Goutham
asked on
journal file not found under var/cache/bind for ddns on ubuntu server
Dear Experts:
configured ddns on ubuntu server, bind and dhcp is also working but the journal file did not get created under the /var/cache/bind.
Please help what would have gone wrong and how do fix this.
Thanks in advance.
configured ddns on ubuntu server, bind and dhcp is also working but the journal file did not get created under the /var/cache/bind.
Please help what would have gone wrong and how do fix this.
Thanks in advance.
ASKER
Also added the jounal file line in the /etc/bind/named.conf.local ,
For the reference posted config files:
-------------------------- -------/et c/bind/nam ed.conf.lo cal------- ---------- ---------- -----inclu de "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { localhost;} keys { "rndc-key";};
};
zone "shriramdb.com" {
type master;
file "/var/cache/bind/db.shrira mdb.com";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/cache/bind/db.1.168. 192.in-add r.arpa";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "/var/cache/bind/db.0.0.12 7.in-addr. arpa";
};
zone "dyn.shriramdb.com" {
type master;
file "/var/cache/bind/db.dyn.sh riramdb.co m";
allow-update { key "rndc-key"; };
journal "/var/cache/bind/db.dyn.sh riramdb.co m.jnl";
};
zone "10.168.192.in-addr.arpa" {
type master;
notify no;
file "/var/cache/bind/dba.1.168 .192.in-ad dr.arpa";
allow-update { key "rndc-key"; };
journal "/var/cache/bind/dba.1.168 .192.in-ad dr.arpa.jn l";
};
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------
dhcp config:
-------------------------/ etc/dhcp3/ dhcpd.conf ---------- ---------- ---------- ---------- ---------- ---------
ddns-update-style interim;
include "/etc/bind/rndc.key";
zone dyn.shriramdb.com. {
primary 127.0.0.1;
key "rndc-key";
}
ddns-domainname "dyn.shriramdb.com";
# option definitions common to all supported networks...
#option domain-name "example.org";
#option domain-name-servers ns1.example.org, ns2.example.org;
option domain-name "lampsrv.shriramdb.com lampsrv.dyn.shriramdb.com" ;
option domain-name-servers 192.168.1.244;
option routers 192.168.1.244;
option broadcast-address 192.168.1.255;
default-lease-time 600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 192.168.1.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.244;
zone 10.168.192.in-addr.arpa. {
primary 192.168.1.244;
key "rndc-key";
}
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -----
zone dyn.shriramdb.com. {
primary 192.168.1.244;
key "rndc-key";
}
}
-------------------------- ---------- ---------- ---------- ---------- -
posted two dynamic zone files which is under /var/cache/bind
------------------------
cat db.dyn.shriramdb.com
;
; BIND data file for mydomain.com
;
$ORIGIN .
$TTL 604800
dyn.shriramdb.com IN SOA lampsrv.shriramdb.com. indar.shriramproperties.co m. (
2011051705 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS lampsrv.
IN A 192.168.1.244
$ORIGIN dyn.shriramdb.com.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --------
cat dba.1.168.192.in-addr.arpa
------------------
$ORIGIN .
$TTL 604800
10.168.192.in-addr.arpa IN SOA lampsrv.shriramdb.com. indar.shriramproperties.co m. (
2011051705 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
;
@ IN NS lampsrv.
$ORIGIN 10.168.192.in-addr.arpa.
-------------------------- ----
please help to resove this.
For the reference posted config files:
--------------------------
controls {
inet 127.0.0.1 allow { localhost;} keys { "rndc-key";};
};
zone "shriramdb.com" {
type master;
file "/var/cache/bind/db.shrira
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/cache/bind/db.1.168.
};
zone "0.0.127.in-addr.arpa" {
type master;
file "/var/cache/bind/db.0.0.12
};
zone "dyn.shriramdb.com" {
type master;
file "/var/cache/bind/db.dyn.sh
allow-update { key "rndc-key"; };
journal "/var/cache/bind/db.dyn.sh
};
zone "10.168.192.in-addr.arpa" {
type master;
notify no;
file "/var/cache/bind/dba.1.168
allow-update { key "rndc-key"; };
journal "/var/cache/bind/dba.1.168
};
--------------------------
dhcp config:
-------------------------/
ddns-update-style interim;
include "/etc/bind/rndc.key";
zone dyn.shriramdb.com. {
primary 127.0.0.1;
key "rndc-key";
}
ddns-domainname "dyn.shriramdb.com";
# option definitions common to all supported networks...
#option domain-name "example.org";
#option domain-name-servers ns1.example.org, ns2.example.org;
option domain-name "lampsrv.shriramdb.com lampsrv.dyn.shriramdb.com"
option domain-name-servers 192.168.1.244;
option routers 192.168.1.244;
option broadcast-address 192.168.1.255;
default-lease-time 600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 192.168.1.0 netmask 255.255.255.0 {
#}
# This is a very basic subnet declaration.
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.244;
zone 10.168.192.in-addr.arpa. {
primary 192.168.1.244;
key "rndc-key";
}
--------------------------
zone dyn.shriramdb.com. {
primary 192.168.1.244;
key "rndc-key";
}
}
--------------------------
posted two dynamic zone files which is under /var/cache/bind
------------------------
cat db.dyn.shriramdb.com
;
; BIND data file for mydomain.com
;
$ORIGIN .
