LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 08-13-2008, 09:15 AM   #1
Baldychap
LQ Newbie
 
Registered: Feb 2006
Location: Dartford, UK
Posts: 9

Rep: Reputation: 0
Problem updating DNS with DHCP.


Hello All,

I have search the 'net far and wide to find the 'right' way to configure a DHCP and DNS server (using dhcp3 and bind9) I've got the servers working, to a degree, but cannot get the dhcp server to update the dns with details of new clients.

I have used the very helpful pdf at http://www.realmtech.net/documents/DynamicDNS.pdf and also some information from http://ubuntuforums.org/showthread.php?t=267974 to get where I am today and my named.conf.options is:-

Code:
include "/etc/bind/rndc.key";
options {
  directory "/var/cache/bind";
  forwarders {
	212.159.13.49;
        212.159.13.50;
  };
  auth-nxdomain no;
};
controls {
  inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
zone "example.com" {
  type master;
  file "/etc/bind/zones/example.com.db";
  allow-update { key "rndc-key"; };
};
zone "1.168.192.in-addr.arpa" {
     type master;
     file "/etc/bind/zones/rev.1.168.192.in-addr.arpa";
  allow-update { key "rndc-key"; };
};
and my dhcpd.conf is:-

Code:
server-identifier 192.168.1.3;
authoritative;
ddns-domainname "example.com";
ddns-rev-domainname "rev.1.168.192.in-addr.arpa";
ddns-update-style interim;
include "/etc/dhcp3/rndc.key";
zone example.com. {
  primary 192.168.1.0;
  key rndc-key;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.30 192.168.1.99;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.1.255;
  option domain-name "example.com";
  one-lease-per-client on;
  default-lease-time 604800;
  max-lease-time 604800;
  # Gateways and DNS servers
  option routers 192.168.1.1;
  option domain-name-servers 192.168.1.3;
}
The problem can be seen in the daemon.log when a client requests a DHCP address from the server:-

Code:
Aug 13 00:03:53 nameserver named[1794]: starting BIND 9.4.1-P1.1 -u bind
Aug 13 00:03:53 nameserver named[1794]: found 1 CPU, using 1 worker thread
Aug 13 00:03:53 nameserver named[1794]: loading configuration from '/etc/bind/named.conf'
Aug 13 00:03:53 nameserver named[1794]: listening on IPv4 interface lo, 127.0.0.1#53
Aug 13 00:03:53 nameserver named[1794]: listening on IPv4 interface eth0, 192.168.1.3#53
Aug 13 00:03:53 nameserver named[1794]: listening on IPv4 interface vmnet8, 192.168.65.1#53
Aug 13 00:03:53 nameserver named[1794]: listening on IPv4 interface vmnet1, 192.168.81.1#53
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 254.169.IN-ADDR.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: D.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 8.E.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 9.E.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: A.E.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: B.E.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: command channel listening on 127.0.0.1#953
Aug 13 00:03:53 nameserver named[1794]: zone 0.in-addr.arpa/IN: loaded serial 1
Aug 13 00:03:53 nameserver named[1794]: zone 127.in-addr.arpa/IN: loaded serial 1
Aug 13 00:03:53 nameserver named[1794]: /etc/bind/zones/rev.1.168.192.in-addr.arpa:1: no TTL specified; using SOA MINTTL instead
Aug 13 00:03:53 nameserver named[1794]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2006081401
Aug 13 00:03:53 nameserver named[1794]: zone 255.in-addr.arpa/IN: loaded serial 1
Aug 13 00:03:53 nameserver named[1794]: zone localhost/IN: loaded serial 1
Aug 13 00:03:53 nameserver named[1794]: /etc/bind/zones/example.com.db:1: no TTL specified; using SOA MINTTL instead
Aug 13 00:03:53 nameserver named[1794]: zone example.com/IN: loaded serial 2006081402
Aug 13 00:03:53 nameserver named[1794]: running
Aug 13 00:04:13 nameserver dhcpd: DHCPRELEASE of 192.168.1.66 from 00:08:74:9d:ec:d5 (clienthostname) via eth0 (found)
Aug 13 00:04:14 nameserver dhcpd: DHCPDISCOVER from 00:08:74:9d:ec:d5 via eth0
Aug 13 00:04:15 nameserver dhcpd: DHCPOFFER on 192.168.1.66 to 00:08:74:9d:ec:d5 (clienthostname) via eth0
Aug 13 00:04:15 nameserver dhcpd: Unable to add forward map from clienthostname.example.com to 192.168.1.66: connection refused
Aug 13 00:04:15 nameserver dhcpd: DHCPREQUEST for 192.168.1.66 (192.168.1.3) from 00:08:74:9d:ec:d5 (clienthostname) via eth0
Aug 13 00:04:15 nameserver dhcpd: DHCPACK on 192.168.1.66 to 00:08:74:9d:ec:d5 (clienthostname) via eth0
The problem being "nameserver dhcpd: Unable to add forward map from clienthostname.example.com to 192.168.1.66: connection refused".

Does anyone know why permission is being refused? I've made sure that the bind group has read/write access on the /etc/bind directory and that the dchpd group has read/write access on the /etc/dhcp3 directory. I presume it's a problem with the keys, but I can't see where it is!

Any help would be gratefully received. I've searched the web/forums for advice and have not found anything, so apologies if this has been answered elsewhere :-)

Kind Regards,

Baldychap.
 
Old 08-13-2008, 01:09 PM   #2
grepmasterd
Member
 
Registered: Aug 2003
Location: Seattle
Distribution: ubuntu, lately
Posts: 182
Blog Entries: 1

Rep: Reputation: 35
"connection refused" is a network error, not a permissions problem. it means that the port is not open on the target machine. check the services and ports open on 192.168.1.66
 
Old 08-13-2008, 01:36 PM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
192.168.1.66 isn't the server, that's the DDNS entry that failed.

Try
Code:
dig example.com @192.168.1.3
what's the output? If it was a problem with the key there should be a log message from named stating so. It seems as if there might be a firewall blocking port 53.
 
Old 08-13-2008, 02:33 PM   #4
grepmasterd
Member
 
Registered: Aug 2003
Location: Seattle
Distribution: ubuntu, lately
Posts: 182
Blog Entries: 1

Rep: Reputation: 35
wups, yes I misinterpreted the log. however, "connection refused" is still a network error at the transport level (UDP in this case, most likely). It can come from over the wire or from loopback.

I'll bow out here, since I'm unsure of DHCP -> DNS update details. I just wanted to comment on the network error. either some service is not listening on the right port, or the update is being sent to the wrong host/port.
 
Old 08-14-2008, 12:00 PM   #5
Baldychap
LQ Newbie
 
Registered: Feb 2006
Location: Dartford, UK
Posts: 9

Original Poster
Rep: Reputation: 0
Thanks for the tips. I've run this command on the server

Code:
dig example.com @192.168.1.3
and got this response:-

Code:
; <<>> DiG 9.4.1-P1.1 <<>> example.com @192.168.1.3 ; (1 server found) ;; global options:  printcmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25671 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;example.com.     IN      A

;; AUTHORITY SECTION:
example.com. 38400 IN     SOA
nameserver.example.com. admin.example.com.
2006081402 28800 3600 604800 38400

;; Query time: 114 msec
;; SERVER: 192.168.1.3#53(192.168.1.3)
;; WHEN: Thu Aug 14 11:45:52 2008
;; MSG SIZE  rcvd: 95
I've also done a port scan on 192.168.1.3 and 127.0.0.1 and it shows that port 53 is open and being used by a 'domain' service. So I guess this sounds OK. I'm running this on ubuntu 7.10 and I can't see where I can change any firewall settings. Probably my lack of knowledge :-)
 
Old 08-14-2008, 06:37 PM   #6
Baldychap
LQ Newbie
 
Registered: Feb 2006
Location: Dartford, UK
Posts: 9

Original Poster
Rep: Reputation: 0
Hi, I've also installed firestarter to make sure that ports 67,68 and 53 (used by DNS and DHCP) are not blocked. The same problem still exists

Any other ideas gratefully received!
 
Old 08-14-2008, 09:37 PM   #7
grepmasterd
Member
 
Registered: Aug 2003
Location: Seattle
Distribution: ubuntu, lately
Posts: 182
Blog Entries: 1

Rep: Reputation: 35
tcpdump is your friend. try watching eth0 and lo
 
Old 08-15-2008, 02:17 AM   #8
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
I forgot rndc runs on port 953. Try
Code:
$ sudo rndc status
and see if that gets refused.

Oh, a casual glance at dhcpd.conf settings for DDNS tends to indicate that this:
PHP Code:
zone example.com. {
  
primary 192.168.1.0;
  
key rndc-key;

should probably be changed to this:
PHP Code:
zone example.com. {
  
primary 127.0.0.1;
  
key rndc-key;

 
Old 08-15-2008, 04:53 PM   #9
Baldychap
LQ Newbie
 
Registered: Feb 2006
Location: Dartford, UK
Posts: 9

Original Poster
Rep: Reputation: 0
Thanks Chort! Changing the dchpd.conf seemed to help a lot, although I'm not quite there yet :-)

My daemon.log now shows this:-

Code:
Aug 15 21:42:18 nameserver dhcpd: DHCPDISCOVER from 00:13:8f:54:ba:0d via eth0
Aug 15 21:42:19 nameserver dhcpd: DHCPOFFER on 192.168.1.65 to 00:13:8f:54:ba:0d (clienthostname) via eth0
Aug 15 21:42:19 nameserver named[20741]: client 127.0.0.1#32779: updating zone 'example.com/IN': adding an RR at 'clienthostname.example.com' A
Aug 15 21:42:19 nameserver named[20741]: client 127.0.0.1#32779: updating zone 'example.com/IN': adding an RR at 'clienthostname.example.com' TXT
Aug 15 21:42:19 nameserver dhcpd: Added new forward map from clienthostname.example.com to 192.168.1.65
Aug 15 21:42:19 nameserver dhcpd: unable to add reverse map from 65.1.168.192.1.168.192.in-addr.arpa to clienthostname.example.com: timed out
Aug 15 21:42:19 nameserver dhcpd: DHCPREQUEST for 192.168.1.65 (192.168.1.3) from 00:13:8f:54:ba:0d (clienthostname) via eth0
Aug 15 21:42:19 nameserver dhcpd: DHCPACK on 192.168.1.65 to 00:13:8f:54:ba:0d (clienthostname) via eth0
I'm not sure, but the 65.1.168.192.1.168.192.in-addr.arpa doesn't look right to me. looking at other posts I would expect it to be 65.1.168.192.in-addr.arpa

Any idea what is going wrong? Thanks.
 
Old 08-16-2008, 06:21 AM   #10
Baldychap
LQ Newbie
 
Registered: Feb 2006
Location: Dartford, UK
Posts: 9

Original Poster
Rep: Reputation: 0
Hi. Right, think it's working now. found an error in dhcpd.conf and changed
Code:
zone 0.1.168.192.in-addr.arpa. {
  primary 127.0.0.1;
  key rndc-key;
}
to
Code:
zone 1.168.192.in-addr.arpa. {
  primary 127.0.0.1;
  key rndc-key;
}
The reverse map is now added, although the double joined ip address still exists in the daemon.log

Code:
Aug 16 01:23:57 nameserver dhcpd: added reverse map from 65.1.168.192.1.168.192.in-addr.arpa to clienthostname.example.com
Can anyone tell me if this is OK?

**Update** I'm not sure this is OK. If I ping clienthostname from a windows machine then it resolves to 192.168.1.65 correctly. If I ping -a 192.168.1.65 then the result does not show me the hostname of the client as I would expect.

