LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   BIND9/DHCP3 DDNS not working (http://www.linuxquestions.org/questions/linux-server-73/bind9-dhcp3-ddns-not-working-537429/)

swilliams2006 03-14-2007 10:52 AM

BIND9/DHCP3 DDNS not working
 
Hi,

I'm trying to set up DDNS and DHCP on my (k)Ubuntu 6.10 box.

I have installed the apt packages bind9 and dhcp3-server and set up the various conf filed, and generated an rndc key.

I have, for the most part, replaced the content of the distribution's .conf file with likeforlikes from my old (working) Red Hat box.

When a client joins the network and broadcasts for DHCP, it gets a response, but the DHCP does not appear to be updating the DDNS.

Here is what syslog records when a client connects:
Quote:

Mar 14 15:04:58 venezia dhcpd: DHCPDISCOVER from 00:09:5b:32:09:aa (milan) via eth0
Mar 14 15:04:59 venezia dhcpd: DHCPOFFER on 192.168.0.199 to 00:09:5b:32:09:aa (milan) via eth0
Mar 14 15:04:59 venezia dhcpd: DHCPREQUEST for 192.168.0.199 (192.168.0.1) from 00:09:5b:32:09:aa (milan) via eth0
Mar 14 15:04:59 venezia dhcpd: DHCPACK on 192.168.0.199 to 00:09:5b:32:09:aa (milan) via eth0
Mar 14 15:05:07 venezia dhcpd: DHCPREQUEST for 192.168.0.199 from 00:09:5b:32:09:aa (milan) via eth0
Mar 14 15:05:07 venezia dhcpd: DHCPACK on 192.168.0.199 to 00:09:5b:32:09:aa (milan) via eth0
Note that there is no mention of any attempt to update the DDNS.

Here is my dhcpd.conf
Quote:

server-identifier 192.168.0.1;
authoritative;
log-facility local7;
ddns-updates off;
ddns-update-style interim;
ddns-domainname "lasnobberia.net.local.";
ddns-rev-domainname "in-addr.arpa.";
#ignore client-updates;

key "rndc-key" {
algorithm hmac-md5;
secret "xyz";
};

zone lasnobberia.net.local. {
primary 192.168.0.1;
key rndc-key;
}

zone 0.168.192.in-addr.arpa. {
primary 192.168.0.1;
key rndc-key;
}

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.101 192.168.0.199;
default-lease-time 14400;
max-lease-time 14401;
option routers 192.168.0.1;
option ip-forwarding off;
option broadcast-address 192.168.0.255;
option subnet-mask 255.255.255.0;
option domain-name "lasnobberia.net.local";
option domain-name-servers 192.168.0.1;
#option ntp-server 192.168.0.1;
#option netbios-name-servers 192.168.0.1;
}
And my named.conf
Quote:

include "/etc/bind/named.conf.options";

default-server 127.0.0.1;
default-key "rndc-key";

key "rndc-key" {
algorithm hmac-md5;
secret "xyz";
};

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};


logging{
channel simple_log {
file "/var/log/bind.log" versions 3 size 5m;
severity warning;
print-time yes;
print-severity yes;
print-category yes;
};
category default{
simple_log;
};
};

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "lasnobberia.net.local" {
type master;
file "/etc/bind/db.lasnobberia";
allow-update { key "rndc-key"; };
notify no;
};

zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192";
allow-update { key "rndc-key"; };
notify no;
};

// add local zone definitions here
include "/etc/bind/named.conf.local";
named.conf.options
Quote:

options {
directory "/var/cache/bind";

// from bind 9:
// [fetch-glue] is obsolete. In BIND 8, fetch-glue yes caused the
// server to attempt to fetch glue resource records it didn't have
// when constructing the additional data section of a response.
// This is now considered a bad idea and BIND 9 never does it.

fetch-glue no;

// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.

query-source address * port 53;

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };

default-server 127.0.0.1;
default-key "rndc-key";

};
named.conf.local
Quote:

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
If I get the Windows workstation (Milan) to renew it's IP Address, then try to resolve it from the server:

