Suse10.0User
21.04.07, 13:32
Hallo LinuxFreunde!
ich bin gerade dabei unseren SoHo Server um DHCP und DNS zu erweitern.
DHCP soll sowohl dynamische, als auch statische IPs für bestimmt clients vergeben. Sobal der DHCP eine IP vergeben hat, sollen die zonefiles des DNS automatisch geupdatet werden. Nach Ablauf der lease sollen die zonefiles erneut automatisch geupdatet werden.
Zur Realisierung meines Vorhabens bin ich nach diesem HowTo vorgegangen:
http://www.linuxkramkiste.de/?Linux:DHCP-DNS
Meine dhcpd.conf sieht so aus:
option domain-name "lokales-netz.lan";
option domain-name-servers 192.168.123.250;
option routers 192.168.123.250;
#
ddns-update-style ad-hoc;
#
allow unknown-clients;
allow client-updates;
#
ddns-domainname "lokales-netz.lan";
#
update-static-leases true;
#
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret Ur4PfKM7cjj3D8knNg4qMw==;
};
zone lokales-netz.lan. {
primary 192.168.123.250;
key DHCP_UPDATER;
}
zone 123.168.192.in-addr.arpa. {
primary 192.168.123.250;
key DHCP_UPDATER;
}
#
authoritative;
#
subnet 192.168.123.0 netmask 255.255.255.0 {
range 192.168.123.150 192.168.123.190;
allow unknown-clients;
default-lease-time 14400;
max-lease-time 17280;
# Ein paar feste IP-Adressen werden vergeben
#
# host computerralf {
# hardware ethernet 00:0e:0c:b8:f0:ac;
# fixed-address 192.168.123.10;
# }
#
# host computer2 {
# hardware ethernet 00:0e:0c:b8:f0:ac;
# fixed-address 192.168.123.15;
# }
#
# host computer2 {
# hardware ethernet 00:0c:76:1E:48:3c;
# fixed-address 192.168.123.20;
# }
#
}
die named.conf sieht so aus:
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9. It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.
options {
auth-nxdomain yes;
# The directory statement defines the name server's working directory
directory "/var/lib/named";
# Write dump and statistics file to the log subdirectory. The
# pathenames are relative to the chroot jail.
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
# The forwarders record contains a list of servers to which queries
# should be forwarded. Enable this line and modify the IP address to
# your provider's name server. Up to three servers may be listed.
#forwarders { 192.0.2.1; 192.0.2.2; };
# Enable the next entry to prefer usage of the name server declared in
# the forwarders section.
#forward first;
# The listen-on record contains a list of local network interfaces to
# listen on. Optionally the port can be specified. Default is to
# listen on all interfaces found on your system. The default port is
# 53.
#listen-on port 53 { 127.0.0.1; };
# The listen-on-v6 record enables or disables listening on IPv6
# interfaces. Allowed values are 'any' and 'none' or a list of
# addresses.
listen-on-v6 { any; };
# The next three statements may be needed if a firewall stands between
# the local server and the internet.
#query-source address * port 53;
#transfer-source * port 53;
#notify-source * port 53;
# The allow-query record contains a list of networks or IP addresses
# to accept and deny queries from. The default is to allow queries
# from all hosts.
#allow-query { 127.0.0.1; };
# If notify is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed. Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.
notify no;
include "/etc/named.d/forwarders.conf";
};
# To configure named's logging remove the leading '#' characters of the
# following examples.
#logging {
# # Log queries to a file limited to a size of 100 MB.
# channel query_logging {
# file "/var/log/named_querylog"
# versions 3 size 100M;
# print-time yes; // timestamp log entries
# };
# category queries {
# query_logging;
# };
#
# # Or log this kind alternatively to syslog.
# channel syslog_queries {
# syslog user;
# severity info;
# };
# category queries { syslog_queries; };
#
# # Log general name server errors to syslog.
# channel syslog_errors {
# syslog user;
# severity error;
# };
# category default { syslog_errors; };
#
# # Don't log lame server messages.
# category lame-servers { null; };
#};
# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
# Include the meta include file generated by createNamedConfInclude. This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named
include "/etc/named.conf.include";
logging {
category default { log_syslog; };
channel log_syslog { syslog; };
#
#
#
};
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret Ur4PfKM7cjj3D8knNg4qMw==;
};
zone "lokales-netz.lan" in {
file "master/lokales-netz.lan";
type master;
allow-update { key DHCP_UPDATER; };
notify yes;
};
zone "123.168.192.in-addr.arpa" in {
file "master/123.168.192.in-addr.arpa";
type master;
allow-update { key DHCP_UPDATER; };
notify yes;
};
bei dynamischer Adressvergabe funktioniert soweit alles sehr gut:)
(Der client bekommt seine IP, hostname und IP werdem dem DNS übergeben und die Namensauflösung kann mit nslookup IP und mit nslookup hostname erfolgreich getestet werden. Nach Ablauf der lease werden die zonefiles erneut geupdatet)
in der /var/log/messages sieht das dann so aus:
Apr 15 21:12:14 srv2 dhcpd: DHCPDISCOVER from 00:0e:0c:b8:f0:ac via eth0
Apr 15 21:12:15 srv2 dhcpd: DHCPOFFER on 192.168.123.187 to 00:0e:0c:b8:f0:ac (computer2) via eth0
Apr 15 21:12:20 srv2 dhcpd: DHCPDISCOVER from 00:0e:0c:b8:f0:ac (computer2) via eth0
Apr 15 21:12:20 srv2 dhcpd: DHCPOFFER on 192.168.123.187 to 00:0e:0c:b8:f0:ac (computer2) via eth0
Apr 15 21:12:28 srv2 dhcpd: DHCPDISCOVER from 00:0e:0c:b8:f0:ac (computer2) via eth0
Apr 15 21:12:28 srv2 dhcpd: DHCPOFFER on 192.168.123.187 to 00:0e:0c:b8:f0:ac (computer2) via eth0
Apr 15 21:12:28 srv2 named[21816]: client 192.168.123.250#1179: updating zone 'lokales-netz.lan/IN': adding an RR at 'computer2.lokales-netz.lan' A
Apr 15 21:12:28 srv2 dhcpd: if computer2.lokales-netz.lan IN A rrset doesn't exist add computer2.lokales-netz.lan 7200 IN A 192.168.123.187: success.
Apr 15 21:12:28 srv2 named[21816]: client 192.168.123.250#1179: updating zone '123.168.192.in-addr.arpa/IN': deleting rrset at '187.123.168.192.in-addr.arpa' PTR
Apr 15 21:12:28 srv2 named[21816]: client 192.168.123.250#1179: updating zone '123.168.192.in-addr.arpa/IN': adding an RR at '187.123.168.192.in-addr.arpa' PTR
Apr 15 21:12:28 srv2 dhcpd: delete 187.123.168.192.in-addr.arpa. IN PTR add 187.123.168.192.in-addr.arpa. 7200 IN PTR computer2.lokales-netz.lan: success.
Apr 15 21:12:28 srv2 dhcpd: DHCPREQUEST for 192.168.123.187 (192.168.123.250) from 00:0e:0c:b8:f0:ac (computer2) via eth0
Apr 15 21:12:28 srv2 dhcpd: DHCPACK on 192.168.123.187 to 00:0e:0c:b8:f0:ac (computer2) via eth0
Apr 15 21:13:30 srv2 named[21816]: client 192.168.123.187#1088: update 'lokales-netz.lan/IN' denied
So nun endlich zum eigentlichen Problem:
Der DHCP-Server soll für manche clients feste IPs vergeben (unten in der dhcpd.conf habe ich schon damit etwas rumgespielt). Die IPs werden auch wie gewünscht vergeben, die zonefiles des DNS-Servers werden aber nicht geupdatet. Demzufolge funktioniert auch die Namensauflösung der clients mit fester IP nicht.
