Tim:
I think you need to tell us if your updates were on the server,
clients, or both. And what is not working. Clients not being issued IPs?
Barry Scott:
I recall having to patch things up when the client id algorithm changed a about 4 years ago. Has that happened again?
I don't know, but it's the kind of thing I've noticed when
multi-booting. Each OS got a different IP, because the network card
looked different in some way. And that played merry hell with name
assignment.
NB: My DNS and DHCP servers are running on a very old Fedora
installation. Mine is a mix of fixed and dynamic. With the DHCP server
assigning some clients a fixed IP, and those IPs hand entered into the
DNS configuration (I found DHCP wouldn't put those into the DNS
records). And the dynamic assignments giving an IP to the clients, who
provide their own hostname, which goes into the DHCP leases and DNS
records.
I have noticed the odd one or two things which won't play ball. My
printer gets given its IP by the DHCP server, it has its own hostname,
but that name never gets sent to the DHCP server. It only works fully
with the mDNS nonsense (Bonjour, etc). And something similar with the
odd Windows client.
To restate the issue.
* ddns is no longer setting hostname in DNS.
* The dns-update.log file is not longer being written to.
Is it not setting any? i.e. I see you have fixed definitions. Is it
setting them? Is it setting dynamically assigned ones?
I know you've mentioned specific examples below, but if you set up new
dynamic or fixed ones, do they work?
I have 3 systems that where updated from f25 to f26
fable is the router and runs ddns setup
varric is a desktop and used dhcp to get its address and provide its name. It gets an address but no name is setup.
the other f26 machine uses a static IP.
blackstar is a win10 machine and it cannpt set its name in DNS but dhcpd gives it an address.
fable is setup to log all update activity into /var/log/dns-update.log. That log file, is no longer being written to since f26 update.
Another of those new journalctl snafus?
Is it chrooted?
There are no error that I can find for dhcpd or chroot-named. Except this one:
uid lease 172.16.2.145 for client 78:48:59:89:e5:81 is duplicate on 172.16.2.0/24
which has the MAC of one of my switches.
That could be tripping things up.
My inclination would be to stop both DNS and DHCP servers, wipe out the
DHCP leases file, remove any dynamically entered records in the DNS
files (and update the serial numbers), delete the dns journal files, and
see if it will start with a clean slate.
I have replace the keys with <name-of-key>.
Here is /var/named/chroot/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
acl "if4_internal" {
127.0.0.1;
172.16.2.0/24;
};
acl "if6_internal" {
::1;
};
options {
listen-on port 53 { "if4_internal"; };
listen-on-v6 port 53 { "if6_internal"; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { "if4_internal"; "if6_internal"; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
Do those keyfiles exist? Are they readable? Right permissions and
SELinux contexts? Check on the PID file, too.
logging {
category dnssec { security_log; };
category update { update_log; };
category update-security { update_log; };
category security { security_log; };
category general { security_log; };
category queries { query_log; };
category lame-servers { null; };
channel update_log {
file "/var/log/dns-update.log" versions 10 size 20m;
// every time the log grows over 20 Mbyte, it will
// backup and rollover. Maximum 5 backups will be kept.
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel security_log {
file "/var/log/dns-security.log" versions 10 size 20m;
// every time the log grows over 20 Mbyte, it will
// backup and rollover. Maximum 5 backups will be kept.
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel query_log {
file "/var/log/dns-query.log" versions 10 size 20m;
print-time yes;
print-severity yes;
};
};
key "rndc-key" {
algorithm hmac-md5;
secret "<rdnc-key>";
};
key "dhcp-key" {
algorithm hmac-md5;
secret "<dhcp-key>";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; }
keys { "rndc-key"; "dhcp-key"; };
inet ::1 port 953
allow { ::1; }
keys { "rndc-key"; "dhcp-key"; };
};
Is port 953 open?
Is IPv6 working?
// barry home zone
zone "chelsea.private" {
type master;
file "data/chelsea.private.hosts";
allow-update { key "dhcp-key"; key "rndc-key"; };
};
zone "2.16.172.IN-ADDR.ARPA" {
type master;
file "data/chelsea.private.rev";
allow-update { key "dhcp-key"; key "rndc-key"; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
And here is dhcpd.conf
#
# fable dhcpd configuration
#
authoritative ;
ddns-update-style standard;
allow booting;
allow bootp;
option domain-name "chelsea.private";
default-lease-time 3600;
max-lease-time 64800;
key "dhcp-key" {
algorithm hmac-md5;
secret "<dhcp-key>";
};
zone chelsea.private. {
primary 127.0.0.1;
key "dhcp-key";
}
zone 2.16.172.in-addr.arpa. {
primary 127.0.0.1;
key "dhcp-key";
}
subnet 172.16.2.0 netmask 255.255.255.0 {
option domain-name-servers 172.16.2.254;
option routers 172.16.2.254;
range 172.16.2.100 172.16.2.199;
# next-server 172.16.2.200;
# filename "pxelinux.0";
# dynamic updates
ddns-updates on;
ddns-domainname "chelsea.private.";
ddns-rev-domainname "in-addr.arpa.";
allow client-updates;
}
# npppd uses 172.16.2.90 to 172.16.2.99
host skynet { hardware ethernet 00:09:5b:a3:5a:b0; fixed-address 172.16.2.3; }
# squeeze box
host songplayer { hardware ethernet 00:04:20:05:ae:4e; fixed-address 172.16.2.25; }
# host fender 172.16.2.200
# host itunes 172.16.2.201
# Wireless bridges
host hpsw-down {
hardware ethernet 78:48:59:89:d8:25;
fixed-address 172.16.2.251;
# dynamic updates
ddns-updates on;
ddns-domainname "chelsea.private.";
ddns-rev-domainname "in-addr.arpa.";
allow client-updates;
}
host hpsw-up {
hardware ethernet 78:48:59:89:e5:81;
fixed-address 172.16.2.252;
# dynamic updates
ddns-updates on;
ddns-domainname "chelsea.private.";
ddns-rev-domainname "in-addr.arpa.";
allow client-updates;
}
host timecapsule { hardware ethernet 70:56:81:c6:61:6b; fixed-address 172.16.2.253; }
# host fable 172.16.2.254
# example of pxeboot for openbsd
#host dim2 { hardware ethernet 00:30:18:a3:0c:25; fixed-address 172.16.2.99; filename "pxeboot.openbsd51"; }
--
Trying out Thunderbird for mail.
5... 4... 3... 2... ONE! Email has gone
Boilerplate: All mail to this mailbox is automatically deleted, there
is no point trying to privately email me, I only get to see the messages
posted to the mailing list.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
