[kea-dev] Reverse DNS update

Thomas Markwalder tmark at isc.org
Thu May 26 13:27:54 UTC 2016 

On 5/26/16 6:22 AM, tach yon wrote:
> Hi,
>
> I've set up Kea 1.0.0 to serve DHCP requests and store lease
> information in a PgSQL database. There's also a separate bind 9.10
> server that I'm trying to push dynamic DNS updates to, but
> unfortunately this isn't working. I'm trying to find out why, but I've
> come across something I don't quite understand.
>
> This suggests to me that the entry has been successfully added to the
> database with the fqdn_rev boolean marked as true:
>
>
>   address  |     hwaddr     |    client_id     | valid_lifetime |    
>     expire         | subnet_id | fqdn_fwd | fqdn_rev |        
> hostname          | state
> -----------+----------------+------------------+----------------+------------------------+-----------+----------+----------+---------------------------+-------
>  168566422 | \x0050569d0f1f | \x010050569d0f1f |           4000 |
> 2016-05-26 11:04:35+01 |         1 | f        | t        |
> windhcp.example.net. |     0
>
>
> Showing fqdn_rev marked as true seems strange because in kea.conf I
> have it set to update forward DNS, not reverse DNS.
>
> "DhcpDdns": {
>         "tsig-keys": [
>                 {
>                         "name": "dynkey",
>                         "algorithm": "HMAC-MD5",
>                         "secret": "xxx"
>                 },
>         ],
>         "forward-ddns": {
>                 "ddns-domains": [
>                         {
>                         "name": "dynamic.example.net.",
>                         "key-name": "dynkey",
>                         "dns-servers": [ { "ip-address": "10.12.30.7" } ]
>                         },
>                 ]
>         },
>         "reverse-ddns": {
>                 "ddns-domains": [ ]
>         }
> },
>
>
> I also see this in the ddns log:
>
> 2016-05-26 09:57:55.347 DEBUG [kea-dhcp-ddns.dhcp-to-d2/94515]
> DHCP_DDNS_REV_REQUEST_IGNORED Request ID
> : Reverse updates are disabled, the reverse portion of request will be
> ignored: Type: 0 (CHG_ADD)
> Forward Change: no
> Reverse Change: no
> FQDN: [windhcp.dynamic.example.net.]
> IP Address: [10.12.30.150]
> Lease Expires On: 20160526100435
> Lease Length: 4000
>
> 2016-05-26 09:57:55.348 DEBUG [kea-dhcp-ddns.dhcp-to-d2/94515]
> DHCP_DDNS_REQUEST_DROPPED Request ID 
> : Request contains no enabled update requests and will be dropped:
> Type: 0 (CHG_ADD)
> Forward Change: no
> Reverse Change: no
> FQDN: [windhcp.dynamic.example.net.]
> IP Address: [10.12.30.150]
> Lease Expires On: 20160526100435
> Lease Length: 4000
>
>
> This feels like it's trying to update a reverse request despite having
> configured it to create forward entries, unless I configured it wrong :\
>
> If someone could please help make sense of this it would be very much
> appreciated. Thank you in advance for your time and consideration.
>
> Kind regards,
> Lewis
>
>
> _______________________________________________
> kea-dev mailing list
> kea-dev at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-dev

Hello Lewis:

The log entries you show indicate that kea-dhcp-ddns (aka D2) did not
find any updates that it should or could do and therefore dropped the
request. If it had actually attempted any updates you would have seen
several more entries detailing their progress (e.g.
DHCP_DDNS_STARTING_TRANSACTION, DHCP_DDNS_UPDATE_REQUEST_SENT,
DHCP_DDNS_UPDATE_RESPONSE_RECEIVED).                 

The hostname shown in your database does not map to the configured
Forward DDNS domain you have defined. Your host, "windhcp", is in
"example.net.". If you peruse your log file you should see an entry for
DHCP_DDNS_NO_FWD_MATCH_ERROR.  So either your host name needs to be
"windhcp.dynamic.example.net." or your forward domain needs to be
"example.net."

