Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have search the 'net far and wide to find the 'right' way to configure a DHCP and DNS server (using dhcp3 and bind9) I've got the servers working, to a degree, but cannot get the dhcp server to update the dns with details of new clients.
The problem can be seen in the daemon.log when a client requests a DHCP address from the server:-
Code:
Aug 13 00:03:53 nameserver named[1794]: starting BIND 9.4.1-P1.1 -u bind
Aug 13 00:03:53 nameserver named[1794]: found 1 CPU, using 1 worker thread
Aug 13 00:03:53 nameserver named[1794]: loading configuration from '/etc/bind/named.conf'
Aug 13 00:03:53 nameserver named[1794]: listening on IPv4 interface lo, 127.0.0.1#53
Aug 13 00:03:53 nameserver named[1794]: listening on IPv4 interface eth0, 192.168.1.3#53
Aug 13 00:03:53 nameserver named[1794]: listening on IPv4 interface vmnet8, 192.168.65.1#53
Aug 13 00:03:53 nameserver named[1794]: listening on IPv4 interface vmnet1, 192.168.81.1#53
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 254.169.IN-ADDR.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: D.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 8.E.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 9.E.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: A.E.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: B.E.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: command channel listening on 127.0.0.1#953
Aug 13 00:03:53 nameserver named[1794]: zone 0.in-addr.arpa/IN: loaded serial 1
Aug 13 00:03:53 nameserver named[1794]: zone 127.in-addr.arpa/IN: loaded serial 1
Aug 13 00:03:53 nameserver named[1794]: /etc/bind/zones/rev.1.168.192.in-addr.arpa:1: no TTL specified; using SOA MINTTL instead
Aug 13 00:03:53 nameserver named[1794]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2006081401
Aug 13 00:03:53 nameserver named[1794]: zone 255.in-addr.arpa/IN: loaded serial 1
Aug 13 00:03:53 nameserver named[1794]: zone localhost/IN: loaded serial 1
Aug 13 00:03:53 nameserver named[1794]: /etc/bind/zones/example.com.db:1: no TTL specified; using SOA MINTTL instead
Aug 13 00:03:53 nameserver named[1794]: zone example.com/IN: loaded serial 2006081402
Aug 13 00:03:53 nameserver named[1794]: running
Aug 13 00:04:13 nameserver dhcpd: DHCPRELEASE of 192.168.1.66 from 00:08:74:9d:ec:d5 (clienthostname) via eth0 (found)
Aug 13 00:04:14 nameserver dhcpd: DHCPDISCOVER from 00:08:74:9d:ec:d5 via eth0
Aug 13 00:04:15 nameserver dhcpd: DHCPOFFER on 192.168.1.66 to 00:08:74:9d:ec:d5 (clienthostname) via eth0
Aug 13 00:04:15 nameserver dhcpd: Unable to add forward map from clienthostname.example.com to 192.168.1.66: connection refused
Aug 13 00:04:15 nameserver dhcpd: DHCPREQUEST for 192.168.1.66 (192.168.1.3) from 00:08:74:9d:ec:d5 (clienthostname) via eth0
Aug 13 00:04:15 nameserver dhcpd: DHCPACK on 192.168.1.66 to 00:08:74:9d:ec:d5 (clienthostname) via eth0
The problem being "nameserver dhcpd: Unable to add forward map from clienthostname.example.com to 192.168.1.66: connection refused".
Does anyone know why permission is being refused? I've made sure that the bind group has read/write access on the /etc/bind directory and that the dchpd group has read/write access on the /etc/dhcp3 directory. I presume it's a problem with the keys, but I can't see where it is!
Any help would be gratefully received. I've searched the web/forums for advice and have not found anything, so apologies if this has been answered elsewhere :-)
"connection refused" is a network error, not a permissions problem. it means that the port is not open on the target machine. check the services and ports open on 192.168.1.66
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
192.168.1.66 isn't the server, that's the DDNS entry that failed.
Try
Code:
dig example.com @192.168.1.3
what's the output? If it was a problem with the key there should be a log message from named stating so. It seems as if there might be a firewall blocking port 53.
wups, yes I misinterpreted the log. however, "connection refused" is still a network error at the transport level (UDP in this case, most likely). It can come from over the wire or from loopback.
I'll bow out here, since I'm unsure of DHCP -> DNS update details. I just wanted to comment on the network error. either some service is not listening on the right port, or the update is being sent to the wrong host/port.
Thanks for the tips. I've run this command on the server
Code:
dig example.com @192.168.1.3
and got this response:-
Code:
; <<>> DiG 9.4.1-P1.1 <<>> example.com @192.168.1.3 ; (1 server found) ;; global options: printcmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25671 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN A
;; AUTHORITY SECTION:
example.com. 38400 IN SOA
nameserver.example.com. admin.example.com.
2006081402 28800 3600 604800 38400
;; Query time: 114 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Thu Aug 14 11:45:52 2008
;; MSG SIZE rcvd: 95
I've also done a port scan on 192.168.1.3 and 127.0.0.1 and it shows that port 53 is open and being used by a 'domain' service. So I guess this sounds OK. I'm running this on ubuntu 7.10 and I can't see where I can change any firewall settings. Probably my lack of knowledge :-)
Thanks Chort! Changing the dchpd.conf seemed to help a lot, although I'm not quite there yet :-)
My daemon.log now shows this:-
Code:
Aug 15 21:42:18 nameserver dhcpd: DHCPDISCOVER from 00:13:8f:54:ba:0d via eth0
Aug 15 21:42:19 nameserver dhcpd: DHCPOFFER on 192.168.1.65 to 00:13:8f:54:ba:0d (clienthostname) via eth0
Aug 15 21:42:19 nameserver named[20741]: client 127.0.0.1#32779: updating zone 'example.com/IN': adding an RR at 'clienthostname.example.com' A
Aug 15 21:42:19 nameserver named[20741]: client 127.0.0.1#32779: updating zone 'example.com/IN': adding an RR at 'clienthostname.example.com' TXT
Aug 15 21:42:19 nameserver dhcpd: Added new forward map from clienthostname.example.com to 192.168.1.65
Aug 15 21:42:19 nameserver dhcpd: unable to add reverse map from 65.1.168.192.1.168.192.in-addr.arpa to clienthostname.example.com: timed out
Aug 15 21:42:19 nameserver dhcpd: DHCPREQUEST for 192.168.1.65 (192.168.1.3) from 00:13:8f:54:ba:0d (clienthostname) via eth0
Aug 15 21:42:19 nameserver dhcpd: DHCPACK on 192.168.1.65 to 00:13:8f:54:ba:0d (clienthostname) via eth0
I'm not sure, but the 65.1.168.192.1.168.192.in-addr.arpa doesn't look right to me. looking at other posts I would expect it to be 65.1.168.192.in-addr.arpa
Hi. Right, think it's working now. found an error in dhcpd.conf and changed
Code:
zone 0.1.168.192.in-addr.arpa. {
primary 127.0.0.1;
key rndc-key;
}
to
Code:
zone 1.168.192.in-addr.arpa. {
primary 127.0.0.1;
key rndc-key;
}
The reverse map is now added, although the double joined ip address still exists in the daemon.log
Code:
Aug 16 01:23:57 nameserver dhcpd: added reverse map from 65.1.168.192.1.168.192.in-addr.arpa to clienthostname.example.com
Can anyone tell me if this is OK?
**Update** I'm not sure this is OK. If I ping clienthostname from a windows machine then it resolves to 192.168.1.65 correctly. If I ping -a 192.168.1.65 then the result does not show me the hostname of the client as I would expect.
Last edited by Baldychap; 08-16-2008 at 11:12 AM.
Reason: Additional info.
Thanks again Chort, everything now seems to be working fine. You've been a great help
For the benefit of others here are my final .conf files for my single DHCP/DDNS server with ip address of 192.168.1.3
/etc/dhcp3/dhcpd.conf
Code:
server-identifier 192.168.1.3;
authoritative;
ddns-domainname "example.com";
ddns-rev-domainname "in-addr.arpa";
# How to connect to the DNS server and update it.
ddns-update-style interim;
include "/etc/dhcp3/rndc.key";
# Use what key in what zone
zone example.com. {
primary 127.0.0.1;
key rndc-key;
}
zone 1.168.192.in-addr.arpa. {
primary 127.0.0.1;
key rndc-key;
}
# Subnet definition w/ accompanying options
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.30 192.168.1.99;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option domain-name "example.com";
one-lease-per-client on;
default-lease-time 604800;
max-lease-time 604800;
# Gateways and DNS servers
option routers 192.168.1.1;
option domain-name-servers 192.168.1.3;
}
/etc/bind/named.conf
Code:
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
include "/etc/bind/named.conf.options";
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
/etc/bind/named.conf.options
Code:
include "/etc/bind/rndc.key";
options {
directory "/var/cache/bind";
## Put in your (internet) nameservers here
forwarders {
212.159.13.49;
212.159.13.50;
};
auth-nxdomain no;
};
zone "example.com" {
type master;
file "/etc/bind/zones/example.com.db";
allow-update { key "rndc-key"; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/1.168.192.in-addr.arpa";
allow-update { key "rndc-key"; };
};
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.