<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><br id="lineBreakAtBeginningOfMessage"><div>
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;">Thanks</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;"><br></div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;">Sten</div>
</div>
<div><br><blockquote type="cite"><div>On 28 Jan 2024, at 20.23, Rick Frey <gribnut@gmail.com> wrote:</div><br class="Apple-interchange-newline"><div><meta http-equiv="content-type" content="text/html; charset=utf-8"><div style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">I’ve not used/tested, but I overlooked Kea DDNS server option "ddns-use-conflict-resolution” that may allow you to overwrite DNS records that don’t match DHCID. Default is true (doesn't overwrite if DHCID doesn’t match). You might be able to set to false to allow Kea to overwrite non-matching forward and reverse records. Would be safer to manually delete the conflict and leave at default behavior if you don’t want Kea to blindly write over any records not added/updated by Kea in your DNS zones.<div><br></div><div><br><div><br></div><div>See <a href="https://kea.readthedocs.io/en/kea-2.4.1/arm/dhcp4-srv.html#dhcp4-ddns-config">https://kea.readthedocs.io/en/kea-2.4.1/arm/dhcp4-srv.html#dhcp4-ddns-config</a></div><div><br id="lineBreakAtBeginningOfMessage"><div><br><blockquote type="cite"><div>On Jan 28, 2024, at 12:51, Ubence Quevedo (thatrat) <thatrat@gmail.com> wrote:</div><br class="Apple-interchange-newline"><div><meta http-equiv="content-type" content="text/html; charset=utf-8"><div style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">Thanks for the response, I took a look at the ddns log file I have setup on my bind 9 server and found the following:<div><div><font face="Courier New">27-Jan-2024 15:55:15.083 update: info: client @0xffff7c339b18 192.168.10.3#50944/key ddns-key: updating zone 'totusmel.com/IN': deleting an RR at lg-washer.totusmel.com A</font></div><div><font face="Courier New">27-Jan-2024 15:55:15.123 update: info: client @0xffff6c2c4228 192.168.10.3#56549/key ddns-key: updating zone 'totusmel.com/IN': delete all rrsets from name 'lg-washer.totusmel.com'</font></div><div><font face="Courier New">27-Jan-2024 15:55:15.143 update: info: client @0xffff702ec848 192.168.10.3#34817/key ddns-key: updating zone '10.168.192.in-addr.arpa/IN': update unsuccessful: 74.10.168.192.in-addr.arpa/PTR: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)</font></div></div></div></div></blockquote></div></div></div></div></div></blockquote><div><br></div>My guess is that this RR was left by the now removed DHCPD. Dhcpd leaves also a TXT record with a value that allows it to verify that it did create this record and if this record is not present or has a different value, it will not touch that RR, I guess that KEA makes that record calculation somewhat different than dhcpd does so the two will not remove the other system's RRs.</div><div> <br><blockquote type="cite"><div><div style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div><div><div><blockquote type="cite"><div><div style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div><br></div><div>It seems to be the same output as journalctl but through bind’s terminology.<br id="lineBreakAtBeginningOfMessage"><div><br></div><div>I’m pretty sure the forward zone is getting updated properly since there’s a .jnl file and the serial number in the zone file is incrementing.</div><div><br></div><div>For some reason, the below section got stripped out in the response:</div><div><div style="caret-color: rgb(0, 0, 0);">The relevant section from the kea-dhcp4.conf:</div><div style="caret-color: rgb(0, 0, 0);"><div><font face="Courier New"> "dhcp-ddns": {</font></div><div><font face="Courier New"> "enable-updates": true</font></div><div><font face="Courier New"> }</font></div><div><font face="Courier New"> "ddns-qualifying-suffix": "<a href="http://totusmel.com/">totusmel.com</a>",</font></div><div><font face="Courier New"> "ddns-override-client-update": true,</font></div></div></div><div><br></div><div>Do I also need to add reverse zone 10.168.192.in-addr.arpa to the kea-dhcp4.conf?</div><div><br></div><div>Any other thoughts or comments on this would be appreciated!</div><div><br></div><div>-Ubence</div><div><br><blockquote type="cite"><div>On Jan 28, 2024, at 10:11 AM, Rick Frey <gribnut@gmail.com> wrote:</div><br class="Apple-interchange-newline"><div><meta charset="UTF-8"><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">The DNS response of RCODE 5 by your nameserver indicates the submitted DDNS update was refused by the nameserver. May want to check your nameserver logs for cause. Guessing it is not allowing your TSIG key used by Kea to make updates to the 10.168.192.in-addr.arpa zone.</span><div style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">BIND will not create a .jnl file until the first successful dynamic update (from any DDNS client). Assuming this is a new BIND server as well since the jnl file for your reverse zone does not yet exist. <span class="Apple-tab-span" style="white-space: pre;"> </span><br id="lineBreakAtBeginningOfMessage"><div><br><blockquote type="cite"><div>On Jan 28, 2024, at 05:37, Ubence Quevedo (thatrat) <<a href="mailto:thatrat@gmail.com">thatrat@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div><div style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">Hi All,<div><br></div><div>I’ve recently converted from the older ISC dhcpd with dynamic DNS configured and working properly with updating forward and reverse entries, but after converting to Kea, I can only get the forward entries to work and the reverse entries do not update.</div><div><br></div><div>This is a raspberry pi 4b running Ubuntu 22.04 LTS with Kea 2.0.2. I can’t run the latest version since this is an arm system.</div><div><br></div><div>From what I can tell, things *look* correct, but when I do a journalctl -xeu kea-dhcp-ddns-server, in the below snippet, I get the following:</div><div><div><font face="Courier New">Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: INFO DHCP_DDNS_REMOVE_SUCCEEDED DHCP_DDNS Request ID 000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979: successfully removed the DNS mapping addition for this request: Type: 1 (CHG_REMOVE)</font></div><div><font face="Courier New">Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Forward Change: yes</font></div><div><font face="Courier New">Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Reverse Change: yes</font></div><div><font face="Courier New">Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: FQDN: [lg-washer.totusmel.com.]</font></div><div><font face="Courier New">Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: IP Address: [192.168.10.74]</font></div><div><font face="Courier New">Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: DHCID: [000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979]</font></div><div><font face="Courier New">Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Lease Expires On: 20240127223510</font></div><div><font face="Courier New">Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Lease Length: 2400</font></div><div><font face="Courier New">Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Conflict Resolution: yes</font></div><div><font face="Courier New">Jan 27 16:28:37 raspi kea-dhcp-ddns[1542846]: ERROR DHCP_DDNS_REVERSE_REPLACE_REJECTED DNS Request ID 000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979: Server, 192.168.10.3 port:53, rejected a DNS update request to replace the reverse mapping for FQDN, lg-washer.totusmel.com., with an RCODE: 5</font></div><div><font face="Courier New">Jan 27 16:28:37 raspi kea-dhcp-ddns[1542846]: ERROR DHCP_DDNS_ADD_FAILED DHCP_DDNS Request ID 000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979: Transaction outcome Status: Failed, Event: UPDATE_FAILED_EVT, Forward change: completed, Reverse change: failed, request: Type: 0 (CHG_ADD)</font></div><div><br></div></div><div>The error entry shows a failure while the first and second entries show success.</div><div><br></div><div>I’m a bit baffled because in the kea-dhcp-ddns.conf, the forward and reverse are configured nearly the same and reference the same key to allow updates:</div><div><div><font face="Courier New">"DhcpDdns":</font></div><div><font face="Courier New">{</font></div><div><font face="Courier New"> "ip-address": "127.0.0.1",</font></div><div><font face="Courier New"> "port": 53001,</font></div><div><font face="Courier New"> "control-socket": {</font></div><div><font face="Courier New"> "socket-type": "unix",</font></div><div><font face="Courier New"> "socket-name": "/tmp/kea-ddns-ctrl-socket"</font></div><div><font face="Courier New"> },</font></div><div><font face="Courier New"><br></font></div><div><font face="Courier New"> <?include "/etc/kea/tsig-keys.json"?></font></div><div><font face="Courier New"><br></font></div><div><font face="Courier New"> "forward-ddns" : {</font></div><div><font face="Courier New"> "ddns-domains": [</font></div><div><font face="Courier New"> {</font></div><div><font face="Courier New"> "name": "<a href="http://totusmel.com/">totusmel.com</a>.",</font></div><div><font face="Courier New"> "key-name": "ddns-key",</font></div><div><font face="Courier New"> "dns-servers": [</font></div><div><font face="Courier New"> {</font></div><div><font face="Courier New"> "ip-address": "192.168.10.3",</font></div><div><font face="Courier New"> "port": 53</font></div><div><font face="Courier New"> }</font></div><div><font face="Courier New"> ]</font></div><div><font face="Courier New"> }</font></div><div><font face="Courier New"> ]</font></div><div><font face="Courier New"> },</font></div><div><font face="Courier New"><br></font></div><div><font face="Courier New"> "reverse-ddns" : {</font></div><div><font face="Courier New"> "ddns-domains": [</font></div><div><font face="Courier New"> {</font></div><div><font face="Courier New"> "name": "10.168.192.in-addr.arpa.",</font></div><div><font face="Courier New"> "key-name": "ddns-key",</font></div><div><font face="Courier New"> "dns-servers": [</font></div><div><font face="Courier New"> {</font></div><div><font face="Courier New"> "ip-address": "192.168.10.3",</font></div><div><font face="Courier New"> "port": 53</font></div><div><font face="Courier New"> }</font></div><div><font face="Courier New"> ]</font></div><div><font face="Courier New"> }</font></div><div><font face="Courier New"> ]</font></div><div><font face="Courier New">}</font></div></div><div><br></div><div><br></div><div>I’m also expecting there to be a .jnl file for the zone file in /var/lib/bind/ where the zone files reside, but the .jnl file I’m expecting never gets generated:</div><div><div><font face="Courier New">root@raspi:/var/lib/bind# ls -la db*</font></div><div><font face="Courier New">-rw-r--r-- 1 bind bind 6169 Jan 27 16:37 db.10.168.192.in-addr.arpa</font></div><div><font face="Courier New">-rw-r--r-- 1 bind bind 295 Nov 6 2022 db.20.168.192.in-addr.arpa</font></div><div><font face="Courier New">-rw-r--r-- 1 bind bind 347 Nov 6 2022 db.30.168.192.in-addr.arpa</font></div><div><font face="Courier New">-rw-r--r-- 1 bind bind 278 Nov 6 2022 db.40.168.192.in-addr.arpa</font></div><div><font face="Courier New">-rw-r--r-- 1 bind bind 276 Nov 6 2022 db.50.168.192.in-addr.arpa</font></div><div><font face="Courier New">-rw-r--r-- 1 bind bind 1082 Jan 25 20:08 db.lab.totusmel.com</font></div><div><font face="Courier New">-rw-r--r-- 1 bind bind 1372 Jan 25 19:56 db.lab.totusmel.com.jnl</font></div><div><font face="Courier New">-rw-r--r-- 1 bind bind 22676 Jan 28 02:41 db.totusmel.com</font></div><div><font face="Courier New">-rw-r--r-- 1 bind bind 3872 Jan 28 02:28 db.totusmel.com.jnl</font></div></div><div><br></div><div>Does anyone have any thoughts or suggestions on what might be wrong? I can provide more information if needed, I just included the bits that I thought were relevant.</div><div><br></div><div>Any thoughts or suggestions would be greatly appreciated!</div><div><br></div><div>-Ubence</div><div><br></div></div>--<span class="Apple-converted-space"> </span><br>ISC funds the development of this software with paid support subscriptions. Contact us at<span class="Apple-converted-space"> </span><a href="https://www.isc.org/contact/">https://www.isc.org/contact/</a><span class="Apple-converted-space"> </span>for more information.<br><br>To unsubscribe visit<span class="Apple-converted-space"> </span><a href="https://lists.isc.org/mailman/listinfo/kea-users">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br><br>Kea-users mailing list<br><a href="mailto:Kea-users@lists.isc.org">Kea-users@lists.isc.org</a><br><a href="https://lists.isc.org/mailman/listinfo/kea-users">https://lists.isc.org/mailman/listinfo/kea-users</a><br></div></blockquote></div><br></div><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">--<span class="Apple-converted-space"> </span></span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">ISC funds the development of this software with paid support subscriptions. Contact us at<span class="Apple-converted-space"> </span></span><a href="https://www.isc.org/contact/" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">https://www.isc.org/contact/</a><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;"><span class="Apple-converted-space"> </span>for more information.</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">To unsubscribe visit<span class="Apple-converted-space"> </span></span><a href="https://lists.isc.org/mailman/listinfo/kea-users" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">https://lists.isc.org/mailman/listinfo/kea-users</a><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">.</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">Kea-users mailing list</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><a href="mailto:Kea-users@lists.isc.org" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">Kea-users@lists.isc.org</a><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><a href="https://lists.isc.org/mailman/listinfo/kea-users" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">https://lists.isc.org/mailman/listinfo/kea-users</a></div></blockquote></div><br></div></div>-- <br>ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.<br><br>To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.<br><br>Kea-users mailing list<br>Kea-users@lists.isc.org<br>https://lists.isc.org/mailman/listinfo/kea-users<br></div></blockquote></div><br></div></div></div>-- <br>ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.<br><br>To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.<br><br>Kea-users mailing list<br>Kea-users@lists.isc.org<br>https://lists.isc.org/mailman/listinfo/kea-users<br></div></blockquote></div><br></body></html>