Send dhcp-users mailing list submissions to dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.isc.org/mailman/listinfo/dhcp-users or, via email, send a message with subject or body 'help' to dhcp-users-requ...@lists.isc.org You can reach the person managing the list at dhcp-users-ow...@lists.isc.org When replying, please edit your Subject line so it is more specific than "Re: Contents of dhcp-users digest..." Today's Topics: 1. Re: DHCPv6 isn't updating DNS (Bill Shirley) 2. fedora 26 ddns stopped working finding so far (Barry Scott) ---------------------------------------------------------------------- Message: 1 Date: Sun, 30 Jul 2017 08:53:56 -0400 From: Bill Shirley <b...@c3po.polymerindustries.biz> To: dhcp-users@lists.isc.org Subject: Re: DHCPv6 isn't updating DNS Message-ID: <8f4f6bce-3009-8f9c-0ab0-7be956d55...@c3po.polymerindustries.biz> Content-Type: text/plain; charset="utf-8"; Format="flowed" I'm a bit confused because you appear to have two named.conf files, one for IPv4 and one for IPv6. I only have one DNS server which handles both IPv4 and IPv6. My DHCP and DNS services run on the same machine. I have: key DHCP_UPDATER { algorithm hmac-md5; secret <the_secret>; }; zone lan.example.com. { primary 127.0.0.1; key DHCP_UPDATER; } Note the 127.0.0.1 for both IPv4 and IPv6. I did have to set (in both dhcpd.conf): update-conflict-detection off; to enable both DHCPs to update the DNS. Bill On 7/29/2017 3:57 PM, Joshua Schaeffer wrote: > TL;DR > Sorry for the long email, but I'm having a very hard time getting my DHCP > server that is setup to provide IPv6 address to update my DNS server. It > seems that isc-dhcp doesn't have the functionality to do this. Is this a > limitation of the protocol? I've read through the man pages for dhcpd, > dhcpd.conf, dhcp-options, dhcp-eval, dhclient, and dhclient.conf as well as > RFC 3315 and snippets of other RFC's related to DHCPv6 and IPv6. As far I can > tell this should be possible, but maybe I'm missing something obvious. Does > anybody have a working DHCPv6 server that is properly updating AAAA and PTR > records? Full description of my issue is below. > > ------------------------------------------------------- > > I've been running into a problem with getting my DHCPv6 server to update my > DNS server and been asking around on how to fix this or what I have done > wrong in my configuration, but so far I haven't been able to get this > resolved. I've tried numerous settings and configuration changes, but nothing > seems to work. When I have my DHCP server providing IPv6 addresses, it seems > that the DHCP server never even attempts to communicate with the DNS server > to update the AAAA and PTR records. Perhaps I'm missing something about the > functionality between DHCPv6 and DNS. Is it possible to update DNS AAAA and > PTR records from a DHCP server providing IPv6 addresses? > > I have setup a development environment in which I have two configurations. > One for IPv4 (dhcpd.conf) and one for IPv6 (dhcpd6.conf). The two config > files are as identical as they can be. When I serve IPv4, DNS gets updated, > but when I serve IPv6, I it doesn't. I've tried debugging the code and set > various breakpoints to see if I can find out what is going on, but I just > don't have enough experience with programming and don't know enough about the > program itself to get very far. I'm using isc-dhcp 4.3.5 that I compiled from > source. Here is what I've setup in my dev environment: > > IPv6 configuration: > > ############### > # DHCPD6.CONF # > ############### > authoritative; > > option dhcp6.domain-search "appendata.net"; > option dhcp6.name-servers fc01::a1; > default-lease-time 86400; > max-lease-time 604800; > > log-facility local7; > > ddns-updates on; > ddns-update-style standard; > ddns-domainname "appendata.net."; > ddns-rev-domainname "ip6.arpa."; > do-forward-updates on; > deny client-updates; > update-static-leases on; > update-optimization off; > > include "/etc/keys/Kddns-aaaa-rrs.+157+02940.private"; > include "/etc/keys/Kddns-ptr-rrs.+157+36566.private"; > > zone appendata.net. { > primary6 fc01::a1; > key "ddns-aaaa-rrs"; > } > zone 0.0.0.0.0.0.0.0.0.0.0.0.1.0.c.f.ip6.arpa. { > primary6 fc01::a1; > key "ddns-ptr-rrs"; > } > > subnet6 fc01::/64 { > default-lease-time 604800; > max-lease-time 2419200; > > pool6 { > range6 fc01::1:0:0:0/80; > } > } > > ######################### > # NAMED.CONF.LOCAL (IPV6) # > ######################### > // > // Do any local configuration here > // > > // Consider adding the 1918 zones here, if they are not used in your > // organization > include "/etc/bind/zones.rfc1918"; > include "/etc/bind/Kddns-aaaa-rrs.+157+02940.private"; > include "/etc/bind/Kddns-ptr-rrs.+157+36566.private"; > > zone "appendata.net" in { > type master; > notify no; > file "/var/lib/bind/db.appendata.net"; > allow-update { > key ddns-aaaa-rrs; > }; > }; > > zone "0.0.0.0.0.0.0.0.0.0.0.0.1.0.c.f.ip6.arpa" in { > type master; > notify no; > file "/var/lib/bind/db.fc01.0000.0000.0000"; > allow-update { > key ddns-ptr-rrs; > }; > }; > > I then start the DHCPv6 server: > > root@dhcp01:~# dhcpd -6 -cf /etc/dhcp/dhcpd6.conf -lf > /var/lib/dhcp/dhcpd6.leases -pf /run/dhcpd6.pid > > I have a test client as well. I issue the following command on the client: > > $ dhclient -6 -cf /etc/dhcp/dhclient.conf -lf > /var/lib/dhcp/dhclient6.leases > > And this is what I see from the DHCPv6 server: > > [...] > Server starting service. > Solicit message from fe80::a00:27ff:fefc:35fa port 546, transaction ID > 0xC9E2BF00 > Picking pool address fc01::1:a9f1:2990:24b9 > Advertise NA: address fc01::1:a9f1:2990:24b9 to client with duid > 00:01:00:01:21:0f:82:c6:08:00:27:fc:35:fa iaid = 670840314 valid for 604800 > seconds > Sending Advertise to fe80::a00:27ff:fefc:35fa port 546 > Request message from fe80::a00:27ff:fefc:35fa port 546, transaction ID > 0x14153D00 > Reply NA: address fc01::1:a9f1:2990:24b9 to client with duid > 00:01:00:01:21:0f:82:c6:08:00:27:fc:35:fa iaid = 670840314 valid for 604800 > seconds > Sending Reply to fe80::a00:27ff:fefc:35fa port 546 > > The DHCP server is working just fine in the sense that it hands out > addresses, but it never updates DNS. When I sniff the wire, there isn't a > single packet that the DHCP server sends to the DNS server. I also have the > DNS server log set to DEBUG, I don't ever see anything in the log. Now when I > start my DHCP server using my IPv4 configuration, DHCP updates the DNS > server. I only have minor change between the configuration files. > > ############## > # DHCPD.CONF # > ############## > authoritative; > > option domain-name "appendata.net"; > option domain-name-servers 172.16.0.2; > default-lease-time 86400; > max-lease-time 604800; > > log-facility local7; > > ddns-updates on; > ddns-update-style standard; > ddns-domainname "appendata.net."; > ddns-rev-domainname "in-addr.arpa."; > do-forward-updates on; > deny client-updates; > update-static-leases on; > update-optimization off; > > include "/etc/keys/Kddns-a-rrs.+157+41383.private"; > include "/etc/keys/Kddns-ptr-rrs.+157+36566.private"; > > zone appendata.net. { > primary 172.16.0.2; > key "ddns-a-rrs"; > } > zone 0.16.172.in-addr.arpa. { > primary 172.16.0.2; > key "ddns-ptr-rrs"; > } > > subnet 172.16.0.0 netmask 255.255.255.0 { > default-lease-time 604800; > max-lease-time 2419200; > > pool { > range 172.16.0.10 172.16.0.20; > } > } > > ######################### > # NAMED.CONF.LOCAL (IPV4) # > ######################### > // > // Do any local configuration here > // > > // Consider adding the 1918 zones here, if they are not used in your > // organization > include "/etc/bind/zones.rfc1918"; > include "/etc/bind/Kddns-a-rrs.+157+41383.private"; > include "/etc/bind/Kddns-ptr-rrs.+157+36566.private"; > > zone "appendata.net" in { > type master; > notify no; > file "/var/lib/bind/db.appendata.net"; > allow-update { > key "ddns-a-rrs"; > }; > }; > > zone "0.16.172.in-addr.arpa" in { > type master; > notify no; > file "/var/lib/bind/db.172.16.0"; > allow-update { > key "ddns-ptr-rrs"; > }; > }; > > I start the DHCP server then run the client again. However, this time I can > see that A and PTR records are getting updated: > > $ dhcpd -4 -cf /etc/dhcp/dhcpd.conf -lf /var/lib/dhcp/dhcpd.leases -pf > /run/dhcpd.pid > > $ dhclient -4 -cf /etc/dhcp/dhclient.conf -lf > /var/lib/dhcp/dhclient.leases > > Here is the output from the DHCP server: > > [...] > Server starting service. > DHCPDISCOVER from 08:00:27:05:95:af via enp0s8 > Ping timeout: 1 > DHCPOFFER on 172.16.0.10 to 08:00:27:05:95:af (dhcpclient01) via enp0s8 > DHCPREQUEST for 172.16.0.10 (172.16.0.3) from 08:00:27:05:95:af > (dhcpclient01) via enp0s8 > DHCPACK on 172.16.0.10 to 08:00:27:05:95:af (dhcpclient01) via enp0s8 > Added new forward map from dhcpclient01.appendata.net. to 172.16.0.10 > Added reverse map from 10.0.16.172.in-addr.arpa. to > dhcpclient01.appendata.net > > And from the DNS log: > > Jul 29 13:34:11 dns01 named[3432]: update-security: info: client > 172.16.0.3#20083/key ddns-a-rrs: signer "ddns-a-rrs" approved > Jul 29 13:34:11 dns01 named[3432]: update: info: client > 172.16.0.3#20083/key ddns-a-rrs: updating zone 'appendata.net/IN': deleting > rrset at 'dhcpclient01.appendata.net' A > Jul 29 13:34:11 dns01 named[3432]: update: info: client > 172.16.0.3#20083/key ddns-a-rrs: updating zone 'appendata.net/IN': adding an > RR at 'dhcpclient01.appendata.net' A 172.16.0.10 > Jul 29 13:34:11 dns01 named[3432]: update-security: info: client > 172.16.0.3#20083/key ddns-ptr-rrs: signer "ddns-ptr-rrs" approved > Jul 29 13:34:11 dns01 named[3432]: update: info: client > 172.16.0.3#20083/key ddns-ptr-rrs: updating zone '0.16.172.in-addr.arpa/IN': > deleting rrset at '10.0.16.172.in-addr.arpa' PTR > Jul 29 13:34:11 dns01 named[3432]: update: info: client > 172.16.0.3#20083/key ddns-ptr-rrs: updating zone '0.16.172.in-addr.arpa/IN': > adding an RR at '10.0.16.172.in-addr.arpa' PTR dhcpclient01.appendata.net. > > I'm just not sure what I'm missing here. To me it looks like DNS server's can > be updated from DHCPv6 servers. Any help would be much appreciated. > > Thanks, > Joshua Schaeffer > _______________________________________________ > dhcp-users mailing list > dhcp-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/dhcp-users -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20170730/f78e9bfb/attachment-0001.html> ------------------------------ Message: 2 Date: Sun, 30 Jul 2017 16:43:06 +0100 From: Barry Scott <ba...@barrys-emacs.org> To: dhcp-users@lists.isc.org Subject: fedora 26 ddns stopped working finding so far Message-ID: <2381902.QbpTcEs9Se@varric.chelsea.private> Content-Type: text/plain; charset="us-ascii" I'm in the middle of debugging why dhcpd is no longer updating name/ptr info in dns. Under fedora 25 I had a working setup so, unless there is a subtle config change I should have a good set of conf files. I have been assuming that there is a reason why dhcpd fails to send to named. I have defined DEBUG_DNS_UPDATES in hopes of seeing a interesting log. I have been adding log_error lines to ddns.c which will mean that the line number off a bit. I see this error ever time a host tries to use ddns: "DDNS: ddns.c(1601): error in ddns_modify_fwd already running for 0x55e58a398240" This is the complete sequence from dhcpd startup to the error: Jul 30 16:31:12 fable systemd[1]: Stopped DHCPv4 Server Daemon. Jul 30 16:31:12 fable systemd[1]: Starting DHCPv4 Server Daemon... Jul 30 16:31:12 fable dhcpd[13240]: Internet Systems Consortium DHCP Server 4.3.5 Jul 30 16:31:12 fable dhcpd[13240]: Copyright 2004-2016 Internet Systems Consortium. Jul 30 16:31:12 fable dhcpd[13240]: All rights reserved. Jul 30 16:31:12 fable dhcpd[13240]: For info, please visit https://www.isc.org/software/dhcp/ Jul 30 16:31:12 fable dhcpd[13240]: WARNING: Overwriting trace file "/var/log/dhcpd-trace.log" Jul 30 16:31:12 fable dhcpd[13240]: ldap_gssapi_principal is not set,GSSAPI Authentication for LDAP will not be used Jul 30 16:31:12 fable dhcpd[13240]: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file Jul 30 16:31:12 fable dhcpd[13240]: Config file: /etc/dhcp/dhcpd.conf Jul 30 16:31:12 fable dhcpd[13240]: Database file: /var/lib/dhcpd/dhcpd.leases Jul 30 16:31:12 fable dhcpd[13240]: PID file: /var/run/dhcpd.pid Jul 30 16:31:12 fable dhcpd[13240]: Source compiled to use binary-leases Jul 30 16:31:12 fable dhcpd[13240]: Wrote 0 deleted host decls to leases file. Jul 30 16:31:12 fable dhcpd[13240]: Wrote 0 new dynamic host decls to leases file. Jul 30 16:31:12 fable dhcpd[13240]: Wrote 54 leases to leases file. Jul 30 16:31:12 fable dhcpd[13240]: Listening on LPF/eno1/4c:72:b9:32:15:28/172.16.2.0/24 Jul 30 16:31:12 fable dhcpd[13240]: Sending on LPF/eno1/4c:72:b9:32:15:28/172.16.2.0/24 Jul 30 16:31:12 fable systemd[1]: Started DHCPv4 Server Daemon. Jul 30 16:31:12 fable dhcpd[13240]: Sending on Socket/fallback/fallback-net Jul 30 16:31:12 fable dhcpd[13240]: Server starting service. Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_updates ddns_update_style 3 Jul 30 16:31:17 fable dhcpd[13240]: ddns.c(123): Allocating ddns_cb=0x55e58a398240 Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_updates goto noclient Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_update s1 1 ddns_hostname rpi3 Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_update s3 1 ddns_domainname chelsea.private. Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_update ddns_fwd_name rpi3.chelsea.private. Jul 30 16:31:17 fable dhcpd[13240]: qqq ddns_updates at client_updates: Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_updates at in do_remove 0 Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_updates at line 375 Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_updates ddns_ttl 1800 Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_updates s1 1 at line 470 Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_updates perform updates at line 587 Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_fwd_srv_connector Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_fwd_srv_connector DDNS_UPDATE_ADDR Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_fwd_srv_connector DDNS_UPDATE_ADDR before call ddns_modify_fwd Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_modify_fwd Jul 30 16:31:17 fable dhcpd[13240]: QQQ dns_client_lazy Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_modify_fwd_add1 Jul 30 16:31:17 fable dhcpd[13240]: [176B blob data] Jul 30 16:31:17 fable dhcpd[13240]: DDNS: ddns.c(1601): error in ddns_modify_fwd already running for 0x55e58a398240 Jul 30 16:31:17 fable dhcpd[13240]: QQQ ddns_fwd_srv_connector DDNS_UPDATE_ADDR after call ddns_modify_fwd Jul 30 16:31:17 fable dhcpd[13240]: ddns.c(1618): freeing ddns_cb=0x55e58a398240 Jul 30 16:31:17 fable dhcpd[13240]: reuse_lease: lease age 16 (secs) under 25% threshold, reply with unaltered, existing lease for 172.16.2.170 Jul 30 16:31:17 fable dhcpd[13240]: DHCPREQUEST for 172.16.2.170 from b8:27:eb:b4:b3:b3 (rpi3) via eno1 Jul 30 16:31:17 fable dhcpd[13240]: DHCPACK on 172.16.2.170 to b8:27:eb:b4:b3:b3 (rpi3) via eno1 Here is my instrumented code around line ddns.c(1601): if (ddns_cb->flags & DDNS_UPDATE_ADDR) { log_error("QQQ ddns_fwd_srv_connector DDNS_UPDATE_ADDR"); ddns_cb->state = DDNS_STATE_ADD_FW_NXDOMAIN; ddns_cb->cur_func = ddns_fwd_srv_add1; log_error("QQQ ddns_fwd_srv_connector DDNS_UPDATE_ADDR before call ddns_modify_fwd"); result = ddns_modify_fwd(ddns_cb, MDL); log_error("QQQ ddns_fwd_srv_connector DDNS_UPDATE_ADDR after call ddns_modify_fwd"); It seems that the "already running" log is saying there is a bug in the code? Is there a fix for this? If not how can I help track down a fix? Barry ------------------------------ Subject: Digest Footer _______________________________________________ dhcp-users mailing list dhcp-users@lists.isc.org https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ End of dhcp-users Digest, Vol 105, Issue 26 *******************************************