$TTL 604800
dyn.shriramdb.com IN SOA lampsrv.shriramdb.com. indar.shriramproperties.co
2011051705 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS lampsrv.
IN A 192.168.1.244
$ORIGIN dyn.shriramdb.com.
--------------------------
cat dba.1.168.192.in-addr.arpa
------------------
$ORIGIN .
$TTL 604800
10.168.192.in-addr.arpa IN SOA lampsrv.shriramdb.com. indar.shriramproperties.co
2011051705 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
;
@ IN NS lampsrv.
$ORIGIN 10.168.192.in-addr.arpa.
--------------------------
please help to resove this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sir, Thank you very much for reply.
when exectute the below command only for the first command nothing happens nor key is generated
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST ddns-keyKddns-key.+157+644 04
also tried
dnssec-keygen -a HMAC-MD5 -b 128 -n lampsrv.shriramdb.com ddns-keyKddns-key.+157+644 04
and
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST lampsrv.shriramdb.com ddns-keyKddns-
key.+157+64404
Pleas help
when exectute the below command only for the first command nothing happens nor key is generated
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST ddns-keyKddns-key.+157+644
also tried
dnssec-keygen -a HMAC-MD5 -b 128 -n lampsrv.shriramdb.com ddns-keyKddns-key.+157+644
and
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST lampsrv.shriramdb.com ddns-keyKddns-
key.+157+64404
Pleas help
Just do
If that doesn't work, make sure dnssec-keygen is in your path
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST ddns-key
If that doesn't work, make sure dnssec-keygen is in your path
which dnssec-keygen
ASKER
Sir, thanks for the reply, when execute sudo dnssec-keygen -a HMAC-MD5 -b 128 -n HOST ddns-key no response.
which dnssec-keygen
/usr/sbin/dnssec-keygen
dnssec-keygen is in the path /usr/sbin/dnssec-keygen
please help.
which dnssec-keygen
/usr/sbin/dnssec-keygen
dnssec-keygen is in the path /usr/sbin/dnssec-keygen
please help.
This might be an entropy issue -- let the command run for a few minutes. Is this a virtual machine by any chance?
http://freshmeat.net/projects/haveged is a great entropy builder, is easy to install, and fits right in place without much effort.
http://freshmeat.net/projects/haveged is a great entropy builder, is easy to install, and fits right in place without much effort.
ASKER
Yes sir this is a Virtual machine and ubuntu 10.4 server.
installed UBUNTU server on ESXi host.
installed UBUNTU server on ESXi host.
OK so VM's have an inherent problem with generating entropy. In that case I highly suggest installing haveged. You can try to find the package through Synaptic, but if it's not there then you will need to compile it from source. I can help with that part if you really need it.
BTW the entropy problem with VM's is not only a problem for dnssec-keygen, it's a problem for anything that uses /dev/random or /dev/urandom, such as generating keys using openssl.
BTW the entropy problem with VM's is not only a problem for dnssec-keygen, it's a problem for anything that uses /dev/random or /dev/urandom, such as generating keys using openssl.
In my config I showed you the following line:
the /etc/bind.keys needs to be downloaded to your DNS master.
/* Path to root key and ISC DLV key */
bindkeys-file "/etc/bind.keys";
the /etc/bind.keys needs to be downloaded to your DNS master.
wget http://ftp.isc.org/isc/bind9/keys/9.7/bind.keys.v9_7
mv bind.keys.v9_7 /etc/bind.keys
chgrp named /etc/bind.keys
chmod 640 /etc/bind.keys
ASKER
Sir, very much interesting config, other than you no body can help me in this, can you please, so far i have only configured the name server for the local resolve but this ddns concept is new for me and as you know i do not know how to configure this.
As of now nameserver is working for the local resolving , static dns and below posted the forward and reverse zones and name.conf.local
forward zone:
cat db.shriramdb.com
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA lampsrv.shriramdb.com. root.shriramdb.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS lampsrv.shriramdb.com.
@ IN A 127.0.0.1
@ IN AAAA ::1
lampsrv IN A 192.168.1.244
linwin IN A 192.168.1.249
-------------------------- ---------- ---------- -------end ---------- ---------- ---------- ---------- ---------- ----
------------------------re verse zone-------
cat db.192
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA lampsrv.shriramdb.com. root.shriramdb.comt. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS lampsrv.
244 IN PTR lampsrv.shriramdb.com.
249 IN PTR linwin.shriramdb.com.
;1.0.0 IN PTR localhost.
----------------------end- ---------- ---------- ---------- ---------- ---------- ---------- ----
--------------------named. conf.local ---------- --
/ Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "shriramdb.com" {
type master;
file "/etc/bind/db.shriramdb.co m";
};
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.192";
-------------------------- ---------- ------end- ---------- ---------- ---------- ---------- ---------- ---------- ---------
Sir, my request is can you please help me in how the two dynamic zones should be as above i have satic forward and reverse and please help me in creating the two dynamic zones.
As of now nameserver is working for the local resolving , static dns and below posted the forward and reverse zones and name.conf.local
forward zone:
cat db.shriramdb.com
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA lampsrv.shriramdb.com. root.shriramdb.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS lampsrv.shriramdb.com.
@ IN A 127.0.0.1
@ IN AAAA ::1
lampsrv IN A 192.168.1.244
linwin IN A 192.168.1.249
--------------------------
------------------------re
cat db.192
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA lampsrv.shriramdb.com. root.shriramdb.comt. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS lampsrv.
244 IN PTR lampsrv.shriramdb.com.
249 IN PTR linwin.shriramdb.com.
;1.0.0 IN PTR localhost.
----------------------end-
--------------------named.
/ Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "shriramdb.com" {
type master;
file "/etc/bind/db.shriramdb.co
};
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.192";
--------------------------
Sir, my request is can you please help me in how the two dynamic zones should be as above i have satic forward and reverse and please help me in creating the two dynamic zones.
Yes I will reply in detail in the morning, it's pretty late here.
One thing that jumped out at me is
Install haveged -- this will help with more than just dnssec-keygen as I mentioned. If you are unfamiliar with compiling packages from source, just google it, it's very easy. ./configure && make && make install... you'll see... after that you should have a normal init script for it at /etc/rc.d/init.d/haveged
Once we get everything working as you would like, we will discuss naming conventions of directories and zone files, as I mentinoed in a previous reply. I will tell you all the reason why you want to set it up like I described :)
Have a good day!
One thing that jumped out at me is
file "/etc/bind/db.192";
make that/etc/bind/1.168.192.in-addr.arpa
and rename the file to match of course.Install haveged -- this will help with more than just dnssec-keygen as I mentioned. If you are unfamiliar with compiling packages from source, just google it, it's very easy. ./configure && make && make install... you'll see... after that you should have a normal init script for it at /etc/rc.d/init.d/haveged
Once we get everything working as you would like, we will discuss naming conventions of directories and zone files, as I mentinoed in a previous reply. I will tell you all the reason why you want to set it up like I described :)
Have a good day!
ASKER
Sir, Thank you so much, also after leaving for sometime keys got generated hence did not install the haveged.
Kddns-keykddns-key.%2B157% 2B64404.+1 57+51849.k ey
Kddns-keykddns-key.%2B157% 2B64404.+1 57+51849.p rivate
sudo cat Kddns-keykddns-key.%2B157% 2B64404.+1 57+51849.p rivate
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: ZjbIlnu+K6I/Gr6x/6vxRg==
Bits: AAA=
Created: 20111004115415
Publish: 20111004115415
Activate: 20111004115415
Also changed from file "/etc/bind/db.192";
to
file "/etc/bind/1.168.192.in-ad dr.arpa
now the bind is also working, request you to please help me from here like
1. what should be the dynamic zones i mean the contents
2. what all the others steps to be taken care .
AS of now with you support i could understand the dynamic zones should be kept under /var/cache/bind/dynamic, please help me what should contain in this dynamic zones other steps.
Please help
Kddns-keykddns-key.%2B157%
Kddns-keykddns-key.%2B157%
sudo cat Kddns-keykddns-key.%2B157%
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: ZjbIlnu+K6I/Gr6x/6vxRg==
Bits: AAA=
Created: 20111004115415
Publish: 20111004115415
Activate: 20111004115415
Also changed from file "/etc/bind/db.192";
to
file "/etc/bind/1.168.192.in-ad
now the bind is also working, request you to please help me from here like
1. what should be the dynamic zones i mean the contents
2. what all the others steps to be taken care .
AS of now with you support i could understand the dynamic zones should be kept under /var/cache/bind/dynamic, please help me what should contain in this dynamic zones other steps.
Please help
Hey D,
I will check this all out tonight and get back to you.
I will check this all out tonight and get back to you.
ASKER
Sir, I have configured ddns and all the configurations of dhcp, bind and zones are attached for your reference , bind is working as resolve is happening for the static zones but dyanamic is not working also journal files did not get generated, iam sure iam have done misconfiguration some where but iam not able to trace and resolve , attached the config file for your reference please help me to resolve this.
as per the attached config iam getting below mentioned log from tail -f /var/log/syslog
Oct 5 17:16:35 lampsrv dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Oct 5 17:16:35 lampsrv dhcpd: Wrote 3 leases to leases file.
Oct 5 17:17:01 lampsrv CRON[17267]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Oct 5 17:17:25 lampsrv dhcpd: DHCPREQUEST for 192.168.1.213 from 00:0f:ea:42:b4:80 via eth0: unknown lease 192.168.1.213.
