Hi Guys,
This is my first post on the forums so please forgive me if I'm in wrong location
I'm new to linux and enjoying configuring basic network services. :P
I'm Having some difficulty running DDNS updates using latest version on bind/DHCP available in CentOS 7.
My configuration :
SElinux set to permissive.
firewalld service stopped.
DHCP handing out ip addresses fine.
DNS resolving on the clients aswell.
The problem is dynamic dns updates arent happening.
dhcpd.conf
Code:
# dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
ddns-updates on;
ddns-update-style interim ;
#ddns-domainname "globomantics.local.";
ignore client-updates;
authoritative;
log-facility local7;
subnet 192.168.19.0 netmask 255.255.255.0 {
range 192.168.19.30 192.168.19.40;
option broadcast-address 192.168.19.255;
option routers 192.168.19.2;
option domain-search "globomantics.local";
option domain-name "globomantics.local";
option domain-name-servers 192.168.18.254;
ddns-ttl 86400;
}
zone globomantics.local. {
primary 192.168.19.254;
}
named.conf
Code:
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 {192.168.19.0/24;localhost;};
listen-on-v6 port 53 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query {any ; };
allow-query-cache { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion no;
dnssec-enable no;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
syslog local7;
severity dynamic;
print-category yes;
print-severity yes;
print-time yes;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "globomantics.local." IN {
type master;
allow-update {127.0.0.1;localhost;192.168.19.254; };
file "globomantics.local.db";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone db file:
Code:
$ORIGIN globomantics.local.
$TTL 86400
@ IN SOA server1.globomantics.local. root (
20140902;serial
21600 ;refesh after 6 hours
3600 ;retry after 1 hour
604800 ;expire after 1 week
86400 ) ;minimum ttl of 1 day
IN NS server1.globomantics.local.
server1 IN A 192.168.19.254
wtf IN A 192.168.19.253
Thanks in advance
Farhad