Hi Ruben,

Thank you very much for all your help.

I tried your branch, and while the dynamic records get inserted, for some reason dhcpd still logs a tsig verify failure at the end of the transaction.
Perhaps as a result, when DHCPRELEASE is sent, the records are not deleted.

Here is the log:
Aug 28 09:36:50 ddnstest1 dhcpd: DHCPDISCOVER from 52:54:00:41:5f:23 via eth1 Aug 28 09:36:51 ddnstest1 dhcpd: DHCPOFFER on 172.16.100.34 to 52:54:00:41:5f:23 (client-ubuntu) via eth1 Aug 28 09:36:51 ddnstest1 named[1034]: client 127.0.0.1#30418/key ddns_update: signer "ddns_update" approved Aug 28 09:36:51 ddnstest1 named[1034]: client 127.0.0.1#30418/key ddns_update: forwarding update for zone 'example.com/IN' Aug 28 09:36:51 ddnstest1 pdns[10041]: TCP Remote 127.0.0.1 wants 'example.com|SOA', do = 0, bufsize = 512: packetcache MISS Aug 28 09:36:51 ddnstest1 pdns[10041]: Query: select algorithm, secret from tsigkeys where name=E'ddns_update' Aug 28 09:36:51 ddnstest1 pdns[10041]: UPDATE (19329) from 127.0.0.1 for example.com: Processing started.
:
lots of query logs for inserting the records
:
Aug 28 09:36:51 ddnstest1 pdns[10041]: UPDATE (19329) from 127.0.0.1 for example.com: Update completed, 3 changed records committed. Aug 28 09:36:51 ddnstest1 named[1034]: zone example.com/IN: forwarded dynamic update: master 127.0.0.1#54 returned: NOERROR Aug 28 09:36:51 ddnstest1 dhcpd: DHCPREQUEST for 172.16.100.34 (172.16.100.5) from 52:54:00:41:5f:23 (client-ubuntu) via eth1 Aug 28 09:36:51 ddnstest1 dhcpd: DHCPACK on 172.16.100.34 to 52:54:00:41:5f:23 (client-ubuntu) via eth1 Aug 28 09:36:51 ddnstest1 dhcpd: Unable to add forward map from client-ubuntu.example.com to 172.16.100.34: tsig verify failure

:
Aug 28 09:37:58 ddnstest1 dhcpd: DHCPRELEASE of 172.16.100.34 from 52:54:00:41:5f:23 (client-ubuntu) via eth1 (found)

no further logs, and the dynamic records are not deleted.

One other small issue:
I notice that to increase the serial number in the SOA, PDNS is deleting and then inserting a new SOA record with the updated serial. In a separate installation I have a schema that holds additional information in the records table, and that information would be lost.
Is there a reason for delete/insert instead of update?

Regards,
Martin


(2014年08月27日 22:20), Ruben d'Arco wrote:
Hi Martin,

I've (with some help) fixed the bug.
I currently have the code here 
https://github.com/cyclops1982/pdns/tree/tsigforward
Could you build and try that version and see if it works for you?

Regards,
        Ruben


On Tue, Aug 26, 2014 at 09:36:57AM +0200, Ruben d'Arco wrote:
Hi Martin,

No worries. PDNS is not my work, just hobby so i have to squeeze it in between 
all kinds of stuff :-)

I am able to reproduce the issue locally now, which is already wonderful as 
that gives me options to debug it further.

When a update message is forwarded, the message ID is rewritten (as per 
rfc2136). I think PDNS validates the message with that new ID, and it might 
need to do it with the old ID. I still need to figure out what is correct here. 
The old ID is in the message somewhere together with the TSIG record. I need to 
try and implement a fix like that to validate if this really is the case.

So, we're moving forward and i hope i can give you a patched PDNS later this 
week.

Regards,
        Ruben


On Tue, Aug 26, 2014 at 03:57:31PM +0900, Martin Chandler wrote:
Hi Ruben,

Sorry to keep bothering you on this, but I notice that dhcpd sends
the original update request via UDP, but bind forwards the request
via TCP.

Could it be that there is some difference in the way PDNS is
handling TCP packets over UDP packets, and somehow mis-reading the
data that BIND is sending?

That would possible explain why setting the dhcp server to talk
straight to PDNS works, because it would be sending the expected UDP
packet, but forwarding over TCP fails.

btw, I also tried setting up a CentOS 6.5 server:
BIND 9.8.2
DHCPD 4.1.1
PDNS 3.4-rc1

but get the same results (i.e. unsuccessful).

Thanks,
Martin

_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users

_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users

Reply via email to