Oct 5 17:17:55 lampsrv dhcpd: DHCPREQUEST for 192.168.1.210 from 00:19:d1:1e:dd:83 via eth0: unknown lease 192.168.1.210.
Oct 5 17:19:48 lampsrv dhcpd: DHCPREQUEST for 192.168.1.202 from 00:07:e9:2a:c7:a0 via eth0: unknown lease 192.168.1.202.
Oct 5 17:20:38 lampsrv named[17221]: client 192.168.1.244#59343: signer "ddns-key" denied
Oct 5 17:20:38 lampsrv named[17221]: client 192.168.1.244#59343: update 'dyn.shriramdb.com/IN' denied
Oct 5 17:20:38 lampsrv dhcpd: Unable to add forward map from pavitra.dyn.shriramdb.com to 192.168.1.78: timed out
Oct 5 17:20:38 lampsrv dhcpd: DHCPREQUEST for 192.168.1.78 from 00:0f:ea:42:b4:1f (pavitra) via eth0
Oct 5 17:20:38 lampsrv dhcpd: DHCPACK on 192.168.1.78 to 00:0f:ea:42:b4:1f (pavitra) via eth0
Oct 5 17:21:19 lampsrv dhcpd: DHCPREQUEST for 192.168.1.204 from 00:0d:87:8f:4f:fb via eth0: unknown lease 192.168.1.204.
ddns-config.txt
as per the attached config iam getting below mentioned log from tail -f /var/log/syslog
Oct 5 17:16:35 lampsrv dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Oct 5 17:16:35 lampsrv dhcpd: Wrote 3 leases to leases file.
Oct 5 17:17:01 lampsrv CRON[17267]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Oct 5 17:17:25 lampsrv dhcpd: DHCPREQUEST for 192.168.1.213 from 00:0f:ea:42:b4:80 via eth0: unknown lease 192.168.1.213.
Oct 5 17:17:55 lampsrv dhcpd: DHCPREQUEST for 192.168.1.210 from 00:19:d1:1e:dd:83 via eth0: unknown lease 192.168.1.210.
Oct 5 17:19:48 lampsrv dhcpd: DHCPREQUEST for 192.168.1.202 from 00:07:e9:2a:c7:a0 via eth0: unknown lease 192.168.1.202.
Oct 5 17:20:38 lampsrv named[17221]: client 192.168.1.244#59343: signer "ddns-key" denied
Oct 5 17:20:38 lampsrv named[17221]: client 192.168.1.244#59343: update 'dyn.shriramdb.com/IN' denied
Oct 5 17:20:38 lampsrv dhcpd: Unable to add forward map from pavitra.dyn.shriramdb.com to 192.168.1.78: timed out
Oct 5 17:20:38 lampsrv dhcpd: DHCPREQUEST for 192.168.1.78 from 00:0f:ea:42:b4:1f (pavitra) via eth0
Oct 5 17:20:38 lampsrv dhcpd: DHCPACK on 192.168.1.78 to 00:0f:ea:42:b4:1f (pavitra) via eth0
Oct 5 17:21:19 lampsrv dhcpd: DHCPREQUEST for 192.168.1.204 from 00:0d:87:8f:4f:fb via eth0: unknown lease 192.168.1.204.
ddns-config.txt
Hey D,
Sorry! I'm currently training some of my group members from Chennai -- when you wake up, they wake up ;) Once I am done with them I will answer your questions... we are almost done fixing your problems!
Sorry! I'm currently training some of my group members from Chennai -- when you wake up, they wake up ;) Once I am done with them I will answer your questions... we are almost done fixing your problems!
ASKER
Sir, Please ignore the previous ddns config attachment and request you to please do consider this one.
Please help me to resolve this. Thanks in advance.
ddns-config.txt
Please help me to resolve this. Thanks in advance.
ddns-config.txt
ASKER
Sir, Thank you very much. Iam really happy for this valuable support. please have a look on the attached ddns configuration at your convenient and help me to resolve this. Thanks once again.
OK here is the first thing to address. You have 2 zone config blocks for dyn.shriramdb.com. -- remove the 127.0.0.1 one.
Next problem is that you are using ddns-key in dhcpd.conf, but your allow-update in named.conf says rndc-key. Change named.conf to use ddns-key for those zones.
---------------------sudo vim /etc/dhcp3/dhcpd.conf------------------------
ddns-update-style interim;
include "/etc/bind/ddns.key";
zone dyn.shriramdb.com. {
primary 127.0.0.1;
key "ddns-key";
}
<snip>
zone dyn.shriramdb.com. {
primary 192.168.1.244;
key "ddns-key";
}
}
Next problem is that you are using ddns-key in dhcpd.conf, but your allow-update in named.conf says rndc-key. Change named.conf to use ddns-key for those zones.
zone "dyn.shriramdb.com" {
type master;
file "/var/cache/bind/dynamic/db.dyn.shriramdb.com";
allow-update { key "rndc-key"; };
};
zone "2.168.192.in-addr.arpa" {
type master;
notify no;
file "/var/cache/bind/dynamic/db.192.168.2";
allow-update { key "rndc-key"; };
};
There are still a few minor changes I will suggest for named.conf, but we'll just focus on getting everything working first. After that we can make it better :)
ASKER
Sir, did some changes to the configuratio, please find the attached modified configuration, the changes done are from rndc to ddns that is by changing the entries in the named.conf.local to ddns-key. after this restartede bind and dhcp now one journal file got created
$ pwd
/var/cache/bind/dynamic
indar@lampsrv:/var/cache/b ind/dynami c$ ls -la
total 20
drwxrwsr-x 2 bind dhcpd 4096 2011-10-05 18:41 .
drwxrwsr-x 3 bind dhcpd 4096 2011-10-05 18:51 ..
-rwxrwsr-x 1 bind dhcpd 346 2011-10-05 18:05 db.192.168.2
-rw-r--r-- 1 bind dhcpd 444 2011-10-05 18:28 db.dyn.shriramdb.com
-rw-r--r-- 1 bind dhcpd 837 2011-10-05 17:55 db.dyn.shriramdb.com.jnl
indar@lampsrv:/var/cache/b ind/dynami c$ cat db.dyn.shriramdb.com
$ORIGIN .
$TTL 604800 ; 1 week
dyn.shriramdb.com IN SOA lampsrv.shriramdb.com. root.shriramdb.com. (
3 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS lampsrv.shriramdb.com.
A 127.0.0.1
A 192.168.1.244
$ORIGIN dyn.shriramdb.com.
$TTL 300 ; 5 minutes
pavitra A 192.168.1.78
TXT "31b9a2ac8eebddb90fc236ebe 2439756aa"
-------------------------- ---------- ---------- ---------- -----
but still dynamic reverse zone jounal is not generated, please find the below log.
-------------------tail -f /var/log/syslog----------- ---------- ---------- ---------- ---
Oct 5 19:24:25 lampsrv named[18688]: client 192.168.1.244#60160: update '1.168.192.in-addr.arpa/IN ' denied
Oct 5 19:24:25 lampsrv dhcpd: unable to add reverse map from 82.1.168.192.in-addr.arpa. to shriram2.splserver.com: timed out
Oct 5 19:24:25 lampsrv dhcpd: DHCPREQUEST for 192.168.1.82 from e0:69:95:69:3a:55 (shriram2) via eth0
Oct 5 19:24:25 lampsrv dhcpd: DHCPACK on 192.168.1.82 to e0:69:95:69:3a:55 (shriram2) via eth0
Oct 5 19:25:08 lampsrv dhcpd: DHCPREQUEST for 192.168.1.200 from 00:13:46:8d:d9:9b via eth0: unknown lease 192.168.1.200.
Oct 5 19:25:38 lampsrv dhcpd: DHCPREQUEST for 192.168.1.78 from 00:0f:ea:42:b4:1f (pavitra) via eth0
Oct 5 19:25:38 lampsrv dhcpd: DHCPACK on 192.168.1.78 to 00:0f:ea:42:b4:1f (pavitra) via eth0
Oct 5 19:27:50 lampsrv dhcpd: DHCPREQUEST for 192.168.1.207 from 00:00:b4:52:35:dd via eth0: unknown lease 192.168.1.207.
Oct 5 19:27:59 lampsrv dhcpd: DHCPREQUEST for 192.168.1.215 from 00:08:a1:8a:2e:bd via eth0: unknown lease 192.168.1.215.
Oct 5 19:29:25 lampsrv named[18688]: client 192.168.1.244#60437: update '1.168.192.in-addr.arpa/IN ' denied
Oct 5 19:29:25 lampsrv dhcpd: unable to add reverse map from 82.1.168.192.in-addr.arpa. to shriram2.splserver.com: timed out
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- -
Sir, please have look on the attached modified configuration at your convenince and request you to please help me to fix this so that ddns works perfectly. Thanks in advance.
.
ddns-config.txt
$ pwd
/var/cache/bind/dynamic
indar@lampsrv:/var/cache/b
total 20
drwxrwsr-x 2 bind dhcpd 4096 2011-10-05 18:41 .
drwxrwsr-x 3 bind dhcpd 4096 2011-10-05 18:51 ..
-rwxrwsr-x 1 bind dhcpd 346 2011-10-05 18:05 db.192.168.2
-rw-r--r-- 1 bind dhcpd 444 2011-10-05 18:28 db.dyn.shriramdb.com
-rw-r--r-- 1 bind dhcpd 837 2011-10-05 17:55 db.dyn.shriramdb.com.jnl
indar@lampsrv:/var/cache/b
$ORIGIN .
$TTL 604800 ; 1 week
dyn.shriramdb.com IN SOA lampsrv.shriramdb.com. root.shriramdb.com. (
3 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS lampsrv.shriramdb.com.
A 127.0.0.1
A 192.168.1.244
$ORIGIN dyn.shriramdb.com.
