ISC DHCP Users

DHCPv6 isn't updating DNS

classic Classic list List threaded Threaded
5 messages Options
Joshua Schaeffer
Reply | Threaded
Open this post in threaded view
|

DHCPv6 isn't updating DNS

Joshua Schaeffer
TL;DR
Sorry for the long email, but I'm having a very hard time getting my DHCP server that is setup to provide IPv6 address to update my DNS server. It seems that isc-dhcp doesn't have the functionality to do this. Is this a limitation of the protocol? I've read through the man pages for dhcpd, dhcpd.conf, dhcp-options, dhcp-eval, dhclient, and dhclient.conf as well as RFC 3315 and snippets of other RFC's related to DHCPv6 and IPv6. As far I can tell this should be possible, but maybe I'm missing something obvious. Does anybody have a working DHCPv6 server that is properly updating AAAA and PTR records? Full description of my issue is below.

-------------------------------------------------------

I've been running into a problem with getting my DHCPv6 server to update my DNS server and been asking around on how to fix this or what I have done wrong in my configuration, but so far I haven't been able to get this resolved. I've tried numerous settings and configuration changes, but nothing seems to work. When I have my DHCP server providing IPv6 addresses, it seems that the DHCP server never even attempts to communicate with the DNS server to update the AAAA and PTR records. Perhaps I'm missing something about the functionality between DHCPv6 and DNS. Is it possible to update DNS AAAA and PTR records from a DHCP server providing IPv6 addresses?

I have setup a development environment in which I have two configurations. One for IPv4 (dhcpd.conf) and one for IPv6 (dhcpd6.conf). The two config files are as identical as they can be. When I serve IPv4, DNS gets updated, but when I serve IPv6, I it doesn't. I've tried debugging the code and set various breakpoints to see if I can find out what is going on, but I just don't have enough experience with programming and don't know enough about the program itself to get very far. I'm using isc-dhcp 4.3.5 that I compiled from source. Here is what I've setup in my dev environment:

IPv6 configuration:

    ###############
    # DHCPD6.CONF #
    ###############
    authoritative;

    option            dhcp6.domain-search    "appendata.net";
    option            dhcp6.name-servers    fc01::a1;
    default-lease-time    86400;
    max-lease-time        604800;

    log-facility        local7;

    ddns-updates        on;
    ddns-update-style    standard;
    ddns-domainname        "appendata.net.";
    ddns-rev-domainname    "ip6.arpa.";
    do-forward-updates    on;
    deny            client-updates;
    update-static-leases    on;
    update-optimization    off;

    include            "/etc/keys/Kddns-aaaa-rrs.+157+02940.private";
    include            "/etc/keys/Kddns-ptr-rrs.+157+36566.private";

    zone appendata.net. {
        primary6    fc01::a1;
        key                "ddns-aaaa-rrs";
    }
    zone 0.0.0.0.0.0.0.0.0.0.0.0.1.0.c.f.ip6.arpa. {
        primary6    fc01::a1;
        key                "ddns-ptr-rrs";
    }

    subnet6 fc01::/64 {
        default-lease-time    604800;
        max-lease-time        2419200;

        pool6 {
            range6 fc01::1:0:0:0/80;
        }
    }

    #########################
    # NAMED.CONF.LOCAL (IPV6) #
    #########################
    //
    // Do any local configuration here
    //

    // Consider adding the 1918 zones here, if they are not used in your
    // organization
    include "/etc/bind/zones.rfc1918";
    include "/etc/bind/Kddns-aaaa-rrs.+157+02940.private";
    include "/etc/bind/Kddns-ptr-rrs.+157+36566.private";

    zone "appendata.net" in {
        type master;
        notify no;
        file "/var/lib/bind/db.appendata.net";
        allow-update {
            key ddns-aaaa-rrs;
        };
    };

    zone "0.0.0.0.0.0.0.0.0.0.0.0.1.0.c.f.ip6.arpa" in {
        type master;
        notify no;
        file "/var/lib/bind/db.fc01.0000.0000.0000";
        allow-update {
            key ddns-ptr-rrs;
        };
    };

I then start the DHCPv6 server:

    root@dhcp01:~# dhcpd -6 -cf /etc/dhcp/dhcpd6.conf -lf /var/lib/dhcp/dhcpd6.leases -pf /run/dhcpd6.pid

