };</div>
<div>};</div>
<div><br>
</div>
<div>zone "127.in-addr.arpa" {</div>
<div> type master;</div>
<div> file "/etc/bind/db.127";</div>
<div> also-notify {</div>
<div> 10.89.100.153;</div>
<div> };</div>
<div> allow-transfer {</div>
<div> 10.89.100.153;</div>
<div> };</div>
<div>};</div>
<div><br>
</div>
<div>zone "0.in-addr.arpa" {</div>
<div> type master;</div>
<div> file "/etc/bind/db.0";</div>
<div> also-notify {</div>
<div> 10.89.100.153;</div>
<div> };</div>
<div> allow-transfer {</div>
<div> 10.89.100.153;</div>
<div> };</div>
<div>};</div>
<div><br>
</div>
<div>zone "255.in-addr.arpa" {</div>
<div> type master;</div>
<div> file "/etc/bind/db.255";</div>
<div> also-notify {</div>
<div> 10.89.100.153;</div>
<div> };</div>
<div> allow-transfer {</div>
<div> 10.89.100.153;</div>
<div> };</div>
<div>};</div>
<br>
<br>
<br>
</span></td>
<td style="width:120px;border-width:1px;border-style:solid;border-color:rgb(171,171,171);color:rgb(0,0,0);background-color:transparent">
<div>"<span style="font-size:medium;color:rgb(0,0,0);background-color:rgb(255,255,255);display:inline">/etc/bind/named.conf.default-zones"<br>
</span></div>
// prime the server with knowledge of the root servers
<div>zone "." {</div>
<div> type hint;</div>
<div> file "/usr/share/dns/root.hints";</div>
<div>};</div>
<div><br>
</div>
<div>// be authoritative for the localhost forward and reverse zones, and for</div>
<div>// broadcast zones as per RFC 1912</div>
<div><br>
</div>
<div>zone "localhost" {</div>
<div> type master;</div>
<div> file "/etc/bind/db.local";</div>
<div>};</div>
<div><br>
</div>
<div>zone "127.in-addr.arpa" {</div>
<div> type master;</div>
<div> file "/etc/bind/db.127";</div>
<div>};</div>
<div><br>
</div>
<div>zone "0.in-addr.arpa" {</div>
<div> type master;</div>
<div> file "/etc/bind/db.0";</div>
<div>};</div>
<div><br>
</div>
<div>zone "255.in-addr.arpa" {</div>
<div> type master;</div>
<div> file "/etc/bind/db.255";</div>
<div>};</div>
<div><span style="font-size:medium;color:rgb(0,0,0);background-color:rgb(255,255,255);display:inline"><br>
</span></div>
</td>
</tr>
</tbody>
</table>
<br>
<p></p>
<p style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">
<u></u>Questions:<u></u></p>
<p style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">
</p>
<ol>
<li><span><u></u><u></u>What is missconfigured to get flood of events about DHCP cache?</span></li><li><span>Why are not DHCP leases pushing updates to DNS to create recoreds (A and PTR)</span></li><li><span>I see almost no logs as I boot up test Vm. and get lease.. as to attempts to create from DHCP to DNS .. Where are the logs for these to track down DDNS communication.</span></li><li><span>DNS server on replica is not a flat file but a binary hash replica. In event of failover (Ex: ps-dns-01) goes offline..) , how would DHCP push via DDNS update records of server?</span></li></ol>
<div><span><br>
</span></div>
<p></p>
<p style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">
<u></u> <u></u></p>
<p style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">
Thanks,<u></u><u></u></p>
<p style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">
<u></u> <u></u></p>
<p class="MsoNormal" style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">
Penguinpages<u></u><u></u></p>
<p class="MsoNormal" style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">
<br>
</p>
<p class="MsoNormal" style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif">
<u></u> <u></u></p>
</div>
</div>
</div>
</div>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
dhcp-users mailing list<br>
<a href="mailto:dhcp-users@lists.isc.org" target="_blank">dhcp-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/dhcp-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><br>
</div></blockquote></div>