$TTL 300 ; 5 minutes
pavitra A 192.168.1.78
TXT "31b9a2ac8eebddb90fc236ebe
--------------------------
but still dynamic reverse zone jounal is not generated, please find the below log.
-------------------tail -f /var/log/syslog-----------
Oct 5 19:24:25 lampsrv named[18688]: client 192.168.1.244#60160: update '1.168.192.in-addr.arpa/IN
Oct 5 19:24:25 lampsrv dhcpd: unable to add reverse map from 82.1.168.192.in-addr.arpa.
Oct 5 19:24:25 lampsrv dhcpd: DHCPREQUEST for 192.168.1.82 from e0:69:95:69:3a:55 (shriram2) via eth0
Oct 5 19:24:25 lampsrv dhcpd: DHCPACK on 192.168.1.82 to e0:69:95:69:3a:55 (shriram2) via eth0
Oct 5 19:25:08 lampsrv dhcpd: DHCPREQUEST for 192.168.1.200 from 00:13:46:8d:d9:9b via eth0: unknown lease 192.168.1.200.
Oct 5 19:25:38 lampsrv dhcpd: DHCPREQUEST for 192.168.1.78 from 00:0f:ea:42:b4:1f (pavitra) via eth0
Oct 5 19:25:38 lampsrv dhcpd: DHCPACK on 192.168.1.78 to 00:0f:ea:42:b4:1f (pavitra) via eth0
Oct 5 19:27:50 lampsrv dhcpd: DHCPREQUEST for 192.168.1.207 from 00:00:b4:52:35:dd via eth0: unknown lease 192.168.1.207.
Oct 5 19:27:59 lampsrv dhcpd: DHCPREQUEST for 192.168.1.215 from 00:08:a1:8a:2e:bd via eth0: unknown lease 192.168.1.215.
Oct 5 19:29:25 lampsrv named[18688]: client 192.168.1.244#60437: update '1.168.192.in-addr.arpa/IN
Oct 5 19:29:25 lampsrv dhcpd: unable to add reverse map from 82.1.168.192.in-addr.arpa.
--------------------------
Sir, please have look on the attached modified configuration at your convenince and request you to please help me to fix this so that ddns works perfectly. Thanks in advance.
.
ddns-config.txt
indar@lampsrv:/var/cache/bTo see the contents of the journal file useind/dynami c$ cat db.dyn.shriramdb.com
named-journalprint db.dyn.shriramdb.com.jnl
To commit the journal to the zone file, dorndc freeze db.dyn.shriramdb.com
rndc thaw db.dyn.shriramdb.com
Oct 5 19:29:25 lampsrv dhcpd: unable to add reverse map from 82.1.168.192.in-addr.arpa.You don't have 1.68.192.in-addr.arpa setup as a zone in dhcpd.conf, and I believe you want dyn.shriramdb.com to have 192.168.2.x addresses, so change thisto shriram2.splserver.com: timed out
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.244;
tosubnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.10 192.168.1.244;
And you would need to change other DHCP options
option routers 192.168.1.244;
option broadcast-address 192.168.1.255;
I'm assuming you already have a router configured at 192.168.2.x, so change those networks to be 192.168.2
If, however, you do want DHCP addresses to be 192.168.1.x, then you need to create a dynamic zone for that in named.conf just like 192.168.2 is.
I do not recommend having DHCP + DDNS updating the same zone file that has your non-DHCP DNS records.
I do not recommend having DHCP + DDNS updating the same zone file that has your non-DHCP DNS records.
ASKER
Sir, extremely sorry to distrub you ,
You don't have 1.68.192.in-addr.arpa setup as a zone in dhcpd.conf, and I believe you want dyn.shriramdb.com to have 192.168.2.x addresses,
Iam not looking at 192.168.2.x address.
Sir, request you to please help me how to make dynamic reverse zone journal to get generated .
You don't have 1.68.192.in-addr.arpa setup as a zone in dhcpd.conf, and I believe you want dyn.shriramdb.com to have 192.168.2.x addresses,
Iam not looking at 192.168.2.x address.
Sir, request you to please help me how to make dynamic reverse zone journal to get generated .
Oct 5 19:29:25 lampsrv named[18688]: client 192.168.1.244#60437: update '1.168.192.in-addr.arpa/IN' denied
Oct 5 19:29:25 lampsrv dhcpd: unable to add reverse map from 82.1.168.192.in-addr.arpa. to shriram2.splserver.com: timed out
/etc/dhcp3/dhcpd.conf
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.244;
zone 2.168.192.in-addr.arpa. {
primary 192.168.1.244;
key "ddns-key";
}
/etc/bind/named.conf.local
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "/var/cache/bind/1.168.192.in-addr.arpa";
};
zone "2.168.192.in-addr.arpa" {
type master;
notify no;
file "/var/cache/bind/dynamic/db.192.168.2";
allow-update { key "ddns-key"; };
};
Your dhcpd.conf has subnet and range options of 192.168.1.x, and your clients are getting those IP's like they should be.
