DDNS with ISC-DHCP-Server and BIND9

Kernels & Hardware, configuring network, installing services

DDNS with ISC-DHCP-Server and BIND9

Postby DerT » 2019-02-28 12:41

Hello, everybody,

I am currently running an ISC-DHCP server and a BIND9 server.
Both have been reinstalled and I wanted to activate DDNS as well.
I also configured DDNS and a test with NSUPDATE was successful. (nsUpdate done and then use "dig" to check if there is an entry)
Now I unfortunately get an error in the logs of the DHCP server.

Code: Select all
Feb 26 21:46:17 dc named[2168]: client 127.0.0.1#13213: request has invalid signature: TSIG ddns_update: tsig verify failure (BADKEY)
Feb 26 21:46:17 dc dhcpd[3371]: Unable to add forward map from TA-PC.angl.loc to 192.168.170.10: tsig indicates error
Feb 26 21:46:17 dc named[2168]: client 127.0.0.1#47585: request has invalid signature: TSIG ddns_update: tsig verify failure (BADKEY)
Feb 26 21:46:17 dc dhcpd[2968]: Unable to add forward map from TA-PC.angl.loc to 192.168.170.10: tsig indicates error


I assume there's something wrong with the key, but I can't figure it out.
The test with nsupdate works with the same key.

Enclosed my config files.

/etc/bind/ddns.key & /etc/bind/ddns.key
Code: Select all
key DDNS_UPDATE {
       algorithm hmac-md5;
       secret "SECRET_KEY";
};


/etc/dhcp/dhcpd.conf
Code: Select all
authoritative;
option domain-name "angl.loc";

ddns-updates on;
ddns-update-style interim;
ignore client-updates;
update-static-leases on;

default-lease-time 600;
max-lease-time 7200;
log-facility local7;

include "/etc/dhcp/ddns.key";

zone angl.loc. {
  primary 127.0.0.1;
  key DDNS_UPDATE;
}

zone 170.168.192.in-addr.arpa. {
  primary 127.0.0.1;
  key DDNS_UPDATE;
}

# Default
subnet 192.168.170.0 netmask 255.255.255.0 {
        range 192.168.170.100 192.168.170.200;
        option routers 192.168.170.1;
        option domain-name-servers 192.168.170.20, 192.168.170.1;
        option domain-name "angl.loc";
        }

From here the reservations come which should be irrelevant at this point.


/etc/bind/named.conf.local
Code: Select all
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
include "/etc/bind/ddns.key";

// ----------------------- Zones -----------------------

// Forward-Lookup
zone "angl.loc" {
    type master;
    notify no;
    file "/var/lib/bind/db.angl";
    allow-update { key DDNS_UPDATE; };
};

// Reverse-Lookup
zone "170.168.192.in-addr.arpa" {
    type master;
    notify no;
    file "/var/lib/bind/db.170.168.192";
    allow-update { key DDNS_UPDATE; };
};

// ----------------------- Zones -----------------------


I don't know where to look anymore or what I can test.


Greetings

DerT
DerT
 
Posts: 1
Joined: 2019-02-28 12:35

Return to System configuration

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable