Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP and dynamic update

    DHCP and DNS
    2
    3
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      davidedavini
      last edited by

      Something weird happened with my pfsense router. I configured the secure DNS update on the pfsense device, configured namekey, key and whatnot… at first it was working and I'm pretty sure I checked the dhcp.conf and saw the key and stuff in it. Today I noticed my BIND server was complaining about client updates denied. WTF, I thought, so I checked the dhcp.conf on the pfsense device and with my big surprise it doesn't contain any key and namekey... just:

      
option domain-name "intranet.dol";
option ldap-server code 95 = text;
option domain-search-list code 119 = text;
option arch code 93 = unsigned integer 16; # RFC4578

default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
ping-check true;
update-conflict-detection false;
authoritative;
subnet 192.168.0.0 netmask 255.255.255.0 {
        pool {
                option domain-name-servers 192.168.0.1,192.168.0.29;
                ddns-update-style interim;
                range 192.168.0.128 192.168.0.200;
        }

        option routers 192.168.0.99;
        option domain-name "intranet.zol";
        option domain-search "intranet.zol";
        ddns-domainname "intranet.zol";
        option domain-name-servers 192.168.0.1,192.168.0.29;
        option ntp-servers 192.168.0.1;

}

ddns-update-style interim;
update-static-leases on;
zone intranet.zol. {
        primary 192.168.0.1;
}
zone 99.168.192.in-addr.arpa {
        primary 192.168.0.1;
}

      I tried saving the configuration from the web UI but it's not adding any of the parameter I put under Dynamic DNS.

      I resorted to allowing updates based on IP address for now, but BIND is complaining that's not secure, and rightly so.

      Any ideas? Am I nuts and the key is not saved in /var/dhcpd/etc/dhcpd.conf? But now then, why have the dynamic updates stopped working?

      I'm running 2.2.6-RELEASE (i386) if that's of any help.

      Thanks,
      Davide

      This is the thingy, in case you know, someone was wondering:
      http://varia-store.com/Ready-Systems/pfSense/Ready-system-with-ALIX-2D13-accessories-and-pfSense-Software::886.html

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        There was a bug with that recently I fixed in 2.3. It only populated the keys properly if the last enabled instance of the DHCP server had them set. Guessing maybe you enabled the DHCP server on a second LAN interface and don't have the keys defined there so it's now omitting them. Setting them on that additional DHCP server instance will work around.

        1 Reply Last reply Reply Quote 0
        • D
          davidedavini
          last edited by

          @cmb:

          There was a bug with that recently I fixed in 2.3. It only populated the keys properly if the last enabled instance of the DHCP server had them set. Guessing maybe you enabled the DHCP server on a second LAN interface and don't have the keys defined there so it's now omitting them. Setting them on that additional DHCP server instance will work around.

          Something like that, I added by mistake an option to the first interface, a WAN, and since then it is apparently using only the key I put on that IF. I worked around it putting the key there. Apparently it doesn't matter if DHCP is not enabled on the IF as long as the key is configured.

          Thanks for your help,
          Davide

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.