Your dhcp log says dhcpd is trying to update 1.168.192.in-addr.arpa, which is correct according to your config.
Your dhcpd.conf and named.conf is configured to dynamically update 2.168.192.in-addr.arpa zone... not 1.168.192.in-addr.arpa
ASKER
Sir, dhcp and ddns updating the same zone i would like to avoid.
ASKER
Sir, i had wrongly entered the dyanamic zone in the named.conf.local now corrected like the below:
-----------named.conf.loca l--------- ---------- --
named.conf.local
zone "2.168.192.in-addr.arpaa" {
type master;
notify no;
file "/var/cache/bind/dynamic/d b.192.168. 2";
allow-update { key "ddns-key"; };
};
-------------------------- ---------- -----End of named .conf.local--------------- ---------- ---------- ---------- ---------- -----
also pointed to the path for the file in the named.conf.local to the /var/cache/bind/dynamic/db .192.168.2
pwd
/var/cache/bind/dynamic
indar@lampsrv:/var/cache/b ind/dynami c$ cat db.192.168.2
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA lampsrv.shriramdb.com. root.shriramdb.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
IN NS lampsrv.shriramdb.com.
244 IN PTR lampsrv.shriramdb.com.
;1.0.0 IN PTR localhost.
-----------------------end of db.192.168.2-------------- ---------- ----
-------------------------- -dhcpd.con f--------- ---------- ---------- ---------- ---------- ---
zone 2.168.192.in-addr.arpa. {
primary 192.168.1.244;
key "ddns-key";
}
zone dyn.shriramdb.com. {
primary 192.168.1.244;
key "ddns-key";
}
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------
but still unable to create the reverse ddns journal file. iam getting messages of unable to add reverse mapping.
please help me to resolve.
-----------named.conf.loca
named.conf.local
zone "2.168.192.in-addr.arpaa" {
type master;
notify no;
file "/var/cache/bind/dynamic/d
allow-update { key "ddns-key"; };
};
--------------------------
also pointed to the path for the file in the named.conf.local to the /var/cache/bind/dynamic/db
pwd
/var/cache/bind/dynamic
indar@lampsrv:/var/cache/b
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA lampsrv.shriramdb.com. root.shriramdb.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
IN NS lampsrv.shriramdb.com.
244 IN PTR lampsrv.shriramdb.com.
;1.0.0 IN PTR localhost.
-----------------------end
--------------------------
zone 2.168.192.in-addr.arpa. {
primary 192.168.1.244;
key "ddns-key";
}
zone dyn.shriramdb.com. {
primary 192.168.1.244;
key "ddns-key";
}
--------------------------
but still unable to create the reverse ddns journal file. iam getting messages of unable to add reverse mapping.
please help me to resolve.
ASKER
Hi sir , please help me to resolve this, after continously working identified one problem had wrongly entered one additional character while declaring the zone in the named.conf.local like the below
zone "2.168.192.in-addr.arpaa"
the same corrected to "2.168.192.in-addr.arpa"
2. also renamed /var/cache/bind/dynamic/db .192.168.2 to /var/cache/bind/dynamic/2. 168.192.in -addr.arpa .
3. changed the file name declared in the zone in the named.conf.local like the below
zone "2.168.192.in-addr.arpa" {
type master;
notify no;
file "/var/cache/bind/dynamic/d b.2.168.19 2.in-addr. arpa";
allow-update { key "ddns-key"; };
};
4. now bind and dhcp are working and only one journal file has got generated that is db.dyn.shriramdb.com.jnl.
Have few doubts please please tell me
1. IS one more journal file of the dynamic reverse zone is missing i mean not got generated , please suggest in this if not created then please tell me how to resolve this.
Sir, Iam very much curious to fix this please help me.
zone "2.168.192.in-addr.arpaa"
the same corrected to "2.168.192.in-addr.arpa"
2. also renamed /var/cache/bind/dynamic/db
3. changed the file name declared in the zone in the named.conf.local like the below
zone "2.168.192.in-addr.arpa" {
type master;
notify no;
file "/var/cache/bind/dynamic/d
allow-update { key "ddns-key"; };
};
4. now bind and dhcp are working and only one journal file has got generated that is db.dyn.shriramdb.com.jnl.
Have few doubts please please tell me
1. IS one more journal file of the dynamic reverse zone is missing i mean not got generated , please suggest in this if not created then please tell me how to resolve this.
Sir, Iam very much curious to fix this please help me.
At this point, from what I can see, it should be ok.
If it's working properly for db.dyn.shriramdb.com, and you have 2.168.192.in-addr.arpa setup the same way, it should be working.
Need logs of what happens when the PTR record should be added from both named and dhcpd
If it's working properly for db.dyn.shriramdb.com, and you have 2.168.192.in-addr.arpa setup the same way, it should be working.
Need logs of what happens when the PTR record should be added from both named and dhcpd
ASKER
Sir, Thank you very much, i was little bit afraid thinking that you are occupied i might not get reply, thank god you are back to help me. will post the logs while monitoring.
