ISC DHCP Users

DDNS updates for secondary DNS server

classic Classic list List threaded Threaded
9 messages Options
kraishak
Reply | Threaded
Open this post in threaded view
|

DDNS updates for secondary DNS server

kraishak
Hi All,

 zone example.com.
        {
            primary 192.168.0.45;
          secondary 192.168.0.47;
        }
I have noticed that DHCP is not sending any DDNS updates to the secondary DNS server(192.168.0.47) of the zone when the primary is down for some reason, is this the expected behavior?

Getting below error
 Unable to add forward map from n54c5-000001.example.com to 192.168.0.86: NOTIMP

Does any one have any idea/experience of DDNS flow when primary DNS server is down

Thanks in Advance
Kraishak

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
glenn.satchell
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for secondary DNS server

glenn.satchell
Hi Kraishak

My understanding is that each time the DHCP server renews a lease it
will try to update the DNS server if the record does not exist. So this
could take some time to catch up if the DNS server is down. I don't
think it tries to ever update the secondary - this is the job of the
primary. For this reason a lot of sites implement the dhcp server on the
same box as the dns server.

Also looks like something in your DNS config may not be quite right. In
dhcp your primary is 192.168.0.45, but it is trying to update
192.168.0.86 and gets an error. Can you check through both the dhcp and
dns configuration to see if you mention 192.168.0.86 anywhere?

regards,
Glenn

On 2021-04-27 17:33, Kraishak Mahtha wrote:

> Hi All,
>
>  zone example.com [1].
>         {
>             primary 192.168.0.45;
>           secondary 192.168.0.47;
>         }
> I have noticed that DHCP is not sending any DDNS updates to the
> secondary DNS server(192.168.0.47) of the zone when the primary is
> down for some reason, is this the expected behavior?
>
> Getting below error
>  Unable to add forward map from n54c5-000001.example.com [2] to
> 192.168.0.86 [3]: NOTIMP
>
> Does any one have any idea/experience of DDNS flow when primary DNS
> server is down
>
> Thanks in Advance
> Kraishak
>
>
> Links:
> ------
> [1] http://example.com
> [2] http://n54c5-000001.example.com
> [3] http://192.168.0.86
> _______________________________________________
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
kraishak
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for secondary DNS server

kraishak
Hi Glenn

Thanks for reply,
 zone example.com.
        {
            primary 192.168.0.45;
          secondary 192.168.0.47;
        }

I don't, think it tries to ever update the secondary
-----> So in a sample zone section adding secondary statement is of no
significant even if we add the valid secondary DNS server it will send
updated only to primary and if primary is down it will throw exceptions
unable to add forward/reverse map but it won't use the secondary server
definition from the zone section in dhcpd.conf, Please correct me if I am
wrong.

 Also looks like something in your DNS config may not be quite right. In
dhcp your primary is 192.168.0.45, but it is trying to update
192.168.0.86 and gets an error.
----> 192.168.0.86 was the client IP which the DHCP server gave to the
client from scope range

In a valid case when the primary is up, I am getting messages like below

Added new forward map from n0001-000001.example.com to 192.168.0.97 where
192.168.0.97 was the client IP

so I guess it is not issue with config


Thanks
Kraishak



 



--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
glenn.satchell
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for secondary DNS server

glenn.satchell
Hi Kraishak

I had a look in the dhcpd.conf man page, and the description there is a
bit ambiguous, so I don't know what it meant to happen:

     The  primary  statement  specifies  the  IP address of the name
server
     whose zone information is to be updated.  In addition to the primary
     statement there are also the primary6 , secondary and secondary6
statements.
     The primary6 statement specifies an IPv6 address for the name
server.
     The secondaries provide for additional addresses for name servers to
     be used if the primary does  not  respond.

Some suggestions of things you could try:

- Check your secondary is configured to accept updates from the dhcp
server.
- Turn on logging of updates on the secondary to see if anything is
sent.
- Run a packet trace on the secondary to look at network traffic to see
if anything is sent to it.

I think the next step after that is to have a look at the dhcpd source
and see what the code actually does in this case.

It may also be worth asking the question on one of the BIND9 mailing
lists about whether a secondary can accept dynamic updates and what
configuration options are required to do this. There is also the BIND 9
Administrator Reference Manual which may be useful.

Also something to think about is the scenario where the primary is down
and the secondary receives an update. What happens when the primary
returns? It won't have the update and either it will overwrite the
secondary's zone file with the primary (removing the updated record) or
it won't but then the primary won't have that record and the secondary
will. This means where the primary and secondary have different values
for the same record or one of them does not have the record.

regards,
Glenn

On 2021-04-27 19:30, kraishak wrote:

> Hi Glenn
>
> Thanks for reply,
>  zone example.com.
>         {
>             primary 192.168.0.45;
>           secondary 192.168.0.47;
>         }
>
> I don't, think it tries to ever update the secondary
> -----> So in a sample zone section adding secondary statement is of no
> significant even if we add the valid secondary DNS server it will send
> updated only to primary and if primary is down it will throw exceptions
> unable to add forward/reverse map but it won't use the secondary server
> definition from the zone section in dhcpd.conf, Please correct me if I
> am
> wrong.
>
>  Also looks like something in your DNS config may not be quite right.
> In
> dhcp your primary is 192.168.0.45, but it is trying to update
> 192.168.0.86 and gets an error.
> ----> 192.168.0.86 was the client IP which the DHCP server gave to the
> client from scope range
>
> In a valid case when the primary is up, I am getting messages like
> below
>
> Added new forward map from n0001-000001.example.com to 192.168.0.97
> where
> 192.168.0.97 was the client IP
>
> so I guess it is not issue with config
>
>
> Thanks
> Kraishak
>
>
>
>
>
>
>
> --
> Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
> _______________________________________________
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
kraishak
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for secondary DNS server

kraishak
Hi Gelnn,

- Check your secondary is configured to accept updates from the dhcp
server.
-----> yes it is working fine when I flip the secondary as primary and
primary as secondary and respective changes on the dhcpd.conf also, By this
I guess there is no issue with secondary server receiving updates from DHCP
server
 
- Turn on logging of updates on the secondary to see if anything is
sent.
- Run a packet trace on the secondary to look at network traffic to see
if anything is sent to it.
-------> Here I am using the Windows servers as DNS, but when I searched in
forums some of them suggest saying to have an allow-update-forwarding option
on slave zone which can update primary,

I am checking if we have any equivalent on the windows server

Thanks
Kraishak





--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
glenn.satchell
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for secondary DNS server

glenn.satchell
Can you run tcpdump or wireshark on the dhcp server looking for packets
between the dhcp server and the dns servers?

regards,
Glenn

On 2021-04-29 16:24, kraishak wrote:

> Hi Gelnn,
>
> - Check your secondary is configured to accept updates from the dhcp
> server.
> -----> yes it is working fine when I flip the secondary as primary and
> primary as secondary and respective changes on the dhcpd.conf also, By
> this
> I guess there is no issue with secondary server receiving updates from
> DHCP
> server
>
> - Turn on logging of updates on the secondary to see if anything is
> sent.
> - Run a packet trace on the secondary to look at network traffic to see
> if anything is sent to it.
> -------> Here I am using the Windows servers as DNS, but when I
> searched in
> forums some of them suggest saying to have an allow-update-forwarding
> option
> on slave zone which can update primary,
>
> I am checking if we have any equivalent on the windows server
>
> Thanks
> Kraishak
>
>
>
>
>
> --
> Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
> _______________________________________________
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
kraishak
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for secondary DNS server

kraishak
I tried tcpdump, I can see lot of other traffic when I was searching to
filter DDNS packets I found the below one
" tcpdump 'udp[0xa] & 0x78 = 0x28'"

Case1) when both primary and secondary DNS server are up and running
I see the packets flowing from my DHCP server to DNS primary server

tcpdump 'udp[0xa] & 0x78 = 0x28'
09:36:25.836650 IP dhcpremote.36057 > 192.168.0.45.domain: 32269 update [1a]
[2n] SOA? tst.com. (113)
09:36:25.838185 IP 192.168.0.45.domain > dhcpremote.36057: 32269 update-
1/2/0 (Class 254) ANY (113)
09:36:25.840153 IP dhcpremote.36057 > 192.168.0.45.domain: 37754 update [1a]
[2n] SOA? tst.com. (113)
09:36:25.840716 IP 192.168.0.45.domain > dhcpremote.36057: 37754 update-
1/2/0 (Class 254) ANY (113)
09:36:25.842929 IP dhcpremote.36057 > 192.168.0.45.domain: 50378 update [1a]
[2n] SOA? tst.com. (113)
09:36:25.843558 IP 192.168.0.45.domain > dhcpremote.36057: 50378 update-
1/2/0 (Class 254) ANY (113)
09:36:25.935787 IP dhcpremote.36057 > 192.168.0.45.domain: 45452 update [1a]
[2n] SOA? tst.com. (113)
09:36:25.936482 IP 192.168.0.45.domain > dhcpremote.36057: 45452 update-
1/2/0 (Class 254) ANY (113)
09:36:25.937238 IP dhcpremote.36057 > 192.168.0.45.domain: 57717 update [1a]
[2n] SOA? tst.com. (113)
09:36:25.937644 IP 192.168.0.45.domain > dhcpremote.36057: 57717 update-
1/2/0 (Class 254) ANY (113)
I can see DNS records get added to the zone on primary DNS server
 
Case2)I stopped primary DNS server and only secondary is running
At this time initially I saw the traffic trying to communicate to primary
and later it tried to communicate to secondary also but on the secondary
server I don't see any updates for that zone

9:47:50.448729 IP dhcpremote.36057 > 192.168.0.45.domain: 28079 update [1a]
[2n] SOA? tst.com. (113)
09:47:50.450722 IP dhcpremote.36057 > 192.168.0.45.domain: 56210 update [1a]
[2n] SOA? tst.com. (113)
09:47:50.452350 IP dhcpremote.36057 > 192.168.0.45.domain: 35555 update [1a]
[2n] SOA? tst.com. (113)
09:47:50.454332 IP dhcpremote.36057 > 192.168.0.45.domain: 6159 update [1a]
[2n] SOA? tst.com. (113)
09:47:50.456659 IP dhcpremote.36057 > 192.168.0.45.domain: 46788 update [1a]
[2n] SOA? tst.com. (113)
09:47:53.451803 IP dhcpremote.36057 > 192.168.0.45.domain: 28079 update [1a]
[2n] SOA? tst.com. (113)
09:47:53.451882 IP dhcpremote.36057 > 192.168.0.45.domain: 56210 update [1a]
[2n] SOA? tst.com. (113)
09:47:53.452444 IP dhcpremote.36057 > 192.168.0.45.domain: 35555 update [1a]
[2n] SOA? tst.com. (113)
09:47:53.454400 IP dhcpremote.36057 > 192.168.0.45.domain: 6159 update [1a]
[2n] SOA? tst.com. (113)
09:47:53.456731 IP dhcpremote.36057 > 192.168.0.45.domain: 46788 update [1a]
[2n] SOA? tst.com. (113)
09:47:56.452149 IP dhcpremote.36057 > 192.168.0.45.domain: 28079 update [1a]
[2n] SOA? tst.com. (113)
09:47:56.452188 IP dhcpremote.36057 > 192.168.0.45.domain: 56210 update [1a]
[2n] SOA? tst.com. (113)
09:47:56.452542 IP dhcpremote.36057 > 192.168.0.45.domain: 35555 update [1a]
[2n] SOA? tst.com. (113)
09:47:56.454501 IP dhcpremote.36057 > 192.168.0.45.domain: 6159 update [1a]
[2n] SOA? tst.com. (113)
09:47:56.456806 IP dhcpremote.36057 > 192.168.0.45.domain: 46788 update [1a]
[2n] SOA? tst.com. (113)
09:47:59.455189 IP dhcpremote.36057 > 192.168.0.45.domain: 56210 update [1a]
[2n] SOA? tst.com. (113)
09:47:59.455220 IP dhcpremote.36057 > 192.168.0.45.domain: 28079 update [1a]
[2n] SOA? tst.com. (113)
09:47:59.455229 IP dhcpremote.36057 > 192.168.0.45.domain: 35555 update [1a]
[2n] SOA? tst.com. (113)
09:47:59.455241 IP dhcpremote.36057 > 192.168.0.45.domain: 6159 update [1a]
[2n] SOA? tst.com. (113)
09:47:59.456869 IP dhcpremote.36057 > 192.168.0.45.domain: 46788 update [1a]
[2n] SOA? tst.com. (113)
09:48:02.458314 IP dhcpremote.36057 > 192.168.0.47.domain: 2904 update [1a]
[2n] SOA? tst.com. (113)
09:48:02.458409 IP dhcpremote.36057 > 192.168.0.47.domain: 51837 update [1a]
[2n] SOA? tst.com. (113)
09:48:02.458463 IP dhcpremote.36057 > 192.168.0.47.domain: 33836 update [1a]
[2n] SOA? tst.com. (113)
09:48:02.458501 IP dhcpremote.36057 > 192.168.0.47.domain: 64762 update [1a]
[2n] SOA? tst.com. (113)
09:48:02.458578 IP dhcpremote.36057 > 192.168.0.47.domain: 58373 update [1a]
[2n] SOA? tst.com. (113)
09:48:02.461798 IP 192.168.0.47.domain > dhcpremote.36057: 2904 update
NotImp- 1/2/0 (Class 254) ANY (113)
09:48:02.462583 IP 192.168.0.47.domain > dhcpremote.36057: 33836 update
NotImp- 1/2/0 (Class 254) ANY (113)
09:48:02.463148 IP 192.168.0.47.domain > dhcpremote.36057: 64762 update
NotImp- 1/2/0 (Class 254) ANY (113)
09:48:02.463678 IP 192.168.0.47.domain > dhcpremote.36057: 58373 update
NotImp- 1/2/0 (Class 254) ANY (113)
09:48:02.464209 IP 192.168.0.47.domain > dhcpremote.36057: 51837 update
NotImp- 1/2/0 (Class 254) ANY (113)


While it is trying to communicate to secondary I can see some different in
packet like "update NotImp " not sure if that means anything to debug





--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Rob Janssen-2
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for secondary DNS server

Rob Janssen-2
When you think the normal updating mechanism is not working according to
your preferences, you can always disable it and instead configure "on
commit", "on release" and "on expiry" actions that execute an external
script that does exactly what you want.
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
kraishak
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for secondary DNS server

kraishak
Hi Rob Janssen-2,

Thanks for reply,

The normal flow like sending the DDNS updates for the primary DNS server is
working fine, the issue if the primary is down I don't see the update on the
secondary server, by seeing the tcpdump traffic I guess the DHCP server is
trying to communicate to secondary DNS but in secondary it is not getting
received, I am thinking I might be missing the piece for this fix, Just want
to check if some one already faced a situation and overcome it,

Actually I am not good at that scripting level

But again, Thanks for Suggestion

 



--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Free forum by Nabble Edit this page