Author Topic: Dynamic DNS not working? DHCP  (Read 563 times)

killmasta93

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +14/-0
    • View Profile
Dynamic DNS not working? DHCP
« on: March 09, 2022, 05:35:21 am »
Hi i was wondering if someone else has had this issue before,
Currently zentyal clean install 6.2
I can reverse lookup the name of the computer which gives me the ip
but if i try to put the IP in the nslookup it says cannot find

i keep seeing this on the log

Code: [Select]
execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 512
Code: [Select]
root@apolo:~# nslookup
> computer0559
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: computer0559.domain.local
Address: 192.168.0.100
> 192.168.0.100
** server can't find 100.0.168.192.in-addr.arpa: NXDOMAIN



and also this

Code: [Select]
Mar  8 23:28:57 apolo named[1632]: samba_dlz: disallowing update of signer=computer0020\$\@domain.LOCAL name=computer0020.domain.local type=AAAA error=insufficient access rights
Mar  8 23:28:57 apolo named[1632]: client @0x7f3a8c0277e0 192.168.0.52#65394/key computer0020\$\@domain.LOCAL: updating zone 'domain.local/NONE': update failed: rejected by secure update (REFUSED)


I thought it was the appamor i even tried to disable it
Code: [Select]
ln -s /etc/apparmor.d/usr.sbin.dhcpd /etc/apparmor.d/disable/
apparmor_parser -R /etc/apparmor.d/usr.sbin.dhcpd

and rebooted the server same issue

any ideas?

killmasta93

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +14/-0
    • View Profile
Re: Dynamic DNS not working? DHCP
« Reply #1 on: March 11, 2022, 12:54:55 am »
BUMP?

turalyon

  • Zen Warrior
  • ***
  • Posts: 108
  • Karma: +12/-0
    • View Profile
Re: Dynamic DNS not working? DHCP
« Reply #2 on: March 11, 2022, 12:36:49 pm »
Hi,

To confirm if the issue is caused by Apparmor, you can run the following command:

Code: [Select]
sudo egrep -i apparmor /var/log/syslog

Also, you can add 'set -x' in the second line of the script (/usr/share/zentyal-dhcp/dhcp-dyndns.sh) in order to enable the debug mode. Then, you can check again the log files and check what commands are failing (probably, you will need to restart the DHCP or DC module).

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

killmasta93

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +14/-0
    • View Profile
Re: Dynamic DNS not working? DHCP
« Reply #3 on: March 13, 2022, 04:09:05 pm »
Thanks for the reply, i added the set -x and here is the log

Code: [Select]
Mar 13 10:05:45 apolo named[1632]: samba_dlz: starting transaction on zone domain.local
Mar 13 10:05:45 apolo named[1632]: samba_dlz: allowing update of signer=dhcpduser\@domain.LOCAL name=computer0142.domain.local tcpaddr=127.0.0.1 type=A key=3285713694.sig-apolo.domain.local/160/0
Mar 13 10:05:45 apolo named[1632]: samba_dlz: allowing update of signer=dhcpduser\@domain.LOCAL name=computer0142.domain.local tcpaddr=127.0.0.1 type=A key=3285713694.sig-apolo.domain.local/160/0
Mar 13 10:05:45 apolo named[1632]: client @0x7f3a8d05e450 127.0.0.1#43971/key dhcpduser\@domain.LOCAL: updating zone 'domain.local/NONE': deleting rrset at 'computer0142.domain.local' A
Mar 13 10:05:45 apolo named[1632]: samba_dlz: subtracted rdataset computer0142.domain.local 'computer0142.domain.local.#0113600#011IN#011A#011192.168.0.129'
Mar 13 10:05:45 apolo named[1632]: client @0x7f3a8d05e450 127.0.0.1#43971/key dhcpduser\@domain.LOCAL: updating zone 'domain.local/NONE': adding an RR at 'computer0142.domain.local' A 192.168.0.129
Mar 13 10:05:45 apolo named[1632]: samba_dlz: added rdataset computer0142.domain.local 'computer0142.domain.local.#0113600#011IN#011A#011192.168.0.129'
Mar 13 10:05:45 apolo named[1632]: samba_dlz: committed transaction on zone domain.local
Mar 13 10:05:45 apolo sh[1206]: Reply from update query:
Mar 13 10:05:45 apolo sh[1206]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  22250
Mar 13 10:05:45 apolo sh[1206]: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
Mar 13 10:05:45 apolo sh[1206]: ;; ZONE SECTION:
Mar 13 10:05:45 apolo sh[1206]: ;domain.local.#011#011#011IN#011SOA
Mar 13 10:05:45 apolo sh[1206]: ;; TSIG PSEUDOSECTION:
Mar 13 10:05:45 apolo sh[1206]: 3285713694.sig-apolo.domain.local. 0 ANY TSIG#011gss-tsig. 1647183945 300 28 BAQF//////8AAAAAPkZ2GS95H5uFZHD94B91pQ== 22250 NOERROR 0
Mar 13 10:05:45 apolo sh[1206]: + result1=0
Mar 13 10:05:45 apolo sh[1206]: + nsupdate -g -d
Mar 13 10:05:45 apolo sh[1206]: Sending update to 127.0.0.1#53
Mar 13 10:05:45 apolo named[1632]: client @0x7f3a8c0e0260 127.0.0.1#33057/key domain.local: updating zone '168.192.in-addr.arpa/IN': update failed: not authoritative for update zone (NOTAUTH)
Mar 13 10:05:45 apolo sh[1206]: Outgoing update query:
Mar 13 10:05:45 apolo sh[1206]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  38967
Mar 13 10:05:45 apolo sh[1206]: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
Mar 13 10:05:45 apolo sh[1206]: ;; ZONE SECTION:
Mar 13 10:05:45 apolo sh[1206]: ;0.168.192.in-addr.arpa.#011#011IN#011SOA
Mar 13 10:05:45 apolo sh[1206]: ;; UPDATE SECTION:
Mar 13 10:05:45 apolo sh[1206]: 129.0.168.192.in-addr.arpa. 0#011ANY#011PTR
Mar 13 10:05:45 apolo sh[1206]: 129.0.168.192.in-addr.arpa. 3600 IN#011PTR#011computer0142.domain.local.
Mar 13 10:05:45 apolo sh[1206]: ;; TSIG PSEUDOSECTION:
Mar 13 10:05:45 apolo sh[1206]: domain.local.#011#0110#011ANY#011TSIG#011hmac-md5.sig-alg.reg.int. 1647183945 300 16 Ydfh3gHQ+6JpafevDI/ugw== 38967 NOERROR 0
Mar 13 10:05:45 apolo sh[1206]: Reply from update query:
Mar 13 10:05:45 apolo sh[1206]: ;; ->>HEADER<<- opcode: UPDATE, status: NOTAUTH, id:  38967
Mar 13 10:05:45 apolo sh[1206]: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
Mar 13 10:05:45 apolo sh[1206]: ;; ZONE SECTION:
Mar 13 10:05:45 apolo sh[1206]: ;0.168.192.in-addr.arpa.#011#011IN#011SOA
Mar 13 10:05:45 apolo sh[1206]: ;; TSIG PSEUDOSECTION:
Mar 13 10:05:45 apolo sh[1206]: domain.local.#011#0110#011ANY#011TSIG#011hmac-md5.sig-alg.reg.int. 1647183945 300 16 bHQ2fl/tXHqapHt7WnY9Pg== 38967 NOERROR 0
Mar 13 10:05:45 apolo sh[1206]: + result2=2
Mar 13 10:05:45 apolo sh[1206]: + result=02
Mar 13 10:05:45 apolo sh[1206]: + '[' 02 '!=' 00 ']'
Mar 13 10:05:45 apolo sh[1206]: + logger 'DHCP-DNS Update failed: 02'
Mar 13 10:05:45 apolo dhcpd: DHCP-DNS Update failed: 02
Mar 13 10:05:45 apolo dhcpd[1206]: execute: /usr/share/zentyal-dhcp/dhcp-dyndns.sh exit status 512
Mar 13 10:05:45 apolo sh[1206]: + exit 02
Mar 13 10:05:45 apolo dhcpd[1206]: DHCPREQUEST for 192.168.0.129 from c8:d3:ff:a4:b8:e5 (computer0142) via eth0
Mar 13 10:05:45 apolo dhcpd[1206]: DHCPACK on 192.168.0.129 to c8:d3:ff:a4:b8:e5 (computer0142) via eth0
Mar 13 10:05:45 apolo named[1632]: samba_dlz: starting transaction on zone domain.local
Mar 13 10:05:45 apolo named[1632]: client @0x7f3a8c010410 192.168.0.129#64319: update 'domain.local/IN' denied
Mar 13 10:05:45 apolo named[1632]: samba_dlz: cancelling transaction on zone domain.local
Mar 13 10:05:45 apolo named[1632]: samba_dlz: starting transaction on zone domain.local
Mar 13 10:05:45 apolo named[1632]: samba_dlz: disallowing update of signer=computer0142\$\@domain.LOCAL name=computer0142.domain.local type=AAAA error=insufficient access rights
Mar 13 10:05:45 apolo named[1632]: client @0x7f3a8c010410 192.168.0.129#54824/key computer0142\$\@domain.LOCAL: updating zone 'domain.local/NONE': update failed: rejected by secure update (REFUSED)
Mar 13 10:05:45 apolo named[1632]: samba_dlz: cancelling transaction on zone domain.local
Mar 13 10:05:55 apolo samba[2055]: [2022/03/13 10:05:55.343431,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Mar 13 10:05:55 apolo samba[2055]:   /usr/sbin/samba_kcc: ldb_wrap open of secrets.ldb

i then ran this to see if it has to do with app armor but nothing either

Code: [Select]
root@apolo:~# sudo egrep -i apparmor /var/log/syslog
root@apolo:~#

Thank you


turalyon

  • Zen Warrior
  • ***
  • Posts: 108
  • Karma: +12/-0
    • View Profile
Re: Dynamic DNS not working? DHCP
« Reply #4 on: March 14, 2022, 12:56:37 pm »
Hi,

It's the reverse zone update which produces the error.

Code: [Select]
Mar 13 10:05:45 apolo sh[1206]: + nsupdate -g -d
Mar 13 10:05:45 apolo sh[1206]: Sending update to 127.0.0.1#53
Mar 13 10:05:45 apolo sh[1206]: Outgoing update query:
Mar 13 10:05:45 apolo sh[1206]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  38967
Mar 13 10:05:45 apolo sh[1206]: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
Mar 13 10:05:45 apolo sh[1206]: ;; ZONE SECTION:
Mar 13 10:05:45 apolo sh[1206]: ;0.168.192.in-addr.arpa.#011#011IN#011SOA
Mar 13 10:05:45 apolo sh[1206]: ;; UPDATE SECTION:
Mar 13 10:05:45 apolo sh[1206]: 129.0.168.192.in-addr.arpa. 0#011ANY#011PTR
Mar 13 10:05:45 apolo sh[1206]: 129.0.168.192.in-addr.arpa. 3600 IN#011PTR#011computer0142.domain.local.
Mar 13 10:05:45 apolo sh[1206]: ;; TSIG PSEUDOSECTION:
Mar 13 10:05:45 apolo sh[1206]: domain.local.#011#0110#011ANY#011TSIG#011hmac-md5.sig-alg.reg.int. 1647183945 300 16 Ydfh3gHQ+6JpafevDI/ugw== 38967 NOERROR 0
Mar 13 10:05:45 apolo sh[1206]: Reply from update query:
Mar 13 10:05:45 apolo sh[1206]: ;; ->>HEADER<<- opcode: UPDATE, status: NOTAUTH, id:  38967
Mar 13 10:05:45 apolo sh[1206]: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
Mar 13 10:05:45 apolo sh[1206]: ;; ZONE SECTION:
Mar 13 10:05:45 apolo sh[1206]: ;0.168.192.in-addr.arpa.#011#011IN#011SOA
Mar 13 10:05:45 apolo sh[1206]: ;; TSIG PSEUDOSECTION:
Mar 13 10:05:45 apolo sh[1206]: domain.local.#011#0110#011ANY#011TSIG#011hmac-md5.sig-alg.reg.int. 1647183945 300 16 bHQ2fl/tXHqapHt7WnY9Pg== 38967 NOERROR 0
Mar 13 10:05:45 apolo sh[1206]: + result2=2
Mar 13 10:05:45 apolo sh[1206]: + result=02
Mar 13 10:05:45 apolo sh[1206]: + '[' 02 '!=' 00 ']'
Mar 13 10:05:45 apolo sh[1206]: + logger 'DHCP-DNS Update failed: 02'

As you can see, the zone '0.168.192.in-addr.arpa.' is giving non 0 exit code. So, it fails.

I did a quick test and it worked in my env. Below all the trace in the log file '/var/log/syslog' when I configure the IP address of a Windows 7 computer as DHCP (this computer does not belong to the domain):

Code: [Select]
Mar 14 12:44:02 zentyal named[11380]: resolver priming query complete
Mar 14 12:44:04 zentyal dhcpd[11742]: DHCPDISCOVER from 08:00:27:12:b1:0f via eth1
Mar 14 12:44:05 zentyal dhcpd[11742]: DHCPOFFER on 192.168.62.50 to 08:00:27:12:b1:0f (w7cl01) via eth1
Mar 14 12:44:05 zentyal dhcpd[11742]: Commit: IP: 192.168.62.50 DHCID: 08:00:27:12:b1:0f Name: w7cl01
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[0] = /usr/share/zentyal-dhcp/dhcp-dyndns.sh
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[1] = add
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[2] = 192.168.62.50
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[3] = 08:00:27:12:b1:0f
Mar 14 12:44:05 zentyal dhcpd[11742]: execute_statement argv[4] = w7cl01
Mar 14 12:44:05 zentyal sh[11742]: ++ grep -v SBINDIR
Mar 14 12:44:05 zentyal sh[11742]: ++ grep BINDIR
Mar 14 12:44:05 zentyal sh[11742]: ++ awk '{print $NF}'
Mar 14 12:44:05 zentyal sh[11742]: ++ samba -b
Mar 14 12:44:05 zentyal sh[11742]: + BINDIR=/usr/bin
Mar 14 12:44:05 zentyal sh[11742]: + WBINFO=/usr/bin/wbinfo
Mar 14 12:44:05 zentyal sh[11742]: ++ hostname -d
Mar 14 12:44:05 zentyal sh[11742]: + domain=zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: + '[' -z zentyal-domain.lan ']'
Mar 14 12:44:05 zentyal sh[11742]: ++ echo ZENTYAL-DOMAIN.LAN
Mar 14 12:44:05 zentyal sh[11742]: + REALM=ZENTYAL-DOMAIN.LAN
Mar 14 12:44:05 zentyal sh[11742]: + NSUPDFLAGS=-d
Mar 14 12:44:05 zentyal sh[11742]: + export KRB5CCNAME=/tmp/dhcp-dyndns.cc
Mar 14 12:44:05 zentyal sh[11742]: + KRB5CCNAME=/tmp/dhcp-dyndns.cc
Mar 14 12:44:05 zentyal sh[11742]: + SETPRINCIPAL=dhcpduser@ZENTYAL-DOMAIN.LAN
Mar 14 12:44:05 zentyal sh[11742]: ++ /usr/bin/wbinfo -u
Mar 14 12:44:05 zentyal sh[11742]: + TESTUSER='ZENTYAL-DOMAIN\administrator
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\guest
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\krbtgt
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\dns-zentyal
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\admindc
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\andrea
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\maria
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\abraham
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\zentyal-mail-zentyal
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\dhcpduser | grep '\''dhcpduser'\'')'
Mar 14 12:44:05 zentyal sh[11742]: + '[' -z 'ZENTYAL-DOMAIN\administrator
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\guest
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\krbtgt
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\dns-zentyal
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\admindc
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\andrea
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\maria
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\abraham
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\zentyal-mail-zentyal
Mar 14 12:44:05 zentyal sh[11742]: ZENTYAL-DOMAIN\dhcpduser | grep '\''dhcpduser'\'')' ']'
Mar 14 12:44:05 zentyal sh[11742]: + '[' '!' -f /etc/dhcp/samba-keys/dhcpduser.keytab ']'
Mar 14 12:44:05 zentyal sh[11742]: + action=add
Mar 14 12:44:05 zentyal sh[11742]: + ip=192.168.62.50
Mar 14 12:44:05 zentyal sh[11742]: + DHCID=08:00:27:12:b1:0f
Mar 14 12:44:05 zentyal sh[11742]: + name=w7cl01
Mar 14 12:44:05 zentyal sh[11742]: + '[' -z 192.168.62.50 ']'
Mar 14 12:44:05 zentyal sh[11742]: + '[' -z 08:00:27:12:b1:0f ']'
Mar 14 12:44:05 zentyal sh[11742]: + '[' w7cl01 = '' ']'
Mar 14 12:44:05 zentyal sh[11742]: ++ awk -F . '{print $4"."$3"."$2"."$1".in-addr.arpa"}'
Mar 14 12:44:05 zentyal sh[11742]: ++ echo 192.168.62.50
Mar 14 12:44:05 zentyal sh[11742]: + ptr=50.62.168.192.in-addr.arpa
Mar 14 12:44:05 zentyal sh[11742]: ++ awk -F . '{print $3"."$2"."$1".in-addr.arpa"}'
Mar 14 12:44:05 zentyal sh[11742]: ++ echo 192.168.62.50
Mar 14 12:44:05 zentyal sh[11742]: + rzone=62.168.192.in-addr.arpa
Mar 14 12:44:05 zentyal sh[11742]: ++ cut -d '"' -f 2
Mar 14 12:44:05 zentyal sh[11742]: ++ grep secret
Mar 14 12:44:05 zentyal sh[11742]: ++ grep -A 2 zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: ++ cat /etc/dhcp/ddns-keys/keys
Mar 14 12:44:05 zentyal sh[11742]: + secret=a/cmVSVMYXAW7ERsbOuKag==
Mar 14 12:44:05 zentyal sh[11742]: + case "${action}" in
Mar 14 12:44:05 zentyal sh[11742]: + _KERBEROS
Mar 14 12:44:05 zentyal sh[11742]: ++ date '+%d-%m-%y %H:%M:%S'
Mar 14 12:44:05 zentyal sh[11742]: + test='14-03-22 12:44:05'
Mar 14 12:44:05 zentyal sh[11742]: + klist -c /tmp/dhcp-dyndns.cc -s
Mar 14 12:44:05 zentyal sh[11742]: + '[' 1 '!=' 0 ']'
Mar 14 12:44:05 zentyal sh[11742]: + logger '14-03-22 12:44:05 [dyndns] : Getting new ticket, old one has expired'
Mar 14 12:44:05 zentyal dhcpd: 14-03-22 12:44:05 [dyndns] : Getting new ticket, old one has expired
Mar 14 12:44:05 zentyal sh[11742]: + kinit -F -k -t /etc/dhcp/samba-keys/dhcpduser.keytab -c /tmp/dhcp-dyndns.cc dhcpduser@ZENTYAL-DOMAIN.LAN
Mar 14 12:44:05 zentyal sh[11742]: + '[' 0 '!=' 0 ']'
Mar 14 12:44:05 zentyal sh[11742]: + nsupdate -g -d
Mar 14 12:44:05 zentyal sh[11742]: Reply from SOA query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:  26802
Mar 14 12:44:05 zentyal sh[11742]: ;; flags: qr aa ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
Mar 14 12:44:05 zentyal sh[11742]: ;; QUESTION SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;w7cl01.zentyal-domain.lan.#011IN#011SOA
Mar 14 12:44:05 zentyal sh[11742]: ;; AUTHORITY SECTION:
Mar 14 12:44:05 zentyal sh[11742]: zentyal-domain.lan.#0110#011IN#011SOA#011zentyal.zentyal-domain.lan. hostmaster.zentyal-domain.lan. 29 900 600 86400 3600
Mar 14 12:44:05 zentyal sh[11742]: Found zone name: zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: The master is: zentyal.zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: start_gssrequest
Mar 14 12:44:05 zentyal sh[11742]: send_gssrequest
Mar 14 12:44:05 zentyal sh[11742]: Outgoing update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  56665
Mar 14 12:44:05 zentyal sh[11742]: ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; QUESTION SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;1967011370.sig-zentyal.zentyal-domain.lan. ANY TKEY
Mar 14 12:44:05 zentyal sh[11742]: ;; ADDITIONAL SECTION:
Mar 14 12:44:05 zentyal sh[11742]: 1967011370.sig-zentyal.zentyal-domain.lan. 0 ANY TKEY gss-tsig. 1647258245 1647258245 3 NOERROR 1419 YIIFhwYJKoZIhvcSAQICAQBuggV2MIIFcqADAgEFoQMCAQ6iBwMFACAA AACjggRiYYIEXjCCBFqgAwIBBaEUGxJaRU5UWUFMLURPTUFJTi5MQU6i LDAqoAMCAQGhIzAhGwNETlMbGnplbnR5YWwuemVudHlhbC1kb21haW4u bGFuo4IEDTCCBAmgAwIBF6EDAgEBooID+wSCA/dwET6+L0kL0k9cF1GL BTpZI72uSU0MD7vQBgAK/l6Vj0bqVf+i+o93MbT7KwGeKJx3EeLNb6Nn nFGlUzvSdlDlqixC+ygOaQdX1AgWl/kpSK+iMRrMVJh8lHSamNQxmkPv spqXaOzDNhl3Z2C0Xkd3XDRB5dquEWDCNx7rAZHS/ivewsh5txHJQj++ 7u6/jMf0a/Ph/BYCtbm9pzUgSswp877GLMQEqHX/QEUqRwMZQYL7qagi pLdDIQP6bWbzKurF3FnlE1ARrp7jYY5I6W9EjbfHG7odA865vunr957A DrRG8+A1oHT73iC+Lx9WMtRG7Ml6VVUL16Jv6sXfBLohOBySY/Xwt3rs 0kI+sqstZDaRabb560DIWpF1sA73uDwRRHRsdKU0yBW858nL3s+t0HM6 U++kYIxvUgm0GK+wROEvOm4+rKkePkLcyPMgIW+QxKQhjBrC4ehtjgwv BSP6Xtp+RgVhMHlK0ZAntq69yRuaHuCAwVkBF9mrrmNynrFxL02OHa1z 7OtbIknPeh7GzHuIhzyh4KQ6Y+9+916WTeVx2hTrPTtsS3uwbdT/1IZH zwFTdX7S2YK+XqIcjBYo6VLa+n62GDUpDjXNJ47L32J/6+Jt+YfJEW78 3o2HT6gp6wrsdKU/KDUreRQ/BBgoZwvB+Ox742F97H2nvSXnYMB0cLq+ /zWKW+EFFf0lOu/Jo05vpyYXbkX7dTGKIJJd450jVLA01MWHvTllakPK e1huAey1gRsFo9A1dE0YP2PxbNamNndl6UaXq2athSTFRQwB/n/MZSdD +rQGp9XQosIQnUWlTytZORGYdGGDoKtmQI/DIEwK7gipI430pT4nMlld PMeOmKj9LBuUGML4LZ+Um3JZUZnpQ6zEvf8afn98yyiCcgdztaWZA4jt o8LejY8vTFJdnGyn1h8yTH/rnd2x24bJZl/an7nTQ4QpsVfVhFbhlLwR E6/LAi1lQqCBml6I+pY3+FaT6/ZKhm1AjU8TD04gVCk7uVzCgu6Q2I4v CJpJ3f9IDW3jbl5S1/7rVxQ+laPzIoVHFtLdSh166mBwngx9LGpL5mMP yqQXi3c/R6XQvObRNJ13tH9PR9nL7PlvEj/vY53qKqnSAn3XuZWx3wOD zNPb+ktQoySukT+MGyQQEyGSzdrtsFBRw60eQJ9kuMuS/FefkxLOuw9x 14K8sgFpCeFmOy9W0PIa5hp6SioW6LswLPvJfUolQqw+4IX5eWbmMvSL gTSZOlHxIdVaSiHG62Ug8CRVOPUstKC1wdtTsm3kDOnkZI01eoq4i66J FSb2cUjSB1ZvUCIyoy1EKdePtG9MmEuK3d6zhH1th4WR8g8xpIH2MIHz oAMCAReigesEgeglf7GulAEd9V2ZFXgvUIrKwhQ8+rVoDPOCFGK4+pv3 IrXHOdIWS8/m9FE6bpcqwM7GyREaSznYHLHIB8rkPkMoibZyw5hSIKaJ sNiZlGZkY4liNAHNhf1wBU1T6b/Brv5kl/Tw+lyjctf8naoyvCZYFu1R +bylEri3/28Av11kpK9y2OHs8qYbz21o0oX+Vw4NwMcJJ6VrBaHTUCC7 kD2r9Me3yMUTCsjtcapUeBiJACp70KG2DcWoFx/bh/uCdDn8I0MfSc0b jvXJdWcvZ3lQCiX8lsFkSwm+y+Z6SIEgmq+6V8psNUIk 0
Mar 14 12:44:05 zentyal sh[11742]: recvmsg reply from GSS-TSIG query
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  56665
Mar 14 12:44:05 zentyal sh[11742]: ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
Mar 14 12:44:05 zentyal sh[11742]: ;; QUESTION SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;1967011370.sig-zentyal.zentyal-domain.lan. ANY TKEY
Mar 14 12:44:05 zentyal sh[11742]: ;; ANSWER SECTION:
Mar 14 12:44:05 zentyal sh[11742]: 1967011370.sig-zentyal.zentyal-domain.lan. 0 ANY TKEY gss-tsig. 1647258245 1647261845 3 NOERROR 152 YIGVBgkqhkiG9xIBAgICAG+BhTCBgqADAgEFoQMCAQ+idjB0oAMCARei bQRrKon8O+IwDTFYnKLrR7FzRyICLBwhYN1GzQSGcge4yFAW6UuYjh2g 03lxTpka6F5C44MhKXSNJSP7PwmOuATVjYASqeMbXkMSyP8B4h9uJTlB 3tGZYcEUKy8cxL4Qi+lplFrsNqajpsX92as= 0
Mar 14 12:44:05 zentyal sh[11742]: Sending update to 127.0.0.1#53
Mar 14 12:44:05 zentyal sh[11742]: Outgoing update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:   7101
Mar 14 12:44:05 zentyal sh[11742]: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; UPDATE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: w7cl01.zentyal-domain.lan. 0#011ANY#011A
Mar 14 12:44:05 zentyal sh[11742]: w7cl01.zentyal-domain.lan. 3600#011IN#011A#011192.168.62.50
Mar 14 12:44:05 zentyal sh[11742]: ;; TSIG PSEUDOSECTION:
Mar 14 12:44:05 zentyal sh[11742]: 1967011370.sig-zentyal.zentyal-domain.lan. 0 ANY TSIG gss-tsig. 1647258245 300 28 BAQE//////8AAAAAFXp/7B58xb5O9MHTGJqrQw== 7101 NOERROR 0
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: starting transaction on zone zentyal-domain.lan
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: allowing update of signer=dhcpduser\@ZENTYAL-DOMAIN.LAN name=w7cl01.zentyal-domain.lan tcpaddr=127.0.0.1 type=A key=1967011370.sig-zentyal.zentyal-domain.lan/160/0
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: allowing update of signer=dhcpduser\@ZENTYAL-DOMAIN.LAN name=w7cl01.zentyal-domain.lan tcpaddr=127.0.0.1 type=A key=1967011370.sig-zentyal.zentyal-domain.lan/160/0
Mar 14 12:44:05 zentyal named[11380]: client @0x7f2ce513b740 127.0.0.1#41943/key dhcpduser\@ZENTYAL-DOMAIN.LAN: updating zone 'zentyal-domain.lan/NONE': deleting rrset at 'w7cl01.zentyal-domain.lan' A
Mar 14 12:44:05 zentyal named[11380]: client @0x7f2ce513b740 127.0.0.1#41943/key dhcpduser\@ZENTYAL-DOMAIN.LAN: updating zone 'zentyal-domain.lan/NONE': adding an RR at 'w7cl01.zentyal-domain.lan' A 192.168.62.50
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: added rdataset w7cl01.zentyal-domain.lan 'w7cl01.zentyal-domain.lan.#0113600#011IN#011A#011192.168.62.50'
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: subtracted rdataset zentyal-domain.lan 'zentyal-domain.lan.#0113600#011IN#011SOA#011zentyal.zentyal-domain.lan. hostmaster.zentyal-domain.lan. 29 900 600 86400 3600'
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: added rdataset zentyal-domain.lan 'zentyal-domain.lan.#0113600#011IN#011SOA#011zentyal.zentyal-domain.lan. hostmaster.zentyal-domain.lan. 30 900 600 86400 3600'
Mar 14 12:44:05 zentyal named[11380]: samba_dlz: committed transaction on zone zentyal-domain.lan
Mar 14 12:44:05 zentyal sh[11742]: Reply from update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:   7101
Mar 14 12:44:05 zentyal sh[11742]: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; ZONE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;zentyal-domain.lan.#011#011IN#011SOA
Mar 14 12:44:05 zentyal sh[11742]: ;; TSIG PSEUDOSECTION:
Mar 14 12:44:05 zentyal sh[11742]: 1967011370.sig-zentyal.zentyal-domain.lan. 0 ANY TSIG gss-tsig. 1647258245 300 28 BAQF//////8AAAAADUVZ+FPqG82uAV/BPt0bTw== 7101 NOERROR 0
Mar 14 12:44:05 zentyal sh[11742]: + result1=0
Mar 14 12:44:05 zentyal sh[11742]: + nsupdate -g -d
Mar 14 12:44:05 zentyal sh[11742]: Sending update to 127.0.0.1#53
Mar 14 12:44:05 zentyal named[11380]: client @0x7f2ce523cf60 127.0.0.1#58713/key zentyal-domain.lan: updating zone '62.168.192.in-addr.arpa/IN': deleting rrset at '50.62.168.192.in-addr.arpa' PTR
Mar 14 12:44:05 zentyal named[11380]: client @0x7f2ce523cf60 127.0.0.1#58713/key zentyal-domain.lan: updating zone '62.168.192.in-addr.arpa/IN': adding an RR at '50.62.168.192.in-addr.arpa' PTR w7cl01.zentyal-domain.lan.
Mar 14 12:44:05 zentyal sh[11742]: Outgoing update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  64981
Mar 14 12:44:05 zentyal sh[11742]: ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; ZONE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;62.168.192.in-addr.arpa.#011IN#011SOA
Mar 14 12:44:05 zentyal sh[11742]: ;; UPDATE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: 50.62.168.192.in-addr.arpa. 0#011ANY#011PTR
Mar 14 12:44:05 zentyal sh[11742]: 50.62.168.192.in-addr.arpa. 3600 IN#011PTR#011w7cl01.zentyal-domain.lan.
Mar 14 12:44:05 zentyal sh[11742]: ;; TSIG PSEUDOSECTION:
Mar 14 12:44:05 zentyal sh[11742]: zentyal-domain.lan.#0110#011ANY#011TSIG#011hmac-md5.sig-alg.reg.int. 1647258245 300 16 TZKwChtckcx1L4PVqS8hzA== 64981 NOERROR 0
Mar 14 12:44:05 zentyal sh[11742]: Reply from update query:
Mar 14 12:44:05 zentyal sh[11742]: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  64981
Mar 14 12:44:05 zentyal sh[11742]: ;; flags: qr; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
Mar 14 12:44:05 zentyal sh[11742]: ;; ZONE SECTION:
Mar 14 12:44:05 zentyal sh[11742]: ;62.168.192.in-addr.arpa.#011IN#011SOA
Mar 14 12:44:05 zentyal sh[11742]: ;; TSIG PSEUDOSECTION:
Mar 14 12:44:05 zentyal sh[11742]: zentyal-domain.lan.#0110#011ANY#011TSIG#011hmac-md5.sig-alg.reg.int. 1647258245 300 16 RRXEWnCVhJp+0KtGq9lIjA== 64981 NOERROR 0
Mar 14 12:44:05 zentyal sh[11742]: + result2=0
Mar 14 12:44:05 zentyal sh[11742]: + result=00
Mar 14 12:44:05 zentyal sh[11742]: + '[' 00 '!=' 00 ']'
Mar 14 12:44:05 zentyal sh[11742]: + logger 'DHCP-DNS Update succeeded'
Mar 14 12:44:05 zentyal dhcpd: DHCP-DNS Update succeeded
Mar 14 12:44:05 zentyal sh[11742]: + exit 00
Mar 14 12:44:05 zentyal dhcpd[11742]: DHCPREQUEST for 192.168.62.50 (192.168.62.1) from 08:00:27:12:b1:0f (w7cl01) via eth1
Mar 14 12:44:05 zentyal dhcpd[11742]: DHCPACK on 192.168.62.50 to 08:00:27:12:b1:0f (w7cl01) via eth1

And then, I checked the zone through Samba and the computer (w7cl01) was added correctly:

Code: [Select]
samba-tool dns query 127.0.0.1 zentyal-domain.lan @ ALL -Uadmindc

GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:127.0.0.1[,sign]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
Password for [ZENTYAL-DOMAIN\admindc]:
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
  Name=, Records=3, Children=0
    SOA: serial=30, refresh=900, retry=600, expire=86400, minttl=3600, ns=zentyal.zentyal-domain.lan., email=hostmaster.zentyal-domain.lan. (flags=600000f0, serial=29, ttl=3600)
    NS: zentyal.zentyal-domain.lan. (flags=600000f0, serial=29, ttl=259200)
    A: 192.168.62.1 (flags=600000f0, serial=29, ttl=259200)
  Name=_kerberos, Records=1, Children=0
    TXT: "zentyal-domain.lan" (flags=f0, serial=5, ttl=259200)
  Name=_msdcs, Records=0, Children=0
  Name=_sites, Records=0, Children=1
  Name=_tcp, Records=0, Children=5
  Name=_udp, Records=0, Children=3
  Name=DomainDnsZones, Records=0, Children=2
  Name=ForestDnsZones, Records=0, Children=2
  Name=shares, Records=1, Children=0
    CNAME: zentyal.zentyal-domain.lan. (flags=f0, serial=28, ttl=259200)
  Name=w7cl01, Records=1, Children=0
    A: 192.168.62.50 (flags=f0, serial=29, ttl=3600)
  Name=zentyal, Records=1, Children=0
    A: 192.168.62.1 (flags=f0, serial=28, ttl=259200)

I recommend you to compare all my information from my test env with yours.

--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".

killmasta93

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +14/-0
    • View Profile
Re: Dynamic DNS not working? DHCP
« Reply #5 on: March 14, 2022, 02:23:32 pm »
Thank you so much for the reply,
I think i realized something, as zentyal i put the mask 255.255.252.0

it only created zone 192.168.3

Code: [Select]
root@apolo:~# ls -l -h /var/lib/bind/
total 8.0K
-rw-r--r-- 1 root root  53 Dec  5 11:12 bind9-default.md5sum
-rw-r--r-- 1 bind bind 344 Mar  8 23:28 db.3.168.192

i think i need to create zones 192.168.1. and 192.168.0

in this case i would need to create manually?

Thank you

killmasta93

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +14/-0
    • View Profile
Re: Dynamic DNS not working? DHCP
« Reply #6 on: April 19, 2022, 11:45:18 pm »
bump anyone