Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. whereas server does DDNS, make a client not to - ? (lejeczek)
2. Re: DHCP - DDNS Update (lejeczek)
----------------------------------------------------------------------
Message: 1
Date: Tue, 16 May 2023 15:42:22 +0200
From: lejeczek <pelj...@yahoo.co.uk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: whereas server does DDNS, make a client not to - ?
Message-ID: <ee26fd4d-fa45-94d0-9480-c715fdefa...@yahoo.co.uk>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hi guys
I have a server with:
ddns-updates??????????? on;
update-static-leases??? on;
ddns-update-style?????? interim;
in general/main config section. Now I'm trying to make a
client(s) - which client is Fedora 38 - not to do that, so I
have a client like here:
host oshiftbootstrap {
? option fqdn.fqdn? "oshift.lot.";
? option fqdn.no-client-update true;
? option fqdn.server-update false;
? option domain-name? "oshift.lot.";
? option host-name? "ocp-bootstrap.oshift.lot.";
? hardware ethernet 02:3b:ab:41:6e:99;
? fixed-address???? 10.3.1.244;
? default-lease-time??? 86400;
? max-lease-time??????? 864000;
}
and yet it turns out, it won't do.
I still see 'dhcpd' logs:
...
Unable to build name for fwd update:
ocp-bootstrap.oshift.lot..mine.priv empty label
...
I must be confusing something. I'll add only that client's
end of equation cannot be re-configured.
In another, simpler words - goals is to have 'dhcpd' (to
try) to do DDNS for all but some clients.
All suggestions and thoughts shared are much appreciated.
many thanks, L.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20230516/a69ad9f7/attachment-0001.htm>
------------------------------
Message: 2
Date: Tue, 16 May 2023 17:32:43 +0200
From: lejeczek <pelj...@yahoo.co.uk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: DHCP - DDNS Update
Message-ID: <10d5a2f4-ba5c-89be-9586-dc7f0ba88...@yahoo.co.uk>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
On 25/04/2023 17:47, Jeremey Wise wrote:
>
> Greetings, and sorry up front for large email. But joining
> this forum and wanted to be comprehensive in my posting.?
> I googled around and seems I am not the only one with
> questions on how to do this task, as things have changed
> with certs and updates.? Hopefully this email formats in a
> means to make it easy for others to review and toss out
> ideas / links to where I can RTFM.
>
> I am being tasked to help out with a POC / Demo lab.? It
> is a pair of VMs, running Ubuntu 22.04 fully updated /
> patched.
>
> ###
> dnsuser@ps-dns-01:~$ ?named -v
> BIND 9.18.12-0ubuntu0.22.04.1-Ubuntu (Extended Support
> Version) <id:>
> dnsuser@ps-dns-01:~$ apt list |grep dhcp
>
> WARNING: apt does not have a stable CLI interface. Use
> with caution in scripts.
>
> dhcp-helper/jammy 1.2-3 amd64
> dhcp-probe/jammy 1.3.0-10.1build2 amd64
> dhcpcanon/jammy 0.8.5-2 all
> dhcpcd-dbus/jammy 0.6.1-2 amd64
> dhcpcd-gtk/jammy 0.7.8-1 amd64
> dhcpcd5/jammy 7.1.0-2build1 amd64
> dhcpd-pools/jammy 2.29-1.1 amd64
> dhcpdump/jammy 1.8-2.2 amd64
> dhcpig/jammy 1.5-3 all
> dhcping/jammy 1.2-5 amd64
> dhcpoptinj/jammy 0.5.3-1 amd64
> dhcpstarv/jammy 0.2.2-2 amd64
> dhcpy6d/jammy 1.0.7-1 all
> freeradius-dhcp/jammy-updates,jammy-security
> 3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1 amd64
> fusiondirectory-plugin-dhcp-schema/jammy 1.3-4build1 all
> fusiondirectory-plugin-dhcp/jammy 1.3-4build1 all
> golang-github-d2g-dhcp4-dev/jammy 0.0~git20150413-3 all
> golang-github-d2g-dhcp4client-dev/jammy 1.0.0-2 all
> golang-github-insomniacslk-dhcp-dev/jammy
> 0.0~git20200621.d74cd86-1 all
> golang-github-mdlayher-dhcp6-dev/jammy
> 0.0~git20190311.2a67805-2 all
> gosa-plugin-dhcp-schema/jammy 2.7.4+reloaded3-16build1 all
> gosa-plugin-dhcp/jammy 2.7.4+reloaded3-16build1 all
> isc-dhcp-client-ddns/jammy-updates 4.4.1-2.3ubuntu2.4 amd64
> isc-dhcp-client/jammy-updates,now 4.4.1-2.3ubuntu2.4 amd64
> [installed,automatic]
> isc-dhcp-common/jammy-updates,now 4.4.1-2.3ubuntu2.4 amd64
> [installed,automatic]
> isc-dhcp-dev/jammy-updates 4.4.1-2.3ubuntu2.4 amd64
> isc-dhcp-relay/jammy-updates 4.4.1-2.3ubuntu2.4 amd64
> isc-dhcp-server-ldap/jammy-updates 4.4.1-2.3ubuntu2.4 amd64
> isc-dhcp-server/jammy-updates,now 4.4.1-2.3ubuntu2.4 amd64
> [installed]
> kea-dhcp-ddns-server/jammy 2.0.2-1 amd64
> kea-dhcp4-server/jammy 2.0.2-1 amd64
> kea-dhcp6-server/jammy 2.0.2-1 amd64
> libnet-dhcp-perl/jammy 0.696+dfsg-1 all
> libnet-dhcpv6-duid-parser-perl/jammy 1.01-2.1 all
> librust-dhcp4r-dev/jammy 0.2.0-1 amd64
> libtext-dhcpleases-perl/jammy 1.0-2.1 all
> neutron-dhcp-agent/jammy-updates 2:20.2.0-0ubuntu1 all
> opendrim-lmp-dhcp/jammy 1.0.0-0ubuntu2 amd64
> python3-isc-dhcp-leases/jammy 0.9.1-2 all
> udhcpc/jammy 1:1.30.1-7ubuntu3 amd64
> udhcpd/jammy 1:1.30.1-7ubuntu3 amd64
> wide-dhcpv6-client/jammy 20080615-23build1 amd64
> wide-dhcpv6-relay/jammy 20080615-23build1 amd64
> wide-dhcpv6-server/jammy 20080615-23build1 amd64
> dnsuser@ps-dns-01:~$
> ###
>
>
> Goal:
>
> 1. HA DNS and DHCP (failover / fail back)
> 2. DDNS updates from registered DHCP clients for PTR and
> A records (ipv4 only for now)
>
>
> Issues:
>
> 1. Getting flooding in /var/log/syslog , every update ..
>
> ###
> Apr 25 14:51:34 ps-dns-02 dhcpd[202599]: DHCPACK on
> 10.89.132.129 to 00:50:56:97:2b:f7 (op-web2) via 10.89.132.1
> Apr 25 14:51:34 ps-dns-02 dhcpd[202599]: bind update on
> 10.89.132.129 from dhcpfailover rejected: incoming update
> is less critical than outgoing update
> Apr 25 14:51:34 ps-dns-02 dhcpd[202599]: Unable to add
> forward map from op-web2.ps.labs.local to 10.89.132.129:
> REFUSED
> Apr 25 14:51:35 ps-dns-02 dhcpd[202599]: DHCPREQUEST for
> 10.89.132.130 from 00:50:56:97:df:98 (easytravel) via ens160
> Apr 25 14:51:35 ps-dns-02 dhcpd[202599]: DHCPACK on
> 10.89.132.130 to 00:50:56:97:df:98 (easytravel) via ens160
> Apr 25 14:51:35 ps-dns-02 dhcpd[202599]: DHCPREQUEST for
> 10.89.132.130 from 00:50:56:97:df:98 (easytravel) via
> 10.89.132.1
> Apr 25 14:51:35 ps-dns-02 dhcpd[202599]: DHCPACK on
> 10.89.132.130 to 00:50:56:97:df:98 (easytravel) via
> 10.89.132.1
> Apr 25 14:51:35 ps-dns-02 dhcpd[202599]: bind update on
> 10.89.132.130 from dhcpfailover rejected: incoming update
> is less critical than outgoing update
> Apr 25 14:51:35 ps-dns-02 dhcpd[202599]: bind update on
> 10.89.132.130 from dhcpfailover rejected: incoming update
> is less critical than outgoing update
> Apr 25 14:51:35 ps-dns-02 dhcpd[202599]: Unable to add
> forward map from easytravel.ps.labs.local to
> 10.89.132.130: REFUSED
> Apr 25 14:51:38 ps-dns-02 named[184617]: client
> @0x7f20082400b8 10.89.132.90#50112
> (mdbrtr-cisco-assist-00-ps-labs-local-svc): query (cache)
> 'mdbrtr-cisco-assist-00-ps-labs-local-svc/AAAA/IN' denied
> (allow-query-cache did not match)
> Apr 25 14:51:39 ps-dns-02 dhcpd[202599]: reuse_lease:
> lease age 122 (secs) under 25% threshold, reply with
> unaltered, existing lease for 10.89.135.132
> Apr 25 14:51:39 ps-dns-02 dhcpd[202599]: DHCPREQUEST for
> 10.89.135.132 from 00:50:56:8b:a5:85 via ens160
> ###
> Similar posting was made with note that this would require
> configuration file review for what was / is misconfigured:
> https://dhcp-users.isc.narkive.com/KngCfNx3/rejected-incoming-update-is-less-critical-than-outgoing-update
>
>
>
> As such below is sample of zone and DHCP /DNS configuration.
>
> I read through documents https://kb.isc.org/docs/aa-01588
> ?But did not see where their is misconfiguration in my
> configurations.
>
> ?cat /etc/dhcp/dhcpd.conf
>
> ps-dns-01 ps-dns-02
> # option definitions common to all supported networks...
> option domain-name "ps.labs.local";
> option domain-search "ps.labs.local";
> option domain-name-servers 10.89.100.152, 10.89.100.153;
> option time-offset -6;
> option ntp-servers 10.89.66.1;
> option time-servers 10.89.66.1;
> #ddns-domainname "ps.labs.local";
> default-lease-time 600;
> max-lease-time 7200;
>
>
> # Failover declaration
> failover peer "dhcpfailover" {
> ? ? ? ? primary; ?# primary server declaration
> ? ? ? ? address 10.89.100.152;
> ? ? ? ? port 647;
> ? ? ? ? peer address 10.89.100.153;
> ? ? peer port 647;
> ? ? max-response-delay 60;
> ? ? max-unacked-updates 10;
> ? ? mclt 3600;
> ? ? split 128;
> ? ? load balance max seconds 3;
> }
>
>
> key pslabslocal {
> ? ? ? ? secret cHNsYWJzbG9jYWw=;
> ? ? ? ? algorithm hmac-md5;
> ? ? ? ? }
>
> # The ddns-updates-style parameter controls whether or not
> the server will
> # attempt to do a DNS update when a lease is confirmed. We
> default to the
> # behavior of the version 2 packages ('none', since DHCP
> v2 didn't
> # have support for DDNS.)
> ddns-update-style standard;
>
> # If this DHCP server is the official DHCP server for the
> local
> # network, the authoritative directive should be uncommented.
> authoritative;
>
> # Use this to send dhcp log messages to a different log
> file (you also
> # have to hack syslog.conf to complete the redirection).
> #log-facility local7;
>
> # No service will be given on this subnet, but declaring
> it helps the
> # DHCP server to understand the network topology. This is
> for local NIC listening to dhcp broadcasts.
> subnet 10.89.100.0 netmask 255.255.255.0 {
> }
>
> # ps_labs_local_infrastructure
> subnet 10.89.128.0 netmask 255.255.255.0 {
> }
>
> # hx06 dynamic
> subnet 10.89.130.0 netmask 255.255.255.0 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.130.1;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.130.10 10.89.130.254;
> ? ? }
> }
>
> # hx07 dynamic
> subnet 10.89.132.0 netmask 255.255.255.0 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.132.1;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.132.10 10.89.132.254;
> ? ? }
> }
>
> # UCSX dynamic
> subnet 10.89.134.0 netmask 255.255.255.0 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.134.1;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.134.10 10.89.134.254;
> ? ? }
> }
>
> # The following three network are for Tanzu work in hx06
> # Update 20221004 by JW. ?Data is all static as is mgmt.
