[Kea-users] DDNS between kea-dhcp and powerdns

luckydog xf luckydogxf at gmail.com
Thu Aug 1 05:28:42 UTC 2024 

okay, I have successfully implemented this function, thanks.
One more question,  can I only update reverse-ddns and just  ignore
forward-ddns. In other words, is it doable just to update PTR records on
powerdns and leave A records alone ?

I made an experiment just now.

Both are discarded, including reverse one.

#########

2024-08-01 12:20:20.824 WARN
 [kea-dhcp-ddns.dhcp-to-d2/3618.139962436945792] DHCP_DDNS_NO_MATCH No DNS
servers match FQDN setexsql.whatever.com.
2024-08-01 12:20:20.824 ERROR
[kea-dhcp-ddns.dhcp-to-d2/3618.139962436945792]
DHCP_DDNS_NO_FWD_MATCH_ERROR Request ID
0001018A5FC0D73449520E9BC05D9E331FC2C6DFD16F44590F13198EADB4AE647F51D5: the
configured list of forward DDNS domains does not contain a match for: Type:
1 (CHG_REMOVE)
Forward Change: yes
Reverse Change: yes
FQDN: [setexsql.whatever.com.]
IP Address: [172.16.234.241]
DHCID:
[0001018A5FC0D73449520E9BC05D9E331FC2C6DFD16F44590F13198EADB4AE647F51D5]
Lease Expires On: 20240801074626
Lease Length: 14400
Conflict Resolution Mode: check-with-dhcid
  The request has been discarded.
2024-08-01 12:20:20.825 WARN
 [kea-dhcp-ddns.dhcp-to-d2/3618.139962436945792] DHCP_DDNS_NO_MATCH No DNS
servers match FQDN setexsql.whatever.com.
2024-08-01 12:20:20.825 ERROR
[kea-dhcp-ddns.dhcp-to-d2/3618.139962436945792]
DHCP_DDNS_NO_FWD_MATCH_ERROR Request ID
0001018A5FC0D73449520E9BC05D9E331FC2C6DFD16F44590F13198EADB4AE647F51D5: the
configured list of forward DDNS domains does not contain a match for: Type:
0 (CHG_ADD)
Forward Change: yes
Reverse Change: yes
FQDN: [setexsql.whatever.com.]
IP Address: [172.16.234.241]
DHCID:
[0001018A5FC0D73449520E9BC05D9E331FC2C6DFD16F44590F13198EADB4AE647F51D5]
Lease Expires On: 20240801082020
Lease Length: 14400
Conflict Resolution Mode: check-with-dhcid
  The request has been discarded.

#######



On Tue, Jul 30, 2024 at 4:47 PM Lee Porte <lee at leeporte.co.uk> wrote:

