[Kea-users] Kea DDNS issues

Ben Monroe bendono at gmail.com
Thu Apr 30 03:45:54 UTC 2020


Hi. I am trying to Dockerize DNS, Kea DHCP, Kea DDNS servers. Everything is
working except Kea DDNS.
Let me first describe the network. It has three VLANs:
VLAN 10: 10.10.10.0 /24
VLAN 20: 10.10.10.0 /24
VLAN 40: 10.10.40.0 /24
The Docker server is 10.10.40.50 and is on VLAN 40. DHCP relay is enabled
on the Cisco router.

Now for the docker containers.
Bind server #1:
-LAN static: 10.10.40.200
-Container static IP: 172.16.100.1
-53/UDP is mapped
Bind server #2:
-LAN static: 10.10.40.201
-Container static IP: 172.16.100.2
-53/UDP is mapped
Kea DHCP (DHCP4):
-LAN static IP: 10.10.40.203
-Container static IP: 172.16.100.3
-67/UDP is mapped
Kea DDNS:
-LAN static IP: <none since it only needs to be accessed from the container
network>
-Container static IP: 172.16.100.4
-No ports are mapped since only access required is from within the
container network.

Note that all four containers are running on the same container network:
172.16.100.0 /24, with 172.16.100.254 gateway.
Also, DHCP relay is running on the router between VLANs to Kea DHCP
(10.10.40.203).
VLAN 40 (where Kea and other containers are locked) is for servers with
static IPs and does not need DHCP services, so it is not a problem that L2
broadcasts are not received.
(Additional information: I originally tried running only the Kea container
using network_mode host to ensure it received L2 broadcasts, but this will
remove it from the DNS container network, potentially harming DDNS updates.
Also, with DHCP relay it does not seem to be necessary.)

In Bind named.conf, I have the following:

acl localnet {
10.10.0.0/16;
172.16.100.0/24;
};

acl dns-slaves {
    172.16.100.2; // ns2
};

key "rndc-key" {
        algorithm hmac-sha256;
        secret "<secret>";
};

options {
    directory "/var/bind";
    pid-file "/var/run/named/named.pid";

    forwarders { 8.8.8.8; 8.8.4.4; };

    listen-on { any; };
    listen-on-v6 { none; };

    allow-query { localnet; };
    allow-query-cache { localnet; };
    allow-recursion { localnet; };

    // Allow transfers only to DNS slaves.
    allow-transfer { dns-slaves; };

    notify yes;

    version none;
    hostname none;
    server-id none;
};

zone "dono.local" IN {
    type master;
    file "/etc/bind/db.dono.local";
    allow-update { key rndc-key; };
};

zone "10.10.10.in-addr.arpa" IN {
    type master;
    file "/etc/bind/db.10.10.10";
    allow-update { key rndc-key; };
};

zone "20.10.10.in-addr.arpa" IN {
    type master;
    file "/etc/bind/db.20.10.10";
    allow-update { key rndc-key; };
};

zone "40.10.10.in-addr.arpa" IN {
    type master;
    file "/etc/bind/db.40.10.10";
    allow-update { key rndc-key; };
};

logging {
    channel stdout {
      stderr;
      severity info;
      print-category no;
      print-severity no;
      print-time yes;
    };

    category security { stdout; };
    category queries  { stdout; };
    category dnssec   { stdout; };
    category xfer-in  { stdout; };
    category xfer-out { stdout; };
    category default  { stdout; };
};

In kea-dhcp4.conf I have:

{
"Dhcp4": {
    "interfaces-config": {
        "interfaces": [ "eth0" ]
    },
    "control-socket": {
        "socket-type": "unix",
        "socket-name": "/tmp/kea-dhcp4-ctrl.sock"
    },
    "lease-database": {
        "type": "memfile",
        "lfc-interval": 3600
    },
    "expired-leases-processing": {
        "reclaim-timer-wait-time": 10,
        "flush-reclaimed-timer-wait-time": 25,
        "hold-reclaimed-time": 3600,
        "max-reclaim-leases": 100,
        "max-reclaim-time": 250,
        "unwarned-reclaim-cycles": 5
    },
    "renew-timer": 900,
    "rebind-timer": 1800,
    "valid-lifetime": 3600,
    "dhcp-ddns": {
      "enable-updates": true,
      "qualifying-suffix": "dono.local.",
      "server-ip": "172.16.100.4"
    },
    "option-data": [
        {
            "name": "domain-name-servers",
            "data": "10.10.40.200, 10.10.40.201"
        },
        {
            "name": "domain-name",
            "data": "dono.local"
        },
        {
            "name": "domain-search",
            "data": "dono.local"
        },
        {
            "name": "time-servers",
            "data": "10.10.40.10"
        }
    ],
    "subnet4": [
        {
            "subnet": "10.10.10.0/24",
            "pools": [ { "pool": "10.10.10.50 - 10.10.10.150" } ],
            "option-data": [
                {
                    "name": "routers",
                    "data": "10.10.10.254"
                }
            ]
        },
{
"subnet": "10.10.20.0/24",
"pools": [ { "pool": "10.10.20.50 - 10.10.20.150" } ],
"option-data": [
{
"name": "routers",
"data": "10.10.20.254"
}
]
}
    ],
    "loggers": [
        {
          "name": "kea-dhcp4",
          "output_options": [
              {
                  "output": "/etc/kea/kea-dhcp4.log",
                  "flush": true,
                  "maxsize": 1048576,
                  "maxver": 3
              }
          ],
          "severity": "DEBUG",
          "debuglevel": 99
        },
        {
          "name": "kea-dhcp-ddns",
          "output_options": [
              {
                  "output": "/etc/kea/kea-ddns.log",
                  "flush": true,
                  "maxsize": 1048576,
                  "maxver": 3
              }
          ],
          "severity": "DEBUG",
          "debuglevel": 99
        }
    ]
}
}

And in kea-dhcp-ddns.conf I have:
{
"DhcpDdns":
{
  "ip-address": "127.0.0.1",
  "port": 53001,
  "control-socket": {
      "socket-type": "unix",
      "socket-name": "/tmp/kea-dhcp-ddns-ctrl.sock"
  },
  "tsig-keys": [
    {
      "name": "rndc-key",
      "algorithm": "hmac-sha256",
      "secret": "<secret>"
    }
  ],
  "forward-ddns": {
    "ddns-domains": [
      {
        "name": "dono.local.",
        "key-name": "rndc-key",
        "dns-servers": [
          { "ip-address": "172.16.100.1" },
          { "ip-address": "172.16.100.2" }
        ]
      }
    ]
  },
  "reverse-ddns": {
    "ddns-domains": [
      {
        "name": "10.10.10.in-addr.arpa.",
        "key-name": "rndc-key",
        "dns-servers": [
          { "ip-address": "172.16.100.1" },
          { "ip-address": "172.16.100.2" }
        ]
      },
      {
        "name": "20.10.10.in-addr.arpa.",
        "key-name": "rndc-key",
        "dns-servers": [
          { "ip-address": "172.16.100.1" },
          { "ip-address": "172.16.100.2" }
        ]
      }
    ]
  },
  "loggers": [
    {
        "name": "kea-dhcp-ddns",
        "output_options": [
            {
                "output": "/etc/kea/kea-ddns.log",
                "flush": true,
                "maxsize": 1048576,
                "maxver": 3
            }
        ],
        "severity": "DEBUG",
        "debuglevel": 99
    }
  ]
}
}

The version of Kea (both kea-dhcp4 and kea-dhcp-ddns) is 1.6.2.

Following a DHCP request, in the kea-dhcp4.log I see the following:

2020-04-30 02:57:22.354 DEBUG [kea-dhcp4.packets/1] DHCP4_BUFFER_RECEIVED
received buffer from 10.10.20.254:67 to 172.16.100.3:67 over interface eth0
2020-04-30 02:57:22.354 DEBUG [kea-dhcp4.options/1] DHCP4_BUFFER_UNPACK
parsing buffer received from 10.10.20.254 to 172.16.100.3 over interface
eth0
2020-04-30 02:57:22.355 DEBUG [kea-dhcp4.packets/1] DHCP4_PACKET_RECEIVED
[hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00:
DHCPREQUEST (type 3) received from 10.10.20.254 to 172.16.100.3 on
interface eth0
2020-04-30 02:57:22.355 DEBUG [kea-dhcp4.packets/1] DHCP4_QUERY_DATA
[hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00,
packet details: local_address=172.16.100.3:67, remote_address=
10.10.20.254:67, msg_type=DHCPREQUEST (3), transid=0x92ac8b00,
options:
  type=012, len=024: "android-ec3f0728072dc9f3" (string)
  type=050, len=004: 10.10.20.52 (ipv4-address)
  type=053, len=001: 3 (uint8)
  type=055, len=009: 1(uint8) 33(uint8) 3(uint8) 6(uint8) 15(uint8)
28(uint8) 51(uint8) 58(uint8) 59(uint8)
  type=057, len=002: 1500 (uint16)
  type=060, len=012: "dhcpcd-5.5.6" (string)
  type=061, len=007: 01:d8:c4:6a:91:cf:de
2020-04-30 02:57:22.356 DEBUG [kea-dhcp4.dhcpsrv/1]
DHCPSRV_CFGMGR_SUBNET4_ADDR selected subnet 10.10.20.0/24 for packet
received by matching address 10.10.20.254
2020-04-30 02:57:22.356 DEBUG [kea-dhcp4.packets/1] DHCP4_SUBNET_SELECTED
[hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00:
the subnet with ID 3 was selected for client assignments
2020-04-30 02:57:22.356 DEBUG [kea-dhcp4.packets/1] DHCP4_SUBNET_DATA
[hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00:
the selected subnet details: 10.10.20.0/24
2020-04-30 02:57:22.356 DEBUG [kea-dhcp4.hosts/1]
HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4 reservation
for subnet id 3, identified by hwaddr=D8C46A91CFDE
2020-04-30 02:57:22.357 DEBUG [kea-dhcp4.hosts/1]
HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using
identifier: hwaddr=D8C46A91CFDE
2020-04-30 02:57:22.357 DEBUG [kea-dhcp4.hosts/1]
HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier hwaddr=D8C46A91CFDE,
found 0 host(s)
2020-04-30 02:57:22.357 DEBUG [kea-dhcp4.hosts/1]
HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id
3 and identifier hwaddr=D8C46A91CFDE
2020-04-30 02:57:22.357 DEBUG [kea-dhcp4.hosts/1]
HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4 reservation
for subnet id 3, identified by client-id=01D8C46A91CFDE
2020-04-30 02:57:22.357 DEBUG [kea-dhcp4.hosts/1]
HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using
identifier: client-id=01D8C46A91CFDE
2020-04-30 02:57:22.358 DEBUG [kea-dhcp4.hosts/1]
HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier
client-id=01D8C46A91CFDE, found 0 host(s)
2020-04-30 02:57:22.358 DEBUG [kea-dhcp4.hosts/1]
HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id
3 and identifier client-id=01D8C46A91CFDE
2020-04-30 02:57:22.358 DEBUG [kea-dhcp4.dhcp4/1] DHCP4_CLASS_ASSIGNED
[hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00:
client packet has been assigned to the following class(es): UNKNOWN
2020-04-30 02:57:22.358 DEBUG [kea-dhcp4.dhcp4/1] DHCP4_CLASS_ASSIGNED
[hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00:
client packet has been assigned to the following class(es): ALL,
VENDOR_CLASS_dhcpcd-5.5.6, UNKNOWN
2020-04-30 02:57:22.359 DEBUG [kea-dhcp4.ddns/1]
DHCP4_CLIENT_HOSTNAME_PROCESS [hwtype=1 d8:c4:6a:91:cf:de],
cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: processing client's Hostname
option
2020-04-30 02:57:22.359 DEBUG [kea-dhcp4.ddns/1] DHCP4_CLIENT_HOSTNAME_DATA
[hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00:
client sent Hostname option: android-ec3f0728072dc9f3
2020-04-30 02:57:22.359 DEBUG [kea-dhcp4.ddns/1] DHCP4_CLIENT_HOSTNAME_DATA
[hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00:
client sent Hostname option: android-ec3f0728072dc9f3
2020-04-30 02:57:22.359 DEBUG [kea-dhcp4.ddns/1]
DHCP4_RESPONSE_HOSTNAME_DATA [hwtype=1 d8:c4:6a:91:cf:de],
cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: including Hostname option in
the server's response: android-ec3f0728072dc9f3.dono.local
2020-04-30 02:57:22.360 INFO  [kea-dhcp4.leases/1] DHCP4_INIT_REBOOT
[hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00:
client is in INIT-REBOOT state and requests address 10.10.20.52
2020-04-30 02:57:22.360 DEBUG [kea-dhcp4.dhcpsrv/1]
DHCPSRV_MEMFILE_GET_CLIENTID obtaining IPv4 leases for client ID
01:d8:c4:6a:91:cf:de
2020-04-30 02:57:22.360 DEBUG [kea-dhcp4.dhcpsrv/1]
DHCPSRV_MEMFILE_GET_CLIENTID obtaining IPv4 leases for client ID
01:d8:c4:6a:91:cf:de
2020-04-30 02:57:22.360 DEBUG [kea-dhcp4.hosts/1]
HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS4 get one host with reservation for
subnet id 3 and IPv4 address 10.10.20.52
2020-04-30 02:57:22.360 DEBUG [kea-dhcp4.hosts/1]
HOSTS_CFG_GET_ALL_ADDRESS4 get all hosts with reservations for IPv4 address
10.10.20.52
2020-04-30 02:57:22.361 DEBUG [kea-dhcp4.hosts/1]
HOSTS_CFG_GET_ALL_ADDRESS4_COUNT using address 10.10.20.52, found 0 host(s)
2020-04-30 02:57:22.361 DEBUG [kea-dhcp4.hosts/1]
HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS4_NULL host not found using subnet id 3
and address 10.10.20.52
2020-04-30 02:57:22.361 DEBUG [kea-dhcp4.dhcpsrv/1]
DHCPSRV_MEMFILE_GET_ADDR4 obtaining IPv4 lease for address 10.10.20.52
2020-04-30 02:57:22.362 DEBUG [kea-dhcp4.alloc-engine/1]
ALLOC_ENGINE_V4_REQUEST_EXTEND_LEASE [hwtype=1 d8:c4:6a:91:cf:de],
cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: extending lifetime of the lease
for address 10.10.20.52
2020-04-30 02:57:22.362 DEBUG [kea-dhcp4.dhcpsrv/1]
DHCPSRV_MEMFILE_UPDATE_ADDR4 updating IPv4 lease for address 10.10.20.52
2020-04-30 02:57:22.362 INFO  [kea-dhcp4.leases/1] DHCP4_LEASE_ALLOC
[hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00:
lease 10.10.20.52 has been allocated for 3600 seconds
2020-04-30 02:57:22.363 DEBUG [kea-dhcp4.ddns/1] DHCP4_NCR_CREATE [hwtype=1
d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: DDNS
updates enabled, therefore sending name change requests
2020-04-30 02:57:22.363 DEBUG [kea-dhcp4.options/1] DHCP4_PACKET_PACK
[hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00:
preparing on-wire format of the packet to be sent
2020-04-30 02:57:22.363 DEBUG [kea-dhcp4.packets/1] DHCP4_PACKET_SEND
[hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00:
trying to send packet DHCPACK (type 5) from 172.16.100.3:67 to
10.10.20.254:67 on interface eth0
2020-04-30 02:57:22.364 DEBUG [kea-dhcp4.packets/1] DHCP4_RESPONSE_DATA
[hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00:
responding with packet DHCPACK (type 5), packet details: local_address=
172.16.100.3:67, remote_address=10.10.20.254:67, msg_type=DHCPACK (5),
transid=0x92ac8b00,
options:
  type=001, len=004: 4294967040 (uint32)
  type=003, len=004: 10.10.20.254
  type=006, len=008: 10.10.40.200 10.10.40.201
  type=012, len=035: "android-ec3f0728072dc9f3.dono.local" (string)
  type=015, len=010: "dono.local" (string)
  type=051, len=004: 3600 (uint32)
  type=053, len=001: 5 (uint8)
  type=054, len=004: 172.16.100.3
  type=058, len=004: 900 (uint32)
  type=059, len=004: 1800 (uint32)
  type=061, len=007: 01:d8:c4:6a:91:cf:de

The logs seem to indicate that it tries to notify DDNS.
However, except for the startup logs, the kea-dhcp-ddns logs are completely
empty.
I even did a tcpdump capture on all interfaces, but do not see any packets
going to kea-dhcp-ddns (172.16.100.4).

Note that manually running nsupdate against Bind (10.10.40.200) does work.
But I would really like to get this working after a host gets DHCP details.

I'd appreciate some help in tracking down the problem.
Thank you.
Ben Monroe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20200430/dda944f0/attachment.htm>


More information about the Kea-users mailing list