Static hosts on Dynamic DNS.. quick questions

[effgee]

As mentioned in the documentation, Dynamic dns is used for updating DHCP client names to the DNS namespace.

Why can't we add static hosts to these dynamic domains?

I would like to have my dhcp clients resolve to
clientname.office.mycompany.com
as well as add static entries for my servers such as :
server1.office.mycompany.com
dev.office.mycompany.com

In the current incarnation I would have to create seperate domains for my DHCP client and my static office servers.

Why can't I do this? Is it technical or safety reasons?

[sixstone]

Hi there,

If you set fixed addresses to the servers, then you have the static DNS entries with the name you set in the DHCP configuration page. However, regarding to the dynamic leases, then you have a random name associated to the leased IP address.

That's because of safety reasons in order not to let the client have the same name that another host or whatever. The client is supposed to be untrusted.

Best,

[effgee]

Hi there,

If you set fixed addresses to the servers, then you have the static DNS entries with the name you set in the DHCP configuration page. However, regarding to the dynamic leases, then you have a random name associated to the leased IP address.

Best,

Unfortunatly, this doesn't work.   If I put a static DHCP entry for my static ip servers, unless they actually connect to the DHCP server to request the static lease, the DNS entry is never written for the static lease.

This behavior should be changed or at least optional.  
Forcing us to separate our namespaces for supposed DNS/DHCP safety is not a solution.
It causes many additional problems.
I want my clients to be able to access their services via their shortname.
Such as http://help instead of http://help.office.company.com

By creating a separate dhcp namespace, there is no way to allow clients to do  this unless I manually configure each of their machines.
In windows you can specify a dns suffix for each connection (adapter).
If those clients are mobile clients it will mess with their home or external office settings as well.

Either, have static DHCP leases be able to enter their DNS entry permanently, in a way "faking" the ability to add hosts to the dynamic dns .

Or give us the option to add static hosts to the dynamic dns namespace.

What do you think?

[andrzej]

Either, have static DHCP leases be able to enter their DNS entry permanently, in a way "faking" the ability to add hosts to the dynamic dns .

Or give us the option to add static hosts to the dynamic dns namespace.

I agree with fg on this.

I have a bunch of fixed DHCP addresses set for machines that need to have a consistent IP address.  But most of these are servers which have a fixed IP address set (equivalent to the DHCP reservation), so they never request a DHCP lease.  

I also have these server machine hostnames/IPs in my /etc/hosts file.

So you would think they would be reflected in the DNS lookups that Zentyal is serving...but they are not!

So I must support the request to either have fixed DHCP addresses automagically added to the dynamic DNS or give us the ability to specify fixed DNS entries, or at least include entries found locally in /etc/hosts (which would fix the problem).

Thanks!

[sixstone]

Hi people,

I have added your requirements for dynamic zones to our wishlist [1].

I am afraid to tell you that we do not have enough time to develop this. If you want to speed up the development, don't hesitate to ask for a commercial quotation.

By the way, we have fixed in our development version the compatibility of dynamic DNS feature with AppArmor. New packages will be released very soon.

Best regards,

[1] http://trac.zentyal.org/wiki/Document/Development/Wishlist/Module/DNS#DynamicDNSimprovements

[sixstone]

Hi there,

Just a quick update that we have released a new version of ebox-dns (2.0.3) and ebox-dhcp (2.0.4) packages with Dynamic DNS feature.

I hope you can test and see if it fits your needs.
Best regards and thanks for using Zentyal,

[andrzej]

Just a quick update that we have released a new version of ebox-dns (2.0.3) and ebox-dhcp (2.0.4) packages with Dynamic DNS feature.

Great...I installed the upgrades.

Now all my fixed DHCP entries seem to be missing.  All I see in the DHCP dashboard is an entry for an object: fixed-addresses-eth0 with a description of:   Migrated fixed addresses

Do I need to reboot my firewall machine that is running Zentyal?

Also....what exactly did you guys implement?  It's not clear to me what the new functionality actually is, from reading the tracker entry.

Thanks!

[Trym]

The fixed addresses are now a network-object.

Go to "objects" and edit/add/remove your fixed dhcp-leases there.

::Trym

[andrzej]

The fixed addresses are now a network-object.

Go to "objects" and edit/add/remove your fixed dhcp-leases there.

Thanks Trym...that has cleared up the mystery for me...and I've found all my missing static entries!

Cool!

[sixstone]

Now all my fixed DHCP entries seem to be missing.  All I see in the DHCP dashboard is an entry for an object: fixed-addresses-eth0 with a description of:   Migrated fixed addresses

Do I need to reboot my firewall machine that is running Zentyal?

Also....what exactly did you guys implement?  It's not clear to me what the new functionality actually is, from reading the tracker entry.

As Trym pointed out, the fixed addresses are now stored in Network Objects as everything else in Zentyal (Firewall rules, HTTP proxy object policies, ...).

Here you have the changelog for more details:

http://trac.zentyal.org/browser/branches/2.0/client/dhcp/ChangeLog
http://trac.zentyal.org/browser/branches/2.0/client/dns/ChangeLog

Best regards,

[andrzej]

So what does this actually mean/do:

> Give support to mix static direct resolution with dynamic one
> Give support to mix static reverse resolution with dynamic one
> Give support for dynamic DNS reverse resolution under /var/lib/bind/ directory

and

> Added support to add DNS reverse resolution for DHCP clients

specifically with respect to the feature requests that were  outlined in this thread?

Are static DHCP leases now reflected in DNS lookups?  Even if they are not actually issued (that is, the hosts use a static IP assignment)?

Are the contents of the /etc/hosts file used in DNS lookups now?

Thanks!

[quesseb]

Was awaiting that feature for long time!


Good points:
1/ migration to network object. Very good!
2/ migration from static to dynamic without loosing records


Bad points:
1/ dhcp crashes because /etc/bind/keys has not secret

Code: [Select]

key "my.domain." {
    algorithm HMAC-MD5;
    secret "";
};maybe a timeout while generating keys?

2/ when I manually generate a new key, configuration of both bind and dhcpd doesn't work (no forward map, permission problem for dhcp)
I had to add in named.conf

Code: [Select]

controls {
        inet 127.0.0.1 allow {localhost; } keys { "mykey"; };
};I had to modify named.conf.local
add

Code: [Select]

allow-update {
        key "mykey";
    };deleted policy-update blocks

and tada! 

Code: [Select]

DHCPOFFER on 192.168.1.9 to 08:00:27:03:8e:4c via eth1
client 127.0.0.1#44348: signer "mykey" approved
client 127.0.0.1#44348: updating zone 'my.domain/IN': adding an RR at 'virtxp.my.domain' A
client 127.0.0.1#44348: updating zone 'my.domain/IN': adding an RR at 'virtxp.my.domain' TXT
Added new forward map from virtxp.my.domain. to 192.168.1.9
client 127.0.0.1#59650: signer "mykey" approved
client 127.0.0.1#59650: updating zone '1.168.192.in-addr.arpa/IN': deleting rrset at '9.1.168.192.in-addr.arpa' PTR
client 127.0.0.1#59650: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '9.1.168.192.in-addr.arpa' PTR
added reverse map from 9.1.168.192.in-addr.arpa. to virtxp.my.domain.

[sixstone]

Hello people,

I'll try to answer your questions...

So what does this actually mean/do:

> Give support to mix static direct resolution with dynamic one
> Give support to mix static reverse resolution with dynamic one
> Give support for dynamic DNS reverse resolution under /var/lib/bind/ directory

and

> Added support to add DNS reverse resolution for DHCP clients

specifically with respect to the feature requests that were  outlined in this thread?

Are static DHCP leases now reflected in DNS lookups?  Even if they are not actually issued (that is, the hosts use a static IP assignment)?

Both dynamic and static leases are reflected in DNS lookups if you configure the dynamic DNS. The new features are basically to accept the hostname sent by the DHCP client for dynamic leases. Static leases still uses what Zentyal says to use. From now on, the member name is used to set the hostname in the dynamic DNS. Furthermore, this release allows you to query the reverse resolution as well for DHCP clients. Finally, these dynamic DNS zones may have static records as well.

To give you an example to depict this features:

Dynamic DNS zone: local.lan
DHCP range: 10.0.0.10-10.0.0.20
DHCP fixed address: object A
Object A: Member b - 10.0.0.2
Dynamic host introduces itself as "portable"

The DNS records will be:

b.local.lan <-> 10.0.0.2
portable.local.lan <-> 10.0.0.11

Did you see the benefits?

Are the contents of the /etc/hosts file used in DNS lookups now?

No, it doesn't. As Zentyal does not manage /etc/hosts, neither the DNS module does in any way.

Bad points:
1/ dhcp crashes because /etc/bind/keys has not secret

Code: [Select]

key "my.domain." {
    algorithm HMAC-MD5;
    secret "";
};maybe a timeout while generating keys?

I think you have spotted a bug. The key generation is only done in creation. The zones which are not created with the new packages and it is not a dynamic zone, then the key is not generated. I will fix this issue right now and we will publish a new package.

Sorry for any inconvenience and thanks very much for your feedback!

[quesseb]

ok, great
And what about the second point? There was missing some references to key in named.conf.local...

[sixstone]

ok, great
And what about the second point? There was missing some references to key in named.conf.local...

Please upgrade to ebox-dns 2.0.4 which will fix this issue. Thanks for reporting it again.

Best regards,