DDNS BIND9 on RedHat

Hi there

I have BIND9 and DHCP Server running. The DHCP works well. My problem
is, that if a Windows-Client gets an IPLease from the DHCP, the DNS will
not be updated. I get the following message in /var/log/messages:

***snip***
Nov 19 11:43:57 tssrv02 dhcpd: if IN A testclnt.ts-management.ch domain
doesn't exist add 10800 IN A testclnt.testdomain.com 10.4.4.200 add
10800 IN TXT testclnt.testdomain.com
"314d9f82af6cea2d5ca5fc5e761fa802d7": bad DNS key.


my dhcpd.conf
--------------------
#
# Subnet: 10.4.4.0
# Netmask: 255.255.255.0
# Purpose:
#

# include "etc/rndc.key";

key ddnsupdater {
algorithm hmac-md5;
secret "test";
}

zone testdomain.com {
key ddnsupdater;
}

ddns-updates on;
ddns-update-style interim;
ddns-domainname "testdomain.com";


subnet 10.4.4.0 netmask 255.255.255.0 {
### Configuration sent to the DHCP client ###
# Gateway
option routers 10.4.4.254;
option subnet-mask 255.255.255.0;

# DNS
option domain-name "testdomain.com";
option domain-name-servers 10.4.4.25;

# Windows-specific stuff
option ntp-servers 198.82.162.213, 198.82.161.227;
option netbios-name-servers 198.82.162.243, 198.82.162.242;
option netbios-node-type 2; # Change at your own risk

# Misc
option time-offset -18000; # Eastern Standard Time


### What are we doing to serve? ###
range 10.4.4.50 10.4.4.200;
default-lease-time 21600;
max-lease-time 43200;

deny bootp; # Don't step on dogwood.ee.vt.edu's boot server
# Dogwood is the print server and configures the
# WSLab's HP JetDirect printers on our local
# ethernet segment.


### Fixed IP addresses inside subnet to follow ###
# No fixed IP addresses in this subnet
}


my named.conf
----------------------
options {
directory "/var/named";

query-source address * port 53;

/*
* The forwarders are the DNS servers run by our service provider;
* you will want to change them to match the ones provided by
* your ISP.*/
forwarders {
195.186.4.111;
195.186.1.110;
};
};

/*
* a chaching only nameserver config
*/
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

/* The following is the dynamic DNS zone. You'll want to change it someting
* appropriate for you matches your site. */

key ddnsupdater {
/* Key to update testdomain.com*/
algorithm hmac-md5;
secret "test";
};

zone "testdomain.com" {
type master;
file "testdomain.com";
allow-update { key ddnsupdater; };
# allow-update { 127/8; 10.4.4/24; };
};

zone "." {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

//include "/etc/rndc.key";


could someone tell me, where the problem is?

THX


----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= East/West-Coast Server Farms - Total Privacy via Encryption =---

Stefan Müller <(E-Mail Removed)> wrote:

I see two problems here. First off, this

> key ddnsupdater {
> algorithm hmac-md5;
> secret "test";
> }

is not a valid key. The secret has to be valid base64 encoded data. You can
generate a key with the dnssec-keygen command, ie

dnssec-keygen -a HMAC-MD5 -b 512 -n HOST ddnsupdater

Note that the name you specify ("ddnsupdater" in this case) is signifigant.
You must give dnssec-keygen, dhcp, and bind the same name as well as the same
algorithm and secret.

> zone testdomain.com {
> key ddnsupdater;
> }

And second, you're only set up for your forward zone. You need to have a
zone defined in bind and pointed to in dhcp for your reversals.

--
Frank Sweetser fs at wpi.edu
WPI Network Engineer
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC