# To the DNS bind/DHCP experts....

## alexou2643

Well i have some problems in using bind and dhcp, as for instance i can't list all the hosts in my domain...and i the /var/log/everything/current i have an error about DHCP

I'm going to give you all my config files, on my server, and on a client, so it will be easier to make a diagnostic.

host -l mynetwork.net :

```

;; Connection to 127.0.0.1#53(127.0.0.1) for mynetwork.net failed: connection refused.

;; Connection to 192.168.1.1#53(192.168.1.1) for mynetwork.net failed: connection refused.

Host mynetwork.net not found: 5(REFUSED)

; Transfer failed.

```

/var/log/everything/current :

```

Sep  3 11:15:25 [dhcpd] DHCPREQUEST for 192.168.1.20 (192.168.1.1) from 00:48:54:5a:24:5e (client1) via eth1

Sep  3 11:15:25 [dhcpd] DHCPACK on 192.168.1.20 to 00:48:54:5a:24:5e (client1) via eth1

Sep  3 11:18:39 [dhcpd] DHCPDISCOVER from 00:48:54:5a:24:5e (client1) via eth1

Sep  3 11:18:40 [dhcpd] DHCPOFFER on 192.168.1.20 to 00:48:54:5a:24:5e (client1) via eth1

Sep  3 11:18:40 [dhcpd] DHCPDISCOVER from 00:48:54:5a:24:5e (client1) via eth1

Sep  3 11:18:40 [dhcpd] DHCPOFFER on 192.168.1.20 to 00:48:54:5a:24:5e (client1) via eth1

Sep  3 11:18:40 [dhcpd] if IN A client1.mynetwork.net rrset doesn't exist add 21600 IN A client1.mynetwork.net 192.168.1.20: connection refused.

```

the server /etc/resolv.conf :

```

search boss.mynetwork.net                                                                                             

nameserver 127.0.0.1

nameserver 192.168.1.1

nameserver 193.252.19.3

nameserver 193.252.19.4

```

the client /etc/resolv.conf file : 

```

nameserver 192.168.1.1

search mynetwork.net

```

the server /etc/hosts :

```

127.0.0.1 localhost

192.168.1.1 boss.mynetwork.net boss

```

the client /etc/hosts :

```

127.0.0.1 localhost client1.mynetwork.net client1

```

the server /etc/hostname :

```

boss.mynetwork.net

```

the client /etc/hostname :

```

client1.mynetwork.net

```

the bind files on the server:

/etc/bind/named.conf :

```

key mykey {

        algorithm hmac-md5;

   secret "c95/Xk2RW9Ha51/NDLj+GKWRhGJI6/9TOKltUENqSD4=";

};

options {

   directory "/var/bind";

   // uncomment the following lines to turn on DNS forwarding,

   // and change the forwarind ip address(es) :

   forward first;

   forwarders {

      193.252.19.3

      193.252.19.4;

   };

   // to allow only specific hosts to use the DNS server:

   //allow-query {

   //   127.0.0.1;

   //};

   // if you have problems and are behind a firewall:

   //query-source address * port 53;

   pid-file "/var/run/named/named.pid";

        auth-nxdomain yes;  

};

zone "." {

   type hint;

   file "named.ca";

};

zone "0.0.127.in-addr.arpa" {

   type master;

   file "pri/127.0.0";

};

zone "mynetwork.net" {

        type master;

        file "pri/mynetwork.net";

        allow-update { key mykey; };

};

zone "1.168.192.in-addr.arpa" {

        type master;

        file "pri/192.168.1";

        allow-update { key mykey; };

};

```

the zones files in /etc/bind/pri :

mynetwork.net :

```

$ORIGIN .

$TTL 86400   ; 1 day

mynetwork.net  IN SOA   boss.mynetwork.net. root.mynetwork.net. (

            2001042703 ; serial

            86400      ; refresh (1 day)

            21600      ; retry (6 hours)

            3600000    ; expire (5 weeks 6 days 16 hours)

            3600       ; minimum (1 hour)

            )

         NS   boss.mynetwork.net.

$ORIGIN mynetwork.net.

$TTL 86400   ; 1 day

localhost      A   127.0.0.1

boss              A   192.168.1.1

```

192.168.1 :

```

$ORIGIN .

$TTL 86400   ; 1 day

1.168.192.in-addr.arpa  IN SOA   boss.mynetwork.net. root.mynetwork.net. (

                            2001042702 ; serial

                            28800      ; refresh (8 hours)

                            14400      ; retry (4 hours)

                            3600000    ; expire (5 weeks 6 days 16 hours)

                            86400      ; minimum (1 day)

                            )

                    NS         boss.mynetwork.net.

$ORIGIN 1.168.192.in-addr.arpa.

$TTL 3600

1                   PTR        boss.mynetwork.net.

```

127.0.0 :

```

$TTL    86400

@                                IN SOA     boss.mynetwork.net.

root.mynetwork.net.  (

                                                  1997022700 ; Serial

                                                  28800      ; Refresh

                                                  14400      ; Retry

                                                  3600000    ; Expire

                                                  86400      ; Minimum

                                                  )            

                                                  NS         boss.mynetwork.net.

1                                                PTR        localhost.

```

And, finally, the /etc/dhcp/dhcpd.conf file :

```

ddns-update-style interim;

subnet 192.168.1.0 netmask 255.255.255.0 {

        # default gateway

        option routers 192.168.1.1;

        option subnet-mask 255.255.255.0;

        option broadcast-address 192.168.1.0;

        

        # dynamic updates

        ddns-updates on;

        ddns-domainname "mynetwork.net";

        ddns-rev-domainname "in-addr.arpa";

      

        option domain-name "mynetwork.net";

        option domain-name-servers 192.168.1.1;

         

        range dynamic-bootp 192.168.1.11 192.168.1.20;

        default-lease-time 21600;

        max-lease-time 43200;

        key mykey {

      algorithm hmac-md5;

      secret

"c95/Xk2RW9Ha51/NDLj+GKWRhGJI6/9TOKltUENqSD4=";

        };

        zone mynetwork.net. {

      primary 192.168.1.1;

                key mykey;

   }

   zone 2.168.192.in-addr.arpa. {

      primary 192.168.1.1;

                key mykey;

       }

}

```

About the key, i generated it with the following command:

dnssec-keygen -a hmac-md5 -b 256 -n HOST mykey

EPISODE II : So what do you think about all that? Are my config files rotten or what? For real, I really don't know where is the error???

----------

## n0n

I'm not terribly familiar with DHCP, though I consider myself pretty good with Bind . . .  It would help if you edited your post to include [code]...[/code] around your config files.  That would make the post much easier to read.  See https://forums.gentoo.org/faq.php?mode=bbcode#5 for details.

----------

## klieber

I'm pretty sure you don't want to be displaying your BIND secret key/shared secret for the world to see...

When you're editing your post to make it easier to read, may I also suggest you remove reference to that information?  :Smile: 

--kurt

----------

## n0n

(thanks for doing that formatting, btw, makes it much easier to read . . .)

Two possibilities here.  First, "connection refused" says to me that the nameserver port isn't actually open.  Run this command:

```
netstat -a | grep domain
```

If bind is running correctly, you should see a line or two that look something like this (obviously there'll be some variation):

```
tcp        0      0 10.0.11.77:domain       *:*                     LISTEN      

tcp        0      0 localhost:domain        *:*                     LISTEN      

udp        0      0 10.0.11.77:domain       *:*                                 

udp        0      0 localhost:domain        *:*
```

If nothing shows up, then bind isn't actually running properly, and that's where the problem is (and we can work on that next).

Otherwise, I suspect that the problem has something to do with the key authentication that you're trying to do.  I'm assuming that you're running that "host" command from the nameserver itself?  It's trying to do an AXFR transfer, which is failing because you're not authorized.

First off, try running some nslookup or dig commands on the nameserver box itself, so that you can verify that the nameserver's up and running properly in the first place.  Next, if that works, I'd try removing the key stuff, just to see if that is, indeed, where the problem is coming from (obviously you don't want to leave it like that, but at least this way we can rule it out).  Once those bits are out of there (or commented out, at least), try running that host command again, or "dig <domain> AXFR" . . .  Let me know what happens.

