dynamic dhcp and dns: forward map problem

phil524 · November 27, 2016, 3:06pm

Hello,

I have configured my Tumbleweed system as a local DNS server and DHCP server with dynamic update.
I have configured a zone pce23.net and the reverse zone 1.168.192.in-addr.arpa
zone file pce23.net

$TTL 172800    ; 2 days
@        IN    SOA    hpprol2.pce23.net. root.hpprol2.pce23.net. (
            2016112701
            10800
            3600
            604800
            86400 )
@        IN    NS    hpprol2.pce23.net.
@               IN   A     192.168.1.120
$ORIGIN pce23.net.
hpprol2            A    192.168.1.120

Reverse zone 1.168.192.in-addr.arpa

$ORIGIN .
$TTL 172800    ; 2 days
1.168.192.in-addr.arpa    IN SOA    hpprol2.pce23.net. root.hpprol2.pce23.net. (
                2016112709 ; serial
                10800      ; refresh (3 hours)
                3600       ; retry (1 hour)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
            NS    hpprol2.pce23.net.
$ORIGIN 1.168.192.in-addr.arpa.
120            PTR    hpprol2.pce23.net.

When my laptop woth windows 7 connects I see the following messages (journalctl) :

Nov 27 11:07:26 hpprol2 dhcpd[1862]: DHCPREQUEST for 192.168.1.188 from ec:f4:bb:2c:fe:2b (BEBRNPCONDE01) via br0
Nov 27 11:07:26 hpprol2 dhcpd[1862]: DHCPACK on 192.168.1.188 to ec:f4:bb:2c:fe:2b (BEBRNPCONDE01) via br0
Nov 27 11:07:26 hpprol2 dhcpd[1862]: Added reverse map from 188.1.168.192.in-addr.arpa. to BEBRNPCONDE01.xxx.com

the reverse zone is then populated with the PTR record

$ORIGIN .
$TTL 172800    ; 2 days
1.168.192.in-addr.arpa    IN SOA    hpprol2.pce23.net. root.hpprol2.pce23.net. (
                2016112709 ; serial
                10800      ; refresh (3 hours)
                3600       ; retry (1 hour)
                604800     ; expire (1 week)
                86400      ; minimum (1 day)
                )
            NS    hpprol2.pce23.net.
$ORIGIN 1.168.192.in-addr.arpa.
120            PTR    hpprol2.pce23.net.
$TTL 3600    ; 1 hour
188            PTR    BEBRNPCONDE01.xxx.com.

nslookup and arp work

# nslookup 192.168.1.188
Server:         192.168.1.120
Address:        192.168.1.120#53

188.1.168.192.in-addr.arpa      name = BEBRNPCONDE01.xxx.com

# arp -a 
? (192.168.1.1) at 30:91:8f:dd:ea:86 [ether] on br0
? (192.168.1.180) at 54:4e:90:44:b9:1b [ether] on br0
? (192.168.1.182) at 40:61:86:64:2d:55 [ether] on br0
? (192.168.1.199) at 32:91:8f:dd:ea:8f [ether] on br0
? (192.168.1.193) at e8:40:f2:72:c2:36 [ether] on br0
BEBRNPCONDE01.xxx.com (192.168.1.188) at ec:f4:bb:2c:fe:2b [ether] on br0
? (192.168.1.194) at 32:91:8f:dd:ea:86 [ether] on br0.

So far so good
but when I connect a desktop with windows 10, I receive an error

Nov 27 12:05:50 hpprol2 dhcpd[1862]: DHCPDISCOVER from 40:61:86:64:2d:55 via br0
Nov 27 12:05:51 hpprol2 dhcpd[1862]: DHCPOFFER on 192.168.1.182 to 40:61:86:64:2d:55 (Vincent-PC) via br0
Nov 27 12:05:51 hpprol2 dhcpd[1862]: DHCPREQUEST for 192.168.1.182 (192.168.1.120) from 40:61:86:64:2d:55 (Vincent-PC) via br0
Nov 27 12:05:51 hpprol2 dhcpd[1862]: DHCPACK on 192.168.1.182 to 40:61:86:64:2d:55 (Vincent-PC) via br0
Nov 27 12:05:51 hpprol2 dhcpd[1862]: Forward map from hpprol2.pce23.net. to 192.168.1.182 FAILED: Has an address record but no DHCID, not mine.

the desktop can access internet and I can ping it
ipconfig gives

  Bail obtenu. . . . . . . . .. . . . . : dimanche 27 novembre 2016 12:05:39    
Bail expirant. . . . . . . . ..  . . : dimanche 27 novembre 2016 19:40:27    
Passerelle par défaut . . . . . . . . . : fe80::3291:8fff:fedd:ea86
                                                    192.168.1.1    
Serveur DHCP . . . . . . . . . . . . . . : 192.168.1.120
IAID DHCPv6  . . . . . . . . . . . . . . : 239100294    
DUID de client DHCPv6 . . . . . . . : 00-01-00-01-1D-42-64-A8-40-61-86-64-2D-55    
Serveurs DNS. . . . . . . . . . . . . . . : 192.168.1.120    
NetBIOS sur Tcpip . . . . . . . . . . . : Activé

so the DNS and DHCP server are recognized but no reverse PTR is created in the zone

The only difference that I see is that the laptop has a name with a domain name, is windows7 and nslookup gives the correct answer

the desktop has no domain and has windows 10 and nslookup gives an error

nslookup 192.168.1.182
Server:         192.168.1.120
Address:        192.168.1.120#53

** server can't find 182.1.168.192.in-addr.arpa: NXDOMAIN

My dhcpd.conf file

include "/etc/named.d/pcekey";
ddns-updates on;
ddns-update-style interim;
authoritative ;
update-static-leases on;
allow unknown-clients;
default-lease-time 21600;
# ignore client-updates;
zone pce23.net. { primary 192.168.1.120; key PCEKEY; }
zone 1.168.192.in-addr.arpa. { primary 192.168.1.120; key PCEKEY; }
subnet 192.168.1.0 netmask 255.255.255.0 {
  option domain-name-servers 192.168.1.120;
  option routers 192.168.1.1;
  range 192.168.1.160 192.168.1.199;
  default-lease-time 21600;
  max-lease-time 86400;
  allow unknown-clients;
  ddns-hostname "hpprol2";
  allow client-updates;
  ddns-domainname "pce23.net.";
  ddns-rev-domainname "in-addr.arpa.";
}

named.conf

options {
     directory "/var/lib/named";

    #dnssec-enable yes;
    #dnssec-validation auto;

    managed-keys-directory "/var/lib/named/dyn";

    dump-file "/var/log/named_dump.db";
    statistics-file "/var/log/named.stats";

    # The forwarders record contains a list of servers to which queries
    # should be forwarded.  Enable this line and modify the IP address to
    # your provider's name server.  Up to three servers may be listed.

 
    listen-on port 53 { 127.0.0.1; 192.168.1.120; };
    listen-on-v6 { none; };
    allow-query { 127.0.0.1; 192.168.1.0/24; };

    # If notify is set to yes (default), notify messages are sent to other
    # name servers when the the zone data is changed.  Instead of setting
    # a global 'notify' statement in the 'options' section, a separate
    # 'notify' can be added to each zone definition.

    notify yes;
    recursion yes;

    disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
    include "/etc/named.d/forwarders.conf";
    listen-on { 127.0.0.1; 192.168.1.0/24; };
    allow-recursion { 127.0.0.1; 192.168.1.0/24; };
};

include "/etc/named.conf.include";
acl home { 192.168.0.0/24; 127.0.0.1; };
logging {
    category queries { log_filq; };
    category xfer-in { log_file; };
    category xfer-out { log_file; };
    category default { log_file; };
    category update { update_debug; };
    category security { security_info; };
    channel log_file { file "/var/log/dns.log" versions 3 size 2M; };
    channel log_filq { file "/var/log/dnsquery.log" versions 3 size 2M; };
    channel update_debug {    file "/var/log/update-debug.log";
    severity debug 3;
    print-category yes;
    print-severity yes;
    print-time yes; };
    channel security_info    { file "/var/log/named-auth.info";
    severity info;
    print-category yes;
    print-severity yes;
    print-time yes; };

};
# The following zone definitions don't need any modification.  The first one
# is the definition of the root name servers.  The second one defines
# localhost while the third defines the reverse lookup for localhost.

zone "." in {
    type hint;
    file "root.hint";
};

zone "localhost" in {
    type master;
    file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
    type master;
    file "127.0.0.zone";
};

#zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" in {
#    type master;
#    file "127.0.0.zone";
#};


# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to
# NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.
zone "pce23.net" in {
    type master;
    file "dyn/pce23.net";
    allow-query { 192.168.1.0/24; };
    allow-update { key PCEKEY; };
    notify no;
};
zone "1.168.192.in-addr.arpa" in {
    type master;
    file "dyn/1.168.192.in-addr.arpa";
    allow-query { 192.168.1.0/24; };
    allow-update { key PCEKEY; };
    notify no;
};

Any idea why I have these errors with the desktop? Can it be a problem of domain/workgroup?
Many thanks in advance
Philippe

tsu2 · November 28, 2016, 4:22pm

Yes,
Any time a machine is added to a network, it should always be configured with a “domain” or “workgroup” name, and although I’m guessing because I’ve never tried to add a machine without a group name, I’m pretty sure that the reverse lookup entry isn’t created because if you read the reverse lookup zone name, it clearly includes the group name so won’t match.

Also, to ease your DHCP and DNS management, you can use YAST modules instead of inspecting the files directly if you wish. You can install both with

zypper in yast2-dhcp-server yast2-dns-server

After installing, you will find icons to these modules added to YAST in the Network Services section.

TSU

phil524 · November 28, 2016, 9:52pm

Hello,

I used Yast to configure the DNS and DHCP.
But starting DNS via Yast didn’t show any problem.
It is inspecting journalctl which show the error.
In the dns.log i see that all zones are loaded but also other errors, maybe related to the domain problem?

managed-keys-zone: loaded serial 0
zone 0.0.127.in-addr.arpa/IN: loaded serial 42
zone 1.168.192.in-addr.arpa/IN: loaded serial 2016112802
zone localhost/IN: loaded serial 42
zone pce23.net/IN: loaded serial 2016112809
all zones loaded
running
client 192.168.1.120#44526/key pcekey: updating zone 'pce23.net/IN': update unsuccessful: hpprol2.pce23.net: 'name not in use' prerequisite not satisfied (YXDOMAIN)
client 192.168.1.120#44526/key pcekey: updating zone 'pce23.net/IN': update unsuccessful: hpprol2.pce23.net/TXT: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET]

I’ll try adding a workgroup on the desktop and look at the effect

Regards
Philippe