dhclient.conf and DDNS via TSIG to Bind 9.2.3
Tillman Hodgson
tillman at seekingfire.com
Thu Jul 8 13:51:06 PDT 2004
Howdy,
I have a backup connection on an ADSL line with an IP address provided
by DHCP. My main line, which has static IPs, hosts my Bind 9.2.3 DNS
server. I don't have control of the DHCP server for the backup line,
it's simply provided by the ISP.
I'm using dhclient from -CURRENT on i386, dated June 17 2004.
I'd like to have dhclient on the backup line update a DNS entry in one
of my zones so that I can always reach my network via the backup line at
the same name. I'm following
http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html as well as a
similar thread from the freebsd hackers lsit from last November:
http://groups.google.ca/groups?hl=en&lr=&ie=UTF-8&th=86443cc1d80de8da&rnum=2
I set up the named.conf on the DNS host as follows (IPs aren't mangled
... they're dyanmic, after all :-)):
key "adsl.seekingfire.com." {
algorithm hmac-md5;
secret "<my secret generated from dnssec-keygen>";
};
view "us" {
match-clients { MyNets; };
// Master zones
zone "seekingfire.com" {
type master;
file "master/seekingfire.com";
allow-transfer { MyNets; AccessComm; };
// for dynamic DNS
allow-update { key adsl.seekingfire.com.; };
// Note: I've also tried:
//update-policy {
// grant adsl.seekingfire.com. name
// adsl.seekingfire.com. A TXT;
//};
};
And I've set up dhclient.conf as follows:
### Keys and DDNS (see
http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html)
send fqdn.fqdn "adsl.seekingfire.com.";
send fqdn.encoded on;
send fqdn.server-update off;
key adsl.seekingfire.com. {
algorithm HMAC-MD5;
secret <my secret generated from dnssec-keygen>";
}
zone seekingfire.com {
key adsl.seekingfire.com.;
}
interface "xl0" {
send dhcp-client-identifier "adsl";
send host-name "adsl";
}
When I add "dhclient_flags="-v"" to /etc/rc.conf and run
/etc/rc.d/dhclient restart, I get:
Releasing DHCP leases: xl0.
Starting dhclient.
Internet Software Consortium DHCP Client V3.0.1rc12
Copyright 1995-2002 Internet Software Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP
Listening on BPF/xl0/00:01:02:2d:17:47
Sending on BPF/xl0/00:01:02:2d:17:47
Sending on Socket/fallback
DHCPDISCOVER on xl0 to 255.255.255.255 port 67 interval 6
DHCPOFFER from 64.110.241.254
DHCPREQUEST on xl0 to 255.255.255.255 port 67
DHCPACK from 64.110.241.254
bound to 142.165.192.118 -- renewal in 6982 seconds.
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
inet6 fe80::201:2ff:fe2d:1747%xl0 prefixlen 64 scopeid 0x2
inet 142.165.192.118 netmask 0xffffff00 broadcast 142.165.192.255
ether 00:01:02:2d:17:47
media: Ethernet 10baseT/UTP (10baseT/UTP <half-duplex>)
status: active
So, yeah, I get my new lease just fine. But it doesn't mention anything
about DNS ... and when I run a tcpdump on the adsl host, I don't see any
traffic on port 53. It's like it's just ignoring that part of
dhclient.conf completely.
Is there something I missing or have messed up in my dhclient.conf
configuration?
-T
--
Page 12: Unix is a set of tools for smart people.
- Harley Hahn, _The Unix Companion_
More information about the freebsd-questions
mailing list