BUG: Dynamic DNS Update from DHCP



  • Hi fellows,

    it seems like there is a bug in Dynamic DNS Update from DHCP. DHCP clients from vLAN interface (see below for setup) should get HOSTNAME.MyOtherDomain.tld assigned - but instead they keep on getting HOSTNAME.MyDomain.tld assigned which was never defined in DHCP setup BUT in General Setup only. This is wrong behaviour of DHCP and DynDNS update interaction. DHCP should respect settings from the DHCP Setup site of its correspondenting Interface Tab.

    The main steps for reproduction:

    1. System –> General Setup
    • Domain = MyDomain.tld
    1. Services –> DNS Forwarder
    • Enable DNS forwarder = TRUE

    • Register DHCP leases in DNS forwarder = TRUE

    1. Services –> DHCP server --> Tab: LAN
    • Domain name = MyDomain.tld

    • Domain search list = MyDomain.tld

    • Enable registration of DHCP client names in DNS = TRUE

    • Dynamic DNS = MyDomain.tld

    1. Services –> DHCP server --> Tab: vLAN
    • Domain name = MyOtherDomain.tld

    • Domain search list = MyOtherDomain.tld

    • Enable registration of DHCP client names in DNS = TRUE

    • Dynamic DNS = MyOtherDomain.tld

    Is there any one out who has teh same issue OR was able to reproduce this issue?
    Any hints to fix or avoid this? Maybe a temporary workaround?

    Thanks ;)
    Best regards



  • Was anyone able to reproduce or even suffering of the problem described above?



  • Yes, it works as you describe for me too. Since I don't know that much about DHCP dynamic dns registration, I assumed it was a feature.



  • pfSense generates application specific configuration files from its own configuration file. Perhaps the interface-specific domain information is not written to the dhcpd configuration file. Please post the contents of pfSense file /var/dhcpd/etc/dhcpd.conf.

    What version of pfSense are you using?



  • Hostnames are always registered with the system's domain name, not the DNS suffix from DHCP. That's by design though there is a ticket in redmine somewhere to use the DNS suffix from DHCP instead (don't hold your breath, it's been there for many years, but patches welcome).



  • Hi,

    @thermo
    Thanks for your testing. So - good news is: I'm not alone ;)

    @wallabybob
    It looks like the DHCP Config is alright. Yet I miss some important lines like:
    (Even though the checkbox Register DHCP leases in DNS forwarder is set to true)

    ddns-update-style interim;
    update-static-leases on;
    update-conflict-detection true;
    allow client-updates;
    
    include "/etc/namedb/rndc.key";
    
    zone '${IN_ADDR_ARPA}' {
      primary 127.0.0.1;
      key "'${RNDC_KEY}'";
    }
    
    zone '${DOMAINNAME}' {
      primary 127.0.0.1;
      key "'${RNDC_KEY}'";
    }
    
    

    Anyway here is the output of cat /var/dhcpd/etc/dhcpd.conf:

    option domain-name "MyDomain.tld";
    option ldap-server code 95 = text;
    option domain-search-list code 119 = text;
    
    default-lease-time 7200;
    max-lease-time 86400;
    log-facility local7;
    ddns-update-style none;
    one-lease-per-client true;
    deny duplicates;
    ping-check true;
    authoritative;
    subnet 10.0.0.0 netmask 255.0.0.0 {
        pool {
            option domain-name-servers 10.0.0.1;
            range 10.0.1.10 10.0.1.245;
        }
        option routers 10.0.0.1;
        option domain-name "MyDomain.tld";
        option domain-search-list "MyDomain.tld";
        ddns-domainname "MyDomain.tld";
        ddns-update-style interim;
        option domain-name-servers 10.0.0.1;
        default-lease-time 7200;
        max-lease-time 86400;
        option ntp-servers 91.143.83.62,188.40.77.71;
    
    }
    
    subnet 192.168.50.0 netmask 255.255.255.0 {
        pool {
            option domain-name-servers 192.168.50.1;
            range 192.168.50.200 192.168.50.254;
        }
        option routers 192.168.50.1;
        option domain-name "MyOtherDomain.tld";
        option domain-search-list "MyOtherDomain.tld";
        ddns-domainname "MyOtherDomain.tld";
        ddns-update-style interim;
        option domain-name-servers 192.168.50.1;
        default-lease-time 7200;
        max-lease-time 86400;
        option netbios-name-servers 192.168.50.100;
        option netbios-node-type 8;
        option ntp-servers 91.143.83.62,188.40.77.71;
    
    }
    
    

    @cmb: Good to know - yet not satisfying … ;/

    Thx & best regards



  • In my case in pfSense 2.0.1 it is working as it should.

    Somewhere in general pfSense config domain = corp.local

    DHCP Server > LAN
    Domain name: (null)
    In Windows DHCP client "ipconfig" command shows:
    Connection-specific DNS suffix: corp.local

    DHCP Server > VLAN200
    Domain name: vlan200.local
    In Windows DHCP client "ipconfig" command shows:
    Connection-specific DNS suffix: vlan200.local



  • I think the problem is obvious: Config does not allow to set

    key "'${RNDC_KEY}'";
    

    in /var/dhcpd/etc/dhcpd.conf subnet declaration so dhcp server ist not able to send the key.
    services_dhcp.php  needs an option to set this key. I think this is really a bug, because Bind9
    does not accept DNS updates w/o key in a secure configuration.


Locked