[Kea-users] DDNS Error

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[Kea-users] DDNS Error

Peter Fraser
H All
I am trying to set up kea to dynamically update a BIND-9.16 zone named
home.local. THe error I am getting is below. I would appreciate any
help resolving this error.

DHCP_DDNS_FORWARD_ADD_REJECTED DNS Request ID
00010123F7C5108AE5734DE11681A33E491CA0E0EDF5715D273DC032EE8400ADEDFD98:
Server, 127.0.0.1 port:53, rejected a DNS update request to add the
address mapping for FQDN, debian10.home.local., with an RCODE: 4


Please note the config in some of my Files

[kea-dhcp4.conf]
"dhcp-ddns": {
        "enable-updates": true,
        "qualifying-suffix": "home.local."
        "server-ip": "127.0.0.1",
        "server-port": 53
    },

[kea-dhcp-ddns.conf]
{
"DhcpDdns": {

  "tsig-keys": [
          {
            "name": "homelocal.key.",
            "algorithm": "HMAC-SHA256",
            "secret": "/invibCej8eFTY2aqvIJxIGMPjvkvjNj80OMnK2="
          }
               ],

  "forward-ddns": {
                       "ddns-domains": [
                       {
                        "name": "home.local.",
                        "key-name": "",
                        "dns-servers": [
                           {
                            "hostname": "",
                            "ip-address": "127.0.0.1",
                            "port": 53
                           }
                        ]
                       }
                       ]
                   }

[Bind named.conf]
key "homelocal.key" {
        algorithm hmac-sha256;
        secret "/invibCej8eFTY2aqvIJxIGMPjvkvjNj80OMnK2=";
};

zone "home.local" in{
        type master;
        allow-update {key "homelocal.key";};
        file "/usr/local/etc/namedb/dynamic/home.local";
};

logging {
   channel dns_log{
    file "/var/log/dns.log" versions 3 size 500k;
    severity debug;
   };
   category default{
   dns_log;
   };
};
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] DDNS Error

Stephen Morris
On 08/06/2020 07:16, Software Info wrote:
> H All
> I am trying to set up kea to dynamically update a BIND-9.16 zone named
> home.local. THe error I am getting is below. I would appreciate any
> help resolving this error.
>
> DHCP_DDNS_FORWARD_ADD_REJECTED DNS Request ID
> 00010123F7C5108AE5734DE11681A33E491CA0E0EDF5715D273DC032EE8400ADEDFD98:
> Server, 127.0.0.1 port:53, rejected a DNS update request to add the
> address mapping for FQDN, debian10.home.local., with an RCODE: 4

I'd suggest doing/looking at the following:

1. Remove the "server-ip" and "server-port" from the "dhcp-ddns"
configuration in kea-dhcp4.conf.  They tell Kea the address and port on
which the kea-dhcp-ddns process is listening.  By default this is
127.0.0.1 port 53001, and I don't see that you have overridden that in
the kea-dhcp-ddns.conf configuration file.

2. In the "forward-ddns" section of the kea-dhcp-ddns.conf configuration
file, "key-name" is set to blank, so no key is being used to communicate
with the BIND server.  However, in the BIND configuration, the
"allow-update" clause means that BIND requires a key in order to update
the "home.local" zone.

3. The name of the only defined key in the kea-dhcp-ddns configuration
is "homelocal.key." (i.e. with a trailing period), but the name of the
key in BIND is "homelocal.key" (without the trailing period).  Assuming
the defined key is the one that should be used to communicate with BIND,
the names should match.


Stephen
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] DDNS Error

Joshua Schaeffer


On 6/9/20 11:28 AM, Stephen Morris wrote:
2. In the "forward-ddns" section of the kea-dhcp-ddns.conf configuration
file, "key-name" is set to blank, so no key is being used to communicate
with the BIND server.  However, in the BIND configuration, the
"allow-update" clause means that BIND requires a key in order to update
the "home.local" zone.

3. The name of the only defined key in the kea-dhcp-ddns configuration
is "homelocal.key." (i.e. with a trailing period), but the name of the
key in BIND is "homelocal.key" (without the trailing period).  Assuming
the defined key is the one that should be used to communicate with BIND,
the names should match.
I'd agree with Stephen that you need to make sure your key-name is specified in the forward-ddns section and that it matches the key name that BIND is configured to use. In addition to this you are getting an RCODE response, which means that you are getting an error from the DNS server. As you have DNS logs set to debug you should look through those logs to see if the DNS server will give you more information about the specifics of the error.
-- 
Thanks,
Joshua Schaeffer

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] DDNS Error

Peter Fraser

Thanks so much for both replies. I made the changes you mentioned. I found I also had to change the ip-addess to the ip address of the server. When I had it as 127.0.0.1, I was getting a corrupt reply error from the DNS Server in the logs. Thankfully now, the server is updating. I have just one last error now that I am trying to figure out. This is in the kea-dhcp-ddns.conf file. I keep getting the error :

 

INFO/keactrl: Starting /usr/local/sbin/kea-dhcp-ddns -c /usr/local/etc/kea/kea-dhcp-ddns.conf

2020-06-09 23:13:15.700 FATAL [kea-dhcp-ddns.dctl/72504] DCTL_CONFIG_FILE_LOAD_FAIL DhcpDdns reason: Configuration parsing failed: /usr/local/etc/kea/kea-dhcp-ddns.conf:28.3-11: syntax error, unexpected loggers, expecting "," or }

 

I get this when I enable the logging section in the file. I am not sure why. I pretty much used the defaults from the sample file. I even compared my file with the sample file and everything there is the same except that I enabled debugging in mine.

 

Please note my entire kea-dhcp-ddns.conf below. I have been going through but I can’t seem to find a syntax error.

 

{

{

"DhcpDdns": {

 

  "tsig-keys": [

          {

            "name": "homelocal.key",

            "algorithm": "HMAC-SHA256",

            "secret": "jo/1eHCej8eFTY2aqvICCNINVvbbv9KuEU="

          }

               ],

 

  "forward-ddns": {

                       "ddns-domains": [

                       {

                        "name": "home.local.",

                        "key-name": "homelocal.key",

                        "dns-servers": [

                           {

                            "hostname": "",

                            "ip-address": "192.168.40.10",

                            "port": 53

                           }

                        ]

                       }

                       ]

                   }

 

   "loggers": [

    {

        "name": "kea-dhcp-ddns",

        "output_options": [

            {

                "output": "/var/log/kea-ddns.log"

 

            }

        ],

        "severity": "DEBUG",

     // If DEBUG level is specified, this value is used. 0 is least verbose,

        // 99 is most verbose. Be cautious, Kea can generate lots and lots

        // of logs if told to do so.

        "debuglevel": 99

    }

  ]

}

}

 

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Tuesday, June 9, 2020 1:06 PM
To: [hidden email]
Subject: Re: [Kea-users] DDNS Error

 

 

On 6/9/20 11:28 AM, Stephen Morris wrote:

2. In the "forward-ddns" section of the kea-dhcp-ddns.conf configuration

file, "key-name" is set to blank, so no key is being used to communicate
with the BIND server.  However, in the BIND configuration, the
"allow-update" clause means that BIND requires a key in order to update
the "home.local" zone.
 
3. The name of the only defined key in the kea-dhcp-ddns configuration
is "homelocal.key." (i.e. with a trailing period), but the name of the
key in BIND is "homelocal.key" (without the trailing period).  Assuming
the defined key is the one that should be used to communicate with BIND,
the names should match.

I'd agree with Stephen that you need to make sure your key-name is specified in the forward-ddns section and that it matches the key name that BIND is configured to use. In addition to this you are getting an RCODE response, which means that you are getting an error from the DNS server. As you have DNS logs set to debug you should look through those logs to see if the DNS server will give you more information about the specifics of the error.

-- 
Thanks,
Joshua Schaeffer

 


_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] DDNS Error

Wlodek Wencel

Hey,

I believe you had to many brackets at start and missing coma before loggers:

{
  "DhcpDdns": {
    "forward-ddns": {
      "ddns-domains": [
        {
          "dns-servers": [
            {
              "hostname": "",
              "ip-address": "192.168.40.10",
              "port": 53
            }
          ],
          "key-name": "homelocal.key",
          "name": "home.local."
        }
      ]
    },
    "loggers": [
      {
        "debuglevel": 99,
        "name": "kea-dhcp-ddns",
        "output_options": [
          {
            "output": "/var/log/kea-ddns.log"
          }
        ],
        "severity": "DEBUG"
      }
    ],
    "tsig-keys": [
      {
        "algorithm": "HMAC-SHA256",
        "name": "homelocal.key",
        "secret": "jo/1eHCej8eFTY2aqvICCNINVvbbv9KuEU="
      }
    ]
  }
}

Tools like web json validators can be very helpful to find those kind of issues.

Regards

Wlodek Wencel

QA, ISC

On 10/06/2020 05:35, Peter Fraser wrote:

Thanks so much for both replies. I made the changes you mentioned. I found I also had to change the ip-addess to the ip address of the server. When I had it as 127.0.0.1, I was getting a corrupt reply error from the DNS Server in the logs. Thankfully now, the server is updating. I have just one last error now that I am trying to figure out. This is in the kea-dhcp-ddns.conf file. I keep getting the error :

 

INFO/keactrl: Starting /usr/local/sbin/kea-dhcp-ddns -c /usr/local/etc/kea/kea-dhcp-ddns.conf

2020-06-09 23:13:15.700 FATAL [kea-dhcp-ddns.dctl/72504] DCTL_CONFIG_FILE_LOAD_FAIL DhcpDdns reason: Configuration parsing failed: /usr/local/etc/kea/kea-dhcp-ddns.conf:28.3-11: syntax error, unexpected loggers, expecting "," or }

 

I get this when I enable the logging section in the file. I am not sure why. I pretty much used the defaults from the sample file. I even compared my file with the sample file and everything there is the same except that I enabled debugging in mine.

 

Please note my entire kea-dhcp-ddns.conf below. I have been going through but I can’t seem to find a syntax error.

 

{

{

"DhcpDdns": {

 

  "tsig-keys": [

          {

            "name": "homelocal.key",

            "algorithm": "HMAC-SHA256",

            "secret": "jo/1eHCej8eFTY2aqvICCNINVvbbv9KuEU="

          }

               ],

 

  "forward-ddns": {

                       "ddns-domains": [

                       {

                        "name": "home.local.",

                        "key-name": "homelocal.key",

                        "dns-servers": [

                           {

                            "hostname": "",

                            "ip-address": "192.168.40.10",

                            "port": 53

                           }

                        ]

                       }

                       ]

                   }

 

   "loggers": [

    {

        "name": "kea-dhcp-ddns",

        "output_options": [

            {

                "output": "/var/log/kea-ddns.log"

 

            }

        ],

        "severity": "DEBUG",

     // If DEBUG level is specified, this value is used. 0 is least verbose,

        // 99 is most verbose. Be cautious, Kea can generate lots and lots

        // of logs if told to do so.

        "debuglevel": 99

    }

  ]

}

}

 

 

Sent from Mail for Windows 10

 

From: [hidden email]
Sent: Tuesday, June 9, 2020 1:06 PM
To: [hidden email]
Subject: Re: [Kea-users] DDNS Error

 

 

On 6/9/20 11:28 AM, Stephen Morris wrote:

2. In the "forward-ddns" section of the kea-dhcp-ddns.conf configuration

file, "key-name" is set to blank, so no key is being used to communicate
with the BIND server.  However, in the BIND configuration, the
"allow-update" clause means that BIND requires a key in order to update
the "home.local" zone.
 
3. The name of the only defined key in the kea-dhcp-ddns configuration
is "homelocal.key." (i.e. with a trailing period), but the name of the
key in BIND is "homelocal.key" (without the trailing period).  Assuming
the defined key is the one that should be used to communicate with BIND,
the names should match.

I'd agree with Stephen that you need to make sure your key-name is specified in the forward-ddns section and that it matches the key name that BIND is configured to use. In addition to this you are getting an RCODE response, which means that you are getting an error from the DNS server. As you have DNS logs set to debug you should look through those logs to see if the DNS server will give you more information about the specifics of the error.

-- 
Thanks,
Joshua Schaeffer

 


_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users