dhcp not updating dns....

rwazar · 07-09-2008, 10:40 AM

So I've searched and searched.....been from one side of the net to the other and I can't seem to find a solution to my problem. I've come across many "similar" problems but not exactly what mine is since manually nsupdate works. I searched these forums with the same results. I'm just trying to teach myself how to set all this up myself. Hopefully someone can help cuz I'm stumped. I've changed my config files around so much I don't know which way is up anymore lol

RHEL 5.2 (2.6.18-92.el5xen)
Bind-9.3.4-6.P1.el5 (as well as chroot)
dhcp-3.0.5-13.el5

I have 2 identical physical hosts connected alone on a switch, no connections to any other networks. One of which is the nameserver for a test domain on a 10.10.0.0 network. The nameserver seems to be operating properly, forward and reverse lookups work for hosts identified in DNS. On the same host I have a xen VM that is running dhcpd and is providing address on the same network but in the range of 10.10.0.20-10.10.0.30. It is successfully responding to dhcp requests and giving out addresses to other VM's on the same host as well as the other physical host. My issue is that dhcp is not updating dns.

I have successfully added updates via nsupdate and it created a journal file and the dhcp clients could perform lookups successfully. However the dhcpd server is not updating dns records properly.

The dhcpd server error:
dhcpd: Forward map from dhcptest1.test.com to 10.10.0.29 FAILED: Has an A record but no DHCID, not mine.

The named server error:
updating zone 'test.com/IN':update unsuccessful: test.com: 'name not in use' prerequisite not satisfied (YXDOMAIN)
updating zone 'test.com/IN':update unsuccessful: test.com/TXT: 'RRset exists (value dependent); prerequisite not satisfied (NXRRSET)

named.conf:

Code:

acl local {
10.10.0.0/24;
}
options {
	directory "/etc";
	pid-file "/var/run/named/named.pid";
	};

zone "test.com" {
	type master;
	file "/var/named/slaves/test.com.hosts";
	notify yes;
	allow-update { local; };
	};
zone "0.10.10.in-addr.arpa" {
	type master;
	file "/var/named/slaves/10.10.0.rev";
	allow-update { local; };
	};
key rndc-key {
	algorithm hmac-md5;
	secret "UN1liKX7u/tsqKkjmg4PwQ==";
	};
controls {
	inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
	};

dhcpd.conf:

Code:

ddns-update-style interim;
ddns-domainname "test.com.";
ddns-rev-domainname "0.10.10.in-addr.arpa.";
ddns-updates on;
authoritative;
allow unknown-clients;
default-lease-time 60;
max-lease-time 60;
option domain-name-servers 10.10.0.1;
option domain-name "test.com";
option broadcast-address 10.10.0.255;
option subnet-mask 255.255.255.0;
zone 0.10.10.in-addr.arpa. {
	primary 10.10.0.1;
	}
zone test.com. {
	primary 10.10.0.1;
	}
subnet 10.10.0.0 netmask 255.255.255.0 {
	option domain-name "test.com";
        option doman-name-servers 10.10.0.1;
        ddns-domainname "test.com";
	allow unknown-clients;
	ddns-updates on;
	range 10.10.0.20 10.10.0.30;
	}

Any help would be appreciated....thanks.

rwazar · 07-09-2008, 11:54 AM

So far from what I've read......those error's are "supposed" to be a result of the client name already in use. (duh as the error states)
But I don't see it anywhere..... after I tested using nsupdate (just to see if things worked properly) I shut it all down and removed the .jnl file. I wonder if I hosed myself in that respect...

ARC1450 · 07-09-2008, 01:57 PM

The .jnl file is just the journal file for BIND to ensure that the entries in the zone files are correct. If you want to see this in action, edit a zone file but leave the .jnl in place and restart BIND; it'll refuse to load that zone because it doesn't match the .jnl.

Anyway, these types of errors (the record exists, blah blah) doesn't mean that the client's name is already in use. I've seen those errors where the RRSet actually did exist, and I've seen that where there are authentication errors. I'd suggest disabling key-based authentication real quick and do something like allowing the update from an IP. See what flies with that.

rwazar · 07-09-2008, 02:00 PM

thanks for the clarification on the jnl file ARC....
I've thought about disabling the keys but I wasn't exactly sure how to allow it to do updates another way. I'll look into setting it up to allow from the dhcp server IP.....

Thanks ARC1450
<fingers crossed>

ARC1450 · 07-09-2008, 02:02 PM

Like this (we'll assume your DHCP server is 10.0.0.1):

Code:

zone "0.10.10.in-addr.arpa" {
	type master;
	file "/var/named/slaves/10.10.0.rev";
	allow-update { 10.0.0.1; };
	};

rwazar · 07-09-2008, 03:13 PM

Man this is fun... lol
I couldn't get the ip address alone in the allow-update to work so I addedd an acl to named.conf
acl local {
10.10.0.0/24;
};

set "allow-update" in the zones to local

from the dhcp server I used nsupdate to add a host entry to the nameserver and it worked.
HOWEVER
If when the dhcp server tries to update a record on it's own it still gives the same error message when trying to add a host that hasn't been added yet.

basically I'm still having the same issue only the key's are no longer involved. It's gonna end up being something trivial....

I need to find out what these "prerequisites" are that the errors are complaining about.

ARC1450 · 07-09-2008, 03:29 PM

D'oh

The DHCP server won't update the DNS properly because of the key, I believe. So take out "key landmark" (or comment it out) from your DHCP zone and see what happens.

I got keys working once, but it was a major pain and after an update, it never worked again.

rwazar · 07-09-2008, 03:36 PM

ya I did that earlier....sorry I didn't specify that I did. Honestly I'm not worried about getting keys to work....it's all internal anyhow. I would just like it to work lol.
hmmmm....off to read some more.

ARC1450 · 07-09-2008, 03:39 PM

Stupid question, but what IP is trying to update the zone (since I just realized you never said that).

rwazar · 07-09-2008, 03:45 PM

dns server is 10.10.0.1
dhcp server is 10.10.0.10
so .10 is trying to update .1 (which works manually with nsupdate, just not automatically)

I'm beginning to think automatic dns updates are broken in the versions I'm using.

ARC1450 · 07-09-2008, 03:48 PM

Nah. . .if the clients try to update the server and that isn't allowed, you'll get this error. If you have client-updates enabled and the server tries to update, I'm not sure what'll happen (and I think you have client-updates enabled).

rwazar · 07-09-2008, 03:55 PM

yes I do, should I change that?

ARC1450 · 07-09-2008, 04:00 PM

HAHAHAHAHAAHAHAHAH!

You said it would be something mundane, and I think you're right.

Code:

zone "test.com" {
	type master;
	file "/var/named/slaves/test.com.hosts";
	notify yes;
	allow-transfer {
		key landmark;
		};
	};

You never allowed anything to update that, so add:

Code:

zone "test.com" {
	type master;
	file "/var/named/slaves/test.com.hosts";
	notify yes;
	allow-update {10.0.0.10;};
	};

HAHAHA! I looked at the wrong zone. Wow, I'm an idiot.

rwazar · 07-09-2008, 04:06 PM

don't hurt me but I caught that a long time ago too...like right after I posted....I'll go update the orginal post.

Ok updated conf files in op

ARC1450 · 07-09-2008, 04:13 PM

Eh, well. . .fine then. It's not something simple. :-P

Actually, I just realized something. . .You say to ignore client updates in your global config, but allow them in your group where you define dhcptest1.

You might want to set both of those settings to the same thing, such as "allow". Or just take out the static DHCP config. Also, DHCPXEN2 doesn't need to be specified since it doesn't have a static IP assigned to it.