Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I'm trying to set up DDNS and DHCP on my (k)Ubuntu 6.10 box.
I have installed the apt packages bind9 and dhcp3-server and set up the various conf filed, and generated an rndc key.
I have, for the most part, replaced the content of the distribution's .conf file with likeforlikes from my old (working) Red Hat box.
When a client joins the network and broadcasts for DHCP, it gets a response, but the DHCP does not appear to be updating the DDNS.
Here is what syslog records when a client connects:
Quote:
Mar 14 15:04:58 venezia dhcpd: DHCPDISCOVER from 00:09:5b:32:09:aa (milan) via eth0
Mar 14 15:04:59 venezia dhcpd: DHCPOFFER on 192.168.0.199 to 00:09:5b:32:09:aa (milan) via eth0
Mar 14 15:04:59 venezia dhcpd: DHCPREQUEST for 192.168.0.199 (192.168.0.1) from 00:09:5b:32:09:aa (milan) via eth0
Mar 14 15:04:59 venezia dhcpd: DHCPACK on 192.168.0.199 to 00:09:5b:32:09:aa (milan) via eth0
Mar 14 15:05:07 venezia dhcpd: DHCPREQUEST for 192.168.0.199 from 00:09:5b:32:09:aa (milan) via eth0
Mar 14 15:05:07 venezia dhcpd: DHCPACK on 192.168.0.199 to 00:09:5b:32:09:aa (milan) via eth0
Note that there is no mention of any attempt to update the DDNS.
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "lasnobberia.net.local" {
type master;
file "/etc/bind/db.lasnobberia";
allow-update { key "rndc-key"; };
notify no;
};
zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192";
allow-update { key "rndc-key"; };
notify no;
};
// add local zone definitions here
include "/etc/bind/named.conf.local";
named.conf.options
Quote:
options {
directory "/var/cache/bind";
// from bind 9:
// [fetch-glue] is obsolete. In BIND 8, fetch-glue yes caused the
// server to attempt to fetch glue resource records it didn't have
// when constructing the additional data section of a response.
// This is now considered a bad idea and BIND 9 never does it.
fetch-glue no;
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
default-server 127.0.0.1;
default-key "rndc-key";
};
named.conf.local
Quote:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
If I get the Windows workstation (Milan) to renew it's IP Address, then try to resolve it from the server:
Quote:
root@venezia:/var/log# nslookup
> server 127.0.0.1
Default server: 127.0.0.1
Address: 127.0.0.1#53
> milan
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find milan: NXDOMAIN
> venezia
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find venezia.lasnobberia.net.local: SERVFAIL
> root@venezia:/var/log#
It doesn't want to know! I have even copied the data for venezia over from my old redhat box and imported it into db.lasnobberia (As follows):
Quote:
$ORIGIN .
$TTL 86400 ; 1 day
lasnobberia.net.local IN SOA venezia.lasnobberia.net.local. root.lasnobberia.net.local. (
251 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS venezia.lasnobberia.net.local.
$TTL 86400 ; 1 day
sqlserver A 192.168.0.1
venezia A 192.168.0.1
If somebody could tell me what I am doing wrong I would be most grateful. I have spend hours googling and chopping and changing various bits of my .conf files per others' example.
So if ddns-update is off, how is it supposed to update?
Read the dhcpd.conf man page. Looks like it should be simply commented out, or changed to on.
The rest of your configs look good, but please, for the love of God, use dig to check your DNS records. Nsupdate is a crap tool for investigating DNS issues, as it only gives a yes or no answer, with no help as to why you get that answer. Instead of nslookup, try dig with this setup:
So if ddns-update is off, how is it supposed to update?
Read the dhcpd.conf man page. Looks like it should be simply commented out, or changed to on.
The rest of your configs look good, but please, for the love of God, use dig to check your DNS records. Nsupdate is a crap tool for investigating DNS issues, as it only gives a yes or no answer, with no help as to why you get that answer. Instead of nslookup, try dig with this setup:
Code:
dig milan.lasnobberia.net.local @localhost
You'll get much more useful info that way.
Peace,
JimBass
Hi,
Thanks for your response... and sorry for the confusion:
At the time of posting I had turned DDNS updates to off to debug an issue with the config of dhcpd.conf (can't remember what it was now), turning it back on made no difference... however after I removed the dots from the end of the zone definitions in dhcpd.conf it seems to be trying to update the DDNS.
AND. Nod Named is outputting SOMETHING to the syslog, before nothing would be logged for named at all so I didn't know what was going on.
Now I can actually see what is happening, all I'm left with to resolve, is the following error:
Quote:
Mar 14 17:10:41 venezia named[6713]: client 192.168.0.1#32777: updating zone 'lasnobberia.net.local/IN': adding an RR at 'milan.lasnobberia.net.local' A
Mar 14 17:10:41 venezia named[6713]: client 192.168.0.1#32777: updating zone 'lasnobberia.net.local/IN': adding an RR at 'milan.lasnobberia.net.local' TXT
Mar 14 17:10:41 venezia named[6713]: journal file /etc/bind/db.lasnobberia.jnl does not exist, creating it
Mar 14 17:10:41 venezia named[6713]: /etc/bind/db.lasnobberia.jnl: create: permission denied
Mar 14 17:10:41 venezia named[6713]: client 192.168.0.1#32777: updating zone 'lasnobberia.net.local/IN': error: journal open failed: unexpected error
Mar 14 17:10:41 venezia dhcpd: Unable to add forward map from milan.lasnobberia.net.local. to 192.168.0.199: timed out
Which should be easy enough to resolve. Otherwise I will find the answer on Google... or just 'touch' the journal for it.
Thanks for your hint on using 'dig'. Thanks again for your time responding to this thread. Please consider it resolved.
Fixing the problem should be as simple as setting things so whatever user BIND runs as (usually named or bind) has write permissions in /etc/bind/ and on the individual files in question too.
Fixing the problem should be as simple as setting things so whatever user BIND runs as (usually named or bind) has write permissions in /etc/bind/ and on the individual files in question too.
Let me know how that works out.
Peace,
JimBass
Thanks for your response, JimBass, I've touched db.lasnobberia.jnl and set rw-rw---- and chown bind:bind, it's still not at all happy, giving it rw-rw-rw- makes it a bit happier... now the error is:
Code:
Mar 14 17:51:39 venezia named[6713]: client 192.168.0.1#32777: updating zone 'lasnobberia.net.local/IN': error: journal open failed: no more
So I am guessing I need to find out what Bind runs as (or make bind run as bind) then remove the .jnl file and let bind create it properly.
That's it, I've got it working now. The problem would appear to be that out of the box, Bind9 on Kubuntu does not run as user "bind" it runs as some other non-privilaged user...
So anyone else getting permission problems on Kubuntu with BIND9 should modify their:
/etc/default/bind9 file:
Code:
OPTIONS="-u bind"
to force Bind to run as Bind.
Then permissions for /etc/bind should be rw-rw---- and the owner should be bind:bind
Hope this helps anyone else getting this problem,
Steve
PS: It's running quite happily now. Now all I need to do is make my Linux clients tell the DHCP their hostname!!!
I spend soooo long trying to figure out Bind and DDNS myself, so I wrote what I think is a pretty simple how-to for it on my website, check it out, might be your answer.
Thanks for your response, JimBass, I've touched db.lasnobberia.jnl and set rw-rw---- and chown bind:bind, it's still not at all happy, giving it rw-rw-rw- makes it a bit happier... now the error is:
Code:
Mar 14 17:51:39 venezia named[6713]: client 192.168.0.1#32777: updating zone 'lasnobberia.net.local/IN': error: journal open failed: no more
So I am guessing I need to find out what Bind runs as (or make bind run as bind) then remove the .jnl file and let bind create it properly.
We shall see!
Thanks again for all your help,
Steve
I have a Centos 4.6 installation and ran into the same issue. This was after fighting SELINUX (ran a bunch audit2allow commands). After figuring out all the SELINUX permissions, bind had endedup with an zero length .jcl file. This was causing this "journal open failed" error. After playing around with some permissions, I ended up just manually deleting the .jcl file and the next DDNS update went fine. The .jcl file got recreated correctly. Everything is finally working.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