Last edited by Baldychap; 08-16-2008 at 12:12 PM. Reason: Additional info.
 
Old 08-17-2008, 02:45 AM   #11
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Looks like the correct reverse zone is:
Code:
ddns-rev-domainname "in-addr.arpa";
 
Old 08-18-2008, 03:27 PM   #12
Baldychap
LQ Newbie
 
Registered: Feb 2006
Location: Dartford, UK
Posts: 9

Original Poster
Rep: Reputation: 0
Thanks again Chort, everything now seems to be working fine. You've been a great help

For the benefit of others here are my final .conf files for my single DHCP/DDNS server with ip address of 192.168.1.3

/etc/dhcp3/dhcpd.conf
Code:
server-identifier 192.168.1.3;
authoritative;
ddns-domainname "example.com";
ddns-rev-domainname "in-addr.arpa";
# How to connect to the DNS server and update it.
ddns-update-style interim;
include "/etc/dhcp3/rndc.key";
# Use what key in what zone
zone example.com. {
  primary 127.0.0.1;
  key rndc-key;
}
zone 1.168.192.in-addr.arpa. {
  primary 127.0.0.1;
  key rndc-key;
}
# Subnet definition w/ accompanying options
subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.30 192.168.1.99;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.1.255;
  option domain-name "example.com";
  one-lease-per-client on;
  default-lease-time 604800;
  max-lease-time 604800;
  # Gateways and DNS servers
  option routers 192.168.1.1;
  option domain-name-servers 192.168.1.3;
}
/etc/bind/named.conf
Code:
controls {
  inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
include "/etc/bind/named.conf.options";
zone "." {
	type hint;
	file "/etc/bind/db.root";
};
zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};
/etc/bind/named.conf.options
Code:
include "/etc/bind/rndc.key";
options {
  directory "/var/cache/bind";
  ## Put in your (internet) nameservers here
  forwarders {
	212.159.13.49;
        212.159.13.50;
  };
  auth-nxdomain no;
};
zone "example.com" {
  type master;
  file "/etc/bind/zones/example.com.db";
  allow-update { key "rndc-key"; };
};
zone "1.168.192.in-addr.arpa" {
     type master;
     file "/etc/bind/zones/1.168.192.in-addr.arpa";
  allow-update { key "rndc-key"; };
};
/etc/bind/zones/example.com.db
Code:
example.com IN SOA nameserver.example.com. admin.example.com. (
				2006081437 ; serial
				28800      ; refresh (8 hours)
				3600       ; retry (1 hour)
				604800     ; expire (1 week)
				38400      ; minimum (10 hours 40 minutes)
				)
			NS	nameserver.example.com.
/etc/bind/zones/1.168.192.in-addr.arpa.db
Code:
@ IN SOA nameserver.example.com. admin.example.com. (
                        2006081401;
                        28800; 
                        604800;
                        604800;
                        86400 
)

                     IN    NS     nameserver.example.com.
3                    IN    PTR    example.com
I also copied the rndc.key file from /etc/bind to /etc/dhcp3.

Of course, if there are any changes that should be made to these files to make DHCP/DNS work better or more secure then please post them here.

Kind Regards,

Baldychap.

Last edited by Baldychap; 08-21-2008 at 05:11 PM.
 
  


Reply

Tags
bind, bind9, ddns, dhcp, dhcp3, dns


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Zone file(s) problem, datestamps keep updating on secondary DNS server. ipa Linux - Newbie 1 08-05-2008 11:58 AM
dhcp not updating dns.... rwazar Linux - Networking 29 07-10-2008 12:47 PM
Dhcp,dns,voip Problem birendra84@gmail.com Linux - Newbie 1 01-22-2008 08:29 AM
DNS or DHCP problem dutche Linux - Networking 1 08-09-2006 10:38 AM
dynamic updating reverse-dns problem Garbledwords Linux - Networking 4 06-24-2005 03:04 PM


All times are GMT -5. The time now is 07:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration