Problem updating DNS with DHCP.

[baldychap]

Hello All,

I have searched the 'net far and wide to find the 'right' way to configure a DHCP and DNS server (using dhcp3 and bind9) I've got the servers working, to a degree, but cannot get the dhcp server to update the dns with details of new clients.

I have used the very helpful pdf at http://www.realmtech.net/documents/DynamicDNS.pdf and also some information from howto: Dynamic DNS and DHCP dual servers with failover - Ubuntu Forums to get where I am today and my named.conf.options is:-

Code:

include "/etc/bind/rndc.key";
options {
  directory "/var/cache/bind";
  forwarders {
	212.159.13.49;
        212.159.13.50;
  };
  auth-nxdomain no;
};
controls {
  inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
zone "example.com" {
  type master;
  file "/etc/bind/zones/example.com.db";
  allow-update { key "rndc-key"; };
};
zone "1.168.192.in-addr.arpa" {
     type master;
     file "/etc/bind/zones/rev.1.168.192.in-addr.arpa";
  allow-update { key "rndc-key"; };
};

and my dhcpd.conf is:-

Code:

server-identifier 192.168.1.3;
authoritative;
ddns-domainname "example.com";
ddns-rev-domainname "rev.1.168.192.in-addr.arpa";
ddns-update-style interim;
include "/etc/dhcp3/rndc.key";
zone example.com. {
  primary 192.168.1.0;
  key rndc-key;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.30 192.168.1.99;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.1.255;
  option domain-name "example.com";
  one-lease-per-client on;
  default-lease-time 604800;
  max-lease-time 604800;
  # Gateways and DNS servers
  option routers 192.168.1.1;
  option domain-name-servers 192.168.1.3;
}

The problem can be seen in the daemon.log when a client requests a DHCP address from the server:-

Code:

Aug 13 00:03:53 nameserver named[1794]: starting BIND 9.4.1-P1.1 -u bind
Aug 13 00:03:53 nameserver named[1794]: found 1 CPU, using 1 worker thread
Aug 13 00:03:53 nameserver named[1794]: loading configuration from '/etc/bind/named.conf'
Aug 13 00:03:53 nameserver named[1794]: listening on IPv4 interface lo, 127.0.0.1#53
Aug 13 00:03:53 nameserver named[1794]: listening on IPv4 interface eth0, 192.168.1.3#53
Aug 13 00:03:53 nameserver named[1794]: listening on IPv4 interface vmnet8, 192.168.65.1#53
Aug 13 00:03:53 nameserver named[1794]: listening on IPv4 interface vmnet1, 192.168.81.1#53
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 254.169.IN-ADDR.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: D.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 8.E.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: 9.E.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: A.E.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: automatic empty zone: B.E.F.IP6.ARPA
Aug 13 00:03:53 nameserver named[1794]: command channel listening on 127.0.0.1#953
Aug 13 00:03:53 nameserver named[1794]: zone 0.in-addr.arpa/IN: loaded serial 1
Aug 13 00:03:53 nameserver named[1794]: zone 127.in-addr.arpa/IN: loaded serial 1
Aug 13 00:03:53 nameserver named[1794]: /etc/bind/zones/rev.1.168.192.in-addr.arpa:1: no TTL specified; using SOA MINTTL instead
Aug 13 00:03:53 nameserver named[1794]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2006081401
Aug 13 00:03:53 nameserver named[1794]: zone 255.in-addr.arpa/IN: loaded serial 1
Aug 13 00:03:53 nameserver named[1794]: zone localhost/IN: loaded serial 1
Aug 13 00:03:53 nameserver named[1794]: /etc/bind/zones/example.com.db:1: no TTL specified; using SOA MINTTL instead
Aug 13 00:03:53 nameserver named[1794]: zone example.com/IN: loaded serial 2006081402
Aug 13 00:03:53 nameserver named[1794]: running
Aug 13 00:04:13 nameserver dhcpd: DHCPRELEASE of 192.168.1.66 from 00:08:74:9d:ec:d5 (clienthostname) via eth0 (found)
Aug 13 00:04:14 nameserver dhcpd: DHCPDISCOVER from 00:08:74:9d:ec:d5 via eth0
Aug 13 00:04:15 nameserver dhcpd: DHCPOFFER on 192.168.1.66 to 00:08:74:9d:ec:d5 (clienthostname) via eth0
Aug 13 00:04:15 nameserver dhcpd: Unable to add forward map from clienthostname.example.com to 192.168.1.66: connection refused
Aug 13 00:04:15 nameserver dhcpd: DHCPREQUEST for 192.168.1.66 (192.168.1.3) from 00:08:74:9d:ec:d5 (clienthostname) via eth0
Aug 13 00:04:15 nameserver dhcpd: DHCPACK on 192.168.1.66 to 00:08:74:9d:ec:d5 (clienthostname) via eth0

The problem being "nameserver dhcpd: Unable to add forward map from clienthostname.example.com to 192.168.1.66: connection refused".

Does anyone know why permission is being refused? I've made sure that the bind group has read/write access on the /etc/bind directory and that the dchpd group has read/write access on the /etc/dhcp3 directory. I presume it's a problem with the keys, but I can't see where it is!

Any help would be gratefully received. I've searched the web/forums for advice and have not found anything, so apologies if this has been answered elsewhere

Kind Regards,

Baldychap.

[jledhead]

I don't have lots of experience on this but the only thing I can see is the order of your named.conf file. I don't know if order matters here but it sometimes does. it seems like this line

Code:

controls {
  inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};

is always first

here is another guide
Configuring Dynamic DNS & DHCP on Debian Stable

[baldychap]

Thanks for the tip. I've moved it to the start. Restarted the DHCP and BIND processes and unfortunately the problem remains. Thanks for the link, I'll look through that next