Results 1 to 7 of 7

Thread: Question about dhcp and dynamic DNS

  1. #1
    Join Date
    Aug 2008
    Location
    Belgium
    Posts
    276

    Default Question about dhcp and dynamic DNS

    Hello,

    I have questions about the dhcp and the dynamic DNS:
    I have installed dns and dhcp on my Tumbleweed system and configured with those with YaST:
    I defined a domain pce23.net and an address range from 192.168.1.160 to 192.168.1.199 for more details see the dhcp cong and named.conf below
    Dhcp server is working and gives an IP address, DNS server, router to the different PC who connect.
    DNS seems half working:
    If I connect a windows laptop which is configured to another domain (company.com) I see the next messages in journalctl
    Code:
    Oct 24 05:59:11 hpprol2 dhcpd[25094]: DHCPREQUEST for 10.21.102.50 from ec:f4:bb:2c:fe:2b via br0: wrong network.
    Oct 24 05:59:11 hpprol2 dhcpd[25094]: DHCPNAK on 10.21.102.50 to ec:f4:bb:2c:fe:2b via br0
    Oct 24 05:59:11 hpprol2 dhcpd[25094]: DHCPDISCOVER from ec:f4:bb:2c:fe:2b via br0
    Oct 24 05:59:12 hpprol2 dhcpd[25094]: DHCPOFFER on 192.168.1.188 to ec:f4:bb:2c:fe:2b (BEBRNPCONDE01) via br0
    Oct 24 05:59:12 hpprol2 dhcpd[25094]: Wrote 32 leases to leases file.
    Oct 24 05:59:12 hpprol2 dhcpd[25094]: DHCPREQUEST for 192.168.1.188 (192.168.1.120) from ec:f4:bb:2c:fe:2b (BEBRNPCONDE01) via br0
    Oct 24 05:59:12 hpprol2 dhcpd[25094]: DHCPACK on 192.168.1.188 to ec:f4:bb:2c:fe:2b (BEBRNPCONDE01) via br0
    Oct 24 05:59:12 hpprol2 dhcpd[25094]: Added reverse map from 188.1.168.192.in-addr.arpa. to BEBRNPCONDE01.company.com
    If I connect a laptop, a desktop or a smartphone which is not configured to a domain I receive these messages
    Code:
    Oct 24 00:29:49 hpprol2 dhcpd[25094]: DHCPREQUEST for 192.168.1.174 from 98:ee:cb:68:2c:23 (DESKTOP-5K2FNOQ) via br0
    Oct 24 00:29:49 hpprol2 dhcpd[25094]: DHCPACK on 192.168.1.174 to 98:ee:cb:68:2c:23 (DESKTOP-5K2FNOQ) via br0
    Oct 24 00:29:49 hpprol2 dhcpd[25094]: Forward map from hpprol2.pce23.net. to 192.168.1.174 FAILED: Has an address record but no DHCID, not mine.
    
    or
    Oct 23 19:25:32 hpprol2 dhcpd[24016]: DHCPDISCOVER from e8:93:09:8b:9f:cf via br0
    Oct 23 19:25:33 hpprol2 dhcpd[24016]: DHCPOFFER on 192.168.1.168 to e8:93:09:8b:9f:cf (android-9cc9244667c031bd) via br0
    Oct 23 19:25:33 hpprol2 dhcpd[24016]: DHCPREQUEST for 192.168.1.168 (192.168.1.120) from e8:93:09:8b:9f:cf (android-9cc9244667c031bd) via br0
    Oct 23 19:25:33 hpprol2 dhcpd[24016]: DHCPACK on 192.168.1.168 to e8:93:09:8b:9f:cf (android-9cc9244667c031bd) via br0
    Oct 23 19:25:33 hpprol2 dhcpd[24016]: Forward map from hpprol2.pce23.net. to 192.168.1.168 FAILED: Has an address record but no DHCID, not mine.
    Somebody has an explanation about this?
    Does the reverse map only work when the PC are on a domain? All the pc are with windows10 or android (smartphone)


    here the dhcpd.conf
    Code:
    option domain-name "pce23.net.";
    include "/etc/dhcp/dhcpd.conf/pcekey";
    authoritative ;
    ddns-updates on;
    ddns-update-style interim;
    update-static-leases on;
    default-lease-time 21600;
    zone pce23.net. { primary 192.168.1.120; key PCEKEY; }
    zone 1.168.192.in-addr.arpa. { primary 192.168.1.120; key PCEKEY; }
    allow client-updates;
    subnet 192.168.1.0 netmask 255.255.255.0 {
      option routers 192.168.1.1;
      option domain-name-servers 192.168.1.120;
      range 192.168.1.160 192.168.1.199;
      ddns-domainname "pce23.net.";
      ddns-rev-domainname "in-addr.arpa.";
      ddns-hostname "hpprol2";
                          # allow client update ==> is client joe.a.b connect to c.d then no a record A
      # in direct zone but PTR in reverse zone for joe.a.b
      allow unknown-clients;
      zone pce23.net. { primary 192.168.1.120; key PCEKEY; }
      zone 1.168.192.in-addr.arpa. { primary 192.168.1.120; key PCEKEY; }
    }
    the named.conf
    Code:
    # Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
    # All rights reserved.
    #
    # Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
    #
    # /etc/named.conf
    #
    options {
    
        # The directory statement defines the name server's working directory
        directory "/var/lib/named";
        dump-file "/var/log/named_dump.db";
        statistics-file "/var/log/named.stats";
        listen-on port 53 { 127.0.0.1; 192.168.1.120; };
        listen-on-v6 { none; };
        allow-query { 127.0.0.1; 192.168.1.0/24; };
        notify yes;
        recursion yes;
        disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
        include "/etc/named.d/forwarders.conf";
        listen-on { 127.0.0.1; 192.168.1.0/24; };
        allow-recursion { 127.0.0.1; 192.168.1.0/24; };
    };
    
    include "/etc/named.conf.include";
    acl home { 192.168.0.0/24; 127.0.0.1; };
    
    logging {
        category queries { log_file; };
        channel log_file { file "/var/log/dnsquery.log" versions 3 size 2M; };
        category xfer-in { log_file; };
        category xfer-out { log_file; };
        category default { log_file; };
    
    };
    # The following zone definitions don't need any modification.  The first one
    # is the definition of the root name servers.  The second one defines
    # localhost while the third defines the reverse lookup for localhost.
    
    zone "." in {
        type hint;
        file "root.hint";
    };
    
    zone "localhost" in {
        type master;
        file "localhost.zone";
    };
    
    zone "0.0.127.in-addr.arpa" in {
        type master;
        file "127.0.0.zone";
    };
    
    # You can insert further zone records for your own domains below or create
    # single files in /etc/named.d/ and add the file names to
    # NAMED_CONF_INCLUDE_FILES.
    # See /usr/share/doc/packages/bind/README.SUSE for more details.
    zone "pce23.net" in {
        type master;
        file "dyn/pce23.net";
        allow-query { 192.168.1.0/24; };
        allow-update { key PCEKEY; };
        notify no;
        allow-transfer { any; };
    };
    zone "1.168.192.in-addr.arpa" in {
        type master;
    #    allow-transfer { any; };
        file "dyn/1.168.192.in-addr.arpa";
        allow-query { 192.168.1.0/24; };
        allow-update { key PCEKEY; };
        notify no;
        allow-transfer { any; };
    };
    zone "doubleclick.net" in { type master; file "dyn/dummy.zone"; };
    zone "api.steampowered.com" in { type master; file "dyn/dummy.zone"; };
    Many thanks in advance
    Philippe
    Tumbleweed (x86_64) Kernel 5.16 with KDE plasma

  2. #2
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: Question about dhcp and dynamic DNS

    Googling your error,
    It looks like a record already exists blocking a record update.

    The following with a brief explanation and link to technical documentation
    https://lists.isc.org/pipermail/dhcp...st/012122.html

    The following describes how he resolved with some commands, you can try them
    https://smoothnet.org/dynamic-dhcpd-error-dhcid/

    I might add that <maybe> a longer DHCP lease could be a workaround to minimize occurences... That would possibly have the effect of fewer DNS updates.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  3. #3
    Join Date
    Aug 2008
    Location
    Belgium
    Posts
    276

    Default Re: Question about dhcp and dynamic DNS

    Thanks Tsu,
    i followed your link, (when googling for this error message I had already read this and a lot of other sites giving +/- then same advise )
    Quote Originally Posted by tsu2 View Post
    The following describes how he resolved with some commands, you can try them
    https://smoothnet.org/dynamic-dhcpd-error-dhcid/

    I might add that <maybe> a longer DHCP lease could be a workaround to minimize occurences... That would possibly have the effect of fewer DNS updates.

    TSU
    but I think it is not the problem because there are no records PTR or TXT in the zones

    Here the domain zone after the freeze (which should also force the flush of the journals to the zones)
    Code:
     hpprol2:/var/lib/named/dyn # rndc freeze                                                                                                                              
    hpprol2:/var/lib/named/dyn # cat pce23.net
    $TTL 172800     ; 2 days
    pce23.net.      IN      SOA     hpprol2.pce23.net. root.hpprol2.pce23.net. (
                            2017102100
                            10800
                            3600
                            604800
                            86400 )
    @                       IN      NS      hpprol2
    hpprol2             IN      A       192.168.1.120
    router                 IN      A       192.168.1.1
    hp200                IN      A       192.168.1.50
    hpphil.pce23.net.          IN      CNAME   hpprol2.pce23.net.
    catalog23.pce23.net.    IN      A       192.168.1.100
    here the reverse zone
    Code:
    cat 1.168.192.in-addr.arpa                                                                                                               
    $ORIGIN .                                                                                                                                                             
    $TTL 172800     ; 2 days                                                                                                                                              
    1.168.192.in-addr.arpa  IN SOA  hpprol2.pce23.net. root.hpprol2.pce23.net. (                                                                                          
                                    2017010801 ; serial                                                                                                                   
                                    10800      ; refresh (3 hours)                                                                                                        
                                    3600       ; retry (1 hour)                                                                                                           
                                    604800     ; expire (1 week)
                                    86400      ; minimum (1 day)
                                    )
                            NS      hpprol2.pce23.net.
    $ORIGIN 1.168.192.in-addr.arpa.
    100                     PTR     catalog23.pce23.net.
    120                     PTR     hpprol2.pce23.net.
    $TTL 3600       ; 1 hour
    188                     PTR     BEBRNPCONDE01.company.com.
    $TTL 172800     ; 2 days
    50                      PTR     hp200.pce23.net.
    As you can see the only dynamic PTR record is for the laptop using a domain (BEBRNPCONDE01), there are no PTR or TXT record for the other PC/laptop
    Remark that there is no TXT record for the laptop BEBRNPCONDE01
    The catalog23 is an IP alias of 192.168.1.120 used for apache
    The hp200 is a HP printer (lpd)

    I have the feeling that something is wrong in named.conf but I checked it many times and did not found an error.
    the laptop with domain is correctly inserted so this means that the dynamic update works but there is no TXT record (?).
    The other PC/laptop are not member of a domain because I have no domain controller on my home lan.
    So I think that my problem is related to this but I never found something related in all the stuff that I read about dynamic dns update.

    Regards
    Philippe
    Tumbleweed (x86_64) Kernel 5.16 with KDE plasma

  4. #4
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: Question about dhcp and dynamic DNS

    Perhaps you might also consider whether you really need to configure Dynamic DNS or not...
    There is a clear reason to do so in networks where you want to touch every machine remotely so need to always be able to connect to every machine by name, perhaps the most common scenario is when you implement machine configuration and management through network security like Active Directory. If you commonly configure network shares on a great number of Workstations instead of only on Servers might be another scenario.

    Otherwise, and particularly for small networks there might not be a good reason to implement Dynamic DNS... Machines can self-configure sufficiently with logon or boot scripts and if a machine needs attention you can simply walk over to that machine to do what is needed. For these networks, you don't need Dynamic DNS when all network services are served from Servers with static addresses or reserved leases.

    Also, as I described you can set your DHCP leases to be at least twice as long as the longest time any machine is disconnected from your network. If you have enough IP addresses in the DHCP scope to support all machines that will ever connect to your network, this would not be a problem... The main reason for IP addresses to be re-allocated is if you support many more machines than what is available.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  5. #5
    Join Date
    Aug 2008
    Location
    Belgium
    Posts
    276

    Default Re: Question about dhcp and dynamic DNS

    Hello Tsu,

    thanks for your answer
    Quote Originally Posted by tsu2 View Post
    Perhaps you might also consider whether you really need to configure Dynamic DNS or not...
    There is a clear reason to do so in networks where you want to touch every machine remotely so need to always be able to connect to every machine by name, perhaps the most common scenario is when you implement machine configuration and management through network security like Active Directory. If you commonly configure network shares on a great number of Workstations instead of only on Servers might be another scenario.

    Otherwise, and particularly for small networks there might not be a good reason to implement Dynamic DNS... Machines can self-configure sufficiently with logon or boot scripts and if a machine needs attention you can simply walk over to that machine to do what is needed. For these networks, you don't need Dynamic DNS when all network services are served from Servers with static addresses or reserved leases.

    Also, as I described you can set your DHCP leases to be at least twice as long as the longest time any machine is disconnected from your network. If you have enough IP addresses in the DHCP scope to support all machines that will ever connect to your network, this would not be a problem... The main reason for IP addresses to be re-allocated is if you support many more machines than what is available.
    TSU
    You are right but I want to learn more about dynamic DNS so the reason of testing on my personal lan.
    I'll need more knowledge about this (and other points) for my work in the future.

    Regards
    Philippe
    Tumbleweed (x86_64) Kernel 5.16 with KDE plasma

  6. #6
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: Question about dhcp and dynamic DNS

    I haven't set up exactly what you are trying to do,
    But let me hazard a guess...

    That the auto update only works when there is a defined dns domain.
    Your Windows box is configured with a known domain, so the zone exists and therefor records in that zone are updating.

    But,
    For your other devices, they're probably configured with random domains with no existing DNS zones for those domains, unless you configure them as DHCP clients that impose a name (which would include a domain name).

    If my guess is correct,
    then you'll need to manually create zones for all your devices which aren't already a member of your company Domain.
    To make things easier, you may want to configure all your non-Domain devices to either have their own domain or if you don't mind the possible confusion assign them name with your company Domain. In that latter case, of course they wouldn't be able to logon to your Company Domain unless they're also joined to your Domain, but it might solve your updating issue.

    Still,
    As I described, I can't think of a practical reason for you to do this because Dynamic DNS updating only makes sense within a proper Domain.
    But, if you're simply trying to educate yourself you can try what I suggest which might work but should never really be necessary "in real life."

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  7. #7
    Join Date
    Aug 2008
    Location
    Belgium
    Posts
    276

    Default Re: Question about dhcp and dynamic DNS

    Thanks Tsu

    I'll have a look at this.
    Quote Originally Posted by tsu2 View Post
    I haven't set up exactly what you are trying to do,
    But let me hazard a guess...

    That the auto update only works when there is a defined dns domain.
    Your Windows box is configured with a known domain, so the zone exists and therefor records in that zone are updating.

    But,
    For your other devices, they're probably configured with random domains with no existing DNS zones for those domains, unless you configure them as DHCP clients that impose a name (which would include a domain name).

    If my guess is correct,
    then you'll need to manually create zones for all your devices which aren't already a member of your company Domain.
    To make things easier, you may want to configure all your non-Domain devices to either have their own domain or if you don't mind the possible confusion assign them name with your company Domain. In that latter case, of course they wouldn't be able to logon to your Company Domain unless they're also joined to your Domain, but it might solve your updating issue.

    Still,
    As I described, I can't think of a practical reason for you to do this because Dynamic DNS updating only makes sense within a proper Domain.
    But, if you're simply trying to educate yourself you can try what I suggest which might work but should never really be necessary "in real life."

    TSU
    Regards
    Philippe
    Tumbleweed (x86_64) Kernel 5.16 with KDE plasma

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •