DDNS updates for zone having multiple primary servers

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

DDNS updates for zone having multiple primary servers

kraishak
Hi Team,

I am trying to configure DDNS updates from ISC DHCP server, I am facing issues when the zone is hosted on more than one primary server

In the dhcpd.configuration file I updated zone section as below
 zone example.com.
        {
            primary 192.168.0.45,192.168.0.46;
            secondary 192.168.0.47;
        }
When the clients gets a DHCPACK the dhcpd is sending the DDNS forward map message but only for the first primary DNS server(192.168.0.45) is getting updated with new records, I am not getting messages for second primary DNS server(192.168.0.46)

Does any one have any idea/experience of configuring the DDNS from ISC DHCP for a zone hosted on multiple primary DNS servers

Thanks in Advance
Kraishak

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for zone having multiple primary servers

Simon Hobson
Kraishak Mahtha <[hidden email]> wrote:

> I am trying to configure DDNS updates from ISC DHCP server, I am facing issues when the zone is hosted on more than one primary server

You will, it's not a supported setup. You will need to setup a single primary server to receive updates, and update any number of secondary servers from that.

Simon

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for zone having multiple primary servers

kraishak

Hi Simon,

Thanks for the information, Just want to cross check does it means can we
configure the secondary appliance as comma separated IP's as below if we
have more than one ?

zone example.com.
        {
            primary 192.168.0.45;
            secondary 192.168.0.47,192.168.0.48;
        }

2)I have one more doubt while configuring the DDNS updates
we have an option domain-name-servers and zone servers like below
option domain-name-servers <Server1>, <Server2>;
zone example.com.
        {
            primary <ServerZ1>;
            secondary <ServerZ2>;
        }
Does Server1, server2 should be same as ServerZ1, ServerZ2?

Thanks in Advance
Kraishak





--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for zone having multiple primary servers

glenn.satchell
Hi Kraishak

option domain-name-servers <Server1>, <Server2>;

This sets the list of DNS servers to be used by the client for looking
up DNS entries. It is not related to DDNS updates. In a large network,
for example, you may want this to point to local DNS servers. If your
authoritative DNS only lists public IPs then you might want to point to
the Google DNS (8.8.8.8, etc) on the clients.

For the zone setting, have you had a look at the dhcpd.conf man page, in
particular the section titled "DYNAMIC DNS UPDATE SECURITY" where it
explains the syntax and behaviour.

It's not clear whether it is a comma separated list of secondaries, or
multiple secondary statements with a single address.

regards,
Glenn

On 2021-03-30 15:00, kraishak wrote:

> Hi Simon,
>
> Thanks for the information, Just want to cross check does it means can
> we
> configure the secondary appliance as comma separated IP's as below if
> we
> have more than one ?
>
> zone example.com.
>         {
>             primary 192.168.0.45;
>             secondary 192.168.0.47,192.168.0.48;
>         }
>
> 2)I have one more doubt while configuring the DDNS updates
> we have an option domain-name-servers and zone servers like below
> option domain-name-servers <Server1>, <Server2>;
> zone example.com.
>         {
>             primary <ServerZ1>;
>             secondary <ServerZ2>;
>         }
> Does Server1, server2 should be same as ServerZ1, ServerZ2?
>
> Thanks in Advance
> Kraishak
>
>
>
>
>
> --
> Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
> _______________________________________________
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for zone having multiple primary servers

kraishak

Hi Glenn,
Thanks for the reply,

>>For the zone setting, have you had a look at the dhcpd.conf man page, in
particular the section titled "DYNAMIC DNS UPDATE SECURITY" where it
explains the syntax and behaviour.

>>It's not clear whether it is a comma separated list of secondaries,
ormultiple secondary statements with a single address.

yes I tried checking in the man pages and document but it is not clear and
there is no specific note that tells this DDNS updates can be suitable only
for the zones which have only one primary and one secondary, so I thought of
checking with dhcp-users if any one tried or having any experience for that  


Thanks
Kraishak




--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for zone having multiple primary servers

glenn.satchell
Hi Kraishak

My understanding from a long time ago (as in >5 years) was that that
dynamic dns updates are only sent to the primary DNS server. The primary
is expected to forward to all the secondaries.

I think DHCP sends an update to the secondary only when the primary is
not contactable, and the secondary is expected to forward the update to
the primary when it comes back online. Either way the DHCP server does
not directly update any secondaries, that is the job of the primary.

So the bottom line is that it probably doesn't matter if you only list
one secondary.

regards,
Glenn

On 2021-03-31 18:55, kraishak wrote:

> Hi Glenn,
> Thanks for the reply,
>
>>> For the zone setting, have you had a look at the dhcpd.conf man page,
>>> in
> particular the section titled "DYNAMIC DNS UPDATE SECURITY" where it
> explains the syntax and behaviour.
>
>>> It's not clear whether it is a comma separated list of secondaries,
> ormultiple secondary statements with a single address.
>
> yes I tried checking in the man pages and document but it is not clear
> and
> there is no specific note that tells this DDNS updates can be suitable
> only
> for the zones which have only one primary and one secondary, so I
> thought of
> checking with dhcp-users if any one tried or having any experience for
> that
>
>
> Thanks
> Kraishak
>
>
>
>
> --
> Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
> _______________________________________________
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for zone having multiple primary servers

kraishak
Hi Glenn,

Thanks for sharing your observation much appreciated the help

Regards
Kraishak




--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for zone having multiple primary servers

kraishak
Hi Glenn/ Team

I have one more doubt what is the difference between the options domain-name
(option-15) and ddns-domain-name, I don't see much difference between them
can any one please guide me.
Sorry I know it is too many questions in one thread but I want to get
clarify before I use these DDNS options

Thanks in Advance
Kraishak





--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for zone having multiple primary servers

glenn.satchell
Hi Kraishak

Options are setting sent to the client to configure the client
behaviour. ddns-domainame is a setting to configure how dhcpd server
performs dynamic DNS updates.

option domain-name "example.org";

this is the equivalent of setting the domain function in
/etc/resolv.conf, that is, it is the domain to add to an unqualified
name. So if user looks up the name "foo" it will try "foo.example.org".
See dhcp-options man page for options that are sent to configure the
client.

ddns-domain-name "desktop.example.org";

this is the domain the dhcp server should add to an unqualified name
when forming a fully qualified name for updating in the DNS system. So
host "foo" is to go into DNS as "foo.desktop.example.org". See
dhcpd.conf man page.

So you might put all your clients in a sub-domain, eg laptop "foo" goes
in desktop.example.org. But all your servers are in the top level, eg
server1.example.org. So you would have

option domain-name "example.org";
ddns-domainname "desktop.example.org";

regards,
Glenn

On 2021-04-01 20:16, kraishak wrote:

> Hi Glenn/ Team
>
> I have one more doubt what is the difference between the options
> domain-name
> (option-15) and ddns-domain-name, I don't see much difference between
> them
> can any one please guide me.
> Sorry I know it is too many questions in one thread but I want to get
> clarify before I use these DDNS options
>
> Thanks in Advance
> Kraishak
>
>
>
>
>
> --
> Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
> _______________________________________________
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for zone having multiple primary servers

Simon Hobson
In reply to this post by glenn.satchell
[hidden email] wrote:

> My understanding from a long time ago (as in >5 years) was that that dynamic dns updates are only sent to the primary DNS server. The primary is expected to forward to all the secondaries.

I've not seen anything to suggest that has changed.

In the absence of a zone declaration, the primary DNS server is determined by looking at the SOA record for the zone - so without keys setup, a correctly configured DNS setup will automagically get updates as long as updates are allowed (e.g. by IP address). If a zone declaration is present, then the server specified in that is used.

Simon

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for zone having multiple primary servers

kraishak
In reply to this post by glenn.satchell

Hi Glenn,

Thanks for your explanation about the "option domain-name" and
"ddns-domainname", So based on my network-level setup we configure this
values, these values can be same or can be different

And want to confirm one more point that the zone section will be added only
for the "ddns-domainname" value am i right ?

Thanks
Kraishak






--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for zone having multiple primary servers

Simon Hobson
kraishak <[hidden email]> wrote:

> Thanks for your explanation about the "option domain-name" and
> "ddns-domainname", So based on my network-level setup we configure this
> values, these values can be same or can be different

Correct

> And want to confirm one more point that the zone section will be added only
> for the "ddns-domainname" value am i right ?

I don't quite understand the question here, however ...

The process the server will take is roughly :

Client gets a lease, the server will take it's hostname (whether provided by the client, or provided by the config (e.g. in a host declaration)) and join it with ddns-domainname to form a FQDN for the client.

IFF an existing lease record indicates that DNS updates have already been done for this client&FQDN (and the server hasn't been told to always do updates), then that's it. Otherwise ...

It will then lookup the primary server for the client's domain. If there is a matching zone statement, then it will use the primary server specification given there, if not then it will do a DNS lookup for the SOA record of the zone and use the primary server specified in that.

The server will then attempt to do the DNS updates, which may fail if there are clashes or stale data in the zone.


Simon

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for zone having multiple primary servers

kraishak

Hi Simon
Thanks for reply,
>>I don't quite understand the question here, however ...
--->I am clear with zone section now, but have a doubt with domain-name
fields

> Thanks for your explanation about the "option domain-name" and
> "ddns-domainname", So based on my network-level setup we configure this
> values, these values can be same or can be different

>>>>Correct
Regarding this, I am sorry I didn't complete my question, Actually my doubt
was can we configure like below
subnet 192.168.0.0 netmask 255.255.255.0 {
        pool {
                range 192.168.0.50 192.168.0.150;
               
        }
               ddns-domainname "example.com";
                option domain-name "test.com";
                option routers 192.168.0.1;
                option subnet-mask 255.255.255.0;
        }

        zone example.com.
        {
            primary 192.168.0.45;
            secondary 192.168.0.47,192.168.0.48;
        }
 i.e  option domain-name is different and ddns-domainname is totally
different not like domain and sub-domain concept
I checked the dhcpd syntax it is not giving any error but want to cross
check is this can be a valid configuration?

Thanks
Kraishak




--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for zone having multiple primary servers

Simon Hobson
kraishak <[hidden email]> wrote:

> Regarding this, I am sorry I didn't complete my question, Actually my doubt
> was can we configure like below
> subnet 192.168.0.0 netmask 255.255.255.0 {
>        pool {
>                range 192.168.0.50 192.168.0.150;
>
>        }
>               ddns-domainname "example.com";
>                option domain-name "test.com";
>                option routers 192.168.0.1;
>                option subnet-mask 255.255.255.0;
>        }
>
>        zone example.com.
>        {
>            primary 192.168.0.45;
>            secondary 192.168.0.47,192.168.0.48;
>        }
> i.e  option domain-name is different and ddns-domainname is totally
> different not like domain and sub-domain concept

Yes, that is valid as far as DHCP is concerned.
It would just be an odd setup since the client would believe that it was [hidden email] while the DNS would be updated with somedomain.example.com.


Simon

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DDNS updates for zone having multiple primary servers

kraishak
Hi All,

 zone example.com.
        {
            primary 192.168.0.45;
          secondary 192.168.0.47;
        }
I have noticed that in DDNS updates flow if the primary is down for some
reason, DHCP is not sending any DDNS updates to secondary server is this the
expected behavior?

Getting below error
 Unable to add forward map from n54c5-000001.example.com to 192.168.0.86:
NOTIMP

Does any one have any idea/experience of DDNS flow when primary DNS server
is down

Thanks in Advance
Kraishak




--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users