I am trying to setup a small stand alone network. On this network I need a server to act as a DHCP server, DNS server and Samba server. I also need the Samba server to be a PDC thus providing file shares and SSO. All of my clients are WinXP or Win 7.

I am running RHEL Workstation release 6.4 (Santiago), Bind 9.8 (as provided by Red Hat), DHCP 4.1.1 (as provided by Red Hat), and Samba 3.6.9 (also provided by Red Hat).

DHCP does successfully assign IP addresses to my clients. DNS does resolve for fixed IP addresses that have records in the zone files.

I'm having a great deal of trouble getting DHCP to update the DNS records for the clients. Since this will be a standalone network with no Internet connectivity, I am not running DNS in a chroot jail. I have set selinux to permissive.

The domain name is laser.lan.

The server is laser-samba14 192.168.101.99

I am not using IPv6.

Here is what I'm seeing in the log files:

Apr16 10:07:04 laser-samba14 named[8855]: client 127.0.0.1#58407: signer "dhcp_updater" approved
Apr16 10:07:04 laser-samba14 named[8855]: client 127.0.0.1#58407: updating zone 'laser.lan/IN': adding RR at 'laser-xp.laser.lan' A
Apr16 10:07:04 laser-samba14 named[8855]: client 127.0.0.1#58407: updating zone 'laser.lan/IN': adding RR at 'laser-xp.laser.lan' TXT
Apr16 10:07:04 laser-samba14 named[8855]: laser.zone.jnl: create: permission denied
Apr16 10:07:04 laser-samba14 named[8855]: client 127.0.0.1#58407: updating zone 'laser.lan/IN': error: journal open failed: unexpected error
Apr16 10:07:04 laser-samba14 dhcpd: Unable to add forward map from laser-xp.laser.lan to 192.168.101.10: timed out
Apr16 10:07:04 laser-samba14 dhcpd: DHCPREQUEST for 192.168.101.10 from 00:50:56:a6:67:8e (laser-xp) via eth0
Apr16 10:07:04 laser-samba14 dhcpd: DHCPACK on 192.168.101.10 to 00:50:56:a6:67:8e (laser-xp) via eth0

Here is my /etc/dhcp/dhcpd.conf file:

#
# dhcpd.conf
#
ddns-update-style interim;
ddns-domainnane "laser.lan";
ddns-revdomainname "101.168.192.in-addr.arpa";
ddns-updates on;
authoritative;
default-lease-time 600;
max-lease-time 7200;
ignore client-updates;
log-facility local7;

key dhcp_updater {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret "abcabcabc==";
}

zone laser.lan. {
primary 127.0.0.1;
key dhcp_updater;
}

zone 101.168.192.in-addr.arpa. {
primary 127.0.0.1;
key dhcp_updater;
}

subnet 192.168.101.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option domain-name "laser.lan";
option domain-name-servers 192.168.101.99;
option domain-search "laser.lan";
range 192.168.101.10 192.168.101.90;
}

Here is my /etc/named.conf file:

//
// named.conf
//
options {
listen-on port 53 { 192.168.101.0/24; 127.0/8; };
directory "/var/named";
dump-file "/var/named/data/cache_dumb.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { 192.168.101.0/24; 127.0/8; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
};

key dhcpd_updater {
alogrithm HMAC-MD5.SIG-ALG.REG.INT;
secret "abcabcabcabc==";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic:
};
};

zone "laser.lan" IN {
type master;
file "laser.zone";
allow-update { key dhcp_updater; };
};

zone "101.168.192.in-addr.arpa" IN {
type master;
file "101.168.192.zone";
allow-update { key dhcp_updater; };
};

Here is my /var/named/laser.zone file:

$TTL 1D

@ IN SOA laser-samba14.laser.lan. me.my.net. (
2014011001
1D
5M
1W
5M
)
@ IN NS laser-samba14.laser.lan.

laser-samba14.laser.lan. IN A 192.168.101.99

Here is my /var/named/101.168.192.zone file:

$TTL 1D

@ IN SOA laser-samba14.laser.lan. me.my.net. (
2014011002
1D
5M
1W
5M
)
IN NS laser-samba14.laser.lan.

99 IN PTR laser-samba14.laser.lan.

Here are the directory/file permissions:

/etc
drwxr-x---. 2 root named 4096 Dec 5 2012 named
-rw-r-----. 1 root named 943 Apr 16 09:57 named.conf


/var/named
-rw-r--r--. 1 named named 163 Apr 14 16:07 101.168.192.zone
drwxrwx---. 2 named named 4096 Apr 14 16:30 data
drwxrwx---. 2 named named 4096 Apr 14 16:30 dynamic
-rw-r--r--. 1 named named 175 Apr 14 16:07 laser.zone
-rw-r--r--. 1 named named 1892 Feb 18 2008 named.ca
-rw-r--r--. 1 named named 152 Dec 15 2009 named.empty
-rw-r--r--. 1 named named 152 Jun 21 2007 named.localhost
-rw-r--r--. 1 named named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 4096 Dec 5 2012 slaves

/etc/dhcp
drwxr-xr-x. 2 root root 4096 Sep 25 2012 dhclient.d
-rw-r--r--. 1 root root 193 Sep 25 2012 dhcpd6.conf
-rw-r--r--. 1 root root 808 Apr 16 09:03 dhcpd.conf

I've been beating my head on this problem for over a week. I have search all over the Internet and LQ. I have referred to the RHEL 6 Deployment Guide. Nothing helps and I haven't even gotten to setting up Samba yet. Any help would be greatly appreciated.

Tom

The key message is
Which user is named running with (on Debian it is bind; maybe it's named on RHEL)? What is the output of
When named is configured to create zone files with data received from dhcpd, it needs to be able to create them. AIUI the .jnl (journal) file is created in the same directory as the corresponding zone file.

Your configuration includes:
"laser.zone" is a relative path. At least for testing it you could try changing it to an absolute path in a directory where the user running named has write permission. On Debian that would be /var/cache/named or /var/lib/named. Your examples suggest that it is /var/named on RHEL

Catkin - Thanks for the response.

I did focus my attention on the permission denied line but can't figure out why the permission is denied.

The service is named and the user is named. The named account does have permissions to the folder that contains laser.zone. The path is /var/named. I even tried 777 permissions and that didn't work. I set the permissions back to the original settings.

I'll give the full path idea a shot.

BTW - Since I have a virtual environment I have been able to create some test machines to try out various solutions. To that end I created a RHEL 5 machine and tried setting up DHCP and DNS on it. Initially, I had the same problems. I was unable to get the updates to work using the key but it did work when I did "allow updates { 192.168.101.99; };" instead of the key. The IP address I used is the IP address of the DHCP/DNS server itself. This makes me think the path may not be the issue.

I'd rather use the key since that would be more secure.

I have not tried this in RHEL 6 yet.