codc
/dev/null
Hallo, mal wieder ein Problem - diesmal mit DynDNS und DHCP. Ich habe auf einem Server versucht den dhcpd und den named zu konfigurieren. Dabei soll der dhcpd
die DNS-Datenbank updaten. Der Server hat eine NIC (192.168.0.22 static) und eine Wlan-Karte (192.168.1.1 static). IP-Forwarding ist aktiv. Die Clients in beiden Subnetzen können sich anpingen. Der DHCP verteilt auch die IPs. Der DNS lässt sich sauber über rndc steuern. Nun das Problem das eigentliche dynamische Updaten der DNS-Datenbank funktioniert einfach nicht.
Hat jemand eine Idee ? Folgende Vorgehensweise, Konfigurationsdateien und relevanten Log-Auszüge habe ich auf dem Server.
Der Schlüssel wurde erzeugt mit "dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER"
Erzeugt werden zwei Files Kdhcp_updater.xxxxxxxxxx.private und Kdhcp_updater.xxxxxxxxxx.key.
hier das relevante .private - File:
Folgende /etc/dhcpd.conf wurde erstellt:
/var/log/messages beim starten der Server named und dhcpd:
dhcp-Request auf eth0 (192.168.0.0/24):
die DNS-Datenbank updaten. Der Server hat eine NIC (192.168.0.22 static) und eine Wlan-Karte (192.168.1.1 static). IP-Forwarding ist aktiv. Die Clients in beiden Subnetzen können sich anpingen. Der DHCP verteilt auch die IPs. Der DNS lässt sich sauber über rndc steuern. Nun das Problem das eigentliche dynamische Updaten der DNS-Datenbank funktioniert einfach nicht.
Hat jemand eine Idee ? Folgende Vorgehensweise, Konfigurationsdateien und relevanten Log-Auszüge habe ich auf dem Server.
Der Schlüssel wurde erzeugt mit "dnssec-keygen -a HMAC-MD5 -b 128 -n USER DHCP_UPDATER"
Erzeugt werden zwei Files Kdhcp_updater.xxxxxxxxxx.private und Kdhcp_updater.xxxxxxxxxx.key.
hier das relevante .private - File:
Natürlich wird die wieder neu erstellt wenn alles funktioniert .Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: YAaDUtufuqe3i1fO650tXg==
Folgende /etc/dhcpd.conf wurde erstellt:
Und folgende /etc/named.conf:# /etc/dhcpd.conf
ddns-update-style interim;
ddns-domainname "domainname.cjb.net";
update-static-leases true;
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret YAaDUtufuqe3i1fO650tXg==;
}
zone domainname.cjb.net. {
primary 192.168.0.22;
key DHCP_UPDATER;
}
zone 0.168.192.in-addr.arpa.{
primary 192.168.0.22;
key DHCP_UPDATER;
}
zone 1.168.192.in-addr.arpa.{
primary 192.168.0.22;
key DHCP_UPDATER;
}
authoritative;
option subnet-mask 255.255.255.0;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.2 192.168.0.20;
option domain-name-servers 192.168.0.22, 192.168.0.1;
option routers 192.168.0.22;
option broadcast-address 192.168.0.255;
option subnet-mask 255.255.255.0;
default-lease-time 6000;
max-lease-time 7200;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.20;
option domain-name-servers 192.168.0.22, 192.168.0.1, 212.144.6.233;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
default-lease-time 600;
max-lease-time 7200;
}
## named.conf - configuration for bind
#
# /etc/named.conf
#
include "/etc/rndc.key";
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret "YAaDUtufuqe3i1fO650tXg==";
};
controls {
inet * allow { any; } keys { rndckey; };
};
options
{
directory "/var/named";
forwarders { };
forward first;
listen-on port 53 { 127.0.0.1;
192.168.0.22;
192.168.1.1; };
listen-on-v6 {none; };
query-source address * port 53;
#transfer-source * port 53;
#notify-source * port 53;
allow-query { 127.0.0.1;
192.168.0.0/24;
192.168.1.0/24; };
allow-transfer { none; };
cleaning-interval 120;
interface-interval 15;
notify no;
};
zone "localhost" in
{
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in
{
type master;
file "0.0.127.in-addr.arpa.zone";
};
zone "domainname.cjb.net" in
{
type master;
file "domainname.cjb.net.zone";
allow-update { key DHCP_UPDATER; };
};
zone "0.168.192.in-addr.arpa" in
{
type master;
file "0.168.192.in-addr.arpa.zone";
allow-update { key DHCP_UPDATER; };
};
zone "1.168.192.in-addr.arpa" in
{
type master;
file "1.168.192.in-addr.arpa.zone";
allow-update { key DHCP_UPDATER; };
};
zone "." in
{
type hint;
file "named.ca";
};
/var/log/messages beim starten der Server named und dhcpd:
Dann bei dhcp-Request auf wlan0 (192.168.1.0/24)Apr 15 11:14:14 Trillian named[2776]: starting BIND 9.2.1 -u named
Apr 15 11:14:14 Trillian named[2776]: using 1 CPU
Apr 15 11:14:14 Trillian named: named startup succeeded
Apr 15 11:14:14 Trillian named[2776]: loading configuration from '/etc/named.conf'
Apr 15 11:14:14 Trillian named[2776]: no IPv6 interfaces found
Apr 15 11:14:14 Trillian named[2776]: listening on IPv4 interface lo, 127.0.0.1#53
Apr 15 11:14:14 Trillian named[2776]: listening on IPv4 interface eth0, 192.168.0.22#53
Apr 15 11:14:14 Trillian named[2776]: listening on IPv4 interface wlan0, 192.168.1.1#53
Apr 15 11:14:14 Trillian named[2776]: /etc/named.conf:20: no forwarders seen; disabling forwarding
Apr 15 11:14:14 Trillian named[2776]: command channel listening on 0.0.0.0#953
Apr 15 11:14:14 Trillian named[2776]: zone 0.0.127.in-addr.arpa/IN: loaded serial 5
Apr 15 11:14:14 Trillian named[2776]: zone 0.168.192.in-addr.arpa/IN: loaded serial 13
Apr 15 11:14:14 Trillian named[2776]: zone 1.168.192.in-addr.arpa/IN: loaded serial 23
Apr 15 11:14:14 Trillian named[2776]: zone localhost/IN: loaded serial 1
Apr 15 11:14:14 Trillian named[2776]: zone domainname.cjb.net/IN: loaded serial 34
Apr 15 11:14:14 Trillian named[2776]: running
Apr 15 11:14:14 Trillian named[2776]: zone 0.168.192.in-addr.arpa/IN: sending notifies (serial 13)
Apr 15 11:14:14 Trillian named[2776]: zone 1.168.192.in-addr.arpa/IN: sending notifies (serial 23)
Apr 15 11:14:14 Trillian named[2776]: zone domainname.cjb.net/IN: sending notifies (serial 34)
Apr 15 11:14:25 Trillian dhcpd: Internet Software Consortium DHCP Server V3.0pl1Apr 15 11:14:25 Trillian dhcpd: Copyright 1995-2001 Internet Software Consortium.
Apr 15 11:14:25 Trillian dhcpd: All rights reserved.
Apr 15 11:14:25 Trillian dhcpd: For info, please visit http://www.isc.org/products/DHCP
Apr 15 11:14:25 Trillian dhcpd: Wrote 5 leases to leases file.
Apr 15 11:14:25 Trillian dhcpd: Multiple interfaces match the same subnet: eth0
ipsec0
Apr 15 11:14:25 Trillian dhcpd: Multiple interfaces match the same shared network: eth0 ipsec0
Apr 15 11:14:25 Trillian dhcpd: Listening on LPF/wlan0/00:09:5b:xx:xx:xx/192.168.1.0/24
Apr 15 11:14:25 Trillian dhcpd: Sending on LPF/wlan0/00:09:5b:xx:xx:xx/192.168.1.0/24
Apr 15 11:14:25 Trillian dhcpd: Listening on LPF/eth0/00:e0:7d:xx:xx:xx/192.168.0.0/24
Apr 15 11:14:25 Trillian dhcpd: Sending on LPF/eth0/00:e0:7d:xx:xx:xx/192.168.0.0/24
Apr 15 11:14:25 Trillian dhcpd: Sending on Socket/fallback/fallback-net
Apr 15 11:14:25 Trillian dhcpd: Internet Software Consortium DHCP Server V3.0pl1Apr 15 11:14:25 Trillian dhcpd: Copyright 1995-2001 Internet Software Consortium.
Apr 15 11:14:25 Trillian dhcpd: All rights reserved.
Apr 15 11:14:25 Trillian dhcpd: For info, please visit http://www.isc.org/products/DHCP
Apr 15 11:14:25 Trillian dhcpd: Wrote 5 leases to leases file.
Apr 15 11:14:25 Trillian dhcpd: Multiple interfaces match the same subnet: eth0
ipsec0
Apr 15 11:14:25 Trillian dhcpd: Multiple interfaces match the same shared network: eth0 ipsec0
Apr 15 11:14:25 Trillian dhcpd: Listening on LPF/wlan0/00:09:5b:xx:xx:xx/192.168.1.0/24
Apr 15 11:14:25 Trillian dhcpd: Sending on LPF/wlan0/00:09:5b:xx:xx:xx/192.168.1.0/24
Apr 15 11:14:25 Trillian dhcpd: Listening on LPF/eth0/00:e0:7d:xx:xx:xx/192.168.0.0/24
Apr 15 11:14:25 Trillian dhcpd: Sending on LPF/eth0/00:e0:7d:xx:xx:xx/192.168.0.0/24
Apr 15 11:14:25 Trillian dhcpd: Sending on Socket/fallback/fallback-net
Apr 15 11:14:25 Trillian dhcpd: dhcpd startup succeeded
Apr 15 11:17:54 Trillian dhcpd: DHCPACK on 192.168.1.19 to 00:04:23:xx:xx:xx (Magrathea) via wlan0
Apr 15 11:17:57 Trillian named[2776]: client 192.168.1.19#10967: update 'domainname.cjb.net/IN' denied
dhcp-Request auf eth0 (192.168.0.0/24):
Apr 15 11:21:31 Trillian named[2776]: client 192.168.0.22#32896: updating zone 'domainname.cjb.net/IN': update failed: 'name not in use' prerequisite not satisfied (YXDOMAIN)
Apr 15 11:21:31 Trillian dhcpd: if IN A zaphod.domainname.cjb.net domain doesn't exist add 3000 IN A zaphod.domainname.cjb.net 192.168.0.2 add 3000 IN TXT zaphod.domainname.cjb.net "31e16039786f3c6c5d6f063dc0c6153346": domain already
exists.
Apr 15 11:21:31 Trillian named[2776]: client 192.168.0.22#32896: updating zone 'domainname.cjb.net/IN': update failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Apr 15 11:21:31 Trillian dhcpd: if IN TXT zaphod.domainname.cjb.net "31e16039786f3c6c5d6f063dc0c6153346" rrset exists delete IN A zaphod.domainname.cjb.net
add 3000 IN A zaphod.domainname.cjb.net 192.168.0.2: no such RRset.
Apr 15 11:21:31 Trillian dhcpd: DHCPREQUEST for 192.168.0.2 from 00:20:ed:xx:xx:xx (zaphod) via eth0
Apr 15 11:21:31 Trillian dhcpd: DHCPACK on 192.168.0.2 to 00:20:ed:xx:xx:xx (zaphod) via eth0