Hi Guys
I’m using Debian Buster and Webmin in the latest version. I did a setup today after lunch and tried to configure a DHCP / DNS Server for my network. I created a master forward zone (sohei.network) and a master reverse one (172.17.1.0/24). After that I clicked on “Setup RNDC” and everything was done by Webmin itself. Then I created some static entries like gw.sohei.entwork (172.16.1.1) and so on …
Afterwards I created a DHCP network “172.16.1.0/24” and configured all client options. The I clicked on “Edit TSIG keys” and filled in the secret which I copied from /etc/bind/rndc.conf. After that I created a DNS zone which points to sohei.network which is using the rndc-key entry which I created before.
Now I have the following state: My server sends IP addresses to my clients with DHCP and all clients can use the DNS. I can ping and resolve all static entries from my DNS server and also unknown entries will be forwarded to external DNS server - nearly perfect!
Client DHCP entries will not be created in my DNS file and can’t be resolved by DNS.
Then I controlled the /etc/bind/rndc.key and /etc/bind/rndc.conf file and chekced if the secret is the same like I inserted (copied) to the webmin configuration - Yes it is. I also checked my /etc/bind/camed.conf which includes the correct secret
allow unknown-clients;
allow client-updates;
ddns-rev-domainname "sohei.network";
ddns-domainname "sohei.network";
option domain-search "sohei.network";
option subnet-mask 255.255.255.0;
authoritative;
ddns-updates on;
option routers 172.16.1.1;
# sohei.network
subnet 172.16.1.0 netmask 255.255.255.0 {
ddns-domainname "sohei.network";
option domain-search "sohei.network";
option domain-name-servers 172.16.1.101, 172.16.1.1;
option domain-name "sohei.network";
option routers 172.16.1.1;
ddns-updates on;
authoritative;
range 172.16.1.15 172.16.1.99;
}
key rndc-key {
secret /1v8vmZaKEW4ZcVBK9E3uQ==;
algorithm hmac-md5;
}
zone sohei.network. {
primary 172.16.1.101;
key rndc-key;
}
I doublechecked everything now … I also saw an issue where the solution were to copy both /etc/bind/rndc files to /etc/ …so I did that also …
Then I tried to create manually an entry with nsupdate on the server:
oot@srv01:/home/dblake# nsupdate
server localhost
key rndc-key /1v8vmZaKEW4ZcVBK9E3uQ==
zone sohei.network
update add test.sohei.network. 600 IN A 172.16.1.123
send
update failed: REFUSED
I checked also the permissions from the files /etc/bind/rndc.*
root:bind
I “chowned” them to bind:bind but that was also not the solution. So at the moment my server is working for 80% … maybe someone can help me here to get the dynamic DNS update up and running?
Thanks a lot!
Dominique