Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: DHCPv6 isn't updating DNS (Bill Shirley)
2. fedora 26 ddns stopped working finding so far (Barry Scott)
----------------------------------------------------------------------
Message: 1
Date: Sun, 30 Jul 2017 08:53:56 -0400
From: Bill Shirley <b...@c3po.polymerindustries.biz>
To: dhcp-users@lists.isc.org
Subject: Re: DHCPv6 isn't updating DNS
Message-ID:
<8f4f6bce-3009-8f9c-0ab0-7be956d55...@c3po.polymerindustries.biz>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
I'm a bit confused because you appear to have two named.conf files, one for
IPv4 and one for IPv6. I only have one DNS server which handles both IPv4
and IPv6. My DHCP and DNS services run on the same machine. I have:
key DHCP_UPDATER { algorithm hmac-md5; secret <the_secret>; };
zone lan.example.com. { primary 127.0.0.1; key DHCP_UPDATER; }
Note the 127.0.0.1 for both IPv4 and IPv6.
I did have to set (in both dhcpd.conf):
update-conflict-detection off;
to enable both DHCPs to update the DNS.
Bill
On 7/29/2017 3:57 PM, Joshua Schaeffer wrote:
> TL;DR
> Sorry for the long email, but I'm having a very hard time getting my DHCP
> server that is setup to provide IPv6 address to update my DNS server. It
> seems that isc-dhcp doesn't have the functionality to do this. Is this a
> limitation of the protocol? I've read through the man pages for dhcpd,
> dhcpd.conf, dhcp-options, dhcp-eval, dhclient, and dhclient.conf as well as
> RFC 3315 and snippets of other RFC's related to DHCPv6 and IPv6. As far I can
> tell this should be possible, but maybe I'm missing something obvious. Does
> anybody have a working DHCPv6 server that is properly updating AAAA and PTR
> records? Full description of my issue is below.
>
> -------------------------------------------------------
>
> I've been running into a problem with getting my DHCPv6 server to update my
> DNS server and been asking around on how to fix this or what I have done
> wrong in my configuration, but so far I haven't been able to get this
> resolved. I've tried numerous settings and configuration changes, but nothing
> seems to work. When I have my DHCP server providing IPv6 addresses, it seems
> that the DHCP server never even attempts to communicate with the DNS server
> to update the AAAA and PTR records. Perhaps I'm missing something about the
> functionality between DHCPv6 and DNS. Is it possible to update DNS AAAA and
> PTR records from a DHCP server providing IPv6 addresses?
>
> I have setup a development environment in which I have two configurations.
> One for IPv4 (dhcpd.conf) and one for IPv6 (dhcpd6.conf). The two config
> files are as identical as they can be. When I serve IPv4, DNS gets updated,
> but when I serve IPv6, I it doesn't. I've tried debugging the code and set
> various breakpoints to see if I can find out what is going on, but I just
> don't have enough experience with programming and don't know enough about the
> program itself to get very far. I'm using isc-dhcp 4.3.5 that I compiled from
> source. Here is what I've setup in my dev environment:
>
> IPv6 configuration:
>
> ###############
> # DHCPD6.CONF #
> ###############
> authoritative;
>
> option dhcp6.domain-search "appendata.net";
> option dhcp6.name-servers fc01::a1;
> default-lease-time 86400;
> max-lease-time 604800;
>
> log-facility local7;
>
> ddns-updates on;
> ddns-update-style standard;
> ddns-domainname "appendata.net.";
> ddns-rev-domainname "ip6.arpa.";
> do-forward-updates on;
> deny client-updates;
> update-static-leases on;
> update-optimization off;
>
> include "/etc/keys/Kddns-aaaa-rrs.+157+02940.private";
> include "/etc/keys/Kddns-ptr-rrs.+157+36566.private";
>
> zone appendata.net. {
> primary6 fc01::a1;
> key "ddns-aaaa-rrs";
> }
> zone 0.0.0.0.0.0.0.0.0.0.0.0.1.0.c.f.ip6.arpa. {
> primary6 fc01::a1;
> key "ddns-ptr-rrs";
> }
>
> subnet6 fc01::/64 {
> default-lease-time 604800;
> max-lease-time 2419200;
>
> pool6 {
> range6 fc01::1:0:0:0/80;
> }
> }
>
> #########################
> # NAMED.CONF.LOCAL (IPV6) #
> #########################
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> include "/etc/bind/zones.rfc1918";
> include "/etc/bind/Kddns-aaaa-rrs.+157+02940.private";
> include "/etc/bind/Kddns-ptr-rrs.+157+36566.private";
>
> zone "appendata.net" in {
> type master;
> notify no;
> file "/var/lib/bind/db.appendata.net";
> allow-update {
> key ddns-aaaa-rrs;
> };
> };
>
> zone "0.0.0.0.0.0.0.0.0.0.0.0.1.0.c.f.ip6.arpa" in {
> type master;
> notify no;
> file "/var/lib/bind/db.fc01.0000.0000.0000";
> allow-update {
> key ddns-ptr-rrs;
> };
> };
>
> I then start the DHCPv6 server:
>
> root@dhcp01:~# dhcpd -6 -cf /etc/dhcp/dhcpd6.conf -lf
> /var/lib/dhcp/dhcpd6.leases -pf /run/dhcpd6.pid
>
> I have a test client as well. I issue the following command on the client:
>
> $ dhclient -6 -cf /etc/dhcp/dhclient.conf -lf
> /var/lib/dhcp/dhclient6.leases
>
> And this is what I see from the DHCPv6 server:
>
> [...]
> Server starting service.
> Solicit message from fe80::a00:27ff:fefc:35fa port 546, transaction ID
> 0xC9E2BF00
> Picking pool address fc01::1:a9f1:2990:24b9
> Advertise NA: address fc01::1:a9f1:2990:24b9 to client with duid
> 00:01:00:01:21:0f:82:c6:08:00:27:fc:35:fa iaid = 670840314 valid for 604800
> seconds
> Sending Advertise to fe80::a00:27ff:fefc:35fa port 546
> Request message from fe80::a00:27ff:fefc:35fa port 546, transaction ID
> 0x14153D00
> Reply NA: address fc01::1:a9f1:2990:24b9 to client with duid
> 00:01:00:01:21:0f:82:c6:08:00:27:fc:35:fa iaid = 670840314 valid for 604800
> seconds
> Sending Reply to fe80::a00:27ff:fefc:35fa port 546
>
> The DHCP server is working just fine in the sense that it hands out
> addresses, but it never updates DNS. When I sniff the wire, there isn't a
> single packet that the DHCP server sends to the DNS server. I also have the
> DNS server log set to DEBUG, I don't ever see anything in the log. Now when I
> start my DHCP server using my IPv4 configuration, DHCP updates the DNS
> server. I only have minor change between the configuration files.
>
> ##############
> # DHCPD.CONF #
> ##############
> authoritative;
>
> option domain-name "appendata.net";
> option domain-name-servers 172.16.0.2;
> default-lease-time 86400;
> max-lease-time 604800;
>
> log-facility local7;
>
> ddns-updates on;
> ddns-update-style standard;
> ddns-domainname "appendata.net.";
> ddns-rev-domainname "in-addr.arpa.";
> do-forward-updates on;
> deny client-updates;
> update-static-leases on;
> update-optimization off;
>
> include "/etc/keys/Kddns-a-rrs.+157+41383.private";
> include "/etc/keys/Kddns-ptr-rrs.+157+36566.private";
>
> zone appendata.net. {
> primary 172.16.0.2;
> key "ddns-a-rrs";
> }
> zone 0.16.172.in-addr.arpa. {
> primary 172.16.0.2;
> key "ddns-ptr-rrs";
> }
>
> subnet 172.16.0.0 netmask 255.255.255.0 {
> default-lease-time 604800;
> max-lease-time 2419200;
>
> pool {
> range 172.16.0.10 172.16.0.20;
> }
> }
>
> #########################
> # NAMED.CONF.LOCAL (IPV4) #
> #########################
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> include "/etc/bind/zones.rfc1918";
> include "/etc/bind/Kddns-a-rrs.+157+41383.private";
> include "/etc/bind/Kddns-ptr-rrs.+157+36566.private";
>
> zone "appendata.net" in {
> type master;
> notify no;
> file "/var/lib/bind/db.appendata.net";
> allow-update {
> key "ddns-a-rrs";
> };
> };
>
> zone "0.16.172.in-addr.arpa" in {
> type master;
> notify no;
> file "/var/lib/bind/db.172.16.0";
> allow-update {
> key "ddns-ptr-rrs";
> };
> };
>
> I start the DHCP server then run the client again. However, this time I can
> see that A and PTR records are getting updated:
>
> $ dhcpd -4 -cf /etc/dhcp/dhcpd.conf -lf /var/lib/dhcp/dhcpd.leases -pf
> /run/dhcpd.pid
>
> $ dhclient -4 -cf /etc/dhcp/dhclient.conf -lf
> /var/lib/dhcp/dhclient.leases
>
> Here is the output from the DHCP server:
>
> [...]
> Server starting service.
> DHCPDISCOVER from 08:00:27:05:95:af via enp0s8
> Ping timeout: 1
> DHCPOFFER on 172.16.0.10 to 08:00:27:05:95:af (dhcpclient01) via enp0s8
> DHCPREQUEST for 172.16.0.10 (172.16.0.3) from 08:00:27:05:95:af
> (dhcpclient01) via enp0s8
> DHCPACK on 172.16.0.10 to 08:00:27:05:95:af (dhcpclient01) via enp0s8
> Added new forward map from dhcpclient01.appendata.net. to 172.16.0.10
> Added reverse map from 10.0.16.172.in-addr.arpa. to
> dhcpclient01.appendata.net
>
> And from the DNS log:
>
> Jul 29 13:34:11 dns01 named[3432]: update-security: info: client
> 172.16.0.3#20083/key ddns-a-rrs: signer "ddns-a-rrs" approved
> Jul 29 13:34:11 dns01 named[3432]: update: info: client
> 172.16.0.3#20083/key ddns-a-rrs: updating zone 'appendata.net/IN': deleting
> rrset at 'dhcpclient01.appendata.net' A
> Jul 29 13:34:11 dns01 named[3432]: update: info: client
> 172.16.0.3#20083/key ddns-a-rrs: updating zone 'appendata.net/IN': adding an
> RR at 'dhcpclient01.appendata.net' A 172.16.0.10
> Jul 29 13:34:11 dns01 named[3432]: update-security: info: client
> 172.16.0.3#20083/key ddns-ptr-rrs: signer "ddns-ptr-rrs" approved
> Jul 29 13:34:11 dns01 named[3432]: update: info: client
> 172.16.0.3#20083/key ddns-ptr-rrs: updating zone '0.16.172.in-addr.arpa/IN':
> deleting rrset at '10.0.16.172.in-addr.arpa' PTR
> Jul 29 13:34:11 dns01 named[3432]: update: info: client
> 172.16.0.3#20083/key ddns-ptr-rrs: updating zone '0.16.172.in-addr.arpa/IN':
> adding an RR at '10.0.16.172.in-addr.arpa' PTR dhcpclient01.appendata.net.
>
> I'm just not sure what I'm missing here. To me it looks like DNS server's can
> be updated from DHCPv6 servers. Any help would be much appreciated.
>
> Thanks,
> Joshua Schaeffer
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20170730/f78e9bfb/attachment-0001.html>
------------------------------
Message: 2
Date: Sun, 30 Jul 2017 16:43:06 +0100
From: Barry Scott <ba...@barrys-emacs.org>
To: dhcp-users@lists.isc.org
Subject: fedora 26 ddns stopped working finding so far
Message-ID: <2381902.QbpTcEs9Se@varric.chelsea.private>
Content-Type: text/plain; charset="us-ascii"
I'm in the middle of debugging why dhcpd is no longer updating name/ptr info in
dns.
Under fedora 25 I had a working setup so, unless there is a subtle config
change I should have a good set of conf files.
I have been assuming that there is a reason why dhcpd fails to send to named.
I have defined DEBUG_DNS_UPDATES in hopes of seeing a interesting log.
I have been adding log_error lines to ddns.c which will mean that the line
number off a bit.
I see this error ever time a host tries to use ddns:
"DDNS: ddns.c(1601): error in ddns_modify_fwd already running for
0x55e58a398240"
This is the complete sequence from dhcpd startup to the error:
Jul 30 16:31:12 fable systemd[1]: Stopped DHCPv4 Server Daemon.
Jul 30 16:31:12 fable systemd[1]: Starting DHCPv4 Server Daemon...
Jul 30 16:31:12 fable dhcpd[13240]: Internet Systems Consortium DHCP Server
4.3.5
Jul 30 16:31:12 fable dhcpd[13240]: Copyright 2004-2016 Internet Systems
Consortium.
Jul 30 16:31:12 fable dhcpd[13240]: All rights reserved.
Jul 30 16:31:12 fable dhcpd[13240]: For info, please visit
https://www.isc.org/software/dhcp/
Jul 30 16:31:12 fable dhcpd[13240]: WARNING: Overwriting trace file
"/var/log/dhcpd-trace.log"
Jul 30 16:31:12 fable dhcpd[13240]: ldap_gssapi_principal is not set,GSSAPI
Authentication for LDAP will not be used
Jul 30 16:31:12 fable dhcpd[13240]: Not searching LDAP since ldap-server,
ldap-port and ldap-base-dn were not specified in the config file
Jul 30 16:31:12 fable dhcpd[13240]: Config file: /etc/dhcp/dhcpd.conf
Jul 30 16:31:12 fable dhcpd[13240]: Database file: /var/lib/dhcpd/dhcpd.leases
Jul 30 16:31:12 fable dhcpd[13240]: PID file: /var/run/dhcpd.pid
Jul 30 16:31:12 fable dhcpd[13240]: Source compiled to use binary-leases
Jul 30 16:31:12 fable dhcpd[13240]: Wrote 0 deleted host decls to leases file.
Jul 30 16:31:12 fable dhcpd[13240]: Wrote 0 new dynamic host decls to leases
file.
Jul 30 16:31:12 fable dhcpd[13240]: Wrote 54 leases to leases file.
Jul 30 16:31:12 fable dhcpd[13240]: Listening on
LPF/eno1/4c:72:b9:32:15:28/172.16.2.0/24
Jul 30 16:31:12 fable dhcpd[13240]: Sending on
LPF/eno1/4c:72:b9:32:15:28/172.16.2.0/24
Jul 30 16:31:12 fable systemd[1]: Started DHCPv4 Server Daemon.
Jul 30 16:31:12 fable dhcpd[13240]: Sending on Socket/fallback/fallback-net
Jul 30 16:31:12 fable dhcpd[13240]: Server starting service.
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_updates ddns_update_style 3
Jul 30 16:31:17 fable dhcpd[13240]: ddns.c(123): Allocating
ddns_cb=0x55e58a398240
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_updates goto noclient
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_update s1 1 ddns_hostname rpi3
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_update s3 1 ddns_domainname
chelsea.private.
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_update ddns_fwd_name
rpi3.chelsea.private.
Jul 30 16:31:17 fable dhcpd[13240]: qqq ddns_updates at client_updates:
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_updates at in do_remove 0
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_updates at line 375
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_updates ddns_ttl 1800
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_updates s1 1 at line 470
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_updates perform updates at line 587
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_fwd_srv_connector
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_fwd_srv_connector DDNS_UPDATE_ADDR
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_fwd_srv_connector DDNS_UPDATE_ADDR
before call ddns_modify_fwd
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_modify_fwd
Jul 30 16:31:17 fable dhcpd[13240]: QQQ dns_client_lazy
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_modify_fwd_add1
Jul 30 16:31:17 fable dhcpd[13240]: [176B blob data]
Jul 30 16:31:17 fable dhcpd[13240]: DDNS: ddns.c(1601): error in
ddns_modify_fwd already running for 0x55e58a398240
Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_fwd_srv_connector DDNS_UPDATE_ADDR
after call ddns_modify_fwd
Jul 30 16:31:17 fable dhcpd[13240]: ddns.c(1618): freeing ddns_cb=0x55e58a398240
Jul 30 16:31:17 fable dhcpd[13240]: reuse_lease: lease age 16 (secs) under 25%
threshold, reply with unaltered, existing lease for 172.16.2.170
Jul 30 16:31:17 fable dhcpd[13240]: DHCPREQUEST for 172.16.2.170 from
b8:27:eb:b4:b3:b3 (rpi3) via eno1
Jul 30 16:31:17 fable dhcpd[13240]: DHCPACK on 172.16.2.170 to
b8:27:eb:b4:b3:b3 (rpi3) via eno1
Here is my instrumented code around line ddns.c(1601):
if (ddns_cb->flags & DDNS_UPDATE_ADDR) {
log_error("QQQ ddns_fwd_srv_connector
DDNS_UPDATE_ADDR");
ddns_cb->state = DDNS_STATE_ADD_FW_NXDOMAIN;
ddns_cb->cur_func = ddns_fwd_srv_add1;
log_error("QQQ ddns_fwd_srv_connector DDNS_UPDATE_ADDR
before call ddns_modify_fwd");
result = ddns_modify_fwd(ddns_cb, MDL);
log_error("QQQ ddns_fwd_srv_connector DDNS_UPDATE_ADDR
after call ddns_modify_fwd");
It seems that the "already running" log is saying there is a bug in the code?
Is there a fix for this? If not how can I help track down a fix?
Barry
------------------------------
Subject: Digest Footer
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 105, Issue 26
*******************************************