I have a test client as well. I issue the following command on the client:

    $ dhclient -6 -cf /etc/dhcp/dhclient.conf -lf /var/lib/dhcp/dhclient6.leases

And this is what I see from the DHCPv6 server:

    [...]
    Server starting service.
    Solicit message from fe80::a00:27ff:fefc:35fa port 546, transaction ID 0xC9E2BF00
    Picking pool address fc01::1:a9f1:2990:24b9
    Advertise NA: address fc01::1:a9f1:2990:24b9 to client with duid 00:01:00:01:21:0f:82:c6:08:00:27:fc:35:fa iaid = 670840314 valid for 604800 seconds
    Sending Advertise to fe80::a00:27ff:fefc:35fa port 546
    Request message from fe80::a00:27ff:fefc:35fa port 546, transaction ID 0x14153D00
    Reply NA: address fc01::1:a9f1:2990:24b9 to client with duid 00:01:00:01:21:0f:82:c6:08:00:27:fc:35:fa iaid = 670840314 valid for 604800 seconds
    Sending Reply to fe80::a00:27ff:fefc:35fa port 546

The DHCP server is working just fine in the sense that it hands out addresses, but it never updates DNS. When I sniff the wire, there isn't a single packet that the DHCP server sends to the DNS server. I also have the DNS server log set to DEBUG, I don't ever see anything in the log. Now when I start my DHCP server using my IPv4 configuration, DHCP updates the DNS server. I only have minor change between the configuration files.

    ##############
    # DHCPD.CONF #
    ##############
    authoritative;

    option            domain-name    "appendata.net";
    option            domain-name-servers    172.16.0.2;
    default-lease-time    86400;
    max-lease-time        604800;

    log-facility        local7;

    ddns-updates        on;
    ddns-update-style    standard;
    ddns-domainname        "appendata.net.";
    ddns-rev-domainname    "in-addr.arpa.";
    do-forward-updates    on;
    deny            client-updates;
    update-static-leases    on;
    update-optimization    off;

    include            "/etc/keys/Kddns-a-rrs.+157+41383.private";
    include            "/etc/keys/Kddns-ptr-rrs.+157+36566.private";

    zone appendata.net. {
        primary        172.16.0.2;
        key             "ddns-a-rrs";
    }
    zone 0.16.172.in-addr.arpa. {
        primary        172.16.0.2;
        key             "ddns-ptr-rrs";
    }

    subnet 172.16.0.0 netmask 255.255.255.0 {
        default-lease-time    604800;
        max-lease-time        2419200;

        pool {
            range 172.16.0.10 172.16.0.20;
        }
    }

    #########################
    # NAMED.CONF.LOCAL (IPV4) #
    #########################
    //
    // Do any local configuration here
    //

    // Consider adding the 1918 zones here, if they are not used in your
    // organization
    include "/etc/bind/zones.rfc1918";
    include "/etc/bind/Kddns-a-rrs.+157+41383.private";
    include "/etc/bind/Kddns-ptr-rrs.+157+36566.private";

    zone "appendata.net" in {
        type master;
        notify no;
        file "/var/lib/bind/db.appendata.net";
        allow-update {
            key "ddns-a-rrs";
        };
    };

    zone "0.16.172.in-addr.arpa" in {
        type master;
        notify no;
        file "/var/lib/bind/db.172.16.0";
        allow-update {
            key "ddns-ptr-rrs";
        };
    };

I start the DHCP server then run the client again. However, this time I can see that A and PTR records are getting updated:

    $ dhcpd -4 -cf /etc/dhcp/dhcpd.conf -lf /var/lib/dhcp/dhcpd.leases -pf /run/dhcpd.pid

    $ dhclient -4 -cf /etc/dhcp/dhclient.conf -lf /var/lib/dhcp/dhclient.leases

Here is the output from the DHCP server:

    [...]
    Server starting service.
    DHCPDISCOVER from 08:00:27:05:95:af via enp0s8
    Ping timeout: 1
    DHCPOFFER on 172.16.0.10 to 08:00:27:05:95:af (dhcpclient01) via enp0s8
    DHCPREQUEST for 172.16.0.10 (172.16.0.3) from 08:00:27:05:95:af (dhcpclient01) via enp0s8
    DHCPACK on 172.16.0.10 to 08:00:27:05:95:af (dhcpclient01) via enp0s8
    Added new forward map from dhcpclient01.appendata.net. to 172.16.0.10
    Added reverse map from 10.0.16.172.in-addr.arpa. to dhcpclient01.appendata.net

