[Kea-users] kea not updating bind9
Charles Curley
charlescurley at charlescurley.com
Mon Sep 22 22:49:13 UTC 2025
I have a new installation of Debian 13 (trixie), and I am bringing up
kea (2.6.3-1) and bind9 (1:9.20.11-4). These are the versions packaged
with Debian 13.
I believe kea is handing out IPv4 addresses successfully. They show up
in the two leases files at /var/lib/kea/kea-leases4.csv*.
I have bind9 working. What I don't have working is kea updating
bind9. I get stanzas like the following:
--------------------------------------------------
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: WARN DHCP_DDNS_NO_MATCH No DNS servers match FQDN perigrine.localdomain.
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: ERROR DHCP_DDNS_NO_FWD_MATCH_ERROR Request ID 000101DF371CED11EB6079AD67B29A945C943D2740259076198B28C32577D28B999B70: the configured list of forward DDNS domains does not contain a match for: Type: 1 (CHG_REMOVE)
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: Forward Change: yes
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: Reverse Change: yes
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: FQDN: [perigrine.localdomain.]
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: IP Address: [192.168.100.47]
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: DHCID: [000101DF371CED11EB6079AD67B29A945C943D2740259076198B28C32577D28B999B70]
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: Lease Expires On: 20250922183519
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: Lease Length: 1200
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: Conflict Resolution Mode: check-with-dhcid
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: The request has been discarded.
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: WARN DHCP_DDNS_NO_MATCH No DNS servers match FQDN perigrine.localdomain.
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: ERROR DHCP_DDNS_NO_FWD_MATCH_ERROR Request ID 000101DF371CED11EB6079AD67B29A945C943D2740259076198B28C32577D28B999B70: the configured list of forward DDNS domains does not contain a match for: Type: 1 (CHG_REMOVE)
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: Forward Change: yes
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: Reverse Change: yes
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: FQDN: [perigrine.localdomain.]
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: IP Address: [192.168.100.47]
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: DHCID: [000101DF371CED11EB6079AD67B29A945C943D2740259076198B28C32577D28B999B70]
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: Lease Expires On: 20250922183519
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: Lease Length: 1200
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: Conflict Resolution Mode: check-with-dhcid
Sep 22 13:15:21 issola kea-dhcp-ddns[38297]: The request has been discarded.
--------------------------------------------------
Meanwhile bind9 is silent.
Partial bind9:
--------------------------------------------------
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
key "rndc_key" {
algorithm hmac-md5;
secret "<redacted>";
};
key "tsig-key" {
algorithm hmac-sha256;
secret "<redacted>";
};
…
zone "localdomain" IN {
type master;
file "/var/cache/bind/sites/localdomain/forward.zone";
allow-transfer { 127.0.0.1; 192.168.100.6; 192.168.100.16;};
# allow-update { key "rndc_key"; };
allow-update { key "tsig-key"; };
zone-statistics yes;
notify no;
# also-notify { };
};
--------------------------------------------------
Partial kea-dhcp-ddns.conf
--------------------------------------------------
"DhcpDdns":
{
"ip-address": "127.0.0.1",
"port": 53001,
"control-socket": {
"socket-type": "unix",
"socket-name": "kea-ddns-ctrl-socket"
},
"tsig-keys": [
{ "name": "tsig-key",
"algorithm": "hmac-sha256",
"secret": "Lh4eU13Kay9ZR4Wjf5r7+L5Bx11PWWlpkjyHqEUCLQE=" }
],
"forward-ddns" : {
"ddns-domains" : [
{
"name": "localdomain",
"key-name": "tsig-key",
"dns-servers": [
{ "ip-address": "192.168.100.12" }
]
}
]
},
"reverse-ddns" : {
"ddns-domains" : [
{
"name": "100.168.192.in-addr.arpa.",
"key-name": "tsig-key",
"dns-servers": [
{ "ip-address": "192.168.100.12" }
]
}
]
},
--------------------------------------------------
--
Does anybody read signatures any more?
https://charlescurley.com
https://charlescurley.com/blog/
More information about the Kea-users
mailing list