dhcpd fails to update dns on Debian Lenny
Hi All
I am trying to get ddns working on Debian Lenny using BIND 9.5.1-P2 and ISC DHPCD 3.1.1 but I am unable to get dhcpd to update the dns databases. I have built ddns under SuSE 10 with no problems.
The server I am setting up for testing is a VM on a Linux network with a fully functional SuSE ddns server on the network which is switched off during testing.
The dhcp client has been configured and works fine to the SuSE ddns server so I know that is functional. I can talk to the server using 'rndc -c /etc/bind/rndc.conf -s <servername> status' which gives me the expected return. I can not find anything in the logs to indicate why dhpcd is not updating and when I use nsupdate I get the error below. The only difference between nsupdate and rndc is that nsupdate will not read the rndc.key file so have to use Kupdatedns.+157+62446.key however, the actual encrypted keys are the same in both files and in the .conf files.
; Communication with 127.0.1.1#953 failed: timed out
could not talk to specified name server
Can anyone please help me? I have been searching the web for weeks now and the only similar case is on one of the Debian forums but with no replies!
I have included cut down and sanitised versions of my configuration files below. These have been adapted from the SuSE functional server and only the keys in the real config files have been changed.
TIA
Regards =8^}
Gordon
*** dhcpd.conf ***
# Filename: /etc/dhcpd.conf
# Version: 1.6
# Date: 29th November 2006
# Author: Gordon C Norris
# Description: Configuration file for dhcp server
# Last Mod: 24th May 2009
#
#********************************************************************************
# Global Section
# Network Settings
authoritative;
option domain-name "some.domain.co.uk";
set PoolClass = "Unknown";
#
#********************************************************************************
# Configure our Class Statements to set known users.
set vendor-string = option vendor-class-identifier;
class "wintel" {
match if substring (option vendor-class-identifier, 0, 4) = "MSFT";
set PoolClass = "wintel";
}
class "sun" {
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
set PoolClass = "sun";
}
class "pxe" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
set PoolClass = "pxe";
}
class "etherboot" {
match if substring (option vendor-class-identifier, 0, 9) = "Etherboot";
set PoolClass = "pxe";
}
#********************************************************************************
# Logging
log-facility local6;
on commit
{
set ClientMAC = substring (binary-to-ascii (16, 8, ":", hardware), 0, 50);
log (info, concat ("Vendor ID: ",vendor-string));
log (info, concat ("Client MAC: ",ClientMAC));
log (info, concat ("Allocated Pool: ",PoolClass));
}
#********************************************************************************
# Configure for Dynamic DNS (ddns)
ddns-updates on;
ddns-update-style interim;
ddns-domainname "some.domain.co.uk.";
ddns-rev-domainname "in-addr.arpa";
ignore client-updates;
use-host-decl-names on;
#
# ddns Zone Configuration
# Key for DHCP Updating
key rndc {
algorithm hmac-md5;
secret <mykey-1234567890>;
}
# Service Network
zone some.domain.co.uk. {
primary 192.168.0.17;
key rndc;
}
zone 128.168.192.in-addr.arpa. {
primary 192.168.0.17;
key rndc;
}
#********************************************************************************
# Configure each of our networks
# Service Network
subnet 192.168.0.0 netmask 255.255.255.0 {
option domain-name-servers 192.168.0.17, 192.168.0.254;
option routers 192.168.0.254;
option ntp-servers 192.168.0.13;
# dhcp allocation for this network is 49-239,
#
# IP Address Pools
pool {
# PXE / Etherboot Section (20 IP Addresses)
# (20 IP Addresses)
allow members of "pxe";
allow members of "etherboot";
range 192.168.0.220 192.168.0.239;
min-lease-time 300; # 5 minute mimimum lease time
max-lease-time 600; # 10 minute maximum lease time
server-name "local-dns";
next-server 192.168.0.17;
filename "pxelinux.0";
}
pool {
# All Windows Clients get their allocation from here
# (41 IP Addresses)
allow members of "wintel";
range 192.168.0.49 192.168.0.89;
option domain-name-servers 192.168.0.17, 192.168.0.254;
option netbios-name-servers 192.168.0.13;
option netbios-node-type 8;
min-lease-time 7200; # 2 hour minimum lease time
max-lease-time 14400; # 4 hour maximum lease time
next-server 192.168.0.13;
}
pool {
# All Sun Microsystem Clients get their allocation from here
# (10 IP Addresses)
allow members of "sun";
range 192.168.0.90 192.168.0.99;
min-lease-time 7200; # 2 hour minimum lease time
max-lease-time 14400; # 4 hour maximum lease time
next-server 192.168.0.17;
}
pool {
# All Unknown Clients get their allocation from here
# (110 IP Addresses)
allow unknown-clients;
range 192.168.0.109 192.168.0.219;
min-lease-time 7200; # 2 hour minimum lease time
max-lease-time 14400; # 4 hour maximum lease time
next-server 192.168.0.17;
}
}
# EOF: /etc/dhcpd.conf
*** named.conf ***
// Filename: /etc/bind/named.conf
// Version: 1.4
// Author: Gordon C Norris
// Date: 12th July 2007
// Last Mod: 26th May 2009
// Description: This is the primary configuration file for the BIND DNS server named.
//
// Comments: Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
include "/etc/bind/named.conf.include";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/var/lib/bind/zones/db.root";
};
// be authoritative for the localhost forward and reverse zones,
// and for broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "zones/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "zones/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "zones/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "zones/db.255";
};
include "/etc/bind/named.conf.local";
// EOF: /etc/bind/named.conf
*** named.conf.include ***
// Filename: /etc/bind/named.conf.include
// Version: 1.4
// Author: Gordon C Norris
// Date: 12th July 2007
// Last Mod: 26th May 2009
// Description: This is the options file for the BIND DNS server named.
options {
directory "/var/lib/bind/";
dump-file "/var/log/bind/named_dump.db";
statistics-file "/var/log/bind/named.stats";
forwarders {
192.168.0.254;
};
// forward first; // Do we need this??
auth-nxdomain yes; // conform to RFC1035
listen-on port 53 { any; };
listen-on-v6 { any; };
notify no;
};
// We need the key file
key rndc {
algorithm hmac-md5;
secret "<mykey-1234567890>";
};
#include /etc/bind/rndc.key
controls {
inet 127.0.1.1 port 953 allow { any; } keys { rndc; };
};
#acl localhost { 127.0.0.1; };
// Logging section
logging {
channel query_logging {
file "/var/log/bind/named_query.log" versions 3 size 100M;
print-time yes;
};
channel resolver {
file "/var/log/bind/named_resolve.log" versions 3 size 100M;
print-time yes;
};
channel security_log {
file "/var/log/bind/named_sy.log" versions 5 size 100m;
print-time yes;
print-category yes;
print-severity yes;
severity debug;
};
channel debug {
file "/var/log/bind/named_debug.log" versions 3 size 100m;
print-time yes;
print-category yes;
print-severity yes;
severity debug;
};
category queries { query_logging; };
category resolver { resolver; };
category dnssec { security_log; };
category update { security_log; };
category security { security_log; };
category default { debug; };
category general { debug; };
category database { debug; };
category config { debug; };
category xfer-in { debug; };
category xfer-out { debug; };
category notify { debug; };
category client { debug; };
category network { debug; };
category dispatch { debug; };
category lame-servers { debug; };
};
// EOF: /etc/bind/named.conf.include
*** named.conf.local ***
// Filename: /etc/bind/named.conf.local
// Version: 1.4
// Author: Gordon C Norris
// Date: 12th July 2007
// Last Mod: 26th May 2009
// Description: This is the local zone file for the BIND DNS server named.
//
zone "some.domain.co.uk" in {
type master;
file "master/db.domain";
allow-update { any; key rndc; };
};
zone "0.168.192.in-addr.arpa" in {
type master;
file "master/0.168.192.in-addr.arpa";
allow-update { any; key rndc; };
};
// Adding the 1918 zones here, without our internal zones.
include "zones/zones.rfc1918";
// EOF: /etc/bind/named.conf.local
|
