View previous topic :: View next topic |
Author |
Message |
Ant P. Watchman

Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sat Jun 12, 2010 1:49 am Post subject: [SOLVED] dhcpd + bind - can't do ddns reverse map updates |
|
|
I've been banging my head against this for hours now and I can't figure out what's wrong; I've got my DHCP server set up to add DNS entries, which works for the forward map (so I can do "host laptop.lan"), but the reverse map fails ("host 192.168.0.130" does not work). The logs go like this:
Code: | ==> dhcpd/current <==
Jun 12 01:13:02 [dhcpd] DHCPDISCOVER from 00:22:43:43:55:e3 via br0
Jun 12 01:13:03 [dhcpd] DHCPOFFER on 192.168.0.130 to 00:22:43:43:55:e3 (laptop) via br0
==> named/debug.log <==
12-Jun-2010 01:13:03.009 update: client 127.0.0.1#38572: view internal: updating zone 'lan/IN': adding an RR at 'laptop.lan' A
12-Jun-2010 01:13:03.009 update: client 127.0.0.1#38572: view internal: updating zone 'lan/IN': adding an RR at 'laptop.lan' TXT
==> dhcpd/current <==
Jun 12 01:13:03 [dhcpd] Added new forward map from laptop.lan to 192.168.0.130
Jun 12 01:13:03 [dhcpd] unable to add reverse map from 130.0.168.192.in-addr.arpa to laptop.lan: timed out
Jun 12 01:13:03 [dhcpd] DHCPREQUEST for 192.168.0.130 (192.168.0.5) from 00:22:43:43:55:e3 (laptop) via br0
Jun 12 01:13:03 [dhcpd] DHCPACK on 192.168.0.130 to 00:22:43:43:55:e3 (laptop) via br0 |
And the config files (some stuff left out for readability):
named.conf
Code: |
include "/etc/bind/logs.conf";
include "/etc/bind/rndc.key";
include "/etc/bind/dhcp.keys";
acl "trusted" {
192.168.0.0/24;
127.0.0.0/8;
};
options {
listen-on { any; };
allow-query { trusted; };
allow-query-cache { trusted; };
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
};
view "internal" in {
match-clients { trusted; };
recursion yes;
additional-from-auth yes;
additional-from-cache yes;
zone "." in {
type hint;
file "/var/bind/root.cache";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-query { any; };
allow-transfer { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-query { any; };
allow-transfer { none; };
notify no;
};
zone "lan." IN {
type master;
file "pri/lan.zone";
allow-update { key "dhcp-key"; };
};
zone "0.168.192.in-addr.arpa." IN {
type master;
file "pri/192.168.0.zone";
allow-update { key "dhcp-key"; };
};
}; |
dhcpd.conf
Code: | authoritative;
ddns-domainname "lan";
ddns-rev-domainname "in-addr.arpa";
ddns-update-style interim;
default-lease-time 30;
max-lease-time 86400;
option domain-name "lan";
use-host-decl-names on;
include "/etc/bind/dhcp.keys";
zone lan. {
primary 127.0.0.1;
key dhcp-key;
}
zone 0.168.192.in-addr.arpa. {
primary 127.0.0.1;
key dhcp-key;
} |
I've tried everything I can think of - it really doesn't make sense why one would work but not the other because the config for both bits is virtually identical. Is there something really obvious I'm missing?
Last edited by Ant P. on Wed Jun 16, 2010 11:43 am; edited 1 time in total |
|
Back to top |
|
 |
nativemad Developer


Joined: 30 Aug 2004 Posts: 918 Location: Switzerland
|
Posted: Mon Jun 14, 2010 10:48 am Post subject: |
|
|
I don't see anything obvious wrong...
The only thing i can think of are the file permissions of the zonefiles!?
Good luck _________________ Power to the people! |
|
Back to top |
|
 |
Herring42 Guru


Joined: 10 Mar 2004 Posts: 373 Location: Buckinghamshire
|
Posted: Mon Jun 14, 2010 12:12 pm Post subject: |
|
|
I've tried before and failed to get this working.
Please let us know if you manage!
As far as I understood, the dynamic updates are not held in the zone files... _________________ "The problem with quotes on the internet is that it is difficult
to determine whether or not they are genuine." -- Abraham Lincoln |
|
Back to top |
|
 |
nativemad Developer


Joined: 30 Aug 2004 Posts: 918 Location: Switzerland
|
Posted: Mon Jun 14, 2010 12:35 pm Post subject: |
|
|
Herring42 wrote: |
As far as I understood, the dynamic updates are not held in the zone files... |
Of course they are! -Where should they be otherwise!?
I have it working for years over here with about 10 different subnets declared! _________________ Power to the people! |
|
Back to top |
|
 |
Herring42 Guru


Joined: 10 Mar 2004 Posts: 373 Location: Buckinghamshire
|
Posted: Mon Jun 14, 2010 1:36 pm Post subject: |
|
|
nativemad wrote: |
Of course they are! -Where should they be otherwise!?
|
Umm, in their own dynamic file? So you could separate those hosts you set directly from the dynamic ones? That would make sense to me! _________________ "The problem with quotes on the internet is that it is difficult
to determine whether or not they are genuine." -- Abraham Lincoln |
|
Back to top |
|
 |
nativemad Developer


Joined: 30 Aug 2004 Posts: 918 Location: Switzerland
|
Posted: Mon Jun 14, 2010 2:05 pm Post subject: |
|
|
Herring42 wrote: |
Umm, in their own dynamic file? So you could separate those hosts you set directly from the dynamic ones? That would make sense to me! |
Not really... they are in one zone file! -That's the reason why one should only allow dhcpd or special hosts to make updates!! (I remember a case where client-machines where able to delete the NS-records via nslookup on a Windows Domain controller )
I don't see a real reason otherwise why they should be any different from static entries!? _________________ Power to the people! |
|
Back to top |
|
 |
Ant P. Watchman

Joined: 18 Apr 2009 Posts: 6920
|
Posted: Tue Jun 15, 2010 1:56 pm Post subject: |
|
|
Yes, I've already checked the permissions on the zone files. I can delete the .jnl that gets auto-created for forward DNS and it gets remade without a problem, so it's not that. |
|
Back to top |
|
 |
nativemad Developer


Joined: 30 Aug 2004 Posts: 918 Location: Switzerland
|
Posted: Wed Jun 16, 2010 5:12 am Post subject: |
|
|
Does the reverse zone work at all? Not that the problem is the zone itself...
Code: | host -a ip.of.the.server |
_________________ Power to the people! |
|
Back to top |
|
 |
Ant P. Watchman

Joined: 18 Apr 2009 Posts: 6920
|
Posted: Wed Jun 16, 2010 11:42 am Post subject: |
|
|
That was it!
My 192.168 zone had "$ORIGIN ." at the top of the file and apparently it didn't like that, even though all the DNS names in the file were absolute ones. Changed that to the in-addr.arpa thing it should be and everything works now. Thanks! |
|
Back to top |
|
 |
|