[Kea-users] DDNS between kea-dhcp and powerdns
luckydog xf
luckydogxf at gmail.com
Thu Aug 1 06:24:58 UTC 2024
https://kea.readthedocs.io/en/kea-2.6.0/arm/ddns.html
Finally, if there are no forward DDNS domains defined, D2 simply
disregards the forward-update portion of requests.
just comment out all forward-ddns section.
On Thu, Aug 1, 2024 at 1:28 PM luckydog xf <luckydogxf at gmail.com> wrote:
> okay, I have successfully implemented this function, thanks.
> One more question, can I only update reverse-ddns and just ignore
> forward-ddns. In other words, is it doable just to update PTR records on
> powerdns and leave A records alone ?
>
> I made an experiment just now.
>
> Both are discarded, including reverse one.
>
> #########
>
> 2024-08-01 12:20:20.824 WARN
> [kea-dhcp-ddns.dhcp-to-d2/3618.139962436945792] DHCP_DDNS_NO_MATCH No DNS
> servers match FQDN setexsql.whatever.com.
> 2024-08-01 12:20:20.824 ERROR
> [kea-dhcp-ddns.dhcp-to-d2/3618.139962436945792]
> DHCP_DDNS_NO_FWD_MATCH_ERROR Request ID
> 0001018A5FC0D73449520E9BC05D9E331FC2C6DFD16F44590F13198EADB4AE647F51D5: the
> configured list of forward DDNS domains does not contain a match for: Type:
> 1 (CHG_REMOVE)
> Forward Change: yes
> Reverse Change: yes
> FQDN: [setexsql.whatever.com.]
> IP Address: [172.16.234.241]
> DHCID:
> [0001018A5FC0D73449520E9BC05D9E331FC2C6DFD16F44590F13198EADB4AE647F51D5]
> Lease Expires On: 20240801074626
> Lease Length: 14400
> Conflict Resolution Mode: check-with-dhcid
> The request has been discarded.
> 2024-08-01 12:20:20.825 WARN
> [kea-dhcp-ddns.dhcp-to-d2/3618.139962436945792] DHCP_DDNS_NO_MATCH No DNS
> servers match FQDN setexsql.whatever.com.
> 2024-08-01 12:20:20.825 ERROR
> [kea-dhcp-ddns.dhcp-to-d2/3618.139962436945792]
> DHCP_DDNS_NO_FWD_MATCH_ERROR Request ID
> 0001018A5FC0D73449520E9BC05D9E331FC2C6DFD16F44590F13198EADB4AE647F51D5: the
> configured list of forward DDNS domains does not contain a match for: Type:
> 0 (CHG_ADD)
> Forward Change: yes
> Reverse Change: yes
> FQDN: [setexsql.whatever.com.]
> IP Address: [172.16.234.241]
> DHCID:
> [0001018A5FC0D73449520E9BC05D9E331FC2C6DFD16F44590F13198EADB4AE647F51D5]
> Lease Expires On: 20240801082020
> Lease Length: 14400
> Conflict Resolution Mode: check-with-dhcid
> The request has been discarded.
>
> #######
>
>
>
> On Tue, Jul 30, 2024 at 4:47 PM Lee Porte <lee at leeporte.co.uk> wrote:
>
>> Yes they are my two PowerDNS servers. I have them running as an
>> active/active pair.
>>
>> On Tue, 30 Jul 2024, 07:05 luckydog xf, <luckydogxf at gmail.com> wrote:
>>
>>> Just curious, IPs 192.168.1.4 and 192.168.1.5 are IPs of PowerDNS,
>>> right?
>>>
>>> On Tue, Jul 30, 2024 at 2:56 AM Lee Porte <lee at leeporte.co.uk> wrote:
>>>
>>>> Hi,
>>>>
>>>> Here;s what I have in my DHCP4 config to enable the DDNS updates
>>>>
>>>> "dhcp-ddns": {
>>>> "enable-updates": true,
>>>> },
>>>> "ddns-qualifying-suffix": "example.com",
>>>> "ddns-override-no-update": true,
>>>> "ddns-override-client-update": true,
>>>> "ddns-update-on-renew": true,
>>>> "hostname-char-set": "[^A-Za-z0-9.-]",
>>>> "hostname-char-replacement": "-",
>>>>
>>>>
>>>> And this is what I have in DDNS config
>>>>
>>>> {
>>>> "DhcpDdns": {
>>>> "ip-address": "127.0.0.1",
>>>> "port": 53001,
>>>> "control-socket": {
>>>> "socket-type": "unix",
>>>> "socket-name": "/var/lib/kea/kea-ddns-ctrl.sock"
>>>> },
>>>> "tsig-keys": [
>>>> {
>>>> "name": "dhcp-key",
>>>> "algorithm": "HMAC-SHA256",
>>>> "secret": "SUPERsecretKEY"
>>>> }
>>>> ],
>>>> "forward-ddns": {
>>>> "ddns-domains": [
>>>> {
>>>> "name": "example.com.",
>>>> "key-name": "dhcp-key",
>>>> "dns-servers": [
>>>> {
>>>> "ip-address": "192.168.1.4"
>>>> },
>>>> {
>>>> "ip-address": "192.168.1.5"
>>>> }
>>>> ]
>>>> }
>>>> ]
>>>> },
>>>> "reverse-ddns": {
>>>> "ddns-domains": [
>>>> {
>>>> "name": "1.168.192.in-addr.arpa.",
>>>> "key-name": "dhcp-key",
>>>> "dns-servers": [
>>>> {
>>>> "ip-address": "192.168.1.4"
>>>> },
>>>> {
>>>> "ip-address": "192.168.1.5"
>>>> }
>>>> ]
>>>> },
>>>> {
>>>> "name": "7.168.192.in-addr.arpa.",
>>>> "key-name": "dhcp-key",
>>>> "dns-servers": [
>>>> {
>>>> "ip-address": "192.168.1.4"
>>>> },
>>>> {
>>>> "ip-address": "192.168.1.5"
>>>> }
>>>> ]
>>>> }
>>>> ]
>>>> },
>>>> "loggers": [
>>>> {
>>>> "name": "kea-dhcp-ddns",
>>>> "output_options": [
>>>> {
>>>> "output": "/var/log/kea/kea-ddns.log",
>>>> "maxsize": 1048576,
>>>> "maxver": 8
>>>> }
>>>> ],
>>>> "severity": "INFO",
>>>> "debuglevel": 0
>>>> }
>>>> ]
>>>> }
>>>> }
>>>>
>>>> On the power DNS side I have
>>>>
>>>> #################################
>>>> # allow-dnsupdate-from A global setting to allow DNS updates from
>>>> these IP ranges.
>>>> #
>>>> #allow-dnsupdate-from=
>>>> allow-dnsupdate-from=
>>>>
>>>> #################################
>>>> # dnsupdate Enable/Disable DNS update (RFC2136) support. Default is
>>>> no.
>>>> #
>>>> dnsupdate=yes
>>>>
>>>> I have also generated key values and added the to the database as per
>>>> https://doc.powerdns.com/authoritative/dnsupdate.html#dns-update-how-to-setup-dyndns-rfc2136-with-dhcpd
>>>> Though I did tweak the key generation to use SHA256 rather than MD5
>>>>
>>>> dnssec-keygen -a hmac-sha256 -b 4096 USER dhcpdupdate
>>>>
>>>> Cheers
>>>>
>>>> L
>>>>
>>>> On Mon, 29 Jul 2024 at 08:53, Lee Porte <lee at leeporte.co.uk> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Yes it definitely is possible as I'm running kea with DDNS updates to
>>>>> PowerDNS currently.
>>>>>
>>>>> I can grab some config snippets later on for you.
>>>>>
>>>>> Cheers
>>>>>
>>>>> L
>>>>>
>>>>> On Mon, 29 Jul 2024, 02:52 luckydog xf, <luckydogxf at gmail.com> wrote:
>>>>>
>>>>>> Hello, list
>>>>>>
>>>>>> Is it possible to integrate kea-dhcp with PowerDNS by DDNS ? I read
>>>>>> the docs and didn't find related pages. Only one kea-dhcp-ddns exists.
>>>>>>
>>>>>> Thanks.
>>>>>> --
>>>>>> ISC funds the development of this software with paid support
>>>>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>>>>> information.
>>>>>>
>>>>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users
>>>>>> .
>>>>>>
>>>>>> Kea-users mailing list
>>>>>> Kea-users at lists.isc.org
>>>>>> https://lists.isc.org/mailman/listinfo/kea-users
>>>>>>
>>>>>
>>>>
>>>> --
>>>> Lee Porte
>>>> 07989 310 952
>>>> --
>>>> ISC funds the development of this software with paid support
>>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>>> information.
>>>>
>>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>>
>>>> Kea-users mailing list
>>>> Kea-users at lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/kea-users
>>>>
>>> --
>>> ISC funds the development of this software with paid support
>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>> information.
>>>
>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>>
>>> Kea-users mailing list
>>> Kea-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/kea-users
>>>
>> --
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>
>> Kea-users mailing list
>> Kea-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240801/3faef4cc/attachment-0001.htm>
More information about the Kea-users
mailing list