> On 25 Jul 2017, at 06:48, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
Thanks for the reply TIm.
>
> On 24/7/2017 12:19 am, Barry Scott wrote:
>> I have a dhcod/bind combination working very nicely registering host name from DHCP into DNS.
>> But after the update to F26 ddns stopped working. I see no error messages but did notice
>> that my named update log file no logger sees any messages logged into it.
>
> Could it be that post-update, your computer identifies itself slightly differently? So the DHCP server doesn't reissue the same lease.
> I think you need to tell us if your updates were on the server, clients, or both. And what is not working. Clients not being issued IPs?
I recall having to patch things up when the client id algorithm changed a about 4 years ago. Has that happened again?
To restate the issue.
* ddns is no longer setting hostname in DNS.
* The dns-update.log file is not longer being written to.
I have 3 systems that where updated from f25 to f26
fable is the router and runs ddns setup
varric is a desktop and used dhcp to get its address and provide its name. It gets an address but no name is setup.
the other f26 machine uses a static IP.
blackstar is a win10 machine and it cannpt set its name in DNS but dhcpd gives it an address.
fable is setup to log all update activity into /var/log/dns-update.log. That log file, is no longer being written to since f26 update.
There are no error that I can find for dhcpd or chroot-named. Except this one:
uid lease 172.16.2.145 for client 78:48:59:89:e5:81 is duplicate on 172.16.2.0/24
which has the MAC of one of my switches.
I have replace the keys with <name-of-key>.
Here is /var/named/chroot/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
acl "if4_internal" {
127.0.0.1;
172.16.2.0/24;
};
acl "if6_internal" {
::1;
};
options {
listen-on port 53 { "if4_internal"; };
listen-on-v6 port 53 { "if6_internal"; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { "if4_internal"; "if6_internal"; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
category dnssec { security_log; };
category update { update_log; };
category update-security { update_log; };
category security { security_log; };
category general { security_log; };
category queries { query_log; };
category lame-servers { null; };
channel update_log {
file "/var/log/dns-update.log" versions 10 size 20m;
// every time the log grows over 20 Mbyte, it will
// backup and rollover. Maximum 5 backups will be kept.
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel security_log {
file "/var/log/dns-security.log" versions 10 size 20m;
// every time the log grows over 20 Mbyte, it will
// backup and rollover. Maximum 5 backups will be kept.
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel query_log {
file "/var/log/dns-query.log" versions 10 size 20m;
print-time yes;
print-severity yes;
};
};
key "rndc-key" {
algorithm hmac-md5;
secret "<rdnc-key>";
};
key "dhcp-key" {
algorithm hmac-md5;
secret "<dhcp-key>";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; }
keys { "rndc-key"; "dhcp-key"; };
inet ::1 port 953
allow { ::1; }
keys { "rndc-key"; "dhcp-key"; };
};
// barry home zone
zone "chelsea.private" {
type master;
file "data/chelsea.private.hosts";
allow-update { key "dhcp-key"; key "rndc-key"; };
};
zone "2.16.172.IN-ADDR.ARPA" {
type master;
file "data/chelsea.private.rev";
allow-update { key "dhcp-key"; key "rndc-key"; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
And here is dhcpd.conf
#
# fable dhcpd configuration
#
authoritative ;
ddns-update-style standard;
allow booting;
allow bootp;
option domain-name "chelsea.private";
default-lease-time 3600;
max-lease-time 64800;
key "dhcp-key" {
algorithm hmac-md5;
secret "<dhcp-key>";
};
zone chelsea.private. {
primary 127.0.0.1;
key "dhcp-key";
}
zone 2.16.172.in-addr.arpa. {
primary 127.0.0.1;
key "dhcp-key";
}
subnet 172.16.2.0 netmask 255.255.255.0 {
option domain-name-servers 172.16.2.254;
option routers 172.16.2.254;
range 172.16.2.100 172.16.2.199;
# next-server 172.16.2.200;
# filename "pxelinux.0";
# dynamic updates
ddns-updates on;
ddns-domainname "chelsea.private.";
ddns-rev-domainname "in-addr.arpa.";
allow client-updates;
}
# npppd uses 172.16.2.90 to 172.16.2.99
host skynet { hardware ethernet 00:09:5b:a3:5a:b0; fixed-address 172.16.2.3; }
# squeeze box
host songplayer { hardware ethernet 00:04:20:05:ae:4e; fixed-address 172.16.2.25; }
# host fender 172.16.2.200
# host itunes 172.16.2.201
# Wireless bridges
host hpsw-down {
hardware ethernet 78:48:59:89:d8:25;
fixed-address 172.16.2.251;
# dynamic updates
ddns-updates on;
ddns-domainname "chelsea.private.";
ddns-rev-domainname "in-addr.arpa.";
allow client-updates;
}
host hpsw-up {
hardware ethernet 78:48:59:89:e5:81;
fixed-address 172.16.2.252;
# dynamic updates
ddns-updates on;
ddns-domainname "chelsea.private.";
ddns-rev-domainname "in-addr.arpa.";
allow client-updates;
}
host timecapsule { hardware ethernet 70:56:81:c6:61:6b; fixed-address 172.16.2.253; }
# host fable 172.16.2.254
# example of pxeboot for openbsd
#host dim2 { hardware ethernet 00:30:18:a3:0c:25; fixed-address 172.16.2.99; filename "pxeboot.openbsd51"; }
Barry
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