> Yes they are my two PowerDNS servers. I have them running as an
> active/active pair.
>
> On Tue, 30 Jul 2024, 07:05 luckydog xf, <luckydogxf at gmail.com> wrote:
>
>> Just curious, IPs 192.168.1.4 and 192.168.1.5 are IPs of PowerDNS, right?
>>
>> On Tue, Jul 30, 2024 at 2:56 AM Lee Porte <lee at leeporte.co.uk> wrote:
>>
>>> Hi,
>>>
>>> Here;s what I have in my DHCP4 config to enable the DDNS updates
>>>
>>>     "dhcp-ddns": {
>>>       "enable-updates": true,
>>>     },
>>>     "ddns-qualifying-suffix": "example.com",
>>>     "ddns-override-no-update": true,
>>>     "ddns-override-client-update": true,
>>>     "ddns-update-on-renew": true,
>>>     "hostname-char-set": "[^A-Za-z0-9.-]",
>>>     "hostname-char-replacement": "-",
>>>
>>>
>>> And this is what I have in DDNS config
>>>
>>> {
>>>   "DhcpDdns": {
>>>     "ip-address": "127.0.0.1",
>>>     "port": 53001,
>>>     "control-socket": {
>>>       "socket-type": "unix",
>>>       "socket-name": "/var/lib/kea/kea-ddns-ctrl.sock"
>>>     },
>>>     "tsig-keys": [
>>>       {
>>>         "name": "dhcp-key",
>>>         "algorithm": "HMAC-SHA256",
>>>         "secret": "SUPERsecretKEY"
>>>       }
>>>     ],
>>>     "forward-ddns": {
>>>       "ddns-domains": [
>>>         {
>>>           "name": "example.com.",
>>>           "key-name": "dhcp-key",
>>>           "dns-servers": [
>>>             {
>>>               "ip-address": "192.168.1.4"
>>>             },
>>>             {
>>>               "ip-address": "192.168.1.5"
>>>             }
>>>           ]
>>>         }
>>>       ]
>>>     },
>>>     "reverse-ddns": {
>>>       "ddns-domains": [
>>>         {
>>>           "name": "1.168.192.in-addr.arpa.",
>>>           "key-name": "dhcp-key",
>>>           "dns-servers": [
>>>             {
>>>               "ip-address": "192.168.1.4"
>>>             },
>>>             {
>>>               "ip-address": "192.168.1.5"
>>>             }
>>>           ]
>>>         },
>>>         {
>>>           "name": "7.168.192.in-addr.arpa.",
>>>           "key-name": "dhcp-key",
>>>           "dns-servers": [
>>>             {
>>>               "ip-address": "192.168.1.4"
>>>             },
>>>             {
>>>               "ip-address": "192.168.1.5"
>>>             }
>>>           ]
>>>         }
>>>       ]
>>>     },
>>>     "loggers": [
>>>       {
>>>         "name": "kea-dhcp-ddns",
>>>         "output_options": [
>>>           {
>>>             "output": "/var/log/kea/kea-ddns.log",
>>>             "maxsize": 1048576,
>>>             "maxver": 8
>>>           }
>>>         ],
>>>         "severity": "INFO",
>>>         "debuglevel": 0
>>>       }
>>>     ]
>>>   }
>>> }
>>>
>>> On the power DNS side I have
>>>
>>> #################################
>>> # allow-dnsupdate-from  A global setting to allow DNS updates from these
>>> IP ranges.
>>> #
>>> #allow-dnsupdate-from=
>>> allow-dnsupdate-from=
>>>
>>> #################################
>>> # dnsupdate     Enable/Disable DNS update (RFC2136) support. Default is
>>> no.
>>> #
>>> dnsupdate=yes
>>>
>>> I have also generated key values and added the to the database as per
>>> https://doc.powerdns.com/authoritative/dnsupdate.html#dns-update-how-to-setup-dyndns-rfc2136-with-dhcpd
>>> Though I did tweak the key generation to use SHA256 rather than MD5
>>>
>>> dnssec-keygen -a hmac-sha256 -b 4096 USER dhcpdupdate
>>>
>>> Cheers
>>>
>>> L
>>>
>>> On Mon, 29 Jul 2024 at 08:53, Lee Porte <lee at leeporte.co.uk> wrote:
>>>
>>>> Hi,
>>>>
>>>> Yes it definitely is possible as I'm running kea with DDNS updates to
>>>> PowerDNS currently.
>>>>
>>>> I can grab some config snippets later on for you.
>>>>
>>>> Cheers
>>>>
>>>> L
>>>>
>>>> On Mon, 29 Jul 2024, 02:52 luckydog xf, <luckydogxf at gmail.com> wrote:
>>>>
>>>>> Hello, list
>>>>>
>>>>>  Is it possible to integrate kea-dhcp with PowerDNS by DDNS ? I read
>>>>> the docs and didn't find related pages. Only one kea-dhcp-ddns exists.
>>>>>
>>>>>  Thanks.
>>>>> --
>>>>> ISC funds the development of this software with paid support
>>>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>>>> information.
>>>>>
>>>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>>>
>>>>> Kea-users mailing list
>>>>> Kea-users at lists.isc.org
>>>>> https://lists.isc.org/mailman/listinfo/kea-users
>>>>>
>>>>
>>>
>>> --
>>> Lee Porte
>>> 07989 310 952
>>> --
>>> ISC funds the development of this software with paid support
>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>> information.
>>>
>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>
>>> Kea-users mailing list
>>> Kea-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/kea-users
>>>
>> --
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>
>> Kea-users mailing list
>> Kea-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
>>
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240801/209da8e0/attachment.htm>

More information about the Kea-users mailing list