Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

DDNS trouble, permission denied adding forward map
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
pettsson
n00b
n00b


Joined: 23 Dec 2006
Posts: 16
PostPosted: Tue Apr 29, 2008 8:26 am    Post subject: DDNS trouble, permission denied adding forward map Reply with quote
Hi all,
I cannot get DDNS working on my network. My setup consists of two servers, 192.168.0.1/Srv1 and 192.168.0.2/Srv2. Srv1 is a router/external services (such as Apache/MTA) server, and Srv2 handles internal services (Login, DHCP, DNS).
Srv2 has Dhcpd and Bind installed, with the configs listed at the bottom of the post. When I connect a client and start a DHCP client, I get an IP, but nothing is written to the zone files. /var/log/messages contains this:
Code:

Apr 28 23:18:00 srv2 dhcpd: Unable to add forward map from client.mydomain.com to 192.168.0.100: connection refused
Apr 28 23:18:00 srv2 dhcpd: DHCPREQUEST for 192.168.0.100 from 00:50:8b:8b:78:70 via eth0
Apr 28 23:18:00 srv2 dhcpd: DHCPACK on 192.168.0.100 to 00:50:8b:8b:78:70 via eth0

I've tried following a multitude of guides on DDNS, but none have helped. The named user has full access to the zone files. Any other info you need to troubleshoot this?

What could be wrong?

Best regards

Code:

# /etc/dhcp/dhcpd.conf
server-identifier 192.168.0.2;
option domain-name-servers 192.168.0.2;

authoritative;
ddns-updates on;
ddns-update-style interim;
update-static-leases on;

key dhcpupdate {
        algorithm hmac-md5;
        secret mysecret;
}

zone 0.168.192.in-addr.arpa {
        primary 192.168.0.2;
        key dhcpupdate;
}
zone mydomain.com {
        primary 192.168.0.2;
        key dhcpupdate;
}

default-lease-time 86400;
max-lease-time 86400;

subnet 192.168.0.0 netmask 255.255.255.0 {
        ddns-domainname "mydomain.com";
        ddns-rev-domainname "in-addr.arpa";
        option routers 192.168.0.1;
        range 192.168.0.10 192.168.0.100;

        # Many group statements
}


Code:

# /etc/bind/named.conf
key dhcpupdate {
        algorithm hmac-md5;
        secret "mysecret";
};

acl "myacl" {
        192.168.0.0/24;
        127.0.0.1;
};

options {
        directory "/var/bind/";
        pid-file "/var/run/named/named.pid";
        forwarders {
                192.168.0.1;
        };
        listen-on {
                127.0.0.1;
                192.168.0.1;
        };
        allow-query { "myacl"; };
};

zone "." {
        type hint;
        file "named.ca";
};

zone "mydomain.com" IN {
        type master;
        file "pri/mydomain.com";
        allow-update { key "dhcpupdate"; };
};
zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "pri/192.168.0.rev";
        allow-update { key "dhcpupdate"; };
};

zone "localhost" IN {
        type master;
        file "pri/localhost";
        allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "pri/localhost.rev";
        allow-update { none; };
};
Back to top
View user's profile Send private message
Spooky Ghost
Apprentice
Apprentice


Joined: 19 Apr 2002
Posts: 210
Location: Bristol, United Kingdom
PostPosted: Fri May 02, 2008 8:49 am    Post subject: Reply with quote
I have this working ok on my system but I do have a few extra lines and I don't know if these make a difference:

dhcpd.conf:
Code:

ddns-hostname = pick (option fqdn.hostname, option host-name);
ddns-domainname "mydomain.com";
ddns-ttl 3600;
ignore client-updates;


You probably want the ttl to match your lease time. My zone definition in named.conf

Code:

zone "mydomain.com" {
        type master;
        file "pri/mydomain.com.zone";

        update-policy {
                deny * name nameserver.mydomain.com. ANY;   # This record is protected from updates
                grant dhcpupdate wildcard *.mydomain.com. ANY;  # Any other records are ok to update
        };
};
Back to top
View user's profile Send private message
pettsson
n00b
n00b


Joined: 23 Dec 2006
Posts: 16
PostPosted: Wed May 14, 2008 9:20 am    Post subject: Reply with quote
Thanks!
After a bit of troubleshooting I found the problem was because the rndc key wasn't set up properly. However...
I've redone and cleaned up my configs a bit, and poked around some. There is even some progress... That is, there is a new error message :?
When I connect a client, I now get this:
Code:

May 14 10:59:42 srv2 dhcpd: Unable to add forward map from client.mydomain.com. to 192.168.0.11: bad DNS key
May 14 10:59:42 srv2 dhcpd: DHCPREQUEST for 192.168.0.11 from 00:50:8b:8b:78:70 via eth0
May 14 10:59:42 srv2 dhcpd: DHCPACK on 192.168.0.11 to 00:50:8b:8b:78:70 via eth0

I don't get it... I've even regenerated new keys just to make certain they are really correct, and checked and double-checked the configs. wth?

dhcpd.conf:
Code:

server-identifier 192.168.0.2;
option domain-name-servers 192.168.0.2;

ddns-hostname=pick(option fqdn.hostname, option host-name);
ddns-domainname "mydomain.com.";
ddns-rev-domainname "in-addr.arpa.";
ddns-ttl 3600;
ddns-updates on;
ddns-update-style interim;
#allow client-updates;
authoritative;
update-static-leases on;

key srv2.mydomain.com. {
        algorithm hmac-md5;
        secret "MyTopSecretSecret";
}
key rndc-key {
        algorithm hmac-md5;
        secret "OMG-Secret";
}

zone 0.168.192.in-addr.arpa. {
        primary 192.168.0.1;
        key srv2.mydomain.com.;
}
zone mydomain.com. {
        primary 192.168.0.1;
        key srv2.mydomain.com.;
}


default-lease-time 86400;
max-lease-time 86400;

subnet 192.168.0.0 netmask 255.255.255.0 {
        option domain-name "kluster.dask";
        option routers 192.168.0.1;
        range 192.168.0.10 192.168.0.100;

# Hosts/Groups
}


named.conf
Code:

key srv2.mydomain.com. {
        algorithm hmac-md5;
        secret "MyTopSecretSecret";
};
key rndc-key {
       algorithm hmac-md5;
       secret "OMG-Secret";
};


acl "mydomain" {
        192.168.0.0/24;
        127.0.0.1;
};

controls {
       inet 127.0.0.1 port 953
              allow { 127.0.0.1; 192.168.0.2; } keys { "rndc-key"; };
};


options {
        directory "/var/bind/";
        pid-file "/var/run/named/named.pid";
        forwarders {
                192.168.0.1;
        };
        listen-on {
                127.0.0.1;
                192.168.0.2;
        };
        allow-query { "mydomain"; };
};

zone "." {
        type hint;
        file "named.ca";
};

zone "mydomain.com" IN {
        type master;
        file "pri/mydomain.com";
#       allow-update { key "srv2.mydomain.com."; };
        update-policy { grant srv2.mydomain.com. subdomain mydomain.com. ANY; };
};
zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "pri/192.168.0.rev";
#       allow-update { key "srv2.mydomain.com."; };
        update-policy { grant srv2.mydomain.com. subdomain 0.168.192.in-addr.arpa ANY; };
};

zone "localhost" IN {
        type master;
        file "pri/localhost";
        allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "pri/localhost.rev";
        allow-update { none; };
};
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy