BUG: Dynamic DNS Update from DHCP

LeoLinux · Nov 2, 2012, 11:26 PM

Hi fellows,

it seems like there is a bug in Dynamic DNS Update from DHCP. DHCP clients from vLAN interface (see below for setup) should get HOSTNAME.MyOtherDomain.tld assigned - but instead they keep on getting HOSTNAME.MyDomain.tld assigned which was never defined in DHCP setup BUT in General Setup only. This is wrong behaviour of DHCP and DynDNS update interaction. DHCP should respect settings from the DHCP Setup site of its correspondenting Interface Tab.

The main steps for reproduction:

System –> General Setup

Domain = MyDomain.tld

Services –> DNS Forwarder

Enable DNS forwarder = TRUE
Register DHCP leases in DNS forwarder = TRUE

Services –> DHCP server --> Tab: LAN

Domain name = MyDomain.tld
Domain search list = MyDomain.tld
Enable registration of DHCP client names in DNS = TRUE
Dynamic DNS = MyDomain.tld

Services –> DHCP server --> Tab: vLAN

Domain name = MyOtherDomain.tld
Domain search list = MyOtherDomain.tld
Enable registration of DHCP client names in DNS = TRUE
Dynamic DNS = MyOtherDomain.tld

Is there any one out who has teh same issue OR was able to reproduce this issue?
Any hints to fix or avoid this? Maybe a temporary workaround?

Thanks ;)
Best regards

LeoLinux · Nov 4, 2012, 4:41 PM

Was anyone able to reproduce or even suffering of the problem described above?

thermo · Nov 4, 2012, 7:47 PM

Yes, it works as you describe for me too. Since I don't know that much about DHCP dynamic dns registration, I assumed it was a feature.

wallabybob · Nov 4, 2012, 8:31 PM

pfSense generates application specific configuration files from its own configuration file. Perhaps the interface-specific domain information is not written to the dhcpd configuration file. Please post the contents of pfSense file /var/dhcpd/etc/dhcpd.conf.

What version of pfSense are you using?

cmb · Nov 5, 2012, 6:31 AM

Hostnames are always registered with the system's domain name, not the DNS suffix from DHCP. That's by design though there is a ticket in redmine somewhere to use the DNS suffix from DHCP instead (don't hold your breath, it's been there for many years, but patches welcome).

LeoLinux · Nov 5, 2012, 10:49 AM

Hi,

@thermo
Thanks for your testing. So - good news is: I'm not alone ;)

@wallabybob
It looks like the DHCP Config is alright. Yet I miss some important lines like:
(Even though the checkbox Register DHCP leases in DNS forwarder is set to true)

ddns-update-style interim;
update-static-leases on;
update-conflict-detection true;
allow client-updates;

include "/etc/namedb/rndc.key";

zone '${IN_ADDR_ARPA}' {
  primary 127.0.0.1;
  key "'${RNDC_KEY}'";
}

zone '${DOMAINNAME}' {
  primary 127.0.0.1;
  key "'${RNDC_KEY}'";
}

Anyway here is the output of cat /var/dhcpd/etc/dhcpd.conf:

option domain-name "MyDomain.tld";
option ldap-server code 95 = text;
option domain-search-list code 119 = text;

default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
ddns-update-style none;
one-lease-per-client true;
deny duplicates;
ping-check true;
authoritative;
subnet 10.0.0.0 netmask 255.0.0.0 {
    pool {
        option domain-name-servers 10.0.0.1;
        range 10.0.1.10 10.0.1.245;
    }
    option routers 10.0.0.1;
    option domain-name "MyDomain.tld";
    option domain-search-list "MyDomain.tld";
    ddns-domainname "MyDomain.tld";
    ddns-update-style interim;
    option domain-name-servers 10.0.0.1;
    default-lease-time 7200;
    max-lease-time 86400;
    option ntp-servers 91.143.83.62,188.40.77.71;

}

subnet 192.168.50.0 netmask 255.255.255.0 {
    pool {
        option domain-name-servers 192.168.50.1;
        range 192.168.50.200 192.168.50.254;
    }
    option routers 192.168.50.1;
    option domain-name "MyOtherDomain.tld";
    option domain-search-list "MyOtherDomain.tld";
    ddns-domainname "MyOtherDomain.tld";
    ddns-update-style interim;
    option domain-name-servers 192.168.50.1;
    default-lease-time 7200;
    max-lease-time 86400;
    option netbios-name-servers 192.168.50.100;
    option netbios-node-type 8;
    option ntp-servers 91.143.83.62,188.40.77.71;

}

@cmb: Good to know - yet not satisfying … ;/

Thx & best regards

joako · Nov 14, 2012, 8:25 AM

In my case in pfSense 2.0.1 it is working as it should.

Somewhere in general pfSense config domain = corp.local

DHCP Server > LAN
Domain name: (null)
In Windows DHCP client "ipconfig" command shows:
Connection-specific DNS suffix: corp.local

DHCP Server > VLAN200
Domain name: vlan200.local
In Windows DHCP client "ipconfig" command shows:
Connection-specific DNS suffix: vlan200.local

taunusstein.net · Dec 2, 2012, 8:04 AM

I think the problem is obvious: Config does not allow to set

key "'${RNDC_KEY}'";

in /var/dhcpd/etc/dhcpd.conf subnet declaration so dhcp server ist not able to send the key.
services_dhcp.php needs an option to set this key. I think this is really a bug, because Bind9
does not accept DNS updates w/o key in a secure configuration.