Quote:

root@venezia:/var/log# nslookup
> server 127.0.0.1
Default server: 127.0.0.1
Address: 127.0.0.1#53
> milan
Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find milan: NXDOMAIN
> venezia
Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find venezia: NXDOMAIN
> milan.lasnobberia.net.local
Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find milan.lasnobberia.net.local: SERVFAIL
> venezia.lasnobberia.net.local
Server: 127.0.0.1
Address: 127.0.0.1#53

** server can't find venezia.lasnobberia.net.local: SERVFAIL
> root@venezia:/var/log#
It doesn't want to know! I have even copied the data for venezia over from my old redhat box and imported it into db.lasnobberia (As follows):

Quote:

$ORIGIN .
$TTL 86400 ; 1 day
lasnobberia.net.local IN SOA venezia.lasnobberia.net.local. root.lasnobberia.net.local. (
251 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS venezia.lasnobberia.net.local.
$TTL 86400 ; 1 day
sqlserver A 192.168.0.1
venezia A 192.168.0.1
If somebody could tell me what I am doing wrong I would be most grateful. I have spend hours googling and chopping and changing various bits of my .conf files per others' example.

JimBass 03-14-2007 11:26 AM

Major problem is in the dhcpd.conf file. You have:
Code:

server-identifier 192.168.0.1;
authoritative;
log-facility local7;
ddns-updates off;
ddns-update-style interim;

So if ddns-update is off, how is it supposed to update?

Read the dhcpd.conf man page. Looks like it should be simply commented out, or changed to on.

The rest of your configs look good, but please, for the love of God, use dig to check your DNS records. Nsupdate is a crap tool for investigating DNS issues, as it only gives a yes or no answer, with no help as to why you get that answer. Instead of nslookup, try dig with this setup:

Code:

dig milan.lasnobberia.net.local @localhost
You'll get much more useful info that way.

Peace,
JimBass

swilliams2006 03-14-2007 12:17 PM

Quote:

Originally Posted by JimBass
Major problem is in the dhcpd.conf file. You have:
Code:

server-identifier 192.168.0.1;
authoritative;
log-facility local7;
ddns-updates off;
ddns-update-style interim;

So if ddns-update is off, how is it supposed to update?

Read the dhcpd.conf man page. Looks like it should be simply commented out, or changed to on.

The rest of your configs look good, but please, for the love of God, use dig to check your DNS records. Nsupdate is a crap tool for investigating DNS issues, as it only gives a yes or no answer, with no help as to why you get that answer. Instead of nslookup, try dig with this setup:

Code:

dig milan.lasnobberia.net.local @localhost
You'll get much more useful info that way.

Peace,
JimBass

Hi,

Thanks for your response... and sorry for the confusion:

At the time of posting I had turned DDNS updates to off to debug an issue with the config of dhcpd.conf (can't remember what it was now), turning it back on made no difference... however after I removed the dots from the end of the zone definitions in dhcpd.conf it seems to be trying to update the DDNS.

AND. Nod Named is outputting SOMETHING to the syslog, before nothing would be logged for named at all so I didn't know what was going on.

Now I can actually see what is happening, all I'm left with to resolve, is the following error:
Quote:

Mar 14 17:10:41 venezia named[6713]: client 192.168.0.1#32777: updating zone 'lasnobberia.net.local/IN': adding an RR at 'milan.lasnobberia.net.local' A
Mar 14 17:10:41 venezia named[6713]: client 192.168.0.1#32777: updating zone 'lasnobberia.net.local/IN': adding an RR at 'milan.lasnobberia.net.local' TXT
Mar 14 17:10:41 venezia named[6713]: journal file /etc/bind/db.lasnobberia.jnl does not exist, creating it
Mar 14 17:10:41 venezia named[6713]: /etc/bind/db.lasnobberia.jnl: create: permission denied
Mar 14 17:10:41 venezia named[6713]: client 192.168.0.1#32777: updating zone 'lasnobberia.net.local/IN': error: journal open failed: unexpected error
Mar 14 17:10:41 venezia dhcpd: Unable to add forward map from milan.lasnobberia.net.local. to 192.168.0.199: timed out
Which should be easy enough to resolve. Otherwise I will find the answer on Google... or just 'touch' the journal for it.

Thanks for your hint on using 'dig'. Thanks again for your time responding to this thread. Please consider it resolved.

Cheers Mate,
Steve

JimBass 03-14-2007 12:29 PM

Fixing the problem should be as simple as setting things so whatever user BIND runs as (usually named or bind) has write permissions in /etc/bind/ and on the individual files in question too.

Let me know how that works out.

Peace,
JimBass

swilliams2006 03-14-2007 01:02 PM

Quote:

Originally Posted by JimBass
Fixing the problem should be as simple as setting things so whatever user BIND runs as (usually named or bind) has write permissions in /etc/bind/ and on the individual files in question too.

Let me know how that works out.

Peace,
JimBass

Thanks for your response, JimBass, I've touched db.lasnobberia.jnl and set rw-rw---- and chown bind:bind, it's still not at all happy, giving it rw-rw-rw- makes it a bit happier... now the error is:

Code:

Mar 14 17:51:39 venezia named[6713]: client 192.168.0.1#32777: updating zone 'lasnobberia.net.local/IN': error: journal open failed: no more
So I am guessing I need to find out what Bind runs as (or make bind run as bind) then remove the .jnl file and let bind create it properly.

We shall see!

Thanks again for all your help,

Steve

swilliams2006 03-14-2007 01:35 PM

That's it, I've got it working now. The problem would appear to be that out of the box, Bind9 on Kubuntu does not run as user "bind" it runs as some other non-privilaged user...

So anyone else getting permission problems on Kubuntu with BIND9 should modify their:

/etc/default/bind9 file:
Code:

OPTIONS="-u bind"
to force Bind to run as Bind.

Then permissions for /etc/bind should be rw-rw---- and the owner should be bind:bind

Hope this helps anyone else getting this problem,
Steve

PS: It's running quite happily now. Now all I need to do is make my Linux clients tell the DHCP their hostname!!!

JimBass 03-14-2007 01:44 PM

That can be configured in /etc/dhclient.conf. Just uncomment send-host-name, and set it to the hostname you want.

Peace,
JimBass

paul_mat 03-16-2007 09:58 PM

I spend soooo long trying to figure out Bind and DDNS myself, so I wrote what I think is a pretty simple how-to for it on my website, check it out, might be your answer.

DDNS and DHCP
http://www.opensourcehowto.org/how-t...-and-dhcp.html

swilliams2006 03-17-2007 05:07 AM

Quote:

Originally Posted by JimBass
That can be configured in /etc/dhclient.conf. Just uncomment send-host-name, and set it to the hostname you want.

Peace,
JimBass

Thanks. About five minutes after I posted that I googled it. There are lots of other bits in dhclient.conf that I *wont* be playing with, though!

Thanks again JimBass!

JimBass 03-18-2007 02:07 PM

No problem man, glad to be of help!

Peace,
JimBass

jmwhite5 06-22-2008 12:42 PM

Quote:

Originally Posted by swilliams2006 (Post 2669976)
Thanks for your response, JimBass, I've touched db.lasnobberia.jnl and set rw-rw---- and chown bind:bind, it's still not at all happy, giving it rw-rw-rw- makes it a bit happier... now the error is:

Code:

Mar 14 17:51:39 venezia named[6713]: client 192.168.0.1#32777: updating zone 'lasnobberia.net.local/IN': error: journal open failed: no more
So I am guessing I need to find out what Bind runs as (or make bind run as bind) then remove the .jnl file and let bind create it properly.

We shall see!

Thanks again for all your help,

Steve

I have a Centos 4.6 installation and ran into the same issue. This was after fighting SELINUX (ran a bunch audit2allow commands). After figuring out all the SELINUX permissions, bind had endedup with an zero length .jcl file. This was causing this "journal open failed" error. After playing around with some permissions, I ended up just manually deleting the .jcl file and the next DDNS update went fine. The .jcl file got recreated correctly. Everything is finally working.


All times are GMT -5. The time now is 09:19 PM.