I'm having trouble getting my DHCPv6 server to update DNS and I'm not sure what
I'm missing. From what I can tell I have everything setup and have tried
numerous changes to the config file without success. Here is my
named.conf.local file. I've tried allowing updates with both the update-policy
and allow-update commands as well as through a key and just by IP address, but
as far as I can tell the DHCP server isn't even attempting to communicate with
the DNS server:
root@blldns01:~# cat /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
include "/etc/bind/zones.rfc1918";
include "/etc/bind/Kddns-aaaa-rrs.+157+11111.private";
include "/etc/bind/Kddns-ptr-rrs.+157+11111.private";
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret "XXXXXXXXXXXXXXXX==";
};
zone "appendata.net" in {
type master;
notify yes;
file "/var/lib/bind/db.appendata.net";
allow-update { 2620:5:e000:201e::4:1; };
# allow-update { key DHCP_UPDATER; };
# update-policy {
# grant "ddns-aaaa-rrs" self * AAAA TXT DHCID;
# };
};
zone "0.0.0.e.5.0.0.0.0.2.6.2.IP6.ARPA" in {
type master;
notify yes;
file "/var/lib/bind/db.2620.5.e000";
allow-update { 2620:5:e000:201e::4:1; };
# allow-update { key DHCP_UPDATER; };
# update-policy {
# grant "ddns-ptr-rrs" self * PTR TXT DHCID;
# };
};
In my dhcpd6.conf file I have my zones specified and have tried including the
key file, declaring the key directly in the file, and simply not using the keys
and just using IP based authentication. None of it has worked so far. I've also
tried using primary and primary6 with the actual IP address in my zone
declarations, but this hasn't made any difference:
#################
# DDNS SETTINGS #
#################
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-updates on;
ddns-update-style interim;
allow client-updates;
ddns-domainname "appendata.net.";
ddns-rev-domainname "ip6.arpa.";
do-forward-updates on;
# Include keys used to securely communicate with the DNS server.
include "/etc/keys/Kddns-aaaa-rrs.+157+11111.private";
include "/etc/keys/Kddns-ptr-rrs.+157+11111.private";
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret "XXXXXXXXXXXXXXXXXXX==";
};
# Configuring zones for ddns-updates.
zone appendata.net. {
primary ns1-int.appendata.net;
# primary6 2620:5:e000::a1;
# key DHCP_UPDATER; # AAAA DNS key for RR's.
}
zone 0.0.0.e.5.0.0.0.0.2.6.2.ip6.arpa. {
primary ns1-int.appendata.net;
# primary6 2620:5:e000::a1;
# key DHCP_UPDATER; # PTR DNS key for RR's.
}
I've tried putting various options and declarations in different scopes, but
none of it has worked. The DHCP server gives out an IP address just fine, but
it doesn't look like it is even trying to update the AAAA and PTR records.
Jul 25 10:22:56 blldhcp01 dhcpd[1489]: Solicit message from
fe80::216:3eff:fe32:2d49 port 546, transaction ID 0x9D08B00
Jul 25 10:22:56 blldhcp01 dhcpd[1489]: Picking pool address
2620:5:e000:201e:0:1:b41e:f2fe
Jul 25 10:22:56 blldhcp01 dhcpd[1489]: Advertise NA: address
2620:5:e000:201e:0:1:b41e:f2fe to client with duid
00:01:00:01:21:0a:2b:43:00:16:3e:32:2d:49 iaid = 1043475785 valid for 2419200
seconds
Jul 25 10:22:56 blldhcp01 dhcpd[1489]: Sending Advertise to
fe80::216:3eff:fe32:2d49 port 546
Jul 25 10:22:57 blldhcp01 dhcpd[1489]: Request message from
fe80::216:3eff:fe32:2d49 port 546, transaction ID 0x6C757900
Jul 25 10:22:57 blldhcp01 dhcpd[1489]: Reply NA: address
2620:5:e000:201e:0:1:b41e:f2fe to client with duid
00:01:00:01:21:0a:2b:43:00:16:3e:32:2d:49 iaid = 1043475785 valid for 2419200
seconds
Jul 25 10:22:57 blldhcp01 dhcpd[1489]: Sending Reply to
fe80::216:3eff:fe32:2d49 port 546
And there is nothing in DNS's logs, even when set to DEBUG. Can anybody see
what I'm missing. If I sniff the wire I can see that there isn't any
communication between my DHCP and DNS servers, so I don't think its a firewall
setting as its not even getting that far.
Thanks,
Joshua Schaeffer
