Fedora Linux Support Community & Resources Center
  #1  
Old 21st July 2017, 06:30 AM
rloteck Offline
Registered User
 
Join Date: Jul 2017
Location: San Jose
Posts: 4
macoschrome
Dynamic DNS not working on DHCPd

Hi Everyone,

I am trying to setup Dynamic DNS on a Fedora 26 DHCPd Server, but the server does not seem to be sending the Dynamic DNS updates to my DNS server. Here is the configuration I am using:

dhcpd.conf
****************

ddns-update-style interim;
ddns-updates on;
ignore client-updates;
ddns-domainname "test.com.";
ddns-rev-domainname "in-addr.arpa.";
update-static-leases on;
authoritative;
allow unknown-clients;
use-host-decl-names on;
key rndc-key {
secret ********************;
algorithm hmac-md5;
}
option domain-search "test";
option ntp-servers 192.168.1.122;
option domain-name-servers 192.168.1.97, 8.8.8.8;

# test.com
zone test.com. {
primary 192.168.1.97;
key rndc-key;
}

named.conf
****************

options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-transfer { any; };

recursion yes;

dnssec-enable no;
dnssec-validation no;

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";

include "/etc/rndc.key";

/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
forwarders {
8.8.8.8;
};
};

controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
};


zone "test.com" {
type master;
file "/var/named/test.com.hosts";
allow-update { key "rndc-key"; };
notify yes;
};


I tried turning off the firewalld, and the SeLinux. Same results.

The /var/log/messages, don't show anything on the DNS server when I bound a client computer interface so the DHCP can send a DDNS update.

Thanks,

Rafael
Reply With Quote
  #2  
Old 22nd July 2017, 10:50 AM
barryas Offline
Registered User
 
Join Date: Jul 2017
Location: reading
Posts: 3
linuxfedorafirefox
Re: Dynamic DNS not working on DHCPd

I'm seeing the same problem. F25 all working F26 not dynamic updates, no error messages.

I have logging of updates configured that those logs stop at the point that I did the f26 upgrade.

BArry
Reply With Quote
  #3  
Old 23rd July 2017, 09:13 AM
Biazz Online
Registered User
 
Join Date: Jun 2004
Posts: 10
linuxfedorafirefox
Re: Dynamic DNS not working on DHCPd

Same problem here, everything was working fine before the update to fc26

The problem is not with bind, using nsupdate with the same key works fine.

Also no errors/warnings in dhcpd and/or bind logs.. and no selinux messages via audit2allow -a -l either

It just seems that dhcpd forgets to update bind?!?

on latest fully up2date fedora 26 x86_64
Reply With Quote
  #4  
Old 23rd July 2017, 02:14 PM
flyingdutchman Offline
Registered User
 
Join Date: Jan 2015
Location: Al Ain, UAE
Posts: 674
macosfirefox
Re: Dynamic DNS not working on DHCPd

...and nobody thought of looking at the packets with tcpdump?

Don't poke around in the dark, run tcpdump and LOOK at the traffic.
__________________
--
Have fun!
http://www.aeronetworks.ca
Reply With Quote
  #5  
Old 23rd July 2017, 08:08 PM
rloteck Offline
Registered User
 
Join Date: Jul 2017
Location: San Jose
Posts: 4
macossafari
Re: Dynamic DNS not working on DHCPd

Quote:
Originally Posted by flyingdutchman View Post
...and nobody thought of looking at the packets with tcpdump?

Don't poke around in the dark, run tcpdump and LOOK at the traffic.
I did run packet captures on the DNS and DHCP server they both show that they're not either sending or receiving any dynamic DNS updates. Sorry I should've added that to the original message.
Reply With Quote
  #6  
Old 24th July 2017, 12:28 AM
flyingdutchman Offline
Registered User
 
Join Date: Jan 2015
Location: Al Ain, UAE
Posts: 674
macosfirefox
Re: Dynamic DNS not working on DHCPd

OK, so if you see no dyndns messages, then it is likely something to do with the dhcpd configuration.

Have a look through these and confirm that dyndns updates are enabled in both bind and dhcpd, that both of them are authoritative, that the key is OK and so on:
https://geekdudes.wordpress.com/2015...s-on-centos-7/

https://www.howtoforge.com/fedora_dynamic_dns

https://voidmain.is-a-geek.net/redha...namic_dns.html
__________________
--
Have fun!
http://www.aeronetworks.ca
Reply With Quote
  #7  
Old 24th July 2017, 06:19 AM
rloteck Offline
Registered User
 
Join Date: Jul 2017
Location: San Jose
Posts: 4
macoschrome
Re: Dynamic DNS not working on DHCPd

Quote:
Originally Posted by flyingdutchman View Post
OK, so if you see no dyndns messages, then it is likely something to do with the dhcpd configuration.

Have a look through these and confirm that dyndns updates are enabled in both bind and dhcpd, that both of them are authoritative, that the key is OK and so on:
https://geekdudes.wordpress.com/2015...s-on-centos-7/

https://www.howtoforge.com/fedora_dynamic_dns

https://voidmain.is-a-geek.net/redha...namic_dns.html
Thanks for your help flyingdutchman, your assistance is great. I have already run into those links while doing google searches to see if I miss configured something. But, I found nothing wrong with my configuration on both the DNS, and DHCP server. I had this working with the same configuration on my Fedora 25 server, and now with Fedora 26, it is not working.

Just in case I missed something, I will post the entire configuration for both my DNS, and DHCP:


named.conf
@@@@@@@@@@@

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-transfer { any; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable no;
dnssec-validation no;

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";

/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
forwarders {
8.8.8.8;
};
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};

};
zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; 192.168.1.88; } keys { rndc-key; };
};


zone "test.com" {
type master;
file "/var/named/test.com.hosts";
allow-update { key "rndc-key"; };
notify yes;
};
zone "xxxxxxxx.in-addr.arpa" {
type master;
file "/var/named/xxxxxxxx..rev";
allow-update { key "rndc-key"; };
notify yes;
};
zone "xxxxxxxx..in-addr.arpa" {
type master;
file "/var/named/xxxxxxxx..rev";
allow-update { key "rndc-key"; };
notify yes;
};
zone "xxxxxxxx..in-addr.arpa" {
type master;
file "/var/named/xxxxxxxx..rev";
allow-update { key "rndc-key"; };
notify yes;
};
zone "xxxxxxxx..in-addr.arpa" {
type master;
file "/var/named/xxxxxxxx..rev";
allow-update { key "rndc-key"; };
notify yes;
};
include "/etc/rndc.key";


dhcpd.conf
@@@@@@@@@@@

#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp-server/dhcpd.conf.example
# see dhcpd.conf(5) man page
ddns-update-style interim;
ddns-updates on;
ignore client-updates;
ddns-domainname "test.com.";
ddns-rev-domainname "in-addr.arpa.";
update-static-leases on;
authoritative;
allow unknown-clients;
use-host-decl-names on;
key rndc-key {
secret xxxxxxxx.;
algorithm hmac-md5;
}
option domain-search "test.com";
option ntp-servers xxxxxxxx.;
option domain-name-servers 192.168.1.97, 8.8.8.8;
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
# xxxxxxxx./24
subnet xxxxxxxx. netmask xxxxxxxx. {
option routers xxxxxxxx.;
range xxxxxxxx. xxxxxxxx.;
}
# xxxxxxxx./24
subnet xxxxxxxx. netmask xxxxxxxx. {
option routers xxxxxxxx.;
range xxxxxxxx. xxxxxxxx.;
}
# xxxxxxxx./24
subnet xxxxxxxx. netmask xxxxxxxx. {
option routers xxxxxxxx.;
range xxxxxxxx. xxxxxxxx.;
}
# xxxxxxxx./24
subnet xxxxxxxx. netmask xxxxxxxx. {
option routers xxxxxxxx.;
range xxxxxxxx. xxxxxxxx.;
}
# xxxxxxxx./24
subnet xxxxxxxx. netmask xxxxxxxx. {
option routers xxxxxxxx.;
range xxxxxxxx. xxxxxxxx.;
}
# xxxxxxxx./24
subnet xxxxxxxx. netmask xxxxxxxx. {
option routers xxxxxxxx.;
range xxxxxxxx. xxxxxxxx.;
}
# xxxxxxxx./24
subnet xxxxxxxx. netmask xxxxxxxx. {
range xxxxxxxx. xxxxxxxx.;
}
# xxxxxxxx./24
subnet xxxxxxxx. netmask xxxxxxxx.{
option routers xxxxxxxx.;
range xxxxxxxx. xxxxxxxx.;
}
# xxxxxxxx./24
subnet xxxxxxxx. netmask xxxxxxxx. {
option routers xxxxxxxx.;
range xxxxxxxx. xxxxxxxx.;
}
# test.com
zone test.com. {
primary 192.168.1.97;
key rndc-key;
}
# xxxxxxxx./24
zone xxxxxxxx..in-addr.arpa. {
primary 192.168.1.97;
key rndc-key;
}
Reply With Quote
  #8  
Old 28th July 2017, 08:58 PM
Biazz Online
Registered User
 
Join Date: Jun 2004
Posts: 10
linuxfedorafirefox
Re: Dynamic DNS not working on DHCPd

Any progress on this? Did anyone file a bug in bugzilla?
Reply With Quote
  #9  
Old 29th July 2017, 04:42 AM
rloteck Offline
Registered User
 
Join Date: Jul 2017
Location: San Jose
Posts: 4
macossafari
Re: Dynamic DNS not working on DHCPd

Quote:
Originally Posted by Biazz View Post
Any progress on this? Did anyone file a bug in bugzilla?
I have heard no other suggestions. If you can please open a bug on bugzilla. I have no idea how to do that.
Reply With Quote
  #10  
Old 29th July 2017, 08:19 PM
cegolf Offline
Registered User
 
Join Date: Aug 2006
Posts: 2
linuxchrome
Re: Dynamic DNS not working on DHCPd

Here's the link to the bug in Bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=1475289

One comment was to downgrade dhcp-server, which I did and it fixed the problem for the time being.


Code:
$ sudo dnf downgrade dhcp-server
Reply With Quote
  #11  
Old 1st August 2017, 07:42 PM
barryas Offline
Registered User
 
Join Date: Jul 2017
Location: reading
Posts: 3
macosfirefox
Re: Dynamic DNS not working on DHCPd

Its a known bug there is a fixed RPM for bind99-lib waiting to be released for f26.

See https://bugzilla.redhat.com/1471747

You can grab the RPMs with the fix from koji.

Barry
Reply With Quote
  #12  
Old Yesterday, 12:38 PM
Biazz Online
Registered User
 
Join Date: Jun 2004
Posts: 10
linuxfedorafirefox
Re: Dynamic DNS not working on DHCPd

Thanks barryas,

I've downloaded the fixed bind99 (https://kojipkgs.fedoraproject.org//...3.fc27.src.rpm)

(which has the specific fix in the changelog)

and the latest dhcp package (https://kojipkgs.fedoraproject.org//...4abc04.src.rpm)

and dynamic dhcp updates are still not working... did I miss anything? Also the bug was closed, but I don't see much action for fc26... there was a dhcp-server update... but no fix for this issue.

surprising that this was broken for such a long time in fedora.. guess nobody uses fedora on a server anymore

regards,
Bas
Reply With Quote
  #13  
Old Yesterday, 03:36 PM
barryas Offline
Registered User
 
Join Date: Jul 2017
Location: reading
Posts: 3
macosfirefox
Re: Dynamic DNS not working on DHCPd

Commenting on your config:

I use: ddns-update-style standard;
and you do not have allow client-update. Here is the section from my dhcpd.

subnet 172.16.2.0 netmask 255.255.255.0 {
option domain-name-servers 172.16.2.254;
option routers 172.16.2.254;
range 172.16.2.100 172.16.2.199;
# next-server 172.16.2.200;
# filename "pxelinux.0";

# dynamic updates
ddns-updates on;
ddns-domainname "chelsea.private.";
ddns-rev-domainname "in-addr.arpa.";
allow client-updates;
}

In named.conf I log lots of info.

logging {
category dnssec { security_log; };
category update { update_log; };
category update-security { update_log; };
category security { security_log; };
category general { security_log; };
category queries { query_log; };
category lame-servers { null; };

channel update_log {
file "/var/log/dns-update.log" versions 10 size 20m;
// every time the log grows over 20 Mbyte, it will
// backup and rollover. Maximum 5 backups will be kept.
print-time yes;
print-category yes;
print-severity yes;
severity info;
};

channel security_log {
file "/var/log/dns-security.log" versions 10 size 20m;
// every time the log grows over 20 Mbyte, it will
// backup and rollover. Maximum 5 backups will be kept.
print-time yes;
print-category yes;
print-severity yes;
severity info;
};

channel query_log {
file "/var/log/dns-query.log" versions 10 size 20m;
print-time yes;
print-severity yes;
};
};

Check dhcpd is logging in journalctl -u dhcpd --since 00:00

You should lines like this:

Aug 20 09:15:06 fable dhcpd[952]: DHCPREQUEST for 172.16.2.129 (172.16.2.254) from 14:dd:a9:dc:52:da (blackstar) via eno
Aug 20 09:15:06 fable dhcpd[952]: DHCPACK on 172.16.2.129 to 14:dd:a9:dc:52:da (blackstar) via eno1
Aug 20 09:15:06 fable dhcpd[952]: Added new forward map from blackstar.chelsea.private. to 172.16.2.129
Aug 20 09:15:06 fable dhcpd[952]: Added reverse map from 129.2.16.172.in-addr.arpa. to blackstar.chelsea.private.

Barry
Reply With Quote
  #14  
Old Today, 07:51 AM
Biazz Online
Registered User
 
Join Date: Jun 2004
Posts: 10
linuxfedorafirefox
Re: Dynamic DNS not working on DHCPd

Hi Barry,

switch update style from interim to standard, but still no results.. named is logging right, but does not show any log info regarding updates from dhcpd (it does from openvpn dns updates, which are working fine)

Do I understand correctly that you have dhcpd issues dynamic dns updates working correctly on fedora 26?

thanks!
Bas
Reply With Quote
Reply

Tags
dhcpd, dns, dynamic, working

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
BIND dynamic updates by DHCPD not working in Fedora 14! bsdlinux Servers & Networking 3 2nd December 2010 01:17 PM
FC9 dhcpd not working with some clients securelpb Servers & Networking 1 30th December 2008 05:39 AM
dhcpd dynamic dns update ! hermouche Servers & Networking 4 16th December 2008 05:17 AM


Current GMT-time: 10:16 (Monday, 21-08-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat