PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : DDNS mit bind9 und dhcp3-server



Xerrez
05.10.07, 12:56
Hallo,

ich habe bei mir zuhause einen DHCP und DNS Server eingerichtet, die sich auch untereinander unterhalten sollen bezüglich leases und rechnernamen.

die beiden server funktionieren insofern, das mir der dhcp server schon alle daten schön mitteilt und der dns server die namensauflösung drauf hat.

wenn allerdings der dhcp server dem dns server den namen des neuen rechners mitteilt, erhalte ich im syslog folgende fehlermeldung:



Oct 5 12:51:46 malygos named[2614]: client 192.168.178.1#32792: update 'dragon.lan/IN' denied
Oct 5 12:51:46 malygos dhcpd: Unable to add forward map from zero.dragon.lan to 192.168.178.100: timed out


hier mal meine config file:

/etc/bind/named.conf


// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

key MYKEY {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret 1wFj+eifN0fddHVPyqISEw==;
};

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };

// From the release notes:
// Because many of our users are uncomfortable receiving undelegated answers
// from root or top level domains, other than a few for whom that behaviour
// has been trusted and expected for quite some length of time, we have now
// introduced the "root-delegations-only" feature which applies delegation-only
// logic to all top level domains, and to the root domain. An exception list
// should be specified, including "MUSEUM" and "DE", and any other top level
// domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };

include "/etc/bind/named.conf.local";


/etc/bind/named.conf.local


//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "dragon.lan" {
type master;
file "zones/master/master.dragon.lan";
notify no;
allow-update { key MYKEY; };
};

zone "178.168.192.IN-ADDR.ARPA" {
type master;
file "zones/192.168.178.rev";
notify no;
allow-update { key MYKEY; };
};


/etc/bind/zones/master/master.dragon.lan


$TTL 1d
$ORIGIN dragon.lan.
@ IN SOA ns.dragon.lan. malygos.dragon.lan. 11 3600 1800 604800 1800
NS ns.dragon.lan.
A 192.168.178.1

ns A 192.168.178.1

malygos A 192.168.178.1
www CNAME malygos
mail CNAME malygos


/etc/bind/zone/192.168.178.rev


$TTL 1d
$ORIGIN 178.168.192.IN-ADDR.ARPA.
@ IN SOA ns.dragon.lan. malygos.dragon.lan. 11 2h 15m 2w 3h
NS ns.dragon.lan.


/etc/dhcp3/dhcpd.conf


server-identifier malygos.dragon.lan;
authoritative;
ddns-update-style interim;

key MYKEY {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret 1wFj+eifN0fddHVPyqISEw==;
};

zone example.com. {
primary 127.0.0.1;
key MYKEY;
}

zone 178.168.192.in-addr.arpa. {
primary 127.0.0.1;
key MYKEY;
}

subnet 192.168.178.0 netmask 255.255.255.0 {
range 192.168.178.50 192.168.178.100;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.178.255;
option domain-name "dragon.lan";
one-lease-per-client on;
default-lease-time 604800;
max-lease-time 604800;
option routers 192.168.178.2;
option domain-name-servers 192.168.178.1;
}


bind läuft chrooted unter /var/lib/named mit dem user bind
dhcp3-server läuft mit den standard einstellungen.

als system verwende ich ein Debian Etch 4.0.

ich weiss echt nicht mehr weiter - hab schon zig foren durchwühlt aber nix gescheites gefunden.

bitte helft mir.

gruß
xerrez

Xerrez
05.10.07, 13:21
hat sich erledigt.

ich habe in der allow-update direktive noch die ip addresse mit eingefügt, da anscheind irgendwas mit dem key nicht hingehauen hat