| View previous topic :: View next topic |
| Author |
Message |
Ant P.
Watchman
Joined: 18 Apr 2009
Posts: 6920
|
 Posted: Sat Jun 12, 2010 1:49 am Post subject: [SOLVED] dhcpd + bind - can't do ddns reverse map updates |
 |
|
I've been banging my head against this for hours now and I can't figure out what's wrong; I've got my DHCP server set up to add DNS entries, which works for the forward map (so I can do "host laptop.lan"), but the reverse map fails ("host 192.168.0.130" does not work). The logs go like this:
| Code: | ==> dhcpd/current <==
Jun 12 01:13:02 [dhcpd] DHCPDISCOVER from 00:22:43:43:55:e3 via br0
Jun 12 01:13:03 [dhcpd] DHCPOFFER on 192.168.0.130 to 00:22:43:43:55:e3 (laptop) via br0
==> named/debug.log <==
12-Jun-2010 01:13:03.009 update: client 127.0.0.1#38572: view internal: updating zone 'lan/IN': adding an RR at 'laptop.lan' A
12-Jun-2010 01:13:03.009 update: client 127.0.0.1#38572: view internal: updating zone 'lan/IN': adding an RR at 'laptop.lan' TXT
==> dhcpd/current <==
Jun 12 01:13:03 [dhcpd] Added new forward map from laptop.lan to 192.168.0.130
Jun 12 01:13:03 [dhcpd] unable to add reverse map from 130.0.168.192.in-addr.arpa to laptop.lan: timed out
Jun 12 01:13:03 [dhcpd] DHCPREQUEST for 192.168.0.130 (192.168.0.5) from 00:22:43:43:55:e3 (laptop) via br0
Jun 12 01:13:03 [dhcpd] DHCPACK on 192.168.0.130 to 00:22:43:43:55:e3 (laptop) via br0 |
And the config files (some stuff left out for readability):
named.conf
| Code: |
include "/etc/bind/logs.conf";
include "/etc/bind/rndc.key";
include "/etc/bind/dhcp.keys";
acl "trusted" {
192.168.0.0/24;
127.0.0.0/8;
};
options {
listen-on { any; };
allow-query { trusted; };
allow-query-cache { trusted; };
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
};
view "internal" in {
match-clients { trusted; };
recursion yes;
additional-from-auth yes;
additional-from-cache yes;
zone "." in {
type hint;
file "/var/bind/root.cache";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-query { any; };
allow-transfer { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-query { any; };
allow-transfer { none; };
notify no;
};
zone "lan." IN {
type master;
file "pri/lan.zone";
allow-update { key "dhcp-key"; };
};
zone "0.168.192.in-addr.arpa." IN {
type master;
file "pri/192.168.0.zone";
allow-update { key "dhcp-key"; };
};
}; |
dhcpd.conf
| Code: | authoritative;
ddns-domainname "lan";
ddns-rev-domainname "in-addr.arpa";
ddns-update-style interim;
default-lease-time 30;
max-lease-time 86400;
option domain-name "lan";
use-host-decl-names on;
include "/etc/bind/dhcp.keys";
zone lan. {
primary 127.0.0.1;
key dhcp-key;
}
zone 0.168.192.in-addr.arpa. {
primary 127.0.0.1;
key dhcp-key;
} |
I've tried everything I can think of - it really doesn't make sense why one would work but not the other because the config for both bits is virtually identical. Is there something really obvious I'm missing?
Last edited by Ant P. on Wed Jun 16, 2010 11:43 am; edited 1 time in total |
|
| Back to top |
|
 |
nativemad
Developer
Joined: 30 Aug 2004
Posts: 918
Location: Switzerland
|
| Posted: Mon Jun 14, 2010 10:48 am Post subject: |
|
|
I don't see anything obvious wrong...
The only thing i can think of are the file permissions of the zonefiles!?
Good luck
_________________
Power to the people! |
|
| Back to top |
|
|
Herring42
Guru
Joined: 10 Mar 2004
Posts: 373
Location: Buckinghamshire
|
| Posted: Mon Jun 14, 2010 12:12 pm Post subject: |
|
|
I've tried before and failed to get this working. 
Please let us know if you manage!
As far as I understood, the dynamic updates are not held in the zone files...
_________________
"The problem with quotes on the internet is that it is difficult
to determine whether or not they are genuine." -- Abraham Lincoln |
|
| Back to top |
|
|
nativemad
Developer
Joined: 30 Aug 2004
Posts: 918
Location: Switzerland
|
| Posted: Mon Jun 14, 2010 12:35 pm Post subject: |
|
|
| Herring42 wrote: |
As far as I understood, the dynamic updates are not held in the zone files... |
Of course they are! -Where should they be otherwise!? 
I have it working for years over here with about 10 different subnets declared!
_________________
Power to the people! |
|
| Back to top |
|
|
Herring42
Guru
Joined: 10 Mar 2004
Posts: 373
Location: Buckinghamshire
|
| Posted: Mon Jun 14, 2010 1:36 pm Post subject: |
|
|
| nativemad wrote: |
Of course they are! -Where should they be otherwise!?
|
Umm, in their own dynamic file? So you could separate those hosts you set directly from the dynamic ones? That would make sense to me!
_________________
"The problem with quotes on the internet is that it is difficult
to determine whether or not they are genuine." -- Abraham Lincoln |
|
| Back to top |
|
|
nativemad
Developer
Joined: 30 Aug 2004
Posts: 918
Location: Switzerland
|
| Posted: Mon Jun 14, 2010 2:05 pm Post subject: |
|
|
| Herring42 wrote: |
Umm, in their own dynamic file? So you could separate those hosts you set directly from the dynamic ones? That would make sense to me! |
Not really... they are in one zone file! -That's the reason why one should only allow dhcpd or special hosts to make updates!! (I remember a case where client-machines where able to delete the NS-records via nslookup on a Windows Domain controller  )
I don't see a real reason otherwise why they should be any different from static entries!?
_________________
Power to the people! |
|
| Back to top |
|
|
Ant P.
Watchman
Joined: 18 Apr 2009
Posts: 6920
|
| Posted: Tue Jun 15, 2010 1:56 pm Post subject: |
|
|
| Yes, I've already checked the permissions on the zone files. I can delete the .jnl that gets auto-created for forward DNS and it gets remade without a problem, so it's not that. |
|
| Back to top |
|
|
nativemad
Developer
Joined: 30 Aug 2004
Posts: 918
Location: Switzerland
|
| Posted: Wed Jun 16, 2010 5:12 am Post subject: |
|
|
Does the reverse zone work at all? Not that the problem is the zone itself...
| Code: | | host -a ip.of.the.server |
_________________
Power to the people! |
|
| Back to top |
|
|
Ant P.
Watchman
Joined: 18 Apr 2009
Posts: 6920
|
| Posted: Wed Jun 16, 2010 11:42 am Post subject: |
|
|
That was it!
My 192.168 zone had "$ORIGIN ." at the top of the file and apparently it didn't like that, even though all the DNS names in the file were absolute ones. Changed that to the in-addr.arpa thing it should be and everything works now. Thanks! |
|
| Back to top |
|
|
|
Networking & Security
