The DNS response of RCODE 5 by your nameserver indicates the submitted DDNS
update was refused by the nameserver. May want to check your nameserver logs
for cause. Guessing it is not allowing your TSIG key used by Kea to make
updates to the 10.168.192.in-addr.arpa zone.
BIND will not create a .jnl file until the first successful dynamic update
(from any DDNS client). Assuming this is a new BIND server as well since the
jnl file for your reverse zone does not yet exist.
> On Jan 28, 2024, at 05:37, Ubence Quevedo (thatrat) <that...@gmail.com> wrote:
>
> Hi All,
>
> I’ve recently converted from the older ISC dhcpd with dynamic DNS configured
> and working properly with updating forward and reverse entries, but after
> converting to Kea, I can only get the forward entries to work and the reverse
> entries do not update.
>
> This is a raspberry pi 4b running Ubuntu 22.04 LTS with Kea 2.0.2. I can’t
> run the latest version since this is an arm system.
>
> From what I can tell, things *look* correct, but when I do a journalctl -xeu
> kea-dhcp-ddns-server, in the below snippet, I get the following:
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: INFO
> DHCP_DDNS_REMOVE_SUCCEEDED DHCP_DDNS Request ID
> 000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979:
> successfully removed the DNS mapping addition for this request: Type: 1
> (CHG_REMOVE)
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Forward Change: yes
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Reverse Change: yes
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: FQDN: [lg-washer.totusmel.com.]
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: IP Address: [192.168.10.74]
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: DHCID:
> [000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979]
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Lease Expires On: 20240127223510
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Lease Length: 2400
> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Conflict Resolution: yes
> Jan 27 16:28:37 raspi kea-dhcp-ddns[1542846]: ERROR
> DHCP_DDNS_REVERSE_REPLACE_REJECTED DNS Request ID
> 000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979:
> Server, 192.168.10.3 port:53, rejected a DNS update request to replace the
> reverse mapping for FQDN, lg-washer.totusmel.com., with an RCODE: 5
> Jan 27 16:28:37 raspi kea-dhcp-ddns[1542846]: ERROR DHCP_DDNS_ADD_FAILED
> DHCP_DDNS Request ID
> 000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979:
> Transaction outcome Status: Failed, Event: UPDATE_FAILED_EVT, Forward
> change: completed, Reverse change: failed, request: Type: 0 (CHG_ADD)
>
> The error entry shows a failure while the first and second entries show
> success.
>
> I’m a bit baffled because in the kea-dhcp-ddns.conf, the forward and reverse
> are configured nearly the same and reference the same key to allow updates:
> "DhcpDdns":
> {
> "ip-address": "127.0.0.1",
> "port": 53001,
> "control-socket": {
> "socket-type": "unix",
> "socket-name": "/tmp/kea-ddns-ctrl-socket"
> },
>
> <?include "/etc/kea/tsig-keys.json"?>
>
> "forward-ddns" : {
> "ddns-domains": [
> {
> "name": "totusmel.com.",
> "key-name": "ddns-key",
> "dns-servers": [
> {
> "ip-address": "192.168.10.3",
> "port": 53
> }
> ]
> }
> ]
> },
>
> "reverse-ddns" : {
> "ddns-domains": [
> {
> "name": "10.168.192.in-addr.arpa.",
> "key-name": "ddns-key",
> "dns-servers": [
> {
> "ip-address": "192.168.10.3",
> "port": 53
> }
> ]
> }
> ]
> }
>
>
> I’m also expecting there to be a .jnl file for the zone file in
> /var/lib/bind/ where the zone files reside, but the .jnl file I’m expecting
> never gets generated:
> root@raspi:/var/lib/bind# ls -la db*
> -rw-r--r-- 1 bind bind 6169 Jan 27 16:37 db.10.168.192.in-addr.arpa
> -rw-r--r-- 1 bind bind 295 Nov 6 2022 db.20.168.192.in-addr.arpa
> -rw-r--r-- 1 bind bind 347 Nov 6 2022 db.30.168.192.in-addr.arpa
> -rw-r--r-- 1 bind bind 278 Nov 6 2022 db.40.168.192.in-addr.arpa
> -rw-r--r-- 1 bind bind 276 Nov 6 2022 db.50.168.192.in-addr.arpa
> -rw-r--r-- 1 bind bind 1082 Jan 25 20:08 db.lab.totusmel.com
> -rw-r--r-- 1 bind bind 1372 Jan 25 19:56 db.lab.totusmel.com.jnl
> -rw-r--r-- 1 bind bind 22676 Jan 28 02:41 db.totusmel.com
> -rw-r--r-- 1 bind bind 3872 Jan 28 02:28 db.totusmel.com.jnl
>
> Does anyone have any thoughts or suggestions on what might be wrong? I can
> provide more information if needed, I just included the bits that I thought
> were relevant.
>
> Any thoughts or suggestions would be greatly appreciated!
>
> -Ubence
>
> --
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