I do not understand why the reverse flag is true.  Either there is
simply a bug somewhere and it should not be true or at some point you
had reverse updates enabled for this same client and IP address and the
entry was made. You could look for the reverse entry with:

  dig @10.12.30.7 -x10.12.30.150

If you have the original log file, that would be extremely helpful.  It
would also be helpful to see the "dhcp-ddns" section for "Dhcp4".

We also have all of our log messages explained in kea-messages.html. 
Which should be installed next to our admin guide in
<prefix>/share/doc/kea.  We have a link to it here

http://kea.isc.org/docs/kea-messages.html#DHCP

(This link appears to be a little stale, and for some reason the D2
messages are lumped under module "DHCP") 


Thanks,


Thomas Markwalder

ISC Software Engineering


On 5/26/16 6:22 AM, tach yon wrote:
> Hi,
>
> I've set up Kea 1.0.0 to serve DHCP requests and store lease
> information in a PgSQL database. There's also a separate bind 9.10
> server that I'm trying to push dynamic DNS updates to, but
> unfortunately this isn't working. I'm trying to find out why, but I've
> come across something I don't quite understand.
>
> This suggests to me that the entry has been successfully added to the
> database with the fqdn_rev boolean marked as true:
>
>
>   address  |     hwaddr     |    client_id     | valid_lifetime |    
>     expire         | subnet_id | fqdn_fwd | fqdn_rev |        
> hostname          | state
> -----------+----------------+------------------+----------------+------------------------+-----------+----------+----------+---------------------------+-------
>  168566422 | \x0050569d0f1f | \x010050569d0f1f |           4000 |
> 2016-05-26 11:04:35+01 |         1 | f        | t        |
> windhcp.example.net. |     0
>
>
> Showing fqdn_rev marked as true seems strange because in kea.conf I
> have it set to update forward DNS, not reverse DNS.
>
> "DhcpDdns": {
>         "tsig-keys": [
>                 {
>                         "name": "dynkey",
>                         "algorithm": "HMAC-MD5",
>                         "secret": "xxx"
>                 },
>         ],
>         "forward-ddns": {
>                 "ddns-domains": [
>                         {
>                         "name": "dynamic.example.net.",
>                         "key-name": "dynkey",
>                         "dns-servers": [ { "ip-address": "10.12.30.7" } ]
>                         },
>                 ]
>         },
>         "reverse-ddns": {
>                 "ddns-domains": [ ]
>         }
> },
>
>
> I also see this in the ddns log:
>
> 2016-05-26 09:57:55.347 DEBUG [kea-dhcp-ddns.dhcp-to-d2/94515]
> DHCP_DDNS_REV_REQUEST_IGNORED Request ID
> : Reverse updates are disabled, the reverse portion of request will be
> ignored: Type: 0 (CHG_ADD)
> Forward Change: no
> Reverse Change: no
> FQDN: [windhcp.dynamic.example.net.]
> IP Address: [10.12.30.150]
> Lease Expires On: 20160526100435
> Lease Length: 4000
>
> 2016-05-26 09:57:55.348 DEBUG [kea-dhcp-ddns.dhcp-to-d2/94515]
> DHCP_DDNS_REQUEST_DROPPED Request ID 
> : Request contains no enabled update requests and will be dropped:
> Type: 0 (CHG_ADD)
> Forward Change: no
> Reverse Change: no
> FQDN: [windhcp.dynamic.example.net.]
> IP Address: [10.12.30.150]
> Lease Expires On: 20160526100435
> Lease Length: 4000
>
>
> This feels like it's trying to update a reverse request despite having
> configured it to create forward entries, unless I configured it wrong :\
>
> If someone could please help make sense of this it would be very much
> appreciated. Thank you in advance for your time and consideration.
>
> Kind regards,
> Lewis
>
>
> _______________________________________________
> kea-dev mailing list
> kea-dev at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-dev


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-dev/attachments/20160526/739de63e/attachment.html>

More information about the kea-dev mailing list