<div dir="ltr">Hi. I am trying to Dockerize DNS, Kea DHCP, Kea DDNS servers. Everything is working except Kea DDNS.<div>Let me first describe the network. It has three VLANs:<br>VLAN 10: 10.10.10.0 /24<br>VLAN 20: 10.10.10.0 /24<br>VLAN 40: 10.10.40.0 /24<br>The Docker server is 10.10.40.50 and is on VLAN 40. DHCP relay is enabled on the Cisco router.<br><br>Now for the docker containers.<br>Bind server #1:<br>-LAN static: 10.10.40.200<br>-Container static IP: 172.16.100.1<br>-53/UDP is mapped<br>Bind server #2:<br>-LAN static: 10.10.40.201<br>-Container static IP: 172.16.100.2<br>-53/UDP is mapped<br>Kea DHCP (DHCP4):<br>-LAN static IP: 10.10.40.203<br>-Container static IP: 172.16.100.3<br>-67/UDP is mapped<br>Kea DDNS:<br>-LAN static IP: <none since it only needs to be accessed from the container network><br>-Container static IP: 172.16.100.4<br>-No ports are mapped since only access required is from within the container network.<br><br>Note that all four containers are running on the same container network: 172.16.100.0 /24, with 172.16.100.254 gateway.<br>Also, DHCP relay is running on the router between VLANs to Kea DHCP (10.10.40.203).<br>VLAN 40 (where Kea and other containers are locked) is for servers with static IPs and does not need DHCP services, so it is not a problem that L2 broadcasts are not received.<br>(Additional information: I originally tried running only the Kea container using network_mode host to ensure it received L2 broadcasts, but this will remove it from the DNS container network, potentially harming DDNS updates. Also, with DHCP relay it does not seem to be necessary.)<br><br>In Bind named.conf, I have the following:<br><br>acl localnet {<br> <a href="http://10.10.0.0/16">10.10.0.0/16</a>;<br> <a href="http://172.16.100.0/24">172.16.100.0/24</a>;<br>};<br><br>acl dns-slaves {<br>    172.16.100.2; // ns2<br>};<br><br>key "rndc-key" {<br>        algorithm hmac-sha256;<br>        secret "<secret>";<br>};<br><br>options {<br>    directory "/var/bind";<br>    pid-file "/var/run/named/named.pid";<br><br>    forwarders { 8.8.8.8; 8.8.4.4; };<br><br>    listen-on { any; };<br>    listen-on-v6 { none; };<br><br>    allow-query { localnet; };<br>    allow-query-cache { localnet; };<br>    allow-recursion { localnet; };<br><br>    // Allow transfers only to DNS slaves.<br>    allow-transfer { dns-slaves; };<br><br>    notify yes;<br><br>    version none;<br>    hostname none;<br>    server-id none;<br>};<br><br>zone "dono.local" IN {<br>    type master;<br>    file "/etc/bind/db.dono.local";<br>    allow-update { key rndc-key; };<br>};<br><br>zone "10.10.10.in-addr.arpa" IN {<br>    type master;<br>    file "/etc/bind/db.10.10.10";<br>    allow-update { key rndc-key; };<br>};<br><br>zone "20.10.10.in-addr.arpa" IN {<br>    type master;<br>    file "/etc/bind/db.20.10.10";<br>    allow-update { key rndc-key; };<br>};<br><br>zone "40.10.10.in-addr.arpa" IN {<br>    type master;<br>    file "/etc/bind/db.40.10.10";<br>    allow-update { key rndc-key; };<br>};<br><br>logging {<br>    channel stdout {<br>      stderr;<br>      severity info;<br>      print-category no;<br>      print-severity no;<br>      print-time yes;<br>    };<br><br>    category security { stdout; };<br>    category queries  { stdout; };<br>    category dnssec   { stdout; };<br>    category xfer-in  { stdout; };<br>    category xfer-out { stdout; };<br>    category default  { stdout; };<br>};<br><br>In kea-dhcp4.conf I have:<br><br>{<br>"Dhcp4": {<br>    "interfaces-config": {<br>        "interfaces": [ "eth0" ]<br>    },<br>    "control-socket": {<br>        "socket-type": "unix",<br>        "socket-name": "/tmp/kea-dhcp4-ctrl.sock"<br>    },<br>    "lease-database": {<br>        "type": "memfile",<br>        "lfc-interval": 3600<br>    },<br>    "expired-leases-processing": {<br>        "reclaim-timer-wait-time": 10,<br>        "flush-reclaimed-timer-wait-time": 25,<br>        "hold-reclaimed-time": 3600,<br>        "max-reclaim-leases": 100,<br>        "max-reclaim-time": 250,<br>        "unwarned-reclaim-cycles": 5<br>    },<br>    "renew-timer": 900,<br>    "rebind-timer": 1800,<br>    "valid-lifetime": 3600,<br>    "dhcp-ddns": {<br>      "enable-updates": true,<br>      "qualifying-suffix": "dono.local.",<br>      "server-ip": "172.16.100.4"<br>    },<br>    "option-data": [<br>        {<br>            "name": "domain-name-servers",<br>            "data": "10.10.40.200, 10.10.40.201"<br>        },<br>        {<br>            "name": "domain-name",<br>            "data": "dono.local"<br>        },<br>        {<br>            "name": "domain-search",<br>            "data": "dono.local"<br>        },<br>        {<br>            "name": "time-servers",<br>            "data": "10.10.40.10"<br>        }<br>    ],<br>    "subnet4": [<br>        {<br>            "subnet": "<a href="http://10.10.10.0/24">10.10.10.0/24</a>",<br>            "pools": [ { "pool": "10.10.10.50 - 10.10.10.150" } ],<br>            "option-data": [<br>                {<br>                    "name": "routers",<br>                    "data": "10.10.10.254"<br>                }<br>            ]<br>        },<br>              {<br>                     "subnet": "<a href="http://10.10.20.0/24">10.10.20.0/24</a>",<br>                               "pools": [ { "pool": "10.10.20.50 - 10.10.20.150" } ],<br>                          "option-data": [<br>                                    {<br>                                             "name": "routers",<br>                                                "data": "10.10.20.254"<br>                                    }<br>                             ]<br>             }<br>    ],<br>    "loggers": [<br>        {<br>          "name": "kea-dhcp4",<br>          "output_options": [<br>              {<br>                  "output": "/etc/kea/kea-dhcp4.log",<br>                  "flush": true,<br>                  "maxsize": 1048576,<br>                  "maxver": 3<br>              }<br>          ],<br>          "severity": "DEBUG",<br>          "debuglevel": 99<br>        },<br>        {<br>          "name": "kea-dhcp-ddns",<br>          "output_options": [<br>              {<br>                  "output": "/etc/kea/kea-ddns.log",<br>                  "flush": true,<br>                  "maxsize": 1048576,<br>                  "maxver": 3<br>              }<br>          ],<br>          "severity": "DEBUG",<br>          "debuglevel": 99<br>        }<br>    ]<br>}<br>}<br><br>And in kea-dhcp-ddns.conf I have:<br>{<br>"DhcpDdns":<br>{<br>  "ip-address": "127.0.0.1",<br>  "port": 53001,<br>  "control-socket": {<br>      "socket-type": "unix",<br>      "socket-name": "/tmp/kea-dhcp-ddns-ctrl.sock"<br>  },<br>  "tsig-keys": [<br>    {<br>      "name": "rndc-key",<br>      "algorithm": "hmac-sha256",<br>      "secret": "<secret>"<br>    }<br>  ],<br>  "forward-ddns": {<br>    "ddns-domains": [<br>      {<br>        "name": "dono.local.",<br>        "key-name": "rndc-key",<br>        "dns-servers": [<br>          { "ip-address": "172.16.100.1" },<br>          { "ip-address": "172.16.100.2" }<br>        ]<br>      }<br>    ]<br>  },<br>  "reverse-ddns": {<br>    "ddns-domains": [<br>      {<br>        "name": "10.10.10.in-addr.arpa.",<br>        "key-name": "rndc-key",<br>        "dns-servers": [<br>          { "ip-address": "172.16.100.1" },<br>          { "ip-address": "172.16.100.2" }<br>        ]<br>      },<br>      {<br>        "name": "20.10.10.in-addr.arpa.",<br>        "key-name": "rndc-key",<br>        "dns-servers": [<br>          { "ip-address": "172.16.100.1" },<br>          { "ip-address": "172.16.100.2" }<br>        ]<br>      }<br>    ]<br>  },<br>  "loggers": [<br>    {<br>        "name": "kea-dhcp-ddns",<br>        "output_options": [<br>            {<br>                "output": "/etc/kea/kea-ddns.log",<br>                "flush": true,<br>                "maxsize": 1048576,<br>                "maxver": 3<br>            }<br>        ],<br>        "severity": "DEBUG",<br>        "debuglevel": 99<br>    }<br>  ]<br>}<br>}<br><br>The version of Kea (both kea-dhcp4 and kea-dhcp-ddns) is 1.6.2.<br><br>Following a DHCP request, in the kea-dhcp4.log I see the following:<br><br>2020-04-30 02:57:22.354 DEBUG [kea-dhcp4.packets/1] DHCP4_BUFFER_RECEIVED received buffer from <a href="http://10.10.20.254:67">10.10.20.254:67</a> to <a href="http://172.16.100.3:67">172.16.100.3:67</a> over interface eth0<br>2020-04-30 02:57:22.354 DEBUG [kea-dhcp4.options/1] DHCP4_BUFFER_UNPACK parsing buffer received from 10.10.20.254 to 172.16.100.3 over interface eth0<br>2020-04-30 02:57:22.355 DEBUG [kea-dhcp4.packets/1] DHCP4_PACKET_RECEIVED [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: DHCPREQUEST (type 3) received from 10.10.20.254 to 172.16.100.3 on interface eth0<br>2020-04-30 02:57:22.355 DEBUG [kea-dhcp4.packets/1] DHCP4_QUERY_DATA [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00, packet details: local_address=<a href="http://172.16.100.3:67">172.16.100.3:67</a>, remote_address=<a href="http://10.10.20.254:67">10.10.20.254:67</a>, msg_type=DHCPREQUEST (3), transid=0x92ac8b00,<br>options:<br>  type=012, len=024: "android-ec3f0728072dc9f3" (string)<br>  type=050, len=004: 10.10.20.52 (ipv4-address)<br>  type=053, len=001: 3 (uint8)<br>  type=055, len=009: 1(uint8) 33(uint8) 3(uint8) 6(uint8) 15(uint8) 28(uint8) 51(uint8) 58(uint8) 59(uint8)<br>  type=057, len=002: 1500 (uint16)<br>  type=060, len=012: "dhcpcd-5.5.6" (string)<br>  type=061, len=007: 01:d8:c4:6a:91:cf:de<br>2020-04-30 02:57:22.356 DEBUG [kea-dhcp4.dhcpsrv/1] DHCPSRV_CFGMGR_SUBNET4_ADDR selected subnet <a href="http://10.10.20.0/24">10.10.20.0/24</a> for packet received by matching address 10.10.20.254<br>2020-04-30 02:57:22.356 DEBUG [kea-dhcp4.packets/1] DHCP4_SUBNET_SELECTED [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: the subnet with ID 3 was selected for client assignments<br>2020-04-30 02:57:22.356 DEBUG [kea-dhcp4.packets/1] DHCP4_SUBNET_DATA [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: the selected subnet details: <a href="http://10.10.20.0/24">10.10.20.0/24</a><br>2020-04-30 02:57:22.356 DEBUG [kea-dhcp4.hosts/1] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4 reservation for subnet id 3, identified by hwaddr=D8C46A91CFDE<br>2020-04-30 02:57:22.357 DEBUG [kea-dhcp4.hosts/1] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: hwaddr=D8C46A91CFDE<br>2020-04-30 02:57:22.357 DEBUG [kea-dhcp4.hosts/1] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier hwaddr=D8C46A91CFDE, found 0 host(s)<br>2020-04-30 02:57:22.357 DEBUG [kea-dhcp4.hosts/1] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 3 and identifier hwaddr=D8C46A91CFDE<br>2020-04-30 02:57:22.357 DEBUG [kea-dhcp4.hosts/1] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4 reservation for subnet id 3, identified by client-id=01D8C46A91CFDE<br>2020-04-30 02:57:22.357 DEBUG [kea-dhcp4.hosts/1] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: client-id=01D8C46A91CFDE<br>2020-04-30 02:57:22.358 DEBUG [kea-dhcp4.hosts/1] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier client-id=01D8C46A91CFDE, found 0 host(s)<br>2020-04-30 02:57:22.358 DEBUG [kea-dhcp4.hosts/1] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 3 and identifier client-id=01D8C46A91CFDE<br>2020-04-30 02:57:22.358 DEBUG [kea-dhcp4.dhcp4/1] DHCP4_CLASS_ASSIGNED [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: client packet has been assigned to the following class(es): UNKNOWN<br>2020-04-30 02:57:22.358 DEBUG [kea-dhcp4.dhcp4/1] DHCP4_CLASS_ASSIGNED [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: client packet has been assigned to the following class(es): ALL, VENDOR_CLASS_dhcpcd-5.5.6, UNKNOWN<br>2020-04-30 02:57:22.359 DEBUG [kea-dhcp4.ddns/1] DHCP4_CLIENT_HOSTNAME_PROCESS [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: processing client's Hostname option<br>2020-04-30 02:57:22.359 DEBUG [kea-dhcp4.ddns/1] DHCP4_CLIENT_HOSTNAME_DATA [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: client sent Hostname option: android-ec3f0728072dc9f3<br>2020-04-30 02:57:22.359 DEBUG [kea-dhcp4.ddns/1] DHCP4_CLIENT_HOSTNAME_DATA [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: client sent Hostname option: android-ec3f0728072dc9f3<br>2020-04-30 02:57:22.359 DEBUG [kea-dhcp4.ddns/1] DHCP4_RESPONSE_HOSTNAME_DATA [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: including Hostname option in the server's response: android-ec3f0728072dc9f3.dono.local<br>2020-04-30 02:57:22.360 INFO  [kea-dhcp4.leases/1] DHCP4_INIT_REBOOT [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: client is in INIT-REBOOT state and requests address 10.10.20.52<br>2020-04-30 02:57:22.360 DEBUG [kea-dhcp4.dhcpsrv/1] DHCPSRV_MEMFILE_GET_CLIENTID obtaining IPv4 leases for client ID 01:d8:c4:6a:91:cf:de<br>2020-04-30 02:57:22.360 DEBUG [kea-dhcp4.dhcpsrv/1] DHCPSRV_MEMFILE_GET_CLIENTID obtaining IPv4 leases for client ID 01:d8:c4:6a:91:cf:de<br>2020-04-30 02:57:22.360 DEBUG [kea-dhcp4.hosts/1] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS4 get one host with reservation for subnet id 3 and IPv4 address 10.10.20.52<br>2020-04-30 02:57:22.360 DEBUG [kea-dhcp4.hosts/1] HOSTS_CFG_GET_ALL_ADDRESS4 get all hosts with reservations for IPv4 address 10.10.20.52<br>2020-04-30 02:57:22.361 DEBUG [kea-dhcp4.hosts/1] HOSTS_CFG_GET_ALL_ADDRESS4_COUNT using address 10.10.20.52, found 0 host(s)<br>2020-04-30 02:57:22.361 DEBUG [kea-dhcp4.hosts/1] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS4_NULL host not found using subnet id 3 and address 10.10.20.52<br>2020-04-30 02:57:22.361 DEBUG [kea-dhcp4.dhcpsrv/1] DHCPSRV_MEMFILE_GET_ADDR4 obtaining IPv4 lease for address 10.10.20.52<br>2020-04-30 02:57:22.362 DEBUG [kea-dhcp4.alloc-engine/1] ALLOC_ENGINE_V4_REQUEST_EXTEND_LEASE [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: extending lifetime of the lease for address 10.10.20.52<br>2020-04-30 02:57:22.362 DEBUG [kea-dhcp4.dhcpsrv/1] DHCPSRV_MEMFILE_UPDATE_ADDR4 updating IPv4 lease for address 10.10.20.52<br>2020-04-30 02:57:22.362 INFO  [kea-dhcp4.leases/1] DHCP4_LEASE_ALLOC [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: lease 10.10.20.52 has been allocated for 3600 seconds<br>2020-04-30 02:57:22.363 DEBUG [kea-dhcp4.ddns/1] DHCP4_NCR_CREATE [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: DDNS updates enabled, therefore sending name change requests<br>2020-04-30 02:57:22.363 DEBUG [kea-dhcp4.options/1] DHCP4_PACKET_PACK [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: preparing on-wire format of the packet to be sent<br>2020-04-30 02:57:22.363 DEBUG [kea-dhcp4.packets/1] DHCP4_PACKET_SEND [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: trying to send packet DHCPACK (type 5) from <a href="http://172.16.100.3:67">172.16.100.3:67</a> to <a href="http://10.10.20.254:67">10.10.20.254:67</a> on interface eth0<br>2020-04-30 02:57:22.364 DEBUG [kea-dhcp4.packets/1] DHCP4_RESPONSE_DATA [hwtype=1 d8:c4:6a:91:cf:de], cid=[01:d8:c4:6a:91:cf:de], tid=0x92ac8b00: responding with packet DHCPACK (type 5), packet details: local_address=<a href="http://172.16.100.3:67">172.16.100.3:67</a>, remote_address=<a href="http://10.10.20.254:67">10.10.20.254:67</a>, msg_type=DHCPACK (5), transid=0x92ac8b00,<br>options:<br>  type=001, len=004: 4294967040 (uint32)<br>  type=003, len=004: 10.10.20.254<br>  type=006, len=008: 10.10.40.200 10.10.40.201<br>  type=012, len=035: "android-ec3f0728072dc9f3.dono.local" (string)<br>  type=015, len=010: "dono.local" (string)<br>  type=051, len=004: 3600 (uint32)<br>  type=053, len=001: 5 (uint8)<br>  type=054, len=004: 172.16.100.3<br>  type=058, len=004: 900 (uint32)<br>  type=059, len=004: 1800 (uint32)<br>  type=061, len=007: 01:d8:c4:6a:91:cf:de<br><br>The logs seem to indicate that it tries to notify DDNS.<br>However, except for the startup logs, the kea-dhcp-ddns logs are completely empty.<br>I even did a tcpdump capture on all interfaces, but do not see any packets going to kea-dhcp-ddns (172.16.100.4).</div><div><br></div><div>Note that manually running nsupdate against Bind (10.10.40.200) does work. But I would really like to get this working after a host gets DHCP details.<br><br>I'd appreciate some help in tracking down the problem.<br>Thank you.<br>Ben Monroe<br></div><div><br></div></div>