FedoraForum.org - Fedora Support Forums and Community
Page 1 of 2 1 2 LastLast
Results 1 to 15 of 16
  1. #1
    Join Date
    Jul 2017
    Location
    San Jose
    Posts
    5

    Dynamic DNS not working on DHCPd

    Hi Everyone,

    I am trying to setup Dynamic DNS on a Fedora 26 DHCPd Server, but the server does not seem to be sending the Dynamic DNS updates to my DNS server. Here is the configuration I am using:

    dhcpd.conf
    ****************

    ddns-update-style interim;
    ddns-updates on;
    ignore client-updates;
    ddns-domainname "test.com.";
    ddns-rev-domainname "in-addr.arpa.";
    update-static-leases on;
    authoritative;
    allow unknown-clients;
    use-host-decl-names on;
    key rndc-key {
    secret ********************;
    algorithm hmac-md5;
    }
    option domain-search "test";
    option ntp-servers 192.168.1.122;
    option domain-name-servers 192.168.1.97, 8.8.8.8;

    # test.com
    zone test.com. {
    primary 192.168.1.97;
    key rndc-key;
    }

    named.conf
    ****************

    options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { any; };
    allow-transfer { any; };

    recursion yes;

    dnssec-enable no;
    dnssec-validation no;

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

    include "/etc/rndc.key";

    /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
    include "/etc/crypto-policies/back-ends/bind.config";
    forwarders {
    8.8.8.8;
    };
    };

    controls {
    inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
    };


    zone "test.com" {
    type master;
    file "/var/named/test.com.hosts";
    allow-update { key "rndc-key"; };
    notify yes;
    };


    I tried turning off the firewalld, and the SeLinux. Same results.

    The /var/log/messages, don't show anything on the DNS server when I bound a client computer interface so the DHCP can send a DDNS update.

    Thanks,

    Rafael

  2. #2
    Join Date
    Jul 2017
    Location
    reading
    Posts
    3

    Re: Dynamic DNS not working on DHCPd

    I'm seeing the same problem. F25 all working F26 not dynamic updates, no error messages.

    I have logging of updates configured that those logs stop at the point that I did the f26 upgrade.

    BArry

  3. #3
    Join Date
    Jun 2004
    Posts
    11

    Re: Dynamic DNS not working on DHCPd

    Same problem here, everything was working fine before the update to fc26

    The problem is not with bind, using nsupdate with the same key works fine.

    Also no errors/warnings in dhcpd and/or bind logs.. and no selinux messages via audit2allow -a -l either

    It just seems that dhcpd forgets to update bind?!?

    on latest fully up2date fedora 26 x86_64

  4. #4
    Join Date
    Jan 2015
    Location
    Al Ain, UAE
    Posts
    745

    Re: Dynamic DNS not working on DHCPd

    ...and nobody thought of looking at the packets with tcpdump?

    Don't poke around in the dark, run tcpdump and LOOK at the traffic.
    --
    Have fun!
    http://www.aeronetworks.ca

  5. #5
    Join Date
    Jul 2017
    Location
    San Jose
    Posts
    5

    Re: Dynamic DNS not working on DHCPd

    Quote Originally Posted by flyingdutchman
    ...and nobody thought of looking at the packets with tcpdump?

    Don't poke around in the dark, run tcpdump and LOOK at the traffic.
    I did run packet captures on the DNS and DHCP server they both show that they're not either sending or receiving any dynamic DNS updates. Sorry I should've added that to the original message.

  6. #6
    Join Date
    Jan 2015
    Location
    Al Ain, UAE
    Posts
    745

    Re: Dynamic DNS not working on DHCPd

    OK, so if you see no dyndns messages, then it is likely something to do with the dhcpd configuration.

    Have a look through these and confirm that dyndns updates are enabled in both bind and dhcpd, that both of them are authoritative, that the key is OK and so on:
    https://geekdudes.wordpress.com/2015...s-on-centos-7/

    https://www.howtoforge.com/fedora_dynamic_dns

    https://voidmain.is-a-geek.net/redha...namic_dns.html
    --
    Have fun!
    http://www.aeronetworks.ca

  7. #7
    Join Date
    Jul 2017
    Location
    San Jose
    Posts
    5

    Re: Dynamic DNS not working on DHCPd

    Quote Originally Posted by flyingdutchman
    OK, so if you see no dyndns messages, then it is likely something to do with the dhcpd configuration.

    Have a look through these and confirm that dyndns updates are enabled in both bind and dhcpd, that both of them are authoritative, that the key is OK and so on:
    https://geekdudes.wordpress.com/2015...s-on-centos-7/

    https://www.howtoforge.com/fedora_dynamic_dns

    https://voidmain.is-a-geek.net/redha...namic_dns.html
    Thanks for your help flyingdutchman, your assistance is great. I have already run into those links while doing google searches to see if I miss configured something. But, I found nothing wrong with my configuration on both the DNS, and DHCP server. I had this working with the same configuration on my Fedora 25 server, and now with Fedora 26, it is not working.

    Just in case I missed something, I will post the entire configuration for both my DNS, and DHCP:


    named.conf
    @@@@@@@@@@@

    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //

    options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { ::1; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { any; };
    allow-transfer { any; };

    /*
    - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
    - If you are building a RECURSIVE (caching) DNS server, you need to enable
    recursion.
    - If your recursive DNS server has a public IP address, you MUST enable access
    control to limit queries to your legitimate users. Failing to do so will
    cause your server to become part of large scale DNS amplification
    attacks. Implementing BCP38 within your network would greatly
    reduce such attack surface
    */
    recursion yes;

    dnssec-enable no;
    dnssec-validation no;

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

    /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
    include "/etc/crypto-policies/back-ends/bind.config";
    forwarders {
    8.8.8.8;
    };
    };

    logging {
    channel default_debug {
    file "data/named.run";
    severity dynamic;
    };

    };
    zone "." IN {
    type hint;
    file "named.ca";
    };

    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";

    controls {
    inet 127.0.0.1 port 953 allow { 127.0.0.1; 192.168.1.88; } keys { rndc-key; };
    };


    zone "test.com" {
    type master;
    file "/var/named/test.com.hosts";
    allow-update { key "rndc-key"; };
    notify yes;
    };
    zone "xxxxxxxx.in-addr.arpa" {
    type master;
    file "/var/named/xxxxxxxx..rev";
    allow-update { key "rndc-key"; };
    notify yes;
    };
    zone "xxxxxxxx..in-addr.arpa" {
    type master;
    file "/var/named/xxxxxxxx..rev";
    allow-update { key "rndc-key"; };
    notify yes;
    };
    zone "xxxxxxxx..in-addr.arpa" {
    type master;
    file "/var/named/xxxxxxxx..rev";
    allow-update { key "rndc-key"; };
    notify yes;
    };
    zone "xxxxxxxx..in-addr.arpa" {
    type master;
    file "/var/named/xxxxxxxx..rev";
    allow-update { key "rndc-key"; };
    notify yes;
    };
    include "/etc/rndc.key";