In den /var/log/messages habe ich dazu auch Fehler drin.
Apr 8 16:41:58 srv2 dhcpd: DHCPDISCOVER from 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:41:58 srv2 dhcpd: DHCPOFFER on 192.168.123.10 to 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:42:02 srv2 dhcpd: DHCPDISCOVER from 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:42:02 srv2 dhcpd: DHCPOFFER on 192.168.123.10 to 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:42:09 srv2 dhcpd: DHCPDISCOVER from 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:42:09 srv2 dhcpd: DHCPOFFER on 192.168.123.10 to 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:42:09 srv2 dhcpd: DHCPREQUEST for 192.168.123.10 (192.168.123.250) from 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:42:09 srv2 dhcpd: DHCPACK on 192.168.123.10 to 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:43:12 srv2 named[24480]: client 192.168.123.10#1089: updating zone 'lokales-netz.lan/IN': update unsuccessful: computerralf.lokales-netz.lan/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Apr 8 16:43:12 srv2 named[24480]: client 192.168.123.10#1092: update 'lokales-netz.lan/IN' denied
Apr 8 16:43:27 srv2 dhcpd: DHCPINFORM from 192.168.123.10 via eth0
Apr 8 16:43:27 srv2 dhcpd: DHCPACK to 192.168.123.10
Apr 8 16:43:30 srv2 dhcpd: DHCPINFORM from 192.168.123.10 via eth0
Apr 8 16:43:30 srv2 dhcpd: DHCPACK to 192.168.123.10
An was kanns liegen, dass das bei statischen IPs nicht will?
Ach ja noch einige Daten des Servers:
Suse 10.0 + alle updates
Kernel 2.6.13-15.15
BIND 9.3.2
DHCP V3.0.3
fqdn srv2.lokales-netz.lan
IP 192.168.123.250
ich bin gerade dabei unseren SoHo Server um DHCP und DNS zu erweitern.
DHCP soll sowohl dynamische, als auch statische IPs für bestimmt clients vergeben. Sobal der DHCP eine IP vergeben hat, sollen die zonefiles des DNS automatisch geupdatet werden. Nach Ablauf der lease sollen die zonefiles erneut automatisch geupdatet werden.
Zur Realisierung meines Vorhabens bin ich nach diesem HowTo vorgegangen:
http://www.linuxkramkiste.de/?Linux:DHCP-DNS
Meine dhcpd.conf sieht so aus:
option domain-name "lokales-netz.lan";
option domain-name-servers 192.168.123.250;
option routers 192.168.123.250;
#
ddns-update-style ad-hoc;
#
allow unknown-clients;
allow client-updates;
#
ddns-domainname "lokales-netz.lan";
#
update-static-leases true;
#
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret Ur4PfKM7cjj3D8knNg4qMw==;
};
zone lokales-netz.lan. {
primary 192.168.123.250;
key DHCP_UPDATER;
}
zone 123.168.192.in-addr.arpa. {
primary 192.168.123.250;
key DHCP_UPDATER;
}
#
authoritative;
#
subnet 192.168.123.0 netmask 255.255.255.0 {
range 192.168.123.150 192.168.123.190;
allow unknown-clients;
default-lease-time 14400;
max-lease-time 17280;
# Ein paar feste IP-Adressen werden vergeben
#
# host computerralf {
# hardware ethernet 00:0e:0c:b8:f0:ac;
# fixed-address 192.168.123.10;
# }
#
# host computer2 {
# hardware ethernet 00:0e:0c:b8:f0:ac;
# fixed-address 192.168.123.15;
# }
#
# host computer2 {
# hardware ethernet 00:0c:76:1E:48:3c;
# fixed-address 192.168.123.20;
# }
#
}
die named.conf sieht so aus:
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9. It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.
