> You should consider moving towards "standard", but "interim"'s not a
> problem for now.
> https://deepthought.isc.org/article/AA-01091/0/ISC-DHCP-support-for-Standard-DDNS.html
I've actually made a few changes since I've posted this in trying to figure
this out and I did change to standard. This appears to have not made any
difference. DNS is still not getting updated, but I will definitely keep the
setting at standard.
>
>> allow client-updates;
>
> I would recommend denying client-updates. This tells clients that they
> can do the DNS update themselves. Given that you're trying TSIGs below,
> that would mean deploying keys to all the clients etc etc. Better to
> "deny client-updates" and centralise the work through the DHCP server.
This was also a change I made. I definitely do not want (and do not allow)
clients to update DNS, so I changed this to deny.
>
>
> Some other options I have are "update-static-leases on" (Make sure DNS
> is updated even for hosts with a static address) "update-optimization
> on" (Actually, for debugging purposes, I had that off for a while. If
> it's off the DNS will be updated every time. If it's on, then the DNS
> won't be updated if the lease hasn't changed. If you're changing from
> 'interim' to 'standard' you definitely want this off to ensure the
> records get changed).
I saw these as well when I reread through the dhcpd.conf man page, but haven't
tried them yet. I'll give that a go.
>
> I'm assuming you've cut something out of your config here, but given the
> config above, there's nothing that applies the DDNS settings to hosts.
> The ddns-* settings should apply to everything in their current scope
> and below (so, if you've put them in your subnet6 block, for example,
> that should be fine).
Yes I didn't include my entire conf file as it is a little long. Here is my
subnet6 declaration that I've been focusing on:
subnet6 2620:5:e000:201e::/64 {
default-lease-time 2419200;
max-lease-time 2419200;
# LDAP Servers.
pool6 {
allow members of "ldap_servers";
range6 2620:5:e000:201e:0:1::/96;
}
# Kerberos Servers.
pool6 {
allow members of "krb5_servers";
range6 2620:5:e000:201e:0:2::/96;
}
# DHCP Servers.
pool6 {
allow members of "dhcp_servers";
range6 2620:5:e000:201e:0:3::/96;
}
# Puppet Servers.
pool6 {
allow members of "puppet_servers";
range6 2620:5:e000:201e:0:4::/96;
}
# DNS Servers.
pool6 {
allow members of "dns_servers";
range6 2620:5:e000:201e:0:5::/96;
}
# Catch-all DHCP group.
pool6 {
range6 2620:5:e000:201e:0:d::/96;
}
}
In particular I've been testing with a client that gets added to the
"dhcp_servers" class. I know the classification works as the client actually
gets an IP address in the the range specified, I just can't get DHCP to update
the DNS servers with the AAAA and PTR records. Since all my subnet's use the
same ddns-* settings I don't specify this at the subnet or pool level, I just
leave it in the top scope.
Thanks for your response,
Joshua Schaeffer
