Thanks Sten
> On 28 Jan 2024, at 20.23, Rick Frey <[email protected]> wrote: > > I’ve not used/tested, but I overlooked Kea DDNS server option > "ddns-use-conflict-resolution” that may allow you to overwrite DNS records > that don’t match DHCID. Default is true (doesn't overwrite if DHCID doesn’t > match). You might be able to set to false to allow Kea to overwrite > non-matching forward and reverse records. Would be safer to manually delete > the conflict and leave at default behavior if you don’t want Kea to blindly > write over any records not added/updated by Kea in your DNS zones. > > > > See > https://kea.readthedocs.io/en/kea-2.4.1/arm/dhcp4-srv.html#dhcp4-ddns-config > > >> On Jan 28, 2024, at 12:51, Ubence Quevedo (thatrat) <[email protected]> >> wrote: >> >> Thanks for the response, I took a look at the ddns log file I have setup on >> my bind 9 server and found the following: >> 27-Jan-2024 15:55:15.083 update: info: client @0xffff7c339b18 >> 192.168.10.3#50944/key ddns-key: updating zone 'totusmel.com/IN': deleting >> an RR at lg-washer.totusmel.com A >> 27-Jan-2024 15:55:15.123 update: info: client @0xffff6c2c4228 >> 192.168.10.3#56549/key ddns-key: updating zone 'totusmel.com/IN': delete all >> rrsets from name 'lg-washer.totusmel.com' >> 27-Jan-2024 15:55:15.143 update: info: client @0xffff702ec848 >> 192.168.10.3#34817/key ddns-key: updating zone '10.168.192.in-addr.arpa/IN': >> update unsuccessful: 74.10.168.192.in-addr.arpa/PTR: 'RRset exists (value >> dependent)' prerequisite not satisfied (NXRRSET) My guess is that this RR was left by the now removed DHCPD. Dhcpd leaves also a TXT record with a value that allows it to verify that it did create this record and if this record is not present or has a different value, it will not touch that RR, I guess that KEA makes that record calculation somewhat different than dhcpd does so the two will not remove the other system's RRs. >> >> It seems to be the same output as journalctl but through bind’s terminology. >> >> I’m pretty sure the forward zone is getting updated properly since there’s a >> .jnl file and the serial number in the zone file is incrementing. >> >> For some reason, the below section got stripped out in the response: >> The relevant section from the kea-dhcp4.conf: >> "dhcp-ddns": { >> "enable-updates": true >> } >> "ddns-qualifying-suffix": "totusmel.com <http://totusmel.com/>", >> "ddns-override-client-update": true, >> >> Do I also need to add reverse zone 10.168.192.in-addr.arpa to the >> kea-dhcp4.conf? >> >> Any other thoughts or comments on this would be appreciated! >> >> -Ubence >> >>> On Jan 28, 2024, at 10:11 AM, Rick Frey <[email protected]> wrote: >>> >>> The DNS response of RCODE 5 by your nameserver indicates the submitted DDNS >>> update was refused by the nameserver. May want to check your nameserver >>> logs for cause. Guessing it is not allowing your TSIG key used by Kea to >>> make updates to the 10.168.192.in-addr.arpa zone. >>> BIND will not create a .jnl file until the first successful dynamic update >>> (from any DDNS client). Assuming this is a new BIND server as well since >>> the jnl file for your reverse zone does not yet exist. >>> >>>> On Jan 28, 2024, at 05:37, Ubence Quevedo (thatrat) <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Hi All, >>>> >>>> I’ve recently converted from the older ISC dhcpd with dynamic DNS >>>> configured and working properly with updating forward and reverse entries, >>>> but after converting to Kea, I can only get the forward entries to work >>>> and the reverse entries do not update. >>>> >>>> This is a raspberry pi 4b running Ubuntu 22.04 LTS with Kea 2.0.2. I >>>> can’t run the latest version since this is an arm system. >>>> >>>> From what I can tell, things *look* correct, but when I do a journalctl >>>> -xeu kea-dhcp-ddns-server, in the below snippet, I get the following: >>>> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: INFO >>>> DHCP_DDNS_REMOVE_SUCCEEDED DHCP_DDNS Request ID >>>> 000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979: >>>> successfully removed the DNS mapping addition for this request: Type: 1 >>>> (CHG_REMOVE) >>>> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Forward Change: yes >>>> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Reverse Change: yes >>>> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: FQDN: >>>> [lg-washer.totusmel.com.] >>>> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: IP Address: [192.168.10.74] >>>> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: DHCID: >>>> [000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979] >>>> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Lease Expires On: >>>> 20240127223510 >>>> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Lease Length: 2400 >>>> Jan 27 15:55:15 raspi kea-dhcp-ddns[1542846]: Conflict Resolution: yes >>>> Jan 27 16:28:37 raspi kea-dhcp-ddns[1542846]: ERROR >>>> DHCP_DDNS_REVERSE_REPLACE_REJECTED DNS Request ID >>>> 000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979: >>>> Server, 192.168.10.3 port:53, rejected a DNS update request to replace the >>>> reverse mapping for FQDN, lg-washer.totusmel.com., with an RCODE: 5 >>>> Jan 27 16:28:37 raspi kea-dhcp-ddns[1542846]: ERROR DHCP_DDNS_ADD_FAILED >>>> DHCP_DDNS Request ID >>>> 000001F16C84BB0E8343A9B37FA2789333DAFE841ED32B93F538FC22A0F905170D2979: >>>> Transaction outcome Status: Failed, Event: UPDATE_FAILED_EVT, Forward >>>> change: completed, Reverse change: failed, request: Type: 0 (CHG_ADD) >>>> >>>> The error entry shows a failure while the first and second entries show >>>> success. >>>> >>>> I’m a bit baffled because in the kea-dhcp-ddns.conf, the forward and >>>> reverse are configured nearly the same and reference the same key to allow >>>> updates: >>>> "DhcpDdns": >>>> { >>>> "ip-address": "127.0.0.1", >>>> "port": 53001, >>>> "control-socket": { >>>> "socket-type": "unix", >>>> "socket-name": "/tmp/kea-ddns-ctrl-socket" >>>> }, >>>> >>>> <?include "/etc/kea/tsig-keys.json"?> >>>> >>>> "forward-ddns" : { >>>> "ddns-domains": [ >>>> { >>>> "name": "totusmel.com <http://totusmel.com/>.", >>>> "key-name": "ddns-key", >>>> "dns-servers": [ >>>> { >>>> "ip-address": "192.168.10.3", >>>> "port": 53 >>>> } >>>> ] >>>> } >>>> ] >>>> }, >>>> >>>> "reverse-ddns" : { >>>> "ddns-domains": [ >>>> { >>>> "name": "10.168.192.in-addr.arpa.", >>>> "key-name": "ddns-key", >>>> "dns-servers": [ >>>> { >>>> "ip-address": "192.168.10.3", >>>> "port": 53 >>>> } >>>> ] >>>> } >>>> ] >>>> } >>>> >>>> >>>> I’m also expecting there to be a .jnl file for the zone file in >>>> /var/lib/bind/ where the zone files reside, but the .jnl file I’m >>>> expecting never gets generated: >>>> root@raspi:/var/lib/bind# ls -la db* >>>> -rw-r--r-- 1 bind bind 6169 Jan 27 16:37 db.10.168.192.in-addr.arpa >>>> -rw-r--r-- 1 bind bind 295 Nov 6 2022 db.20.168.192.in-addr.arpa >>>> -rw-r--r-- 1 bind bind 347 Nov 6 2022 db.30.168.192.in-addr.arpa >>>> -rw-r--r-- 1 bind bind 278 Nov 6 2022 db.40.168.192.in-addr.arpa >>>> -rw-r--r-- 1 bind bind 276 Nov 6 2022 db.50.168.192.in-addr.arpa >>>> -rw-r--r-- 1 bind bind 1082 Jan 25 20:08 db.lab.totusmel.com >>>> -rw-r--r-- 1 bind bind 1372 Jan 25 19:56 db.lab.totusmel.com.jnl >>>> -rw-r--r-- 1 bind bind 22676 Jan 28 02:41 db.totusmel.com >>>> -rw-r--r-- 1 bind bind 3872 Jan 28 02:28 db.totusmel.com.jnl >>>> >>>> Does anyone have any thoughts or suggestions on what might be wrong? I >>>> can provide more information if needed, I just included the bits that I >>>> thought were relevant. >>>> >>>> Any thoughts or suggestions would be greatly appreciated! >>>> >>>> -Ubence >>>> >>>> -- >>>> ISC funds the development of this software with paid support >>>> subscriptions. Contact us at https://www.isc.org/contact/ for more >>>> information. >>>> >>>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. >>>> >>>> Kea-users mailing list >>>> [email protected] <mailto:[email protected]> >>>> https://lists.isc.org/mailman/listinfo/kea-users >>> >>> -- >>> ISC funds the development of this software with paid support subscriptions. >>> Contact us at https://www.isc.org/contact/ for more information. >>> >>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. >>> >>> Kea-users mailing list >>> [email protected] <mailto:[email protected]> >>> https://lists.isc.org/mailman/listinfo/kea-users >> >> -- >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. >> >> Kea-users mailing list >> [email protected] >> https://lists.isc.org/mailman/listinfo/kea-users > > -- > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. > > Kea-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/kea-users
-- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