And from the DNS log:

    Jul 29 13:34:11 dns01 named[3432]: update-security: info: client 172.16.0.3#20083/key ddns-a-rrs: signer "ddns-a-rrs" approved
    Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-a-rrs: updating zone 'appendata.net/IN': deleting rrset at 'dhcpclient01.appendata.net' A
    Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-a-rrs: updating zone 'appendata.net/IN': adding an RR at 'dhcpclient01.appendata.net' A 172.16.0.10
    Jul 29 13:34:11 dns01 named[3432]: update-security: info: client 172.16.0.3#20083/key ddns-ptr-rrs: signer "ddns-ptr-rrs" approved
    Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-ptr-rrs: updating zone '0.16.172.in-addr.arpa/IN': deleting rrset at '10.0.16.172.in-addr.arpa' PTR
    Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-ptr-rrs: updating zone '0.16.172.in-addr.arpa/IN': adding an RR at '10.0.16.172.in-addr.arpa' PTR dhcpclient01.appendata.net.

I'm just not sure what I'm missing here. To me it looks like DNS server's can be updated from DHCPv6 servers. Any help would be much appreciated.

Thanks,
Joshua Schaeffer
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Bill Shirley-2
Reply | Threaded
Open this post in threaded view
|

Re: DHCPv6 isn't updating DNS

Bill Shirley-2
I'm a bit confused because you appear to have two named.conf files, one for
IPv4 and one for IPv6.  I only have one DNS server which handles both IPv4
and IPv6.  My DHCP and DNS services run on the same machine.  I have:
key DHCP_UPDATER                { algorithm hmac-md5;    secret <the_secret>; };
zone lan.example.com.            { primary 127.0.0.1;    key DHCP_UPDATER; }
Note the 127.0.0.1 for both IPv4 and IPv6.

I did have to set (in both dhcpd.conf):
update-conflict-detection    off;
to enable both DHCPs to update the DNS.

Bill

On 7/29/2017 3:57 PM, Joshua Schaeffer wrote:
TL;DR
Sorry for the long email, but I'm having a very hard time getting my DHCP server that is setup to provide IPv6 address to update my DNS server. It seems that isc-dhcp doesn't have the functionality to do this. Is this a limitation of the protocol? I've read through the man pages for dhcpd, dhcpd.conf, dhcp-options, dhcp-eval, dhclient, and dhclient.conf as well as RFC 3315 and snippets of other RFC's related to DHCPv6 and IPv6. As far I can tell this should be possible, but maybe I'm missing something obvious. Does anybody have a working DHCPv6 server that is properly updating AAAA and PTR records? Full description of my issue is below.

-------------------------------------------------------

I've been running into a problem with getting my DHCPv6 server to update my DNS server and been asking around on how to fix this or what I have done wrong in my configuration, but so far I haven't been able to get this resolved. I've tried numerous settings and configuration changes, but nothing seems to work. When I have my DHCP server providing IPv6 addresses, it seems that the DHCP server never even attempts to communicate with the DNS server to update the AAAA and PTR records. Perhaps I'm missing something about the functionality between DHCPv6 and DNS. Is it possible to update DNS AAAA and PTR records from a DHCP server providing IPv6 addresses?

I have setup a development environment in which I have two configurations. One for IPv4 (dhcpd.conf) and one for IPv6 (dhcpd6.conf). The two config files are as identical as they can be. When I serve IPv4, DNS gets updated, but when I serve IPv6, I it doesn't. I've tried debugging the code and set various breakpoints to see if I can find out what is going on, but I just don't have enough experience with programming and don't know enough about the program itself to get very far. I'm using isc-dhcp 4.3.5 that I compiled from source. Here is what I've setup in my dev environment:

IPv6 configuration:

    ###############
    # DHCPD6.CONF #
    ###############
    authoritative;

    option            dhcp6.domain-search    "appendata.net";
    option            dhcp6.name-servers    fc01::a1;
    default-lease-time    86400;
    max-lease-time        604800;

    log-facility        local7;

    ddns-updates        on;
    ddns-update-style    standard;
    ddns-domainname        "appendata.net.";
    ddns-rev-domainname    "ip6.arpa.";
    do-forward-updates    on;
    deny            client-updates;
    update-static-leases    on;
    update-optimization    off;

    include            "/etc/keys/Kddns-aaaa-rrs.+157+02940.private";
    include            "/etc/keys/Kddns-ptr-rrs.+157+36566.private";

    zone appendata.net. {
        primary6    fc01::a1;
        key                "ddns-aaaa-rrs";
    }
    zone 0.0.0.0.0.0.0.0.0.0.0.0.1.0.c.f.ip6.arpa. {
        primary6    fc01::a1;
        key                "ddns-ptr-rrs";
    }

    subnet6 fc01::/64 {
        default-lease-time    604800;
        max-lease-time        2419200;

        pool6 {
            range6 fc01::1:0:0:0/80;
        }
    }

    #########################
    # NAMED.CONF.LOCAL (IPV6) #
    #########################
    //
    // Do any local configuration here
    //

    // Consider adding the 1918 zones here, if they are not used in your
    // organization
    include "/etc/bind/zones.rfc1918";
    include "/etc/bind/Kddns-aaaa-rrs.+157+02940.private";
    include "/etc/bind/Kddns-ptr-rrs.+157+36566.private";

    zone "appendata.net" in {
        type master;
        notify no;
        file "/var/lib/bind/db.appendata.net";
        allow-update {
            key ddns-aaaa-rrs;
        };
    };

    zone "0.0.0.0.0.0.0.0.0.0.0.0.1.0.c.f.ip6.arpa" in {
        type master;
        notify no;
        file "/var/lib/bind/db.fc01.0000.0000.0000";
        allow-update {
            key ddns-ptr-rrs;
        };
    };

I then start the DHCPv6 server:

    root@dhcp01:~# dhcpd -6 -cf /etc/dhcp/dhcpd6.conf -lf /var/lib/dhcp/dhcpd6.leases -pf /run/dhcpd6.pid

I have a test client as well. I issue the following command on the client:

    $ dhclient -6 -cf /etc/dhcp/dhclient.conf -lf /var/lib/dhcp/dhclient6.leases

And this is what I see from the DHCPv6 server:

    [...]
    Server starting service.
    Solicit message from fe80::a00:27ff:fefc:35fa port 546, transaction ID 0xC9E2BF00
    Picking pool address fc01::1:a9f1:2990:24b9
    Advertise NA: address fc01::1:a9f1:2990:24b9 to client with duid 00:01:00:01:21:0f:82:c6:08:00:27:fc:35:fa iaid = 670840314 valid for 604800 seconds
    Sending Advertise to fe80::a00:27ff:fefc:35fa port 546
    Request message from fe80::a00:27ff:fefc:35fa port 546, transaction ID 0x14153D00
    Reply NA: address fc01::1:a9f1:2990:24b9 to client with duid 00:01:00:01:21:0f:82:c6:08:00:27:fc:35:fa iaid = 670840314 valid for 604800 seconds
    Sending Reply to fe80::a00:27ff:fefc:35fa port 546

The DHCP server is working just fine in the sense that it hands out addresses, but it never updates DNS. When I sniff the wire, there isn't a single packet that the DHCP server sends to the DNS server. I also have the DNS server log set to DEBUG, I don't ever see anything in the log. Now when I start my DHCP server using my IPv4 configuration, DHCP updates the DNS server. I only have minor change between the configuration files.

    ##############
    # DHCPD.CONF #
    ##############
    authoritative;

    option            domain-name    "appendata.net";
    option            domain-name-servers    172.16.0.2;
    default-lease-time    86400;
    max-lease-time        604800;

    log-facility        local7;

    ddns-updates        on;
    ddns-update-style    standard;
    ddns-domainname        "appendata.net.";
    ddns-rev-domainname    "in-addr.arpa.";
    do-forward-updates    on;
    deny            client-updates;
    update-static-leases    on;
    update-optimization    off;

    include            "/etc/keys/Kddns-a-rrs.+157+41383.private";
    include            "/etc/keys/Kddns-ptr-rrs.+157+36566.private";

    zone appendata.net. {
        primary        172.16.0.2;
        key             "ddns-a-rrs";
    }
    zone 0.16.172.in-addr.arpa. {
        primary        172.16.0.2;
        key             "ddns-ptr-rrs";
    }

    subnet 172.16.0.0 netmask 255.255.255.0 {
        default-lease-time    604800;
        max-lease-time        2419200;

        pool {
            range 172.16.0.10 172.16.0.20;
        }
    }

    #########################
    # NAMED.CONF.LOCAL (IPV4) #
    #########################
    //
    // Do any local configuration here
    //

