<div dir="ltr"><a href="https://kea.readthedocs.io/en/kea-2.6.0/arm/ddns.html">https://kea.readthedocs.io/en/kea-2.6.0/arm/ddns.html</a><br><div><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)"> Finally, if there are no forward DDNS domains defined, D2 simply disregards the forward-update portion of requests.</span><br></div><div><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)"><br></span></div><div><font color="#404040" face="Lato, proxima-nova, Helvetica Neue, Arial, sans-serif"><span style="font-size:16px;background-color:rgb(252,252,252)">just comment out all forward-ddns section. </span></font></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 1, 2024 at 1:28 PM luckydog xf <<a href="mailto:luckydogxf@gmail.com">luckydogxf@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">okay, I have successfully implemented this function, thanks.<div>One more question, can I only update reverse-ddns and just ignore forward-ddns. In other words, is it doable just to update PTR records on powerdns and leave A records alone ?</div><div><br></div><div>I made an experiment just now.</div><div><br></div><div>Both are discarded, including reverse one.</div><div><br></div><div>#########</div><div><br></div><div>2024-08-01 12:20:20.824 WARN [kea-dhcp-ddns.dhcp-to-d2/3618.139962436945792] DHCP_DDNS_NO_MATCH No DNS servers match FQDN <a href="http://setexsql.whatever.com" target="_blank">setexsql.whatever.com</a>.<br>2024-08-01 12:20:20.824 ERROR [kea-dhcp-ddns.dhcp-to-d2/3618.139962436945792] DHCP_DDNS_NO_FWD_MATCH_ERROR Request ID 0001018A5FC0D73449520E9BC05D9E331FC2C6DFD16F44590F13198EADB4AE647F51D5: the configured list of forward DDNS domains does not contain a match for: Type: 1 (CHG_REMOVE)<br>Forward Change: yes<br>Reverse Change: yes<br>FQDN: [<a href="http://setexsql.whatever.com" target="_blank">setexsql.whatever.com</a>.]<br>IP Address: [172.16.234.241]<br>DHCID: [0001018A5FC0D73449520E9BC05D9E331FC2C6DFD16F44590F13198EADB4AE647F51D5]<br>Lease Expires On: 20240801074626<br>Lease Length: 14400<br>Conflict Resolution Mode: check-with-dhcid<br> The request has been discarded.<br>2024-08-01 12:20:20.825 WARN [kea-dhcp-ddns.dhcp-to-d2/3618.139962436945792] DHCP_DDNS_NO_MATCH No DNS servers match FQDN <a href="http://setexsql.whatever.com" target="_blank">setexsql.whatever.com</a>.<br>2024-08-01 12:20:20.825 ERROR [kea-dhcp-ddns.dhcp-to-d2/3618.139962436945792] DHCP_DDNS_NO_FWD_MATCH_ERROR Request ID 0001018A5FC0D73449520E9BC05D9E331FC2C6DFD16F44590F13198EADB4AE647F51D5: the configured list of forward DDNS domains does not contain a match for: Type: 0 (CHG_ADD)<br>Forward Change: yes<br>Reverse Change: yes<br>FQDN: [<a href="http://setexsql.whatever.com" target="_blank">setexsql.whatever.com</a>.]<br>IP Address: [172.16.234.241]<br>DHCID: [0001018A5FC0D73449520E9BC05D9E331FC2C6DFD16F44590F13198EADB4AE647F51D5]<br>Lease Expires On: 20240801082020<br>Lease Length: 14400<br>Conflict Resolution Mode: check-with-dhcid<br> The request has been discarded.<br></div><div><br></div><div>#######</div><div><br></div><br style="font-family:monospace"></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jul 30, 2024 at 4:47 PM Lee Porte <<a href="mailto:lee@leeporte.co.uk" target="_blank">lee@leeporte.co.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Yes they are my two PowerDNS servers. I have them running as an active/active pair.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 30 Jul 2024, 07:05 luckydog xf, <<a href="mailto:luckydogxf@gmail.com" target="_blank">luckydogxf@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Just curious, IPs <span style="color:rgb(0,0,0)">192.168.1.4 and </span><span style="color:rgb(0,0,0)">192.168.1.5 are IPs of PowerDNS, right?</span></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jul 30, 2024 at 2:56 AM Lee Porte <<a href="mailto:lee@leeporte.co.uk" rel="noreferrer" target="_blank">lee@leeporte.co.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>Here;s what I have in my DHCP4 config to enable the DDNS updates</div><div><br></div><div><font face="monospace"> "dhcp-ddns": {<br> "enable-updates": true,<br> },<br> "ddns-qualifying-suffix": "<a href="http://example.com" rel="noreferrer" target="_blank">example.com</a>",<br> "ddns-override-no-update": true,<br> "ddns-override-client-update": true,<br> "ddns-update-on-renew": true,<br> "hostname-char-set": "[^A-Za-z0-9.-]",<br> "hostname-char-replacement": "-",</font><br></div><div><br></div><div><br></div><div>And this is what I have in DDNS config</div><div><br></div><div><font face="monospace">{<br> "DhcpDdns": {<br> "ip-address": "127.0.0.1",<br> "port": 53001,<br> "control-socket": {<br> "socket-type": "unix",<br> "socket-name": "/var/lib/kea/kea-ddns-ctrl.sock"<br> },<br> "tsig-keys": [<br> {<br> "name": "dhcp-key",<br> "algorithm": "HMAC-SHA256",<br> "secret": "SUPERsecretKEY"<br> }<br> ],<br> "forward-ddns": {<br> "ddns-domains": [<br> {<br> "name": "<a href="http://example.com" rel="noreferrer" target="_blank">example.com</a>.",<br> "key-name": "dhcp-key",<br> "dns-servers": [<br> {<br> "ip-address": "192.168.1.4"<br> },<br> {<br> "ip-address": "192.168.1.5"<br> }<br> ]<br> }<br> ]<br> },<br> "reverse-ddns": {<br> "ddns-domains": [<br> {<br> "name": "1.168.192.in-addr.arpa.",<br> "key-name": "dhcp-key",<br> "dns-servers": [<br> {<br> "ip-address": "192.168.1.4"<br> },<br> {<br> "ip-address": "192.168.1.5"<br> }<br> ]<br> },<br> {<br> "name": "7.168.192.in-addr.arpa.",<br> "key-name": "dhcp-key",<br> "dns-servers": [<br> {<br> "ip-address": "192.168.1.4"<br> },<br> {<br> "ip-address": "192.168.1.5"<br> }<br> ]<br> }<br> ]<br> },<br> "loggers": [<br> {<br> "name": "kea-dhcp-ddns",<br> "output_options": [<br> {<br> "output": "/var/log/kea/kea-ddns.log",<br> "maxsize": 1048576,<br> "maxver": 8<br> }<br> ],<br> "severity": "INFO",<br> "debuglevel": 0<br> }<br> ]<br> }<br>}</font><br></div><div><br></div><div>On the power DNS side I have</div><div><br></div><div><font face="monospace">#################################<br># allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges.<br>#<br>#allow-dnsupdate-from=<br>allow-dnsupdate-from=<br></font></div><div><font face="monospace"><br></font></div><font face="monospace">#################################<br># dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no.<br>#<br>dnsupdate=yes</font><div><br></div><div>I have also generated key values and added the to the database as per <a href="https://doc.powerdns.com/authoritative/dnsupdate.html#dns-update-how-to-setup-dyndns-rfc2136-with-dhcpd" rel="noreferrer" target="_blank">https://doc.powerdns.com/authoritative/dnsupdate.html#dns-update-how-to-setup-dyndns-rfc2136-with-dhcpd</a></div><div>Though I did tweak the key generation to use SHA256 rather than MD5</div><div><br></div><div><font face="monospace">dnssec-keygen -a hmac-sha256 -b 4096 USER dhcpdupdate</font><br></div><div><br></div><div>Cheers</div><div><br></div><div>L</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 29 Jul 2024 at 08:53, Lee Porte <<a href="mailto:lee@leeporte.co.uk" rel="noreferrer" target="_blank">lee@leeporte.co.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Hi, <div dir="auto"><br></div><div dir="auto">Yes it definitely is possible as I'm running kea with DDNS updates to PowerDNS currently.</div><div dir="auto"><br></div><div dir="auto">I can grab some config snippets later on for you. </div><div dir="auto"><br></div><div dir="auto">Cheers </div><div dir="auto"><br></div><div dir="auto">L</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 29 Jul 2024, 02:52 luckydog xf, <<a href="mailto:luckydogxf@gmail.com" rel="noreferrer" target="_blank">luckydogxf@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello, list<div><br></div><div> Is it possible to integrate kea-dhcp with PowerDNS by DDNS ? I read the docs and didn't find related pages. Only one kea-dhcp-ddns exists.</div><div><br></div><div> Thanks.</div><div></div></div>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer noreferrer noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer noreferrer noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" rel="noreferrer noreferrer" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer noreferrer noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</blockquote></div>
</blockquote></div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature">Lee Porte<br>07989 310 952</div>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" rel="noreferrer" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</blockquote></div>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" rel="noreferrer" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</blockquote></div>
-- <br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
To unsubscribe visit <a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a>.<br>
<br>
Kea-users mailing list<br>
<a href="mailto:Kea-users@lists.isc.org" target="_blank">Kea-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/kea-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/kea-users</a><br>
</blockquote></div>
</blockquote></div>