----------

## alexou2643

Yes, i'm doing these commands on the nameserver box! Well, let's see what happens with your commands  :Smile: 

netstat -a | grep domain :

```

Active UNIX domain sockets (servers and established)

```

There is just this line...:-/

dig mynetwork.net :

```

; <<>> DiG 9.2.2rc1 <<>> mynetwork.net

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35309

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;mynetwork.net.         IN   A

;; AUTHORITY SECTION:

.         86400   IN   SOA   A.ROOT-SERVERS.NET. NSTLD.VERISI

GN-GRS.COM. 2002090300 1800 900 604800 86400

;; Query time: 73 msec

;; SERVER: 193.252.19.3#53(193.252.19.3)

;; WHEN: Wed Sep  4 00:20:17 2002

;; MSG SIZE  rcvd: 118

```

dig boss :

```

; <<>> DiG 9.2.2rc1 <<>> boss

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17110

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;boss.            IN   A

;; AUTHORITY SECTION:

.         86400   IN   SOA   A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2002090300 1800 900 604800 86400

;; Query time: 70 msec

;; SERVER: 193.252.19.3#53(193.252.19.3)

;; WHEN: Wed Sep  4 00:23:42 2002

;; MSG SIZE  rcvd: 108

```

nslookup -sil mynetwork.net :

```

Server:      193.252.19.3

Address:   193.252.19.3#53

** server can't find mynetwork.net: NXDOMAIN

```

nslookup -sil client1 :

```

Server:      193.252.19.3

Address:   193.252.19.3#53

** server can't find client1: NXDOMAIN

```

So what about the key, should i remove it from "dhcpd.conf", "named.conf " and its zone files "mynetwork.net" and "1.168.192" as described in my first post?

What am I supposed to change? I mean, what must i write instead of mykey????

----------

## n0n

 *alexou2643 wrote:*   

> netstat -a | grep domain :
> 
> ```
> 
> Active UNIX domain sockets (servers and established)
> ...

 

Cool, so that's the problem (at least in this case).  Leave all the key stuff alone for now.  If there's problems with it, we'll deal with it later once bind is actually up and running.  Run this line:

```
/etc/init.d/named start
```

And then run that netstat command again.  The output should be a bit happier.  In order to get bind to start up every time you boot your machine, run this:

```
rc-update add named default
```

Then run the other commands like this, instead:

```
nslookup <host> localhost

dig @localhost <host>
```

Those two forms will force the commands to only look at the local server.  If you look at the "Server" IP addresses from your nslookup and dig commands, you'll see that it eventually went after 193.252.19.3.  I should have thought of that before.

Let me know how this turns out . . .

----------

## n0n

I should probably have added that the netstat command will only show you if the programs are actually listening to ports.  I suppose that it's conceivable that bind was running but just not listening (though quite unlikely), and in any case you can check to see if any command is running by using the "ps" command.  I usually do:

```
ps -aefw | grep <program>
```

If you just do the "ps -aefw" bit, it'll show you all the processes on your box.  Bind runs as "named," so put that in for <program>.  If it's running, it'll show up in the list, and if not you just won't see any output from the command.

----------

## alexou2643

Well about the service named, it was already setted to start at the boot time.

I did a little /etc/init.d/named status and /etc/init.d/restart to be sure.

I cleaned my config files of all key stuff...

nslookup -sil mynetwork.net localhost :

```

;; connection timed out; no servers could be reached

```

nslookup -sil @localhost mynetwork.net :

```

nslookup: Couldn't find server 'mynetwork.net': Name or service not known

```

And i tried again your command...still the same thing

netstat -a | grep domain

```

Active UNIX domain sockets (servers and established)

```

Geeeekz!!!   :Evil or Very Mad:  Where is that damn error   :Crying or Very sad: 

----------

## n0n

Odd.  Don't bother trying the nslookup or dig commands until you see something from the netstat command, btw . . .  Check to make sure that the named process is actually running (using that ps command).  And in either case, check out the messages in /var/log/daemon.log.  There should be at least some entries in there for named, perhaps one of them is throwing an error.

If named is running and just not listening on any ports, we'll have to track that problem down.  Are you using iptables at all?  If so, make sure you're not doing any overzealous blocking.  run "iptables -L" to get a list of all the rules currently in service (if the command throws an error then you're certainly not using it).

----------

## alexou2643

Well, first, thank you for helping, i know it's boring, so i really appreciate your help.

Ok, with ps -aefw | grep bind...I have nothing, no answer, nada at all!

Just as an example, i tried the same command with dhcp :

ps -aefw | grep dhcp

```

root      4088     1  0 Sep03 ?        00:00:00 /usr/sbin/dhcpd eth1

root     17938 17929  0 03:28 pts/4    00:00:00 grep dhcp

```

So apparently, bind is not working at all???!!! Isn't that strange?!

About IPtables, yes it's working :

iptables -L :

```

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

```

Well i'm gonna stop that service! 

MMM, i don't know what happens about bind.

I'm using the 9.2.2_rc1-r1 version, the last version available on gentoo. So it normally should work.

Oh yeah, a thing is strange about the service named, unlikely the others services, like iptables, or dhcp, or samba, when i do a /etc/init.d/named stop, it stops, but it restarts automatically, it's like if did a /etc/init.d.named restart....maybe there is a shit about all this?!

----------

## n0n

 *alexou2643 wrote:*   

> Well, first, thank you for helping, i know it's boring, so i really appreciate your help.

 

Whatever.  :)  I enjoy the inflated sense of self-esteem it give me.  :)

 *Quote:*   

> So apparently, bind is not working at all???!!! Isn't that strange?!

 

Indeed; I'd check that logfile I mentioned earlier, it might have some clues . . .

 *Quote:*   

> About IPtables, yes it's working:

 

Oh, actually that output says that there's no rules currently in place.  If there were some filtering going on, it would be enumerated under each chain (INPUT is packets coming into your machine, OUTPUT is packets going out, and FORWARD is packets to be sent through the box (in case it's acting as a firewall/router or something).  So you're actually not doing any filtering.  Also, iptables really isn't a service that runs in the background.  The "iptables" executable just talks to the kernel in a way that tells the kernel what to do with packets that are coming in.  So there's no "service" to stop.

 *Quote:*   

> Oh yeah, a thing is strange about the service named, unlikely the others services, like iptables, or dhcp, or samba, when i do a /etc/init.d/named stop, it stops, but it restarts automatically, it's like if did a /etc/init.d.named restart....maybe there is a shit about all this?!

 

Hm, weird.  I'd check that logfile . . .

----------

## alexou2643

Well, about the daemon log, i don't find it...it should be placed in /var/log...

In my /etc/syslog.conf, there is nothing about a daemon log....  :Sad: 

/etc/syslog.conf :

```

#  /etc/syslog.conf     Configuration file for syslogd.

#

#                       For more information see syslog.conf(5)

#                       manpage.

#                       This is from Debian, we are using it for now

#                       Daniel Robbins, 5/15/99

#

# First some standard logfiles.  Log by facility.

#

auth,authpriv.*                 /var/log/auth.log

*.*;auth,authpriv.none          -/var/log/syslog

#cron.*                         /var/log/cron.log

daemon.*                        -/var/log/daemon.log

kern.*                          -/var/log/kern.log

lpr.*                           -/var/log/lpr.log

mail.*                          /var/log/mail.log

user.*                          -/var/log/user.log

uucp.*                          -/var/log/uucp.log

local6.debug                    /var/log/imapd.log

#

# Logging for the mail system. Split it up so that

# it is easy to write scripts to parse these files.

#

mail.info                       -/var/log/mail.info

mail.warn                       -/var/log/mail.warn

mail.err                        /var/log/mail.err

# Logging for INN news system

#

news.crit                       /var/log/news/news.crit

news.err                        /var/log/news/news.err

news.notice                     -/var/log/news/news.notice

#

# Some `catch-all' logfiles.

#

*.=debug;\

        auth,authpriv.none;\

        news.none;mail.none     -/var/log/debug

*.=info;*.=notice;*.=warn;\

        auth,authpriv.none;\

        cron,daemon.none;\

        mail,news.none          -/var/log/messages

#

# Emergencies are sent to everybody logged in.

#

*.emerg                         *

#

# I like to have messages displayed on the console, but only on a virtual

# console I usually leave idle.

#

#daemon,mail.*;\

#       news.=crit;news.=err;news.=notice;\

#       *.=debug;*.=info;\

#       *.=notice;*.=warn       /dev/tty8

# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,

# you must invoke `xconsole' with the `-file' option:

# 

#    $ xconsole -file /dev/xconsole [...]

#

# NOTE: adjust the list below, or you'll go crazy if you have a reasonably

#      busy site..

#

#daemon.*,mail.*;\

#       news.crit;news.err;news.notice;\

#       *.=debug;*.=info;\

#       *.=notice;*.=warn       |/dev/xconsole

local2.*                -/var/log/ppp.log

```

Anyway, i reinstalled bind, emerge -C bind, emerge bind....

And i still have the same problem with /etc/init.d/named, stop doesn't really stop, and start=restart

let's look about that script:

/etc/init.d/named :

```

#!/sbin/runscript

# Copyright 1999-2002 Gentoo Technologies, Inc.

# Distributed under the terms of the GNU General Public License, v2 or later

# $Header: /home/cvsroot/gentoo-x86/net-dns/bind/files/named.rc6,v 1.3 2002/08/20 15:10:56 achim Exp $

opts="start stop reload restart"

depend() {

   need net

}

checkconfig() {

   if [ ! -f ${CHROOT}/etc/bind/named.conf ] ; then

      eerror "No ${CHROOT}/etc/bind/named.conf file exists!"

   fi

   

   # In case someone doesn't have $CPU set from /etc/conf.d/named

   if [ ! $CPU ] ; then

      CPU=1

   fi

   if [ $CHROOT -a -d $CHROOT ] ; then

      OPTIONS="${OPTIONS} -t ${CHROOT}"

      PIDFILE="${CHROOT}/var/run/named/named.pid"

      KEY="${CHROOT}/etc/bind/rndc.key"

   else

      PIDFILE="/var/run/named/named.pid"

      KEY="/etc/bind/rndc.key"

   fi

}

start() {

   ebegin "Starting named"

   checkconfig || return 1

   start-stop-daemon --start --quiet --exec /usr/sbin/named -- -u named -n $CPU $OPTIONS

   eend $?

}

stop() {

   ebegin "Stopping named"

   checkconfig || return 2

   start-stop-daemon --stop --quiet --pidfile $PIDFILE

   eend $?

}

reload() {

   checkconfig || return 3

   if [ ! -f $PIDFILE ] ; then

      /etc/init.d/named start

      exit

   fi

   if [ -f $KEY ] ; then

      ebegin "Reloading named"

      rndc -k $KEY reconfig

      eend $?

   else /etc/init.d/named restart

   fi

}

```

Ok, so what do you think, is the script guilty? Well you should tell me how to make a daemon.log with my syslog.conf (it's the original provided by gentoo, i have not written anything inside.)

----------

## n0n

 *alexou2643 wrote:*   

> Well, about the daemon log, i don't find it...it should be placed in /var/log...
> 
> In my /etc/syslog.conf, there is nothing about a daemon log.... :(
> 
> /etc/syslog.conf :
> ...

 

That one line I left in there should be enough to create a daemon.log.  I suppose maybe you're using a different logger.  Hopefully /var/log/syslog exists; the named messages should be in there as well, so check there.

So nothing happens when you just do "/etc/init.d/named start" (not restart or anything . . .)?

----------

## alexou2643

Well, i had metalog instead of sysklogd that i had first installed before to upgrade to metalog. Anyway, i emerged it again, so i'm using it now.

So in the daemon-log, i have something about the named service, just so you know :

nano -w /etc/log/daemon.log :

```

Sep  4 18:07:27 boss named[5171]: starting BIND 9.2.2rc1 -u named -n 1

Sep  4 18:07:27 boss named[5171]: using 1 CPU

Sep  4 18:07:27 boss named[5173]: loading configuration from '/etc/bind/named.conf'

Sep  4 18:07:27 boss named[5173]: /etc/bind/named.conf:9: missing ';' before '193.252.19.4'

Sep  4 18:07:27 boss named[5173]: loading configuration: failure

Sep  4 18:07:27 boss named[5173]: exiting (due to fatal error)

```

SO apparently, it lacked this f***ing ';' before '193.252.19.4'

But i still don't have anything when i use the command ps -aewf | grep bind.....

Well, it seems that we progress....  :Rolling Eyes: 

----------

## jcostom

 *alexou2643 wrote:*   

> 
> 
> But i still don't have anything when i use the command ps -aewf | grep bind.....
> 
> 

 

That's because the daemon isn't called bind.  grep for named.

----------

## kashani

You seem to be stuck at getting named up and running, which is pretty common when building your zone files the first time around. 

Open two shells to you machine. 

in the first one run this command

# tail -f /var/log/messages

This will kick anything new that comes into the messages log out to your screen. 

Then attempt to start bind. You should see any errors that appear when it tries to start. I myself had problems getting the init.d/named script to work and had to edit it down to the following.

#!/sbin/runscript

# Copyright 1999-2002 Gentoo Technologies, Inc.

# Distributed under the terms of the GNU General Public License, v2 or later

# /space/gentoo/cvsroot/gentoo-x86/net-misc/bind/files/named.rc6,v 1.3 2002/02/09 01:08:04 woodchip 

Exp

depend() {

        need net

}

start() {

        ebegin "Starting named"

        start-stop-daemon --start --quiet --exec /usr/sbin/named -u named

        eend $?

}

stop() {

        ebegin "Stopping named"

        start-stop-daemon --stop --quiet --pidfile /var/run/named.pid

        eend $?

}

kashani

----------

## alexou2643

I have an answer when i do

ps -aefw | grep named :

```

named     4851     1  0 19:25 ?        00:00:

named     4852  4851  0 19:25 ?        00:00:

named     4853  4852  0 19:25 ?        00:00:

named     4854  4852  0 19:25 ?        00:00:

named     4855  4852  0 19:25 ?        00:00:

root      5189  5187  0 19:26 pts/3    00:00:

```

And in the /var/log/daemon/log :

```

Sep  4 19:25:12 boss named[4851]: starting BIND 9.2.2rc1 -u named -n 1

Sep  4 19:25:12 boss named[4851]: using 1 CPU

Sep  4 19:25:12 boss named[4853]: loading configuration from '/etc/bind/named.conf'

Sep  4 19:25:12 boss named[4853]: listening on IPv4 interface lo, 127.0.0.1#53

Sep  4 19:25:12 boss named[4853]: listening on IPv4 interface eth1, 192.168.1.1#53

Sep  4 19:25:12 boss named[4853]: /etc/bind/rndc.key:1: unknown option 'options'

Sep  4 19:25:12 boss named[4853]: /etc/bind/rndc.key:6: unknown option 'server'

Sep  4 19:25:12 boss named[4853]: couldn't add command channel 127.0.0.1#953: failure

Sep  4 19:25:12 boss named[4853]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1

Sep  4 19:25:12 boss named[4853]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2001042702

Sep  4 19:25:12 boss named[4853]: zone mynetwork.net/IN: loaded serial 2001042703

Sep  4 19:25:12 boss named[4853]: running

```

So it's not perfect but i think we're progressing...

So what about the rndc.key 

```

options {

        default-server  192.168.1.1;

        default-key     mykey;

};

server 192.168.1.1 {

        key     mykey;

};

key mykey {

        algorithm hmac-md5;

   secret "c95/Xk2RW9Ha51/NDLj+GKWRhGJI6/9TOKltUENqSD4=";

};

```

What is wrong about that, i used the example in /usr/share/doc/bind-9.2.2_rc1-r1/dhcp-dynamic-dns-examples/bind/etc/rdnc.conf

And what about the line in the daemon.log which deals about the couldn't add command channel 127.0.0.1#953: failure...???

Ok, I think we're close to make perfectly work that bind server soon!!! 