options {
auth-nxdomain yes;
# The directory statement defines the name server's working directory
directory "/var/lib/named";
# Write dump and statistics file to the log subdirectory. The
# pathenames are relative to the chroot jail.
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
# The forwarders record contains a list of servers to which queries
# should be forwarded. Enable this line and modify the IP address to
# your provider's name server. Up to three servers may be listed.
#forwarders { 192.0.2.1; 192.0.2.2; };
# Enable the next entry to prefer usage of the name server declared in
# the forwarders section.
#forward first;
# The listen-on record contains a list of local network interfaces to
# listen on. Optionally the port can be specified. Default is to
# listen on all interfaces found on your system. The default port is
# 53.
#listen-on port 53 { 127.0.0.1; };
# The listen-on-v6 record enables or disables listening on IPv6
# interfaces. Allowed values are 'any' and 'none' or a list of
# addresses.
listen-on-v6 { any; };
# The next three statements may be needed if a firewall stands between
# the local server and the internet.
#query-source address * port 53;
#transfer-source * port 53;
#notify-source * port 53;
# The allow-query record contains a list of networks or IP addresses
# to accept and deny queries from. The default is to allow queries
# from all hosts.
#allow-query { 127.0.0.1; };
# If notify is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed. Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.
notify no;
include "/etc/named.d/forwarders.conf";
};
# To configure named's logging remove the leading '#' characters of the
# following examples.
#logging {
# # Log queries to a file limited to a size of 100 MB.
# channel query_logging {
# file "/var/log/named_querylog"
# versions 3 size 100M;
# print-time yes; // timestamp log entries
# };
# category queries {
# query_logging;
# };
#
# # Or log this kind alternatively to syslog.
# channel syslog_queries {
# syslog user;
# severity info;
# };
# category queries { syslog_queries; };
#
# # Log general name server errors to syslog.
# channel syslog_errors {
# syslog user;
# severity error;
# };
# category default { syslog_errors; };
#
# # Don't log lame server messages.
# category lame-servers { null; };
#};
# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
# Include the meta include file generated by createNamedConfInclude. This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named
include "/etc/named.conf.include";
logging {
category default { log_syslog; };
channel log_syslog { syslog; };
#
#
#
};
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret Ur4PfKM7cjj3D8knNg4qMw==;
};
zone "lokales-netz.lan" in {
file "master/lokales-netz.lan";
type master;
allow-update { key DHCP_UPDATER; };
notify yes;
};
zone "123.168.192.in-addr.arpa" in {
file "master/123.168.192.in-addr.arpa";
type master;
allow-update { key DHCP_UPDATER; };
notify yes;
};
bei dynamischer Adressvergabe funktioniert soweit alles sehr gut:)
(Der client bekommt seine IP, hostname und IP werdem dem DNS übergeben und die Namensauflösung kann mit nslookup IP und mit nslookup hostname erfolgreich getestet werden. Nach Ablauf der lease werden die zonefiles erneut geupdatet)
in der /var/log/messages sieht das dann so aus:
Apr 15 21:12:14 srv2 dhcpd: DHCPDISCOVER from 00:0e:0c:b8:f0:ac via eth0
Apr 15 21:12:15 srv2 dhcpd: DHCPOFFER on 192.168.123.187 to 00:0e:0c:b8:f0:ac (computer2) via eth0
Apr 15 21:12:20 srv2 dhcpd: DHCPDISCOVER from 00:0e:0c:b8:f0:ac (computer2) via eth0
Apr 15 21:12:20 srv2 dhcpd: DHCPOFFER on 192.168.123.187 to 00:0e:0c:b8:f0:ac (computer2) via eth0
Apr 15 21:12:28 srv2 dhcpd: DHCPDISCOVER from 00:0e:0c:b8:f0:ac (computer2) via eth0
Apr 15 21:12:28 srv2 dhcpd: DHCPOFFER on 192.168.123.187 to 00:0e:0c:b8:f0:ac (computer2) via eth0
Apr 15 21:12:28 srv2 named[21816]: client 192.168.123.250#1179: updating zone 'lokales-netz.lan/IN': adding an RR at 'computer2.lokales-netz.lan' A
Apr 15 21:12:28 srv2 dhcpd: if computer2.lokales-netz.lan IN A rrset doesn't exist add computer2.lokales-netz.lan 7200 IN A 192.168.123.187: success.
