Avatar of roncioiu
roncioiuFlag for United States of America

asked on 

Dynamic update of Bind from windows clients

I know this question has been asked before, and I have read and tried to follow numerous how-to's on the internet and some from here as well; however, I can not get windows clients to update the bind server zones.

I setup dhcp on the server , and I see clients grabbing ip's all the time, however I do not see those ip's registered in the bind zones.

All the files in the /bind directory are owned by bind:bind with permissions of 644


 
 
  DHCP

key "rndc-key" {
        algorithm hmac-md5;
        secret "xxxxxxxxxxxxxxxxxxx";
};

server-identifier      192.168.0.250;
ddns-updates      on;
ddns-update-style interim;
ddns-domainname      "foo.local";
ddns-rev-domainname "in-addr.arpa.";
allow client-updates;

# Normal DHCP stuff
option domain-name      "foo.local.";
option domain-name-servers      192.168.0.250, 192.168.0.1;
option ntp-servers      192.168.0.250
option ip-forwarding      off;
default-lease-time      600;
max-lease-time      7200;      
authoritative;

subnet 192.168.0.0 netmask 255.255.255.0 {
      range            192.168.0.50 192.168.0.190;
      option broadcast-address      192.168.0.255;
      option routers            192.168.0.1;
      allow            unknown-clients;
      
      ddns-domainname "foo.local";
      ddns-rev-domainname      "0.168.192.in-addr.arpa";

      zone      0.168.192.in-addr.arpa. {
            primary      192.168.0.250;
            key      rndc-key;
      }
      
      zone      foo.local. {
            primary      192.168.0.250;
            key      rndc-key;
      }
}




bind9

key "rndc-key" {
        algorithm hmac-md5;
        secret "xxxxxxxxxxxxxxxxxxx";
};

acl "foo.local" {
      192.168.0.0/24;
      127.0.0.1;
};

options{
      directory "/etc/bind/";
      listen-on port 53 { 192.168.0.0/24; };
      allow-query { "foo.local"; };
      forwarders { 8.8.8.8; 8.8.4.4; };
      pid-file "/var/run/named/named.pid";
      allow-recursion { foo.local; };
      dnssec-enable      yes;
      version none;
};

controls {
      inet 127.0.0.1 port 953
      allow { 127.0.0.1; 192.168.0.250; } keys { "rndc-key"; };
};

 
zone "." {
      type hint;
      file "db.root";
};

zone "foo.local" {
      type master;
      file "/etc/bind/db.Server.foo";
      allow-update { key rndc-key; };
      notify yes;
      journal "/var/lib/bind/foo.local.jnl";
};



zone "0.168.192.in-addr.arpa" {
      type master;
      file "/etc/bind/db.0.168.192.in-addr.arpa";
      allow-update { key rndc-key; };
      notify no;
      journal "/var/lib/bind/0.168.192.in-addr.arpa.jnl";
};


zone "127.in-addr.arpa" {
             type master;
             file "/etc/bind/db.127";
             allow-update { none; };
};

zone "0.in-addr.arpa" {
             type master;
             file "/etc/bind/db.0";
             allow-update { none; };
};

zone "255.in-addr.arpa" {
             type master;
             file "/etc/bind/db.255";
             allow-update { none; };
};


 

Can someone point me in the right direction? What am I doing wrong.
DNSLinuxLinux Networking

Avatar of undefined
Last Comment
roncioiu
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Duncan Roe
Duncan Roe
Flag of Australia image

Windows host names have always worked for me. DHCP updates DNS with each name as it hands out its IP. I see error messages in the log when the Windows machines subsequently try to update DNS with their host names - but it doesn't matter as DNS has them already. This is my very simple dhcp configuration:
20:40:07$ cat /etc/dhcpd.conf
option domain-name "mshome.net";
option domain-name-servers 127.0.0.1;
ddns-update-style interim;
ignore client-updates;

subnet 192.168.0.0 netmask 255.255.255.0
{
  range 192.168.0.5   192.168.0.119;
  range 192.168.0.121 192.168.0.254;
  max-lease-time 2592000;
  default-lease-time 604800;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.0.255;
  option routers 192.168.0.120;
  option domain-name-servers 192.168.0.120;
}
20:41:21$ 

Open in new window

Both DHCP and DNS run on the same host 192.168.0.120, hence option domain-name-servers 127.0.0.1;. However DNS only  allows updates from 192.168.0.120:
20:50:56$ cat named.conf
acl "locals" { 10.255.255.0/24; 192.168.0.0/24; 127.0.0.0/8; };
options {
  directory "/var/named";
  forward only;
  forwarders { 198.142.0.51; 203.2.75.132; };
  allow-transfer { none; };
  allow-query { "locals"; };
  allow-recursion { "locals"; };
};

zone "mshome.net" IN {
  type master;
  file "mshome.net";
  forwarders { };
  allow-query { "locals"; };
  allow-transfer { "locals"; };
  allow-update { 192.168.0.120; };
};
zone "0.168.192.in-addr.arpa" IN {
  type master;
  file "ten.emohsm";
  forwarders { };
  allow-query { "locals"; };
  allow-transfer { "locals"; };
  allow-update { 192.168.0.120; };
};
zone "local.net" IN {
  type master;
  file "local.net";
  forwarders { };
  allow-query { "locals"; };
};
zone "255.255.10.in-addr.arpa" IN {
  type master;
  file "ten.lacol";
  forwarders { };
  allow-query { "locals"; };
};
20:55:27$ 

Open in new window

That's it. It all just works, has done for years.
Avatar of roncioiu
roncioiu
Flag of United States of America image

ASKER

Arnold,

Thank you for the link , I looked it over and they have it set up the same way , with allow-update { key rndc-key; };
Are you saying that perhaps I should add a range in my rdnc.key file? ( seems silly).

Duncan , As soon as I get a change I'm going to retrofit your setup to mine and give it a go later today.

Thank you for your replies.
SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Avatar of roncioiu
roncioiu
Flag of United States of America image

ASKER

An update,

I have gone back and forth changing my config files. I have even started from scratch and have used some of the links that were posted here. Nothing is working. I cannot get the zone files to update themselves with client info.  The lease file is filled with information however, and my logs are clean, even when I start named manually with -d 9 I do not see anything in there that points me in a better direction. As a last ditch effort I manually created jnl files and will see how that goes. If all fails I will install autodns-dhcp , which is not an elegant solution at all.

I will post my current files soon.

Thank you.
Avatar of arnold
arnold
Flag of United States of America image

What are the permission settings on the files?
ls -l /var/named?
is /var/name and the files within owned by the user that bind runs under?
What about increased debug level on bind to see what is going on?
Avatar of Duncan Roe
Duncan Roe
Flag of Australia image

If named doesn't show updates, it's not getting them. Concentrate on the DHCP daemon
Avatar of arnold
arnold
Flag of United States of America image

can you post the SOA record for the zones?
If they do not reference the server where bind is, the requests will be forwarded along to that host if exists.
Avatar of roncioiu
roncioiu
Flag of United States of America image

ASKER

Sorry this was abandoned for so long, I had other more pressing issues that I needed to deal with. I ended up implementing dhcp on the router, which will grab client names.
Linux
Linux

Linux is a UNIX-like open source operating system with hundreds of distinct distributions, including: Fedora, openSUSE, Ubuntu, Debian, Slackware, Gentoo, CentOS, and Arch Linux. Linux is generally associated with web and database servers, but has become popular in many niche industries and applications.

71K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo