DHCP / DNS zone update issue

Hi Guys
I’m using Debian Buster and Webmin in the latest version. I did a setup today after lunch and tried to configure a DHCP / DNS Server for my network. I created a master forward zone (sohei.network) and a master reverse one (172.17.1.0/24). After that I clicked on “Setup RNDC” and everything was done by Webmin itself. Then I created some static entries like gw.sohei.entwork (172.16.1.1) and so on …

Afterwards I created a DHCP network “172.16.1.0/24” and configured all client options. The I clicked on “Edit TSIG keys” and filled in the secret which I copied from /etc/bind/rndc.conf. After that I created a DNS zone which points to sohei.network which is using the rndc-key entry which I created before.

Now I have the following state: My server sends IP addresses to my clients with DHCP and all clients can use the DNS. I can ping and resolve all static entries from my DNS server and also unknown entries will be forwarded to external DNS server - nearly perfect!

Client DHCP entries will not be created in my DNS file and can’t be resolved by DNS.

Then I controlled the /etc/bind/rndc.key and /etc/bind/rndc.conf file and chekced if the secret is the same like I inserted (copied) to the webmin configuration - Yes it is. I also checked my /etc/bind/camed.conf which includes the correct secret

allow unknown-clients;
allow client-updates;
ddns-rev-domainname "sohei.network";
ddns-domainname "sohei.network";
option domain-search "sohei.network";
option subnet-mask 255.255.255.0;
authoritative;
ddns-updates on;
option routers 172.16.1.1;

# sohei.network
subnet 172.16.1.0 netmask 255.255.255.0 {
	ddns-domainname "sohei.network";
	option domain-search "sohei.network";
	option domain-name-servers 172.16.1.101, 172.16.1.1;
	option domain-name "sohei.network";
	option routers 172.16.1.1;
	ddns-updates on;
	authoritative;
	range 172.16.1.15 172.16.1.99;
	}
key rndc-key {
	secret /1v8vmZaKEW4ZcVBK9E3uQ==;
	algorithm hmac-md5;
	}
zone sohei.network. {
	primary 172.16.1.101;
	key rndc-key;
	}

I doublechecked everything now … I also saw an issue where the solution were to copy both /etc/bind/rndc files to /etc/ …so I did that also …

Then I tried to create manually an entry with nsupdate on the server:
oot@srv01:/home/dblake# nsupdate

server localhost
key rndc-key /1v8vmZaKEW4ZcVBK9E3uQ==
zone sohei.network
update add test.sohei.network. 600 IN A 172.16.1.123
send
update failed: REFUSED

I checked also the permissions from the files /etc/bind/rndc.*

root:bind

I “chowned” them to bind:bind but that was also not the solution. So at the moment my server is working for 80% … maybe someone can help me here to get the dynamic DNS update up and running?

Thanks a lot!
Dominique

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.