 :Surprised: 

----------

## alexou2643

Well i still have the error i described in my first post:

nano -w /var/log/daemon.log

```

Sep  4 19:50:05 boss dhcpd: DHCPDISCOVER from 00:48:54:5a:24:5e (client1) via eth1

Sep  4 19:50:06 boss dhcpd: DHCPOFFER on 192.168.1.20 to 00:48:54:5a:24:5e (client1) via eth1

Sep  4 19:50:06 boss dhcpd: DHCPDISCOVER from 00:48:54:5a:24:5e (client1) via eth1

Sep  4 19:50:06 boss dhcpd: DHCPOFFER on 192.168.1.20 to 00:48:54:5a:24:5e (client1) via eth1

Sep  4 19:50:06 boss named[5277]: client 192.168.1.1#32771: update 'mynetwork.net/IN' denied

Sep  4 19:50:06 boss dhcpd: if IN A client1.mynetwork.net domain doesn't exist add 21600 IN A client1.mynetwork.net 192.168.1.20 add 21600 IN TXT client1.mynetwork.net "31f5379567937068ec09b43313b2c07702": timed out.

Sep  4 19:50:06 boss dhcpd: DHCPREQUEST for 192.168.1.20 (192.168.1.1) from 00:48:54:5a:24:5e (client1) via eth1

Sep  4 19:50:06 boss dhcpd: DHCPACK on 192.168.1.20 to 00:48:54:5a:24:5e (client1) via eth1

```

----------

## kashani

If I'm reading this correct you're trying to do a dynamic DNS update to your DNS server. You'll need to explictly enable this. You'll probably see something in you logs about update being denied or some such. 

Don't remember exactly how to enable it, but a quick Google should pull it up for you.

kashani

----------

## alexou2643

I added the key for the dns update, in named.conf and dhcpd.conf and if i take a look on the daemon.log, it appears that there is a last error before all works fine for my network

in /var/log/daemon.log :

```

Sep  4 21:49:44 boss dhcpd: DHCPDISCOVER from 00:48:54:5a:24:5e via eth1

Sep  4 21:49:45 boss dhcpd: DHCPOFFER on 192.168.1.40 to 00:48:54:5a:24:5e (client1) via eth1

Sep  4 21:49:45 boss dhcpd: DHCPDISCOVER from 00:48:54:5a:24:5e (client1) via eth1

Sep  4 21:49:45 boss dhcpd: DHCPOFFER on 192.168.1.40 to 00:48:54:5a:24:5e (client1) via eth1

Sep  4 21:49:45 boss named[6528]: client 192.168.1.1#32776: updating zone 'mynetwork.net/IN': adding an RR

Sep  4 21:49:45 boss named[6528]: client 192.168.1.1#32776: updating zone 'mynetwork.net/IN': adding an RR

Sep  4 21:49:45 boss named[6528]: journal file pri/mynetwork.net.jnl does not exist, creating it

Sep  4 21:49:45 boss dhcpd: if IN A client1.mynetwork.net domain doesn't exist add 21600 IN A myclient1.network.net 192.168.1.40 add 21600 IN TXT myclient1.network.net "31f5379567937068ec09b43313b2c07702": success.

Sep  4 21:49:45 boss named[6528]: client 192.168.1.1#32776: update '1.168.192.in-addr.arpa/IN' denied

Sep  4 21:49:45 boss dhcpd: delete IN PTR 40.1.168.192.in-addr.arpa add 21600 IN PTR 40.1.168.192.in-addr.arpa myclient1.network.net: timed out.

Sep  4 21:49:45 boss dhcpd: DHCPREQUEST for 192.168.1.40 (192.168.1.1) from 00:48:54:5a:24:5e (client1) via eth1

Sep  4 21:49:45 boss dhcpd: DHCPACK on 192.168.1.40 to 00:48:54:5a:24:5e (client1) via eth1

```

Does anyone here know about that stuff, "Sep  4 21:49:45 boss named[6528]: client 192.168.1.1#32776: update '1.168.192.in-addr.arpa/IN' denied

Sep  4 21:49:45 boss dhcpd: delete IN PTR 40.1.168.192.in-addr.arpa add 21600 IN PTR 40.1.168.192.in-addr.arpa myclient1.network.net: timed out.

"

Apparently i have to add something in one of my bind config files, but what, and where????

----------

