I tried to mix your settings with mine but still
unsuccessful so far.
There maybe confusion on the keys but I could not get
it to work sans keys either.
Here is my updated version, could you look and see if
anything screams at you?
rndc.key (I just copied this from rndc.conf)
algorithm hmac-md5;
secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
rndc.conf
/*
* Copyright (C) 2000, 2001 Internet Software
Consortium.
*
* Permission to use, copy, modify, and distribute
this software for any
* purpose with or without fee is hereby granted,
provided that the above
* copyright notice and this permission notice appear
in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET
SOFTWARE CONSORTIUM
* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
SOFTWARE INCLUDING ALL
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS.
IN NO EVENT SHALL
* INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY
SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING
* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT,
* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rndc.conf,v 1.7 2001/01/09 21:40:45 bwelling
Exp $ */
/*
* Sample rndc configuration file.
*/
options {
default-server localhost;
default-key "key";
};
server localhost {
key "key";
};
key "key" {
algorithm hmac-md5;
secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
Kdhcp_updater.+157+27860.key
DHCP_UPDATER. IN KEY 0 2 157 m8z1I/ZOsrVLhIdOF55F0Q==
Kdhcp_updater.+157+277860.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: m8z1I/ZOsrVLhIdOF55F0Q==
dhcpd.conf
ddns-updates on;
ddns-domainname "home.network";
use-host-decl-names on;
option domain-name-servers 192.168.1.1;
option ntp-servers 192.168.1.1;
option x-display-manager 192.168.1.1;
option font-servers 192.168.1.1;
option time-servers 192.168.1.1;
option domain-name "home.network";
# default file for dhcpd
# replace 192.168.1.1 by the IP adress of the server
(same server for
# all services in this config file)
server-identifier sidereal.home.network;
default-lease-time 36000;
max-lease-time 144000;
ddns-update-style interim;
subnet 192.168.1.0 netmask 255.255.255.0 {
ddns-updates on;
ddns-domainname "home.network";
option ntp-servers 192.168.1.1;
option x-display-manager 192.168.1.1;
option font-servers 192.168.1.1;
range 192.168.1.65 192.168.1.254;
option domain-name "home.network";
option domain-name-servers 192.168.1.1 ,
207.203.32.20 , 205.152.16.8;
option lpr-servers 192.168.1.1;
option netbios-name-servers 192.168.1.1;
option netbios-dd-server 192.168.1.1;
option netbios-node-type 8;
option routers 192.168.1.12;
option subnet-mask 255.255.255.0;
option time-servers 192.168.1.1;
ddns-rev-domainname "in-addr.arpa";
ddns-update-style interim;
}
#create your own secret with the dnssec-keygen
command from
# the bind package
key DHCP_UPDATER {
algorithm HMAC-MD5;
secret m8z1I/ZOsrVLhIdOF55F0Q==;
};
zone home.network. {
primary 192.168.1.1;
key DHCP_UPDATER;
}
zone 1.168.192.in.addr.arpa. {
primary 192.168.1.1;
key DHCP_UPDATER;
}
named.conf
// secret must be the same as in /etc/rndc.conf
key "key" {
algorithm hmac-md5;
secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
key DHCP_UPDATER {
algorithm HMAC-MD5;
secret m8z1I/ZOsrVLhIdOF55F0Q==;;
};
controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};
options {
// DNS tables are located in the
/var/named directory
directory "/var/named";
pid-file "/var/run/named/named.pid";
// Forward any unresolved requests to our
ISP's name server
forwarders {
207.203.32.20;
205.152.16.8;
};
/*
* If there is a firewall between you and
nameservers you want
* to talk to, you might need to
uncomment the query-source
* directive below. Previous versions of
BIND always asked
* questions using port 53, but BIND 8.1
uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
zone "." {
type hint;
file "root.hints";
};
// All our DNS information is stored in
/var/named/domain.name.db
zone "home.network" {
type master;
file "home.network.db";
allow-update { key DHCP_UPDATER; };
// some security
allow-transfer {
127.0.0.1;
};
};
zone "0.0.127.in-addr.arpa" {
notify no;
type master;
file "127.0.0.rev";
allow-update { key DHCP_UPDATER; };
allow-transfer {
127.0.0.1;
};
};
zone "1.168.192.in-addr.arpa" {
notify no;
type master;
file "192.168.1.rev";
allow-update { key DHCP_UPDATER; };
allow-transfer {
127.0.0.1;
};
};
--- Buchan Milne <[EMAIL PROTECTED]> wrote:
> Well, I got this working with 8.1 boxes running dhcp
> and dhcpcd, setting
> DNSHOSTNAME="host_part"
>
> in /etc/sysconfig/network
>
> You seem to be missing a dnssec key in your
> named.conf (not sure if it
> is necessary).
>
>
> Here are my config files:
>
>
http://ranger.dnsalias.com/mandrake/configs/named.conf
>
http://ranger.dnsalias.com/mandrake/configs/dhcpd.conf
>
> Be sure to generate your own dnssec key (see the
> dhcpd.conf man page,
> under DYNAMIC DNS).
>
> I am using the interim style, which seems to work
> ok.
>
> We really need a drak tool which does this and can
> add all the cool
> options ...
>
> Buchan
>
=====
SI Reasoning
[EMAIL PROTECTED]
A requirement of creativity is that it contributes to change. Creativity keeps
the creator alive.
-FRANK HERBERT, unpublished notes
__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/
