Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

DDNS with ISC-DHCP-Server and BIND9

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
DerT
Posts: 1
Joined: 2019-02-28 12:35

DDNS with ISC-DHCP-Server and BIND9

#1 Post by DerT »

Hello, everybody,

I am currently running an ISC-DHCP server and a BIND9 server.
Both have been reinstalled and I wanted to activate DDNS as well.
I also configured DDNS and a test with NSUPDATE was successful. (nsUpdate done and then use "dig" to check if there is an entry)
Now I unfortunately get an error in the logs of the DHCP server.

Code: Select all

Feb 26 21:46:17 dc named[2168]: client 127.0.0.1#13213: request has invalid signature: TSIG ddns_update: tsig verify failure (BADKEY)
Feb 26 21:46:17 dc dhcpd[3371]: Unable to add forward map from TA-PC.angl.loc to 192.168.170.10: tsig indicates error
Feb 26 21:46:17 dc named[2168]: client 127.0.0.1#47585: request has invalid signature: TSIG ddns_update: tsig verify failure (BADKEY)
Feb 26 21:46:17 dc dhcpd[2968]: Unable to add forward map from TA-PC.angl.loc to 192.168.170.10: tsig indicates error
I assume there's something wrong with the key, but I can't figure it out.
The test with nsupdate works with the same key.

Enclosed my config files.

/etc/bind/ddns.key & /etc/bind/ddns.key

Code: Select all

key DDNS_UPDATE {
       algorithm hmac-md5;
       secret "SECRET_KEY";
};
/etc/dhcp/dhcpd.conf

Code: Select all

authoritative;
option domain-name "angl.loc";

ddns-updates on;
ddns-update-style interim;
ignore client-updates;
update-static-leases on;

default-lease-time 600;
max-lease-time 7200;
log-facility local7;

include "/etc/dhcp/ddns.key";

zone angl.loc. {
  primary 127.0.0.1;
  key DDNS_UPDATE;
}

zone 170.168.192.in-addr.arpa. {
  primary 127.0.0.1;
  key DDNS_UPDATE;
}

# Default
subnet 192.168.170.0 netmask 255.255.255.0 {
        range 192.168.170.100 192.168.170.200;
        option routers 192.168.170.1;
        option domain-name-servers 192.168.170.20, 192.168.170.1;
        option domain-name "angl.loc";
        }

From here the reservations come which should be irrelevant at this point.
/etc/bind/named.conf.local

Code: Select all

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
include "/etc/bind/ddns.key";

// ----------------------- Zones -----------------------

// Forward-Lookup
zone "angl.loc" {
    type master;
    notify no;
    file "/var/lib/bind/db.angl";
    allow-update { key DDNS_UPDATE; };
};

// Reverse-Lookup
zone "170.168.192.in-addr.arpa" {
    type master;
    notify no;
    file "/var/lib/bind/db.170.168.192";
    allow-update { key DDNS_UPDATE; };
};

// ----------------------- Zones -----------------------
I don't know where to look anymore or what I can test.


Greetings

DerT
Top
Post Reply

Return to “System and Network configuration”