Apr 15 21:12:28 srv2 named[21816]: client 192.168.123.250#1179: updating zone '123.168.192.in-addr.arpa/IN': deleting rrset at '187.123.168.192.in-addr.arpa' PTR
Apr 15 21:12:28 srv2 named[21816]: client 192.168.123.250#1179: updating zone '123.168.192.in-addr.arpa/IN': adding an RR at '187.123.168.192.in-addr.arpa' PTR
Apr 15 21:12:28 srv2 dhcpd: delete 187.123.168.192.in-addr.arpa. IN PTR add 187.123.168.192.in-addr.arpa. 7200 IN PTR computer2.lokales-netz.lan: success.
Apr 15 21:12:28 srv2 dhcpd: DHCPREQUEST for 192.168.123.187 (192.168.123.250) from 00:0e:0c:b8:f0:ac (computer2) via eth0
Apr 15 21:12:28 srv2 dhcpd: DHCPACK on 192.168.123.187 to 00:0e:0c:b8:f0:ac (computer2) via eth0
Apr 15 21:13:30 srv2 named[21816]: client 192.168.123.187#1088: update 'lokales-netz.lan/IN' denied
So nun endlich zum eigentlichen Problem:
Der DHCP-Server soll für manche clients feste IPs vergeben (unten in der dhcpd.conf habe ich schon damit etwas rumgespielt). Die IPs werden auch wie gewünscht vergeben, die zonefiles des DNS-Servers werden aber nicht geupdatet. Demzufolge funktioniert auch die Namensauflösung der clients mit fester IP nicht.
In den /var/log/messages habe ich dazu auch Fehler drin.
Apr 8 16:41:58 srv2 dhcpd: DHCPDISCOVER from 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:41:58 srv2 dhcpd: DHCPOFFER on 192.168.123.10 to 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:42:02 srv2 dhcpd: DHCPDISCOVER from 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:42:02 srv2 dhcpd: DHCPOFFER on 192.168.123.10 to 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:42:09 srv2 dhcpd: DHCPDISCOVER from 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:42:09 srv2 dhcpd: DHCPOFFER on 192.168.123.10 to 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:42:09 srv2 dhcpd: DHCPREQUEST for 192.168.123.10 (192.168.123.250) from 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:42:09 srv2 dhcpd: DHCPACK on 192.168.123.10 to 00:0e:0c:b8:f0:ac via eth0
Apr 8 16:43:12 srv2 named[24480]: client 192.168.123.10#1089: updating zone 'lokales-netz.lan/IN': update unsuccessful: computerralf.lokales-netz.lan/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Apr 8 16:43:12 srv2 named[24480]: client 192.168.123.10#1092: update 'lokales-netz.lan/IN' denied
Apr 8 16:43:27 srv2 dhcpd: DHCPINFORM from 192.168.123.10 via eth0
Apr 8 16:43:27 srv2 dhcpd: DHCPACK to 192.168.123.10
Apr 8 16:43:30 srv2 dhcpd: DHCPINFORM from 192.168.123.10 via eth0
Apr 8 16:43:30 srv2 dhcpd: DHCPACK to 192.168.123.10
An was kanns liegen, dass das bei statischen IPs nicht will?
Ach ja noch einige Daten des Servers:
Suse 10.0 + alle updates
Kernel 2.6.13-15.15
BIND 9.3.2
DHCP V3.0.3
fqdn srv2.lokales-netz.lan
IP 192.168.123.250