DHCP DDNS Update problem on CentOS 7

FarhadF · 09-14-2014, 07:09 AM

Hi Guys,
This is my first post on the forums so please forgive me if I'm in wrong location

I'm new to linux and enjoying configuring basic network services. :P
I'm Having some difficulty running DDNS updates using latest version on bind/DHCP available in CentOS 7.
My configuration :
SElinux set to permissive.
firewalld service stopped.
DHCP handing out ip addresses fine.
DNS resolving on the clients aswell.
The problem is dynamic dns updates arent happening.

dhcpd.conf

Code:

# dhcpd.conf

default-lease-time 600;
max-lease-time 7200;

ddns-updates on;
ddns-update-style interim ;
#ddns-domainname "globomantics.local.";
ignore client-updates;

authoritative;

log-facility local7;

subnet 192.168.19.0 netmask 255.255.255.0 {
        range 192.168.19.30 192.168.19.40;
        option broadcast-address 192.168.19.255;
        option routers 192.168.19.2;
        option domain-search "globomantics.local";
        option domain-name "globomantics.local";
        option domain-name-servers 192.168.18.254;
        ddns-ttl 86400;
}
zone globomantics.local. {
        primary 192.168.19.254;
}

named.conf

Code:

// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//


options {
        listen-on port 53 {192.168.19.0/24;localhost;};
        listen-on-v6 port 53 { none; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     {any ; };
        allow-query-cache { any; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion no;

        dnssec-enable no;

        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                syslog local7;
                severity dynamic;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};
zone "globomantics.local." IN {
        type master;
        allow-update {127.0.0.1;localhost;192.168.19.254; };
        file "globomantics.local.db";

};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone db file:

Code:

$ORIGIN globomantics.local.
$TTL 86400
@       IN      SOA     server1.globomantics.local. root (
                20140902;serial
                21600           ;refesh after 6 hours
                3600            ;retry after 1 hour
                604800          ;expire after 1 week
                86400 )         ;minimum ttl of 1 day
        IN      NS      server1.globomantics.local.
server1 IN      A       192.168.19.254
wtf     IN      A       192.168.19.253

Thanks in advance
Farhad

halvy · 09-21-2014, 05:30 PM

The only thing that stuck out was your recursion is set to no, in named.

It's a shot in the dark if you havn't tried that already.