> You should consider moving towards "standard", but "interim"'s not a > problem for now. > https://deepthought.isc.org/article/AA-01091/0/ISC-DHCP-support-for-Standard-DDNS.html
I've actually made a few changes since I've posted this in trying to figure this out and I did change to standard. This appears to have not made any difference. DNS is still not getting updated, but I will definitely keep the setting at standard. > >> allow client-updates; > > I would recommend denying client-updates. This tells clients that they > can do the DNS update themselves. Given that you're trying TSIGs below, > that would mean deploying keys to all the clients etc etc. Better to > "deny client-updates" and centralise the work through the DHCP server. This was also a change I made. I definitely do not want (and do not allow) clients to update DNS, so I changed this to deny. > > > Some other options I have are "update-static-leases on" (Make sure DNS > is updated even for hosts with a static address) "update-optimization > on" (Actually, for debugging purposes, I had that off for a while. If > it's off the DNS will be updated every time. If it's on, then the DNS > won't be updated if the lease hasn't changed. If you're changing from > 'interim' to 'standard' you definitely want this off to ensure the > records get changed). I saw these as well when I reread through the dhcpd.conf man page, but haven't tried them yet. I'll give that a go. > > I'm assuming you've cut something out of your config here, but given the > config above, there's nothing that applies the DDNS settings to hosts. > The ddns-* settings should apply to everything in their current scope > and below (so, if you've put them in your subnet6 block, for example, > that should be fine). Yes I didn't include my entire conf file as it is a little long. Here is my subnet6 declaration that I've been focusing on: subnet6 2620:5:e000:201e::/64 { default-lease-time 2419200; max-lease-time 2419200; # LDAP Servers. pool6 { allow members of "ldap_servers"; range6 2620:5:e000:201e:0:1::/96; } # Kerberos Servers. pool6 { allow members of "krb5_servers"; range6 2620:5:e000:201e:0:2::/96; } # DHCP Servers. pool6 { allow members of "dhcp_servers"; range6 2620:5:e000:201e:0:3::/96; } # Puppet Servers. pool6 { allow members of "puppet_servers"; range6 2620:5:e000:201e:0:4::/96; } # DNS Servers. pool6 { allow members of "dns_servers"; range6 2620:5:e000:201e:0:5::/96; } # Catch-all DHCP group. pool6 { range6 2620:5:e000:201e:0:d::/96; } } In particular I've been testing with a client that gets added to the "dhcp_servers" class. I know the classification works as the client actually gets an IP address in the the range specified, I just can't get DHCP to update the DNS servers with the AAAA and PTR records. Since all my subnet's use the same ddns-* settings I don't specify this at the subnet or pool level, I just leave it in the top scope. Thanks for your response, Joshua Schaeffer