DDNS update issue with ISC DHCP and Bind9
-
I encounter a strange behaviour when I try to update setup my new external dns server (bind9), when I reconfigure the pfsense ddns setting my IPv4 reverse records are updated correctly, my IPv6 forward and reverse records are updated correctly, but no IPv4 forward records are recorded. My forward zone seems to be fine as the IPv6 forward records are recorded correctly. I am starting to get confused by this issue.
- no error in bind log about ddns updates
- No error in dhcp log at all
- My new dns server just don't seems to receive any forward IPv4 nsupdates instead my former dns server still receive the IPv4 forward nsupdate.....
-
@vgauthier said in DDNS update issue with ISC DHCP and Bind9:
no error in bind log about ddns updates
Ok, great.
But 'nothing' doesn't always means 'good news'.My "RFC2136" :
Whne I hit Save and Force update I see this
01-Nov-2024 15:32:56.327 update-security: client @0x7f3fdc3c9cd0 82.127.26.108#64128/key secretkey: signer "secretkey" approved 01-Nov-2024 15:32:56.327 update: client @0x7f3fdc3c9cd0 82.127.26.108#64128/key secretkey: updating zone 'bxxxx-hxxxx-fxxxx.fr/IN': deleting rrset at 'home.bxxxx-hxxxx-fxxxx.fr' A 01-Nov-2024 15:32:56.327 update: client @0x7f3fdc3c9cd0 82.127.26.108#64128/key secretkey: updating zone 'bxxxx-hxxxx-fxxxx.fr/IN': adding an RR at 'home.bxxxx-hxxxx-fxxxx.fr' A 82.127.26.y din the bind (debug) log.
@vgauthier said in DDNS update issue with ISC DHCP and Bind9:
No error in dhcp log at all
The tool nsupdate used to handle rfc2136 against bind is probably created by ISC DHCP, but it isnt' DHCP server that is doing the work.
Btw : dhcp server can also register IP/hostnames in an (upstream) bind DNS server, but as my LANs are all RFC1918 it doesn't make sense to create records for those
dhcp6 is another story.@vgauthier said in DDNS update issue with ISC DHCP and Bind9:
My new dns server just don't seems to receive any forward IPv4 nsupdates
As I showed above, mine does.
That side, again, you probably have to filter and logs these, as default, there are not logged (maybe).The end of my /etc/bind/named.conf.options file :
ogging { category "lame-servers" { lame; }; channel "lame" { file "/var/log/bind9/lame.log" versions 10 size 5m; print-time yes; print-category yes; severity dynamic; }; category "default" { "debug"; }; category "database" { "debug"; }; category "security" { "debug"; }; category "config" { "debug"; }; category "resolver" { "debug"; }; category "client" { "debug"; }; category "unmatched" { "debug"; }; category "network" { "debug"; }; category "update" { "debug"; }; category "dispatch" { "debug"; }; channel "debug" { file "/var/log/bind9/debug.log" versions 10 size 5m; print-time yes; print-category yes; severity dynamic; }; category "dnssec" { "dnssec"; }; channel "dnssec" { file "/var/log/bind9/dnssec.log" versions 10 size 5m; print-time yes; print-category yes; severity dynamic; }; channel "xfer" { file "/var/log/bind9/xfer.log" versions 10 size 5m; print-time yes; print-category yes; severity debug; }; category "xfer-in" { "xfer"; }; category "xfer-out" { "xfer"; }; category "notify" { "xfer"; }; channel "general" { file "/var/log/bind9/general.log" versions 10 size 5m; print-time yes; print-category yes; severity dynamic; }; category "general" { "general"; }; channel "b_query" { file "/var/log/bind9/query.log" versions 10 size 5m; print-time yes; print-category yes; severity dynamic; }; category "queries" { "b_query"; }; };@vgauthier said in DDNS update issue with ISC DHCP and Bind9:
instead my former dns server still receive the IPv4 forward nsupdate.....
That's the answer to your own question