    dhcpd.conf
    @@@@@@@@@@@

    #
    # DHCP Server Configuration file.
    # see /usr/share/doc/dhcp-server/dhcpd.conf.example
    # see dhcpd.conf(5) man page
    ddns-update-style interim;
    ddns-updates on;
    ignore client-updates;
    ddns-domainname "test.com.";
    ddns-rev-domainname "in-addr.arpa.";
    update-static-leases on;
    authoritative;
    allow unknown-clients;
    use-host-decl-names on;
    key rndc-key {
    secret xxxxxxxx.;
    algorithm hmac-md5;
    }
    option domain-search "test.com";
    option ntp-servers xxxxxxxx.;
    option domain-name-servers 192.168.1.97, 8.8.8.8;
    #
    # DHCP Server Configuration file.
    # see /usr/share/doc/dhcp*/dhcpd.conf.example
    # see dhcpd.conf(5) man page
    #
    # xxxxxxxx./24
    subnet xxxxxxxx. netmask xxxxxxxx. {
    option routers xxxxxxxx.;
    range xxxxxxxx. xxxxxxxx.;
    }
    # xxxxxxxx./24
    subnet xxxxxxxx. netmask xxxxxxxx. {
    option routers xxxxxxxx.;
    range xxxxxxxx. xxxxxxxx.;
    }
    # xxxxxxxx./24
    subnet xxxxxxxx. netmask xxxxxxxx. {
    option routers xxxxxxxx.;
    range xxxxxxxx. xxxxxxxx.;
    }
    # xxxxxxxx./24
    subnet xxxxxxxx. netmask xxxxxxxx. {
    option routers xxxxxxxx.;
    range xxxxxxxx. xxxxxxxx.;
    }
    # xxxxxxxx./24
    subnet xxxxxxxx. netmask xxxxxxxx. {
    option routers xxxxxxxx.;
    range xxxxxxxx. xxxxxxxx.;
    }
    # xxxxxxxx./24
    subnet xxxxxxxx. netmask xxxxxxxx. {
    option routers xxxxxxxx.;
    range xxxxxxxx. xxxxxxxx.;
    }
    # xxxxxxxx./24
    subnet xxxxxxxx. netmask xxxxxxxx. {
    range xxxxxxxx. xxxxxxxx.;
    }
    # xxxxxxxx./24
    subnet xxxxxxxx. netmask xxxxxxxx.{
    option routers xxxxxxxx.;
    range xxxxxxxx. xxxxxxxx.;
    }
    # xxxxxxxx./24
    subnet xxxxxxxx. netmask xxxxxxxx. {
    option routers xxxxxxxx.;
    range xxxxxxxx. xxxxxxxx.;
    }
    # test.com
    zone test.com. {
    primary 192.168.1.97;
    key rndc-key;
    }
    # xxxxxxxx./24
    zone xxxxxxxx..in-addr.arpa. {
    primary 192.168.1.97;
    key rndc-key;
    }

  8. #8
    Join Date
    Jun 2004
    Posts
    11

    Re: Dynamic DNS not working on DHCPd

    Any progress on this? Did anyone file a bug in bugzilla?

  9. #9
    Join Date
    Jul 2017
    Location
    San Jose
    Posts
    5

    Re: Dynamic DNS not working on DHCPd

    Quote Originally Posted by Biazz
    Any progress on this? Did anyone file a bug in bugzilla?
    I have heard no other suggestions. If you can please open a bug on bugzilla. I have no idea how to do that.

  10. #10
    Join Date
    Aug 2006
    Posts
    2

    Re: Dynamic DNS not working on DHCPd

    Here's the link to the bug in Bugzilla:

    https://bugzilla.redhat.com/show_bug.cgi?id=1475289

    One comment was to downgrade dhcp-server, which I did and it fixed the problem for the time being.


    Code:
    $ sudo dnf downgrade dhcp-server

  11. #11
    Join Date
    Jul 2017
    Location
    reading
    Posts
    3

    Re: Dynamic DNS not working on DHCPd

    Its a known bug there is a fixed RPM for bind99-lib waiting to be released for f26.

    See https://bugzilla.redhat.com/1471747

    You can grab the RPMs with the fix from koji.

    Barry

  12. #12
    Join Date
    Jun 2004
    Posts
    11

    Re: Dynamic DNS not working on DHCPd

    Thanks barryas,

    I've downloaded the fixed bind99 (https://kojipkgs.fedoraproject.org//...3.fc27.src.rpm)

    (which has the specific fix in the changelog)

    and the latest dhcp package (https://kojipkgs.fedoraproject.org//...4abc04.src.rpm)

    and dynamic dhcp updates are still not working... did I miss anything? Also the bug was closed, but I don't see much action for fc26... there was a dhcp-server update... but no fix for this issue.

    surprising that this was broken for such a long time in fedora.. guess nobody uses fedora on a server anymore

    regards,
    Bas

  13. #13
    Join Date
    Jul 2017
    Location
    reading
    Posts
    3

    Re: Dynamic DNS not working on DHCPd

    Commenting on your config:

    I use: ddns-update-style standard;
    and you do not have allow client-update. Here is the section from my dhcpd.

    subnet 172.16.2.0 netmask 255.255.255.0 {
    option domain-name-servers 172.16.2.254;
    option routers 172.16.2.254;
    range 172.16.2.100 172.16.2.199;
    # next-server 172.16.2.200;
    # filename "pxelinux.0";

    # dynamic updates
    ddns-updates on;
    ddns-domainname "chelsea.private.";
    ddns-rev-domainname "in-addr.arpa.";
    allow client-updates;
    }

    In named.conf I log lots of info.

    logging {
    category dnssec { security_log; };
    category update { update_log; };
    category update-security { update_log; };
    category security { security_log; };
    category general { security_log; };
    category queries { query_log; };
    category lame-servers { null; };

    channel update_log {
    file "/var/log/dns-update.log" versions 10 size 20m;
    // every time the log grows over 20 Mbyte, it will
    // backup and rollover. Maximum 5 backups will be kept.
    print-time yes;
    print-category yes;
    print-severity yes;
    severity info;
    };

    channel security_log {
    file "/var/log/dns-security.log" versions 10 size 20m;
    // every time the log grows over 20 Mbyte, it will
    // backup and rollover. Maximum 5 backups will be kept.
    print-time yes;
    print-category yes;
    print-severity yes;
    severity info;
    };

    channel query_log {
    file "/var/log/dns-query.log" versions 10 size 20m;
    print-time yes;
    print-severity yes;
    };
    };

    Check dhcpd is logging in journalctl -u dhcpd --since 00:00

    You should lines like this:

    Aug 20 09:15:06 fable dhcpd[952]: DHCPREQUEST for 172.16.2.129 (172.16.2.254) from 14:dd:a9:dc:52:da (blackstar) via eno
    Aug 20 09:15:06 fable dhcpd[952]: DHCPACK on 172.16.2.129 to 14:dd:a9:dc:52:da (blackstar) via eno1
    Aug 20 09:15:06 fable dhcpd[952]: Added new forward map from blackstar.chelsea.private. to 172.16.2.129
    Aug 20 09:15:06 fable dhcpd[952]: Added reverse map from 129.2.16.172.in-addr.arpa. to blackstar.chelsea.private.

    Barry

  14. #14
    Join Date
    Jun 2004
    Posts
    11

    Re: Dynamic DNS not working on DHCPd

    Hi Barry,

    switch update style from interim to standard, but still no results.. named is logging right, but does not show any log info regarding updates from dhcpd (it does from openvpn dns updates, which are working fine)

    Do I understand correctly that you have dhcpd issues dynamic dns updates working correctly on fedora 26?

    thanks!
    Bas

  15. #15
    Join Date
    Jul 2017
    Location
    San Jose
    Posts
    5

    Re: Dynamic DNS not working on DHCPd

    I am still seeing the same problem even after the bind99 update.

    Rafael

    Quote Originally Posted by Biazz
    Hi Barry,

    switch update style from interim to standard, but still no results.. named is logging right, but does not show any log info regarding updates from dhcpd (it does from openvpn dns updates, which are working fine)

    Do I understand correctly that you have dhcpd issues dynamic dns updates working correctly on fedora 26?

    thanks!
    Bas

Page 1 of 2 1 2 LastLast

Similar Threads

  1. BIND dynamic updates by DHCPD not working in Fedora 14!
    By bsdlinux in forum Servers & Networking
    Replies: 3
    Last Post: 2nd December 2010, 01:17 PM
  2. FC9 dhcpd not working with some clients
    By securelpb in forum Servers & Networking
    Replies: 1
    Last Post: 30th December 2008, 05:39 AM
  3. dhcpd dynamic dns update !
    By hermouche in forum Servers & Networking
    Replies: 4
    Last Post: 16th December 2008, 05:17 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •