isc-dhcpd and named

[HeavyMetal]

I am trying to get dhcpd to add a forward to named for local computers. Dhcpd is timing out when it is trying to add the forward map.

dhcpd: Unable to add forward map from web.system.lan to 10.0.0.2: timed out

I have set the zone files to bind and edited /etc/mtree/BIND.chroot.dist to this. Before this i got the working directory is not writable error.

# $FreeBSD: src/etc/mtree/BIND.chroot.dist,v 1.6.20.1 2009/04/15 03:14:26 kensmith Exp $
#
# Please see the file src/etc/mtree/README before making changes to this file.
#

#/set type=dir uname=root gname=wheel mode=0755
/set type=dir uname=bind gname=wheel mode=0755
.
    dev             mode=0555
    ..
    etc
        namedb
            dynamic uname=bind
            ..
            master
            ..
            slave   uname=bind
            ..
        ..
    ..
/set type=dir uname=bind gname=wheel mode=0755
    var             uname=root
        dump
        ..
        log
        ..
        run
            named
            ..
        ..
        stats
        ..
    ..
..

I have been trying to fix this for a few weeks now and trying other settings but still having the same problems.

here is my config files
dhcpd.conf

ddns-domainname "system.lan";
option domain-name-servers 10.0.0.1;
option routers 10.0.0.1;
option broadcast-address 10.0.0.255;
ddns-update-style interim;
update-static-leases on;

key dhcpupdate {
  algorithm hmac-md5;
  secret key-string;
}

authoritative;

zone system.lan. {
  primary 127.0.0.1;
  key dhcpupdate;
}

zone 0.0.10.in-addr.arpa. {
  primary 10.0.0.1;
  key dhcpupdate;
}

subnet 10.0.0.0 netmask 255.255.255.0 {
	range 10.0.0.100 10.0.0.150;
	option subnet-mask 255.255.255.0;
	option routers 10.0.0.1;
	option domain-name-servers 10.0.0.1;	
	allow unknown-clients;
}

host web.system.lan {
	hardware ethernet 00:02:03:04:05:06;
	fixed-address 10.0.0.2;
	ddns-hostname "web";
	ddns-domainname "system.lan";
	option host-name "web";
	option domain-name "system.lan";
}

named.conf

// $FreeBSD: src/etc/namedb/named.conf,v 1.26.2.2.4.1 2009/04/15 03:14:26 kensmith Exp $
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works.  Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.

options {
        // Relative to the chroot directory, if any
        directory       "/etc/namedb";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";

// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
        listen-on       { 127.0.0.1; 10.0.0.1; };
};                                                                                                         

// The traditional root hints mechanism. Use this, OR the slave zones below.
zone "." { type hint; file "named.root"; };

key dhcpupdate {
  algorithm hmac-md5;
  secret "key-string";
};

zone "system.lan." {
  type master;
  //file "master/db-system.lan";
  file "/etc/namedb/system.lan.db";
  allow-update { key dhcpupdate; };
};

zone "0.0.10.in-addr.arpa." {
  type master;
  file "/etc/namedb/system.lan.rev.db";
  allow-update { key dhcpupdate; };
};

 

[SirDice]

I also have these options in dhcpd.conf:

ignore client-updates;
do-forward-updates true;

 

[HeavyMetal]

I have just added those options in dhcpd.conf and I still have the same problem.

 

[SirDice]

The error message isn't consistent with the configs. It has a time-out connecting to 10.0.0.2 while dhcpd.conf updates 127.0.0.1.

If both dhcpd and dns are running on the same host use 127.0.0.1. Make sure named is also listening on 127.0.0.1.

 

[HeavyMetal]

Named and dhcpd is running on the same host. Named is listening on 127.0.0.1. Dhcpd is using 127.0.0.1 to update the forward zone.

 

[SirDice]

Ah wait... It's this bit:

host web.system.lan {
	hardware ethernet 00:02:03:04:05:06;
	fixed-address 10.0.0.2;
	ddns-hostname "web";
	ddns-domainname "system.lan";
	option host-name "web";
	option domain-name "system.lan";
}

You probably already have an entry in DNS pointing to web. Remove the entry. IMO servers shouldn't use DHCP anyway, even if they are reserved. Use DHCP for clients, pick a range, put servers in a different range and use static addresses for them.

 

[HeavyMetal]

I have removed the entry for web in dhcpd.conf but when I do ping web I get ping: cannot resolve web: Unknown host. And any new client I add to the network I get that timed out error.

dhcpd: Unable to add forward map from laptop.system.lan to 10.0.0.149: timed out

 

[SirDice]

Add web to your domain config by hand.

What does the file system.lan.db look like?

 

[HeavyMetal]

I have added it in.

$ORIGIN .
$TTL 86400
system.lan        IN SOA  web.system.lan. (
                                3
                                86400
                                3600
                                172800
                                3600
                                )
                        NS      web.system.lan.
$ORIGIN system.lan.
web                   A       10.0.0.1

When named starts up it says it have no SOA and NS records in zone system.lan/IN

 

[SirDice]

That's because it's not correct. Here's mine:

$ORIGIN .
$TTL 86400      ; 1 day
dicelan.home            IN SOA  maelcum.dicelan.home. root.dicelan.home. (
                                2008123350 ; serial
                                14400      ; refresh (4 hours)
                                7200       ; retry (2 hours)
                                2419200    ; expire (4 weeks)
                                86400      ; minimum (1 day)
                                )
                        NS      maelcum.dicelan.home.
$ORIGIN dicelan.home.
internetz               A       192.168.1.191
irc                     CNAME   internetz
localhost               A       127.0.0.1
                        AAAA    ::1
maelcum                 A       192.168.1.1
                        AAAA    2001:888:1c5b::1
molly                   A       192.168.1.190
                        AAAA    2001:888:1c5b::190
ns                      CNAME   maelcum

Notice the root.dicelan.home? That's the administrator's email address. In yours it's missing.

 

[HeavyMetal]

I edited the zone file do i do the same with the reverse zone file too?

 

[HeavyMetal]

I have added this to my reverse zone and now my DNS works nice

$ORIGIN .
$TTL 86400      ; 1 day
system.lan              IN SOA  gateway.system.lan. root.system.lan. (
                                4          ; serial
                                86400      ; refresh (1 day)
                                3600       ; retry (1 hour)
                                172800     ; expire (2 days)
                                3600       ; minimum (1 hour)
                                )
                        NS      gateway.system.lan.
$ORIGIN system.lan.
            A       10.0.0.2

Thanks for your help.

 

[SirDice]

I edited the zone file do i do the same with the reverse zone file too?

Yes, it needs a proper SOA too.

 

[Detective]

AAA...! I have the same problem:

Jun 30 16:07:28 server named[879]: starting BIND 9.4.3-P2 -t /var/named -u bind
Jun 30 16:07:29 server named[879]: command channel listening on 127.0.0.1#953
Jun 30 16:07:29 server named[879]: running
Jun 30 16:07:30 server dhcpd: WARNING: Host declarations are global.  They are not limited to the scope you declared them in.
Jun 30 16:11:59 server named[879]: client 127.0.0.1#53297: update 'ktl/IN' denied
Jun 30 16:11:59 server dhcpd: Unable to add forward map from u49.ktl to 172.16.36.254: timed out

File dhcpd.conf:

authoritative;

default-lease-time 3600;
max-lease-time 86400;

ddns-updates on;
ddns-update-style interim;
allow client-updates;

subnet 172.16.36.0 netmask 255.255.255.0 {
  do-forward-updates true;

  option domain-name "ktl";
  option domain-name-servers 172.16.36.1;
  option routers 172.16.36.1;
  option subnet-mask 255.255.255.0;
  option broadcast-address 172.16.36.255;

  pool {
  range 172.16.36.51 172.16.36.254;
  allow unknown clients;
  deny known clients;
  }

  host reaper {
    hardware ethernet 00:0b:6a:a0:4a:5e;
    fixed-address 172.16.36.9;
  }
}

include "/etc/namedb/rndc.key";

zone ktl. {
  primary 127.0.0.1;
  key rndc-key;
}

zone 36.16.172.in-addr.arpa {
  primary 127.0.0.1;
  key rndc-key;
}

FIle named.conf:

options {
	// Relative to the chroot directory, if any
	directory	"/etc/namedb";
	pid-file	"/var/run/named/pid";
	dump-file	"/var/dump/named_dump.db";
	statistics-file	"/var/stats/named.stats";

	allow-query { localnets; };
	allow-recursion { localnets; };
	allow-transfer { localnets; };
	listen-on	{ 127.0.0.1; 172.16.36.1; };
        disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
	disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
	forwarders {
		203.162.4.191;
	};
};

zone "." { type hint; file "named.root"; };
zone "localhost"	{ type master; file "master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; };
zone "255.in-addr.arpa"	{ type master; file "master/empty.db"; };

zone "0.ip6.arpa"	{ type master; file "master/localhost-reverse.db"; };

zone "0.in-addr.arpa"		{ type master; file "master/empty.db"; };

// Private Use Networks (RFC 1918)
zone "10.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "16.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "17.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "18.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "19.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "20.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "21.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "22.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "23.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "24.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "25.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "26.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "27.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "28.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "29.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "30.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "31.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "168.192.in-addr.arpa"	{ type master; file "master/empty.db"; };

// Link-local/APIPA (RFCs 3330 and 3927)
zone "254.169.in-addr.arpa"	{ type master; file "master/empty.db"; };

// TEST-NET for Documentation (RFC 3330)
zone "2.0.192.in-addr.arpa"	{ type master; file "master/empty.db"; };

// Router Benchmark Testing (RFC 3330)
zone "18.198.in-addr.arpa"	{ type master; file "master/empty.db"; };
zone "19.198.in-addr.arpa"	{ type master; file "master/empty.db"; };

// IANA Reserved - Old Class E Space
zone "240.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "241.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "242.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "243.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "244.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "245.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "246.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "247.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "248.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "249.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "250.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "251.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "252.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "253.in-addr.arpa"		{ type master; file "master/empty.db"; };
zone "254.in-addr.arpa"		{ type master; file "master/empty.db"; };

// IPv6 Unassigned Addresses (RFC 4291)
zone "1.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "3.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "4.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "5.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "6.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "7.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "8.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "9.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "a.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "b.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "c.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "d.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "e.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "0.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "1.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "2.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "3.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "4.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "5.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "6.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "7.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "8.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "9.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "a.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "b.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "0.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "1.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "2.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "3.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "4.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "5.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "6.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "7.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };

// IPv6 ULA (RFC 4193)
zone "c.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "d.f.ip6.arpa"		{ type master; file "master/empty.db"; };

// IPv6 Link Local (RFC 4291)
zone "8.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "9.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "a.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "b.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };

// IPv6 Deprecated Site-Local Addresses (RFC 3879)
zone "c.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "d.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "e.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
zone "f.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };

// IP6.INT is Deprecated (RFC 4159)
zone "ip6.int"			{ type master; file "master/empty.db"; };

include "rndc.key";
controls {
	inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};

zone "ktl" {
	type master;
	file "dynamic/db.ktl";
	allow-update { key rndc.key; };
};

zone "36.16.172.in-addr.arpa" {
	type master;
	file "dynamic/ktl.rev";
	allow-update { key rndc-key; };
};

File db.ktl:

$TTL 1d
ktl.		IN SOA		server.ktl. admin.ktl. (
				2009063001 ; Serial
				1d	   ; Refresh
				2h	   ; Retry
				100d	   ; Expire
				1h )	   ; Negative cache expire

; DNS Server
		IN NS		dns

; MX Records
		IN MX		1	server.ktl.

dns		IN A		172.16.36.1

; Hosts
localhost	IN A		127.0.0.1
server		IN A		172.16.36.1
reaper		IN A		172.16.36.9

; Nicknames
www		IN CNAME	server

File ktl.rev

$TTL 1d
@		IN SOA		server.ktl. admin.ktl. (
				2009063001 ; Serial
				1d	   ; Refresh
				2h	   ; Retry
				100d	   ; Retry
				2h )	   ; Negative cache

		IN NS		dns.ktl.

1		IN PTR		server.ktl.
1		IN PTR		www.ktl.
9		IN PTR		reaper.ktl.

 

[Detective]

What's wrong with me? Help, please!!!

 

[HeavyMetal]

Try to remove

host reaper {
    hardware ethernet 00:0b:6a:a0:4a:5e;
    fixed-address 172.16.36.9;
  }

from your dhcpd.conf and make it static on reaper locally.