> ?Workload is all DHCP
> # subnet 10.89.135.0 netmask 255.255.255.224
>
> # k8s-tz-data-hx06 dynamic
> subnet 10.89.135.0 netmask 255.255.255.224 {
> ? ? ? ? option domain-name-servers 10.89.100.152;
> ? ? ? ? option routers 10.89.135.1;
> ? ? ? ? pool {
> ? ? ? ? ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? ? ? ? ? range 10.89.135.2 10.89.135.30;
> ? ? ? ? ? ? ? ? }
> ? ? ? ? }
>
> # k8s-tz-workload-hx06 dynamic
> subnet 10.89.135.32 netmask 255.255.255.224 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.135.33;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.135.34 10.89.135.63;
> ? ? }
> }
>
> # k8s-tz-mgmt-hx06 dynamic
> subnet 10.89.135.64 netmask 255.255.255.224 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.135.65;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.135.66 10.89.135.94;
> ? ? }
> }
>
> # k8s-ocp-data-hx06
> subnet 10.89.135.96 netmask 255.255.255.224 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.135.97;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.135.98 10.89.135.126;
> ? ? }
> }
>
> # k8s-ocp-workload-hx06
> subnet 10.89.135.128 netmask 255.255.255.224 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.135.129;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.135.130 10.89.135.158;
> ? ? }
> }
>
> # k8s-rke-mgmt-hx06
> subnet 10.89.135.160 netmask 255.255.255.224 {
> ? ? ? ? option domain-name-servers 10.89.100.152;
> ? ? ? ? option routers 10.89.135.161;
> ? ? ? ? pool {
> ? ? ? ? ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? ? ? ? ? range 10.89.135.162 10.89.135.190;
> ? ? ? ? ? ? ? ? }
> ? ? ? ? # ocpbastion
> ? ? ? ? host ocpbastion {
> ? ? ? ? ? ? ? ? hardware ethernet 00:50:56:8b:db:a4;
> fixed-address 10.89.135.190;
> ? ? ? ? ? ? ? ? }
> ? ? ? ? }
>
> # k8s-rke-data-hx06
> subnet 10.89.135.192 netmask 255.255.255.224 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.135.193;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.135.194 10.89.135.222;
> ? ? }
> }
>
> # k8s-rke-workload-hx06
> subnet 10.89.135.224 netmask 255.255.255.224 {
> ? ? option domain-name-servers 10.89.100.225;
> ? ? option routers 10.89.135.193;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.135.226 10.89.135.253;
> ? ? }
> }
>
>
> # Host reservations
> ? ? host tanzuprod-service-control-plane-bbwwb {
> ? ? ? ? hardware ethernet 00:50:56:8b:71:bf;
> ? ? ? ? fixed-address 10.89.135.48;
> ? ? }
> <snip>
> ? ? host tanzuprod-workload-control-plane-zvm6t {
> ? ? ? ? hardware ethernet 00:50:56:8b:75:83;
> ? ? ? ? fixed-address 10.89.135.50;
> ? ? }
>
> # DV Presales Lab
> zone ps.labs.local. {
> ? ? ? ? primary 10.89.100.152;
> ? ? ? ? key pslabslocal;
> ? ? ? ? }
>
> # option definitions common to all supported networks...
> option domain-name "ps.labs.local";
> option domain-search "ps.labs.local";
> option domain-name-servers 10.89.100.152, 10.89.100.153;
> option time-offset -6;
> option ntp-servers 10.89.66.1;
> option time-servers 10.89.66.1;
> #ddns-domainname "ps.labs.local";
> default-lease-time 600;
> max-lease-time 7200;
>
>
> # Failover declaration
> failover peer "dhcpfailover" {
> ? ? ? ? secondary; ?# secondary server declaration
> ? ? ? ? address 10.89.100.153;
> ? ? ? ? port 647;
> ? ? ? ? peer address 10.89.100.152;
> ? ? peer port 647;
> ? ? max-response-delay 60;
> ? ? max-unacked-updates 10;
> ? ? load balance max seconds 3;
> }
>
>
> key pslabslocal {
> ? ? ? ? secret cHNsYWJzbG9jYWw=;
> ? ? ? ? algorithm hmac-md5;
> ? ? ? ? }
>
> # The ddns-updates-style parameter controls whether or not
> the server will
> # attempt to do a DNS update when a lease is confirmed. We
> default to the
> # behavior of the version 2 packages ('none', since DHCP
> v2 didn't
> # have support for DDNS.)
> ddns-update-style standard;
>
> # If this DHCP server is the official DHCP server for the
> local
> # network, the authoritative directive should be uncommented.
> authoritative;
>
> # Use this to send dhcp log messages to a different log
> file (you also
> # have to hack syslog.conf to complete the redirection).
> #log-facility local7;
>
> # No service will be given on this subnet, but declaring
> it helps the
> # DHCP server to understand the network topology. This is
> for local NIC listening to dhcp broadcasts.
> subnet 10.89.100.0 netmask 255.255.255.0 {
> }
>
> # ps_labs_local_infrastructure
> subnet 10.89.128.0 netmask 255.255.255.0 {
> }
>
> # hx06 dynamic
> subnet 10.89.130.0 netmask 255.255.255.0 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.130.1;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.130.10 10.89.130.254;
> ? ? }
> }
>
> # hx07 dynamic
> subnet 10.89.132.0 netmask 255.255.255.0 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.132.1;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.132.10 10.89.132.254;
> ? ? }
> }
>
> # UCSX dynamic
> subnet 10.89.134.0 netmask 255.255.255.0 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.134.1;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.134.10 10.89.134.254;
> ? ? }
> }
>
> # The following three network are for Tanzu work in hx06
> # Update 20221004 by JW. ?Data is all static as is mgmt.
> ?Workload is all DHCP
> # subnet 10.89.135.0 netmask 255.255.255.224
>
> # k8s-tz-data-hx06 dynamic
> subnet 10.89.135.0 netmask 255.255.255.224 {
> ? ? ? ? ddns-updates on;
> ? ? ? ? option domain-name-servers 10.89.100.152;
> ? ? ? ? option routers 10.89.135.1;
> ? ? ? ? pool {
> ? ? ? ? ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? ? ? ? ? range 10.89.135.2 10.89.135.30;
> ? ? ? ? ? ? ? ? }
> ? ? ? ? }
>
> # k8s-tz-workload-hx06 dynamic
> subnet 10.89.135.32 netmask 255.255.255.224 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.135.33;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.135.34 10.89.135.63;
> ? ? }
> }
>
> # k8s-tz-mgmt-hx06 dynamic
> subnet 10.89.135.64 netmask 255.255.255.224 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.135.65;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.135.66 10.89.135.94;
> ? ? }
> }
>
> # k8s-ocp-data-hx06
> subnet 10.89.135.96 netmask 255.255.255.224 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.135.97;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.135.98 10.89.135.126;
> ? ? }
> }
>
> # k8s-ocp-workload-hx06
> subnet 10.89.135.128 netmask 255.255.255.224 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.135.129;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.135.130 10.89.135.158;
> ? ? }
> }
>
> # k8s-rke-mgmt-hx06
> subnet 10.89.135.160 netmask 255.255.255.224 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.135.161;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.135.162 10.89.135.190;
> ? ? }
> }
>
> # k8s-rke-data-hx06
> subnet 10.89.135.192 netmask 255.255.255.224 {
> ? ? option domain-name-servers 10.89.100.152;
> ? ? option routers 10.89.135.193;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.135.194 10.89.135.222;
> ? ? }
> }
>
> # k8s-rke-workload-hx06
> subnet 10.89.135.224 netmask 255.255.255.224 {
> ? ? option domain-name-servers 10.89.100.225;
> ? ? option routers 10.89.135.193;
> ? ? pool {
> ? ? ? ? failover peer "dhcpfailover";
> ? ? ? ? range 10.89.135.226 10.89.135.253;
> ? ? }
> }
>
> # Host reservations
> ? ? host tanzuprod-service-control-plane-bbwwb {
> ? ? ? ? hardware ethernet 00:50:56:8b:71:bf;
> ? ? ? ? fixed-address 10.89.135.48;
> ? ? }
> <snip>
> ? ? host tanzuprod-workload-control-plane-zvm6t {
> ? ? ? ? hardware ethernet 00:50:56:8b:75:83;
> ? ? ? ? fixed-address 10.89.135.50;
> ? ? }
>
> # DV Presales Lab
> zone ps.labs.local. {
> ? ? ? ? primary 10.89.100.152;
> ? ? ? ? key pslabslocal;
> ? ? ? ? }
> dnsuser@ps-dns-02:~$
>
>
>
> DDNS
>
> cat /etc/bind/named.conf
>
> ps-dns-01 ps-dns-02
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> server 10.89.9.10 {
> ? ? ? ? };
> server 10.89.9.107 {
> ? ? ? ? };
> key pslabslocal {
> ? ? ? ? algorithm hmac-md5;
> ? ? ? ? secret "c<snip>w=";
> ? ? ? ? };
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> key pslabslocal {
> ? ? ? ? algorithm hmac-md5;
> ? ? ? ? secret "c<snip>w=";
> ? ? ? ? };
> server 10.89.100.153 {
> ? ? ? ? transfer-format many-answers;
> ? ? ? ? keys {
> pslabslocal;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? };
>
> "?/etc/bind/named.conf.options"
> ? ? ? ? listen-on-v6 { any; };
> ? ? ? ? forwarders {
> 10.89.9.10;
> 10.89.9.107;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? recursion yes;
> ? ? ? ? allow-query {
> ? ? ? ? ? ? ? ? any;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? allow-recursion {
> ? ? ? ? ? ? ? ? any;
> ? ? ? ? ? ? ? ? };
> };
>
> "/etc/bind/named.conf.options"
> options {
> ? ? ? ? directory "/var/cache/bind";
>
>
> ? ? ? ? listen-on-v6 { any; };
> };
> "/etc/bind/named.conf.local"
> zone "ps.labs.local" {
> ? ? ? ? type master;
> ? ? ? ? file "/var/lib/bind/ps.labs.local.hosts";
> ? ? ? ? also-notify {
> 10.89.100.153;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? allow-transfer {
> 10.89.100.153;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? };
> zone "128.89.10.in-addr.arpa" {
> ? ? ? ? type master;
> ? ? ? ? file "/var/lib/bind/10.89.128.rev";
> ? ? ? ? also-notify {
> 10.89.100.153;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? allow-transfer {
> 10.89.100.153;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? };
> zone "129.89.10.in-addr.arpa" {
> ? ? ? ? type master;
> ? ? ? ? file "/var/lib/bind/10.89.129.rev";
> ? ? ? ? also-notify {
> 10.89.100.153;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? allow-transfer {
> 10.89.100.153;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? };
> <snip other zones but all structured same>
>
> "/etc/bind/named.conf.local"
> zone "130.89.10.in-addr.arpa" {
> ? ? ? ? type slave;
> ? ? ? ? masters {
> 10.89.100.152;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? allow-transfer {
> 10.89.100.152;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? file "/var/lib/bind/10.89.130.rev";
> ? ? ? ? };
> zone "ps.labs.local" {
> ? ? ? ? type slave;
> ? ? ? ? masters {
> 10.89.100.152;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? allow-transfer {
> 10.89.100.152;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? file "/var/lib/bind/ps.labs.local.hosts";
> ? ? ? ? };
> zone "128.89.10.in-addr.arpa" {
> ? ? ? ? type slave;
> ? ? ? ? masters {
> 10.89.100.152;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? allow-transfer {
> 10.89.100.152;
> ? ? ? ? ? ? ? ? };
> ? ? ? ? file "/var/lib/bind/10.89.128.rev";
> ? ? ? ? };
> <snip other zones but all structured same>
> "/etc/bind/named.conf.default-zones"
>
> // prime the server with knowledge of the root servers
> zone "." {
> ? ? ? ? type hint;
> ? ? ? ? file "/usr/share/dns/root.hints";
> };
>
> // be authoritative for the localhost forward and reverse
> zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> ? ? ? ? type master;
> ? ? ? ? file "/etc/bind/db.local";
> ? ? ? ? also-notify {
> 10.89.100.153;
> ? ? ? ? ? ? ? ? };
> allow-transfer {
> 10.89.100.153;
> ? ? ? ? ? ? ? ? };
> };
>
> zone "127.in-addr.arpa" {
> ? ? ? ? type master;
> ? ? ? ? file "/etc/bind/db.127";
> ? ? ? ? also-notify {
> 10.89.100.153;
> ? ? ? ? ? ? ? ? };
> allow-transfer {
> 10.89.100.153;
> ? ? ? ? ? ? ? ? };
> };
>
> zone "0.in-addr.arpa" {
> ? ? ? ? type master;
> ? ? ? ? file "/etc/bind/db.0";
> ? ? ? ? also-notify {
> 10.89.100.153;
> ? ? ? ? ? ? ? ? };
> allow-transfer {
> 10.89.100.153;
> ? ? ? ? ? ? ? ? };
> };
>
> zone "255.in-addr.arpa" {
> ? ? ? ? type master;
> ? ? ? ? file "/etc/bind/db.255";
> ? ? ? ? also-notify {
> 10.89.100.153;
> ? ? ? ? ? ? ? ? };
> allow-transfer {
> 10.89.100.153;
> ? ? ? ? ? ? ? ? };
> };
>
>
>
>
> "/etc/bind/named.conf.default-zones"
> // prime the server with knowledge of the root servers
> zone "." {
> ? ? ? ? type hint;
> ? ? ? ? file "/usr/share/dns/root.hints";
> };
>
> // be authoritative for the localhost forward and reverse
> zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> ? ? ? ? type master;
> ? ? ? ? file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> ? ? ? ? type master;
> ? ? ? ? file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> ? ? ? ? type master;
> ? ? ? ? file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> ? ? ? ? type master;
> ? ? ? ? file "/etc/bind/db.255";
> };
>
>
> Questions:
>
> 1. What is missconfigured to get flood of events about
> DHCP cache?
> 2. Why are not DHCP leases pushing updates to DNS to
> create recoreds (A and PTR)
> 3. I see almost no logs as I boot up test Vm. and get
> lease.. as to attempts to create from DHCP to DNS ..?
> Where are the logs for these to track down DDNS
> communication.
> 4. DNS server on replica is not a flat file but a binary
> hash replica.? In event of failover (Ex: ps-dns-01)
> goes offline..) , how would DHCP push via DDNS update
> records of server?
>
>
> Thanks,
>
> Penguinpages
>
>
>
ough. html messages, specially long ones - not good recipe
for mailing lists.
I'll not offer any turn-key-ready fixes for your issues but
perhaps, I can share some ideas..
also a question - how do you keep your dns servers in sync?
These are flat-file backends right? Do you do any
dynamic-a/sync with them DNSes? If you do....
I'd suggest - perhaps as others did/do - to use a bit more
comprehensive systems for domain(+a lot more) management - I
don't know if they have it over at Ubuntu/Canonical but, I'd
recommend freeIPA - that is perhaps much steeper learning
curve but once sussed out, will do a plethora of things for you.
On DHCP - I'd, as I usually do, run only one dhcp
daemon/service for a given(topologically) sub/net. Have it
set up & ready on multiple nodes but run only ! one at any
times, with help of, managed by some simple outside of
dhcpd, solution / something like NM's dispatcher can do in
some cases. Here you should have only one file to keep in
sync - dhcpd config - between the nodes.
Glancing through your configs - seems that you have set your
'keys' but are those not missing in/for DNS ? - which dns
also must allow specific zones to be updated, or not, via
use of 'update-policy'.
eg.
...
? zone "direct" IN {
??? auto-dnssec maintain;
??? key-directory "myzones";
??? allow-query???? { localhost; private.pawel; };
??? #allow-update { key dhcpd; key nsupdate_key; };
??? update-policy {
????? #grant dhcpd subdomain *.direct A CNAME TXT;
????? #grant nsupdate_key subdomain *.direct SOA NS A CNAME
TXT;
????? grant dhcpd wildcard *.direct A CNAME TXT;
????? grant nsupdate_key wildcard *.direct A CNAME TXT;
??? };
??? # below line would be for a slave/stub secondary server
??? allow-transfer { localbox; 10.3.1.220; };
??? type master;
??? file "myzones/direct.signed";
? };
...
but again,
And probably best advice ever(for now) - unless you knew
this already but had no choice - even numbers, when it comes
to computer systems, are not your friends.
bw. L.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20230516/372d0d51/attachment.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 174, Issue 5
******************************************