    // Consider adding the 1918 zones here, if they are not used in your
    // organization
    include "/etc/bind/zones.rfc1918";
    include "/etc/bind/Kddns-a-rrs.+157+41383.private";
    include "/etc/bind/Kddns-ptr-rrs.+157+36566.private";

    zone "appendata.net" in {
        type master;
        notify no;
        file "/var/lib/bind/db.appendata.net";
        allow-update {
            key "ddns-a-rrs";
        };
    };

    zone "0.16.172.in-addr.arpa" in {
        type master;
        notify no;
        file "/var/lib/bind/db.172.16.0";
        allow-update {
            key "ddns-ptr-rrs";
        };
    };

I start the DHCP server then run the client again. However, this time I can see that A and PTR records are getting updated:

    $ dhcpd -4 -cf /etc/dhcp/dhcpd.conf -lf /var/lib/dhcp/dhcpd.leases -pf /run/dhcpd.pid

    $ dhclient -4 -cf /etc/dhcp/dhclient.conf -lf /var/lib/dhcp/dhclient.leases

Here is the output from the DHCP server:

    [...]
    Server starting service.
    DHCPDISCOVER from 08:00:27:05:95:af via enp0s8
    Ping timeout: 1
    DHCPOFFER on 172.16.0.10 to 08:00:27:05:95:af (dhcpclient01) via enp0s8
    DHCPREQUEST for 172.16.0.10 (172.16.0.3) from 08:00:27:05:95:af (dhcpclient01) via enp0s8
    DHCPACK on 172.16.0.10 to 08:00:27:05:95:af (dhcpclient01) via enp0s8
    Added new forward map from dhcpclient01.appendata.net. to 172.16.0.10
    Added reverse map from 10.0.16.172.in-addr.arpa. to dhcpclient01.appendata.net

And from the DNS log:

    Jul 29 13:34:11 dns01 named[3432]: update-security: info: client 172.16.0.3#20083/key ddns-a-rrs: signer "ddns-a-rrs" approved
    Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-a-rrs: updating zone 'appendata.net/IN': deleting rrset at 'dhcpclient01.appendata.net' A
    Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-a-rrs: updating zone 'appendata.net/IN': adding an RR at 'dhcpclient01.appendata.net' A 172.16.0.10
    Jul 29 13:34:11 dns01 named[3432]: update-security: info: client 172.16.0.3#20083/key ddns-ptr-rrs: signer "ddns-ptr-rrs" approved
    Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-ptr-rrs: updating zone '0.16.172.in-addr.arpa/IN': deleting rrset at '10.0.16.172.in-addr.arpa' PTR
    Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-ptr-rrs: updating zone '0.16.172.in-addr.arpa/IN': adding an RR at '10.0.16.172.in-addr.arpa' PTR dhcpclient01.appendata.net.

I'm just not sure what I'm missing here. To me it looks like DNS server's can be updated from DHCPv6 servers. Any help would be much appreciated.

Thanks,
Joshua Schaeffer
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Joshua Schaeffer
Reply | Threaded
Open this post in threaded view
|

Re: DHCPv6 isn't updating DNS

Joshua Schaeffer
On 07/30/2017 06:53 AM, Bill Shirley wrote:
I'm a bit confused because you appear to have two named.conf files, one for
IPv4 and one for IPv6.  I only have one DNS server which handles both IPv4
and IPv6.  My DHCP and DNS services run on the same machine.  I have:
key DHCP_UPDATER                { algorithm hmac-md5;    secret <the_secret>; };
zone lan.example.com.            { primary 127.0.0.1;    key DHCP_UPDATER; }
Note the 127.0.0.1 for both IPv4 and IPv6.

Yes, I do have two config files, but only for comparison/testing purposes. I actually only need DHCPv6, but because I couldn't get it to work, I wanted to see if I could get it to work with IPv4 (which I can). So when I use the IPv4 config file, I run dhcpd with -4 and when I run the IPv6 config file I run dhcpd with -6. So when you say you have both IPv4 and 6 running on the same server, do you mean two instances of dhcpd on the same server? It was my understanding that you can't run the same instance of dhcpd for both IPv4 and 6. The man page seems to indicate this:

    -4     Run as a DHCP server. This is the default and cannot be combined with -6.
    -6     Run as a DHCPv6 server. This cannot be combined with -4.


I did have to set (in both dhcpd.conf):
update-conflict-detection    off;
to enable both DHCPs to update the DNS.

I'll give this option a try, thanks.

Joshua Schaeffer

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Philippe Clérié
Reply | Threaded
Open this post in threaded view
|

Re: DHCPv6 isn't updating DNS

Philippe Clérié
In reply to this post by Joshua Schaeffer
On 07/29/2017 03:57 PM, Joshua Schaeffer wrote:

> TL;DR
> Sorry for the long email, but I'm having a very hard time getting my DHCP server that is setup to provide IPv6 address to update my DNS server. It seems that isc-dhcp doesn't have the functionality to do this. Is this a limitation of the protocol? I've read through the man pages for dhcpd, dhcpd.conf, dhcp-options, dhcp-eval, dhclient, and dhclient.conf as well as RFC 3315 and snippets of other RFC's related to DHCPv6 and IPv6. As far I can tell this should be possible, but maybe I'm missing something obvious. Does anybody have a working DHCPv6 server that is properly updating AAAA and PTR records? Full description of my issue is below.
>
> -------------------------------------------------------
>
> I've been running into a problem with getting my DHCPv6 server to update my DNS server and been asking around on how to fix this or what I have done wrong in my configuration, but so far I haven't been able to get this resolved. I've tried numerous settings and configuration changes, but nothing seems to work. When I have my DHCP server providing IPv6 addresses, it seems that the DHCP server never even attempts to communicate with the DNS server to update the AAAA and PTR records. Perhaps I'm missing something about the functionality between DHCPv6 and DNS. Is it possible to update DNS AAAA and PTR records from a DHCP server providing IPv6 addresses?
>
> I have setup a development environment in which I have two configurations. One for IPv4 (dhcpd.conf) and one for IPv6 (dhcpd6.conf). The two config files are as identical as they can be. When I serve IPv4, DNS gets updated, but when I serve IPv6, I it doesn't. I've tried debugging the code and set various breakpoints to see if I can find out what is going on, but I just don't have enough experience with programming and don't know enough about the program itself to get very far. I'm using isc-dhcp 4.3.5 that I compiled from source. Here is what I've setup in my dev environment:
>
> IPv6 configuration:
>
>      ###############
>      # DHCPD6.CONF #
>      ###############
>      authoritative;
>
>      option            dhcp6.domain-search    "appendata.net";
>      option            dhcp6.name-servers    fc01::a1;
>      default-lease-time    86400;
>      max-lease-time        604800;
>
>      log-facility        local7;
>
>      ddns-updates        on;
>      ddns-update-style    standard;
>      ddns-domainname        "appendata.net.";
>      ddns-rev-domainname    "ip6.arpa.";
>      do-forward-updates    on;
>      deny            client-updates;
>      update-static-leases    on;
>      update-optimization    off;
>
>      include            "/etc/keys/Kddns-aaaa-rrs.+157+02940.private";
>      include            "/etc/keys/Kddns-ptr-rrs.+157+36566.private";
>
>      zone appendata.net. {
>          primary6    fc01::a1;
>          key                "ddns-aaaa-rrs";
>      }
>      zone 0.0.0.0.0.0.0.0.0.0.0.0.1.0.c.f.ip6.arpa. {
>          primary6    fc01::a1;
>          key                "ddns-ptr-rrs";
>      }
>
>      subnet6 fc01::/64 {
>          default-lease-time    604800;
>          max-lease-time        2419200;
>
>          pool6 {
>              range6 fc01::1:0:0:0/80;
>          }
>      }
>
>      #########################
>      # NAMED.CONF.LOCAL (IPV6) #
>      #########################
>      //
>      // Do any local configuration here
>      //
>
>      // Consider adding the 1918 zones here, if they are not used in your
>      // organization
>      include "/etc/bind/zones.rfc1918";
>      include "/etc/bind/Kddns-aaaa-rrs.+157+02940.private";
>      include "/etc/bind/Kddns-ptr-rrs.+157+36566.private";
>
>      zone "appendata.net" in {
>          type master;
>          notify no;
>          file "/var/lib/bind/db.appendata.net";
>          allow-update {
>              key ddns-aaaa-rrs;
>          };
>      };
>
>      zone "0.0.0.0.0.0.0.0.0.0.0.0.1.0.c.f.ip6.arpa" in {
>          type master;
>          notify no;
>          file "/var/lib/bind/db.fc01.0000.0000.0000";
>          allow-update {
>              key ddns-ptr-rrs;
>          };
>      };
>
> I then start the DHCPv6 server:
>
>      root@dhcp01:~# dhcpd -6 -cf /etc/dhcp/dhcpd6.conf -lf /var/lib/dhcp/dhcpd6.leases -pf /run/dhcpd6.pid
>
> I have a test client as well. I issue the following command on the client:
>
>      $ dhclient -6 -cf /etc/dhcp/dhclient.conf -lf /var/lib/dhcp/dhclient6.leases
>
> And this is what I see from the DHCPv6 server:
>
>      [...]
>      Server starting service.
>      Solicit message from fe80::a00:27ff:fefc:35fa port 546, transaction ID 0xC9E2BF00
>      Picking pool address fc01::1:a9f1:2990:24b9
>      Advertise NA: address fc01::1:a9f1:2990:24b9 to client with duid 00:01:00:01:21:0f:82:c6:08:00:27:fc:35:fa iaid = 670840314 valid for 604800 seconds
>      Sending Advertise to fe80::a00:27ff:fefc:35fa port 546
>      Request message from fe80::a00:27ff:fefc:35fa port 546, transaction ID 0x14153D00
>      Reply NA: address fc01::1:a9f1:2990:24b9 to client with duid 00:01:00:01:21:0f:82:c6:08:00:27:fc:35:fa iaid = 670840314 valid for 604800 seconds
>      Sending Reply to fe80::a00:27ff:fefc:35fa port 546
>
> The DHCP server is working just fine in the sense that it hands out addresses, but it never updates DNS. When I sniff the wire, there isn't a single packet that the DHCP server sends to the DNS server. I also have the DNS server log set to DEBUG, I don't ever see anything in the log. Now when I start my DHCP server using my IPv4 configuration, DHCP updates the DNS server. I only have minor change between the configuration files.
>
>      ##############
>      # DHCPD.CONF #
>      ##############
>      authoritative;
>
>      option            domain-name    "appendata.net";
>      option            domain-name-servers    172.16.0.2;
>      default-lease-time    86400;
>      max-lease-time        604800;
>
>      log-facility        local7;
>
>      ddns-updates        on;
>      ddns-update-style    standard;
>      ddns-domainname        "appendata.net.";
>      ddns-rev-domainname    "in-addr.arpa.";
>      do-forward-updates    on;
>      deny            client-updates;
>      update-static-leases    on;
>      update-optimization    off;
>
>      include            "/etc/keys/Kddns-a-rrs.+157+41383.private";
>      include            "/etc/keys/Kddns-ptr-rrs.+157+36566.private";
>
>      zone appendata.net. {
>          primary        172.16.0.2;
>          key             "ddns-a-rrs";
>      }
>      zone 0.16.172.in-addr.arpa. {
>          primary        172.16.0.2;
>          key             "ddns-ptr-rrs";
>      }
>
>      subnet 172.16.0.0 netmask 255.255.255.0 {
>          default-lease-time    604800;
>          max-lease-time        2419200;
>
>          pool {
>              range 172.16.0.10 172.16.0.20;
>          }
>      }
>
>      #########################
>      # NAMED.CONF.LOCAL (IPV4) #
>      #########################
>      //
>      // Do any local configuration here
>      //
>
>      // Consider adding the 1918 zones here, if they are not used in your
>      // organization
>      include "/etc/bind/zones.rfc1918";
>      include "/etc/bind/Kddns-a-rrs.+157+41383.private";
>      include "/etc/bind/Kddns-ptr-rrs.+157+36566.private";
>
>      zone "appendata.net" in {
>          type master;
>          notify no;
>          file "/var/lib/bind/db.appendata.net";
>          allow-update {
>              key "ddns-a-rrs";
>          };
>      };
>
>      zone "0.16.172.in-addr.arpa" in {
>          type master;
>          notify no;
>          file "/var/lib/bind/db.172.16.0";
>          allow-update {
>              key "ddns-ptr-rrs";
>          };
>      };
>
> I start the DHCP server then run the client again. However, this time I can see that A and PTR records are getting updated:
>
>      $ dhcpd -4 -cf /etc/dhcp/dhcpd.conf -lf /var/lib/dhcp/dhcpd.leases -pf /run/dhcpd.pid
>
>      $ dhclient -4 -cf /etc/dhcp/dhclient.conf -lf /var/lib/dhcp/dhclient.leases
>
> Here is the output from the DHCP server:
>
>      [...]
>      Server starting service.
>      DHCPDISCOVER from 08:00:27:05:95:af via enp0s8
>      Ping timeout: 1
>      DHCPOFFER on 172.16.0.10 to 08:00:27:05:95:af (dhcpclient01) via enp0s8
>      DHCPREQUEST for 172.16.0.10 (172.16.0.3) from 08:00:27:05:95:af (dhcpclient01) via enp0s8
>      DHCPACK on 172.16.0.10 to 08:00:27:05:95:af (dhcpclient01) via enp0s8
>      Added new forward map from dhcpclient01.appendata.net. to 172.16.0.10
>      Added reverse map from 10.0.16.172.in-addr.arpa. to dhcpclient01.appendata.net
>
> And from the DNS log:
>
>      Jul 29 13:34:11 dns01 named[3432]: update-security: info: client 172.16.0.3#20083/key ddns-a-rrs: signer "ddns-a-rrs" approved
>      Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-a-rrs: updating zone 'appendata.net/IN': deleting rrset at 'dhcpclient01.appendata.net' A
>      Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-a-rrs: updating zone 'appendata.net/IN': adding an RR at 'dhcpclient01.appendata.net' A 172.16.0.10
>      Jul 29 13:34:11 dns01 named[3432]: update-security: info: client 172.16.0.3#20083/key ddns-ptr-rrs: signer "ddns-ptr-rrs" approved
>      Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-ptr-rrs: updating zone '0.16.172.in-addr.arpa/IN': deleting rrset at '10.0.16.172.in-addr.arpa' PTR
>      Jul 29 13:34:11 dns01 named[3432]: update: info: client 172.16.0.3#20083/key ddns-ptr-rrs: updating zone '0.16.172.in-addr.arpa/IN': adding an RR at '10.0.16.172.in-addr.arpa' PTR dhcpclient01.appendata.net.
>
> I'm just not sure what I'm missing here. To me it looks like DNS server's can be updated from DHCPv6 servers. Any help would be much appreciated.
>
> Thanks,
> Joshua Schaeffer
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
>

I also have the same problem. In fact, I posted about it:

https://lists.isc.org/pipermail/dhcp-users/2015-June/018952.html

In my case though it's only the static leases. Dynamic addresses update
just fine. Eventually I quit trying and used static records when needed.
I kept the configuration to get some warning if/when some update has it
working.

--
Philippe

------
The trouble with common sense it that it is so uncommon.
<Anonymous>
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Joshua Schaeffer
Reply | Threaded
Open this post in threaded view
|

Re: DHCPv6 isn't updating DNS

Joshua Schaeffer


On 08/12/2017 04:51 AM, Philippe Clérié wrote:

I also have the same problem. In fact, I posted about it:

https://lists.isc.org/pipermail/dhcp-users/2015-June/018952.html

In my case though it's only the static leases. Dynamic addresses update just fine. Eventually I quit trying and used static records when needed. I kept the configuration to get some warning if/when some update has it working.


I ended up figuring this out. The client was not send the fqdn.fqdn. Apparently this is required. I was using Ubuntu 16.04 and in the past this option was send by default from dhclient, however due to bug 1604617 it was no longer being sent. The only place I could find a reference to option 39 (fqdn) being required is in Kea's documentation (of which I was trying to switch over to because of this problem). Once I manually set fqdn.fqdn in dhclient.conf on my test client ISC DHCP updated the DNS records. There was nothing wrong with the server setup at all.

I haven't tried updating static leases yet, as I've just being setting static addresses on the hosts' themselves. Of course you would need the "update-static-leases" option set to on in order to update them through DHCP.

Perhaps I just missed the sections in the man pages or in the RFC's about requiring option 39 from the client in order to update DNS, but even if I did its moot at this point.

Thanks,
Joshua Schaeffer

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Free forum by Nabble Edit this page