Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: DHCPv6 isn't updating DNS (Philippe Cl?ri?)
----------------------------------------------------------------------
Message: 1
Date: Sat, 12 Aug 2017 06:51:44 -0400
From: Philippe Cl?ri? <phili...@gcal.net>
To: dhcp-users@lists.isc.org
Subject: Re: DHCPv6 isn't updating DNS
Message-ID: <e9df5781-ff08-c57b-6b81-7cfe6f5b3...@gcal.net>
Content-Type: text/plain; charset=utf-8; format=flowed
On 07/29/2017 03:57 PM, Joshua Schaeffer wrote:
> TL;DR
> Sorry for the long email, but I'm having a very hard time getting my DHCP
> server that is setup to provide IPv6 address to update my DNS server. It
> seems that isc-dhcp doesn't have the functionality to do this. Is this a
> limitation of the protocol? I've read through the man pages for dhcpd,
> dhcpd.conf, dhcp-options, dhcp-eval, dhclient, and dhclient.conf as well as
> RFC 3315 and snippets of other RFC's related to DHCPv6 and IPv6. As far I can
> tell this should be possible, but maybe I'm missing something obvious. Does
> anybody have a working DHCPv6 server that is properly updating AAAA and PTR
> records? Full description of my issue is below.
>
> -------------------------------------------------------
>
> I've been running into a problem with getting my DHCPv6 server to update my
> DNS server and been asking around on how to fix this or what I have done
> wrong in my configuration, but so far I haven't been able to get this
> resolved. I've tried numerous settings and configuration changes, but nothing
> seems to work. When I have my DHCP server providing IPv6 addresses, it seems
> that the DHCP server never even attempts to communicate with the DNS server
> to update the AAAA and PTR records. Perhaps I'm missing something about the
> functionality between DHCPv6 and DNS. Is it possible to update DNS AAAA and
> PTR records from a DHCP server providing IPv6 addresses?
>
> I have setup a development environment in which I have two configurations.
> One for IPv4 (dhcpd.conf) and one for IPv6 (dhcpd6.conf). The two config
> files are as identical as they can be. When I serve IPv4, DNS gets updated,
> but when I serve IPv6, I it doesn't. I've tried debugging the code and set
> various breakpoints to see if I can find out what is going on, but I just
> don't have enough experience with programming and don't know enough about the
> program itself to get very far. I'm using isc-dhcp 4.3.5 that I compiled from
> source. Here is what I've setup in my dev environment:
>
> IPv6 configuration:
>
> ###############
> # DHCPD6.CONF #
> ###############
> authoritative;
>
> option dhcp6.domain-search "appendata.net";
> option dhcp6.name-servers fc01::a1;
> default-lease-time 86400;
> max-lease-time 604800;
>
> log-facility local7;
>
> ddns-updates on;
> ddns-update-style standard;
> ddns-domainname "appendata.net.";
> ddns-rev-domainname "ip6.arpa.";
> do-forward-updates on;
> deny client-updates;
> update-static-leases on;
> update-optimization off;
>
> include "/etc/keys/Kddns-aaaa-rrs.+157+02940.private";
> include "/etc/keys/Kddns-ptr-rrs.+157+36566.private";
>
> zone appendata.net. {
> primary6 fc01::a1;
> key "ddns-aaaa-rrs";
> }
> zone 0.0.0.0.0.0.0.0.0.0.0.0.1.0.c.f.ip6.arpa. {
> primary6 fc01::a1;
> key "ddns-ptr-rrs";
> }
>
> subnet6 fc01::/64 {
> default-lease-time 604800;
> max-lease-time 2419200;
>
> pool6 {
> range6 fc01::1:0:0:0/80;
> }
> }
>
> #########################
> # NAMED.CONF.LOCAL (IPV6) #
> #########################
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> include "/etc/bind/zones.rfc1918";
> include "/etc/bind/Kddns-aaaa-rrs.+157+02940.private";
> include "/etc/bind/Kddns-ptr-rrs.+157+36566.private";
>
> zone "appendata.net" in {
> type master;
> notify no;
> file "/var/lib/bind/db.appendata.net";
> allow-update {
> key ddns-aaaa-rrs;
> };
> };
>
> zone "0.0.0.0.0.0.0.0.0.0.0.0.1.0.c.f.ip6.arpa" in {
> type master;
> notify no;
> file "/var/lib/bind/db.fc01.0000.0000.0000";
> allow-update {
> key ddns-ptr-rrs;
> };
> };
>
> I then start the DHCPv6 server:
>
> root@dhcp01:~# dhcpd -6 -cf /etc/dhcp/dhcpd6.conf -lf
> /var/lib/dhcp/dhcpd6.leases -pf /run/dhcpd6.pid
>
> I have a test client as well. I issue the following command on the client:
>
> $ dhclient -6 -cf /etc/dhcp/dhclient.conf -lf
> /var/lib/dhcp/dhclient6.leases
>
> And this is what I see from the DHCPv6 server:
>
> [...]
> Server starting service.
> Solicit message from fe80::a00:27ff:fefc:35fa port 546, transaction ID
> 0xC9E2BF00
> Picking pool address fc01::1:a9f1:2990:24b9
> Advertise NA: address fc01::1:a9f1:2990:24b9 to client with duid
> 00:01:00:01:21:0f:82:c6:08:00:27:fc:35:fa iaid = 670840314 valid for 604800
> seconds
> Sending Advertise to fe80::a00:27ff:fefc:35fa port 546
> Request message from fe80::a00:27ff:fefc:35fa port 546, transaction ID
> 0x14153D00
> Reply NA: address fc01::1:a9f1:2990:24b9 to client with duid
> 00:01:00:01:21:0f:82:c6:08:00:27:fc:35:fa iaid = 670840314 valid for 604800
> seconds
> Sending Reply to fe80::a00:27ff:fefc:35fa port 546
>
> The DHCP server is working just fine in the sense that it hands out
> addresses, but it never updates DNS. When I sniff the wire, there isn't a
> single packet that the DHCP server sends to the DNS server. I also have the
> DNS server log set to DEBUG, I don't ever see anything in the log. Now when I
> start my DHCP server using my IPv4 configuration, DHCP updates the DNS
> server. I only have minor change between the configuration files.
>
> ##############
> # DHCPD.CONF #
> ##############
> authoritative;
>
> option domain-name "appendata.net";
> option domain-name-servers 172.16.0.2;
> default-lease-time 86400;
> max-lease-time 604800;
>
> log-facility local7;
>
> ddns-updates on;
> ddns-update-style standard;
> ddns-domainname "appendata.net.";
> ddns-rev-domainname "in-addr.arpa.";
> do-forward-updates on;
> deny client-updates;
> update-static-leases on;
> update-optimization off;
>
> include "/etc/keys/Kddns-a-rrs.+157+41383.private";
> include "/etc/keys/Kddns-ptr-rrs.+157+36566.private";
>
> zone appendata.net. {
> primary 172.16.0.2;
> key "ddns-a-rrs";
> }
> zone 0.16.172.in-addr.arpa. {
> primary 172.16.0.2;
> key "ddns-ptr-rrs";
> }
>
> subnet 172.16.0.0 netmask 255.255.255.0 {
> default-lease-time 604800;
> max-lease-time 2419200;
>
> pool {
> range 172.16.0.10 172.16.0.20;
> }
> }
>
> #########################
> # NAMED.CONF.LOCAL (IPV4) #
> #########################
> //
> // Do any local configuration here
> //
>
> // Consider adding the 1918 zones here, if they are not used in your
> // organization
> include "/etc/bind/zones.rfc1918";
> include "/etc/bind/Kddns-a-rrs.+157+41383.private";
> include "/etc/bind/Kddns-ptr-rrs.+157+36566.private";
>
> zone "appendata.net" in {
> type master;
> notify no;
> file "/var/lib/bind/db.appendata.net";
> allow-update {
> key "ddns-a-rrs";
> };
> };
>
> zone "0.16.172.in-addr.arpa" in {
> type master;
> notify no;
> file "/var/lib/bind/db.172.16.0";
> allow-update {
> key "ddns-ptr-rrs";
> };
> };
>
> I start the DHCP server then run the client again. However, this time I can
> see that A and PTR records are getting updated:
>
> $ dhcpd -4 -cf /etc/dhcp/dhcpd.conf -lf /var/lib/dhcp/dhcpd.leases -pf
> /run/dhcpd.pid
>
> $ dhclient -4 -cf /etc/dhcp/dhclient.conf -lf
> /var/lib/dhcp/dhclient.leases
>
> Here is the output from the DHCP server:
>
> [...]
> Server starting service.
> DHCPDISCOVER from 08:00:27:05:95:af via enp0s8
> Ping timeout: 1
> DHCPOFFER on 172.16.0.10 to 08:00:27:05:95:af (dhcpclient01) via enp0s8
> DHCPREQUEST for 172.16.0.10 (172.16.0.3) from 08:00:27:05:95:af
> (dhcpclient01) via enp0s8
> DHCPACK on 172.16.0.10 to 08:00:27:05:95:af (dhcpclient01) via enp0s8
> Added new forward map from dhcpclient01.appendata.net. to 172.16.0.10
> Added reverse map from 10.0.16.172.in-addr.arpa. to
> dhcpclient01.appendata.net
>
> And from the DNS log:
>
> Jul 29 13:34:11 dns01 named[3432]: update-security: info: client
> 172.16.0.3#20083/key ddns-a-rrs: signer "ddns-a-rrs" approved
> Jul 29 13:34:11 dns01 named[3432]: update: info: client
> 172.16.0.3#20083/key ddns-a-rrs: updating zone 'appendata.net/IN': deleting
> rrset at 'dhcpclient01.appendata.net' A
> Jul 29 13:34:11 dns01 named[3432]: update: info: client
> 172.16.0.3#20083/key ddns-a-rrs: updating zone 'appendata.net/IN': adding an
> RR at 'dhcpclient01.appendata.net' A 172.16.0.10
> Jul 29 13:34:11 dns01 named[3432]: update-security: info: client
> 172.16.0.3#20083/key ddns-ptr-rrs: signer "ddns-ptr-rrs" approved
> Jul 29 13:34:11 dns01 named[3432]: update: info: client
> 172.16.0.3#20083/key ddns-ptr-rrs: updating zone '0.16.172.in-addr.arpa/IN':
> deleting rrset at '10.0.16.172.in-addr.arpa' PTR
> Jul 29 13:34:11 dns01 named[3432]: update: info: client
> 172.16.0.3#20083/key ddns-ptr-rrs: updating zone '0.16.172.in-addr.arpa/IN':
> adding an RR at '10.0.16.172.in-addr.arpa' PTR dhcpclient01.appendata.net.
>
> I'm just not sure what I'm missing here. To me it looks like DNS server's can
> be updated from DHCPv6 servers. Any help would be much appreciated.
>
> Thanks,
> Joshua Schaeffer
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
I also have the same problem. In fact, I posted about it:
https://lists.isc.org/pipermail/dhcp-users/2015-June/018952.html
In my case though it's only the static leases. Dynamic addresses update
just fine. Eventually I quit trying and used static records when needed.
I kept the configuration to get some warning if/when some update has it
working.
--
Philippe
------
The trouble with common sense it that it is so uncommon.
<Anonymous>
------------------------------
Subject: Digest Footer
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 106, Issue 9
******************************************