Sir, please share me your mail account if you do not mind please i would like to send a greetings. PLEASE SIR. also you were mentioning about the training please share so that i can also participate if it is in india if not online. PLEASE HELP.
Sir, please share me your mail account if you do not mind please i would like to send a greetings. PLEASE SIR. also you were mentioning about the training please share so that i can also participate if it is in india if not online. PLEASE HELP.
also you were mentioning about the training please share so that i can also participate if it is in india if not online.If you worked for my company then you could participate ;)
I'll be around for a couple hours if you want to work on this.
2. also renamed /var/cache/bind/dynamic/db.192.168.2 to /var/cache/bind/dynamic/2. 168.192.in -addr.arpa .
3. changed the file name declared in the zone in the named.conf.local like the below
zone "2.168.192.in-addr.arpa" {
type master;
notify no;
file "/var/cache/bind/dynamic/db.2.168.19 2.in-addr. arpa";
allow-update { key "ddns-key"; };
};
You renamed the file to 2.168.192.in-addr.arpa but left the file statement in the zone block as db.2.168.192.in-addr.arpa ?
Attach your current dhcpd and named configs and 'ls -l' in /var/cache/bind/dynamic/
ASKER
Sir, Thank you very much for the reply, i did rename the file to db.2.168.192.in.arpa.
Finally before closing request you to please have a look on the below posted dhcpd.conf in that
i have doubt on declaration of : option domain-name "dyn.shriramdb.com 2.168.192.in-addr.arpa";
Please suggest me is correct.
-------------------------- ---------- ---------- ----------
ddns-update-style interim;
include "/etc/bind/ddns.key";
#include "/etc/bind/rndc.key";
zone dyn.shriramdb.com. {
primary 192.168.1.244;
key "ddns-key";
}
zone 2.168.192.in-addr.arpa. {
primary 192.168.1.244;
key "ddns-key";
}
# option definitions common to all supported networks...
option domain-name "dyn.shriramdb.com 2.168.192.in-addr.arpa";
option domain-name-servers 192.168.1.244;
option routers 192.168.1.244;
option broadcast-address 192.168.1.255;
option ntp-servers 192.168.1.244;
default-lease-time 600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.50;
}
-------------------------- ---------- ---------- ---------- ------
Thanks for all the great support
Finally before closing request you to please have a look on the below posted dhcpd.conf in that
i have doubt on declaration of : option domain-name "dyn.shriramdb.com 2.168.192.in-addr.arpa";
Please suggest me is correct.
--------------------------
ddns-update-style interim;
include "/etc/bind/ddns.key";
#include "/etc/bind/rndc.key";
zone dyn.shriramdb.com. {
primary 192.168.1.244;
key "ddns-key";
}
zone 2.168.192.in-addr.arpa. {
primary 192.168.1.244;
key "ddns-key";
}
# option definitions common to all supported networks...
option domain-name "dyn.shriramdb.com 2.168.192.in-addr.arpa";
option domain-name-servers 192.168.1.244;
option routers 192.168.1.244;
option broadcast-address 192.168.1.255;
option ntp-servers 192.168.1.244;
default-lease-time 600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.50;
}
--------------------------
Thanks for all the great support
option domain-name "dyn.shriramdb.com 2.168.192.in-addr.arpa";That is incorrect. That option adds DNS suffixes on windows or search options in /etc/resolv.conf. In this case it should be "shriramdb.com dyn.shriramdb.com"
option domain-name text;
This option specifies the domain name that client should use when resolving hostnames via the Domain Name System.
I answered a LOT of questions in this thread. You really should close each question once the answer has been given, and open new questions when you have new questions. A big incentive for me to answer questions is getting points. If I answer 20 questions in a single thread, it's not fair for me.
I recommend asking new questions to have experts review your named and dhcpd configs, since they could use some improvement, along with asking about DNSSEC signing your zones.
ASKER
Oct 3 19:27:31 lampsrv dhcpd: DHCPACK on 192.168.1.228 to 70:71:bc:71:6b:76 (Harsha) via eth0
Oct 3 19:27:50 lampsrv dhcpd: Unable to add forward map from ushankar.dyn.shriramdb.com
Oct 3 19:27:50 lampsrv dhcpd: DHCPREQUEST for 192.168.1.239 from 00:13:46:8d:d9:9b (ushankar) via eth0
Oct 3 19:27:50 lampsrv dhcpd: DHCPACK on 192.168.1.239 to 00:13:46:8d:d9:9b (ushankar) via eth0
Oct 3 19:28:07 lampsrv dhcpd: Unable to add forward map from S-Manjula.dyn.shriramdb.co
Oct 3 19:28:07 lampsrv dhcpd: DHCPREQUEST for 192.168.1.221 from 70:71:bc:71:70:88 (S-Manjula) via eth0
Oct 3 19:28:07 lampsrv dhcpd: DHCPACK on 192.168.1.221 to 70:71:bc:71:70:88 (S-Manjula) via eth0
^C
--------------------------
Please help to resolve this.