Okay this is a rather complicated problem.

I'm working on upgrading my Redhat 7.3 box. I have a second machine which I installed RH 9 on to migrate my webserver, dns, dhcp, and database (mysql, postgresql) servers to.

I've gotten the web and databaser servers working without issue.

I have the DHCP and DNS servers working except for one small problem.

When my Wiindows machines renew there IP address with the DHCP server it sends all the correct information to the DNS server but bind seams to ignore the DDNS requests.

Here is what I get in my system log:

Aug 8 01:31:51 webdb dhcpd: if IN A ultima.********.lan domain doesn't exist add 600 IN A ultima.********.lan 192.168.1.193 add 600 IN TXT ultima.********.lan "31e9804e381d924f2a981f1510deca1603": timed out.

I have setup the keys correctly in my named.conf and dhcpd.conf . The only thing I can figure is something is not correct with bind.

Here is snip it of my zone declaration in dhcpd.

shared-network scottslan {
ddns-updates on;
option domain-name "********.lan";
# scotts lan
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option ip-forwarding on;
option netbios-node-type 8;
option domain-name "**********.lan";
option domain-name-servers 192.168.1.194, 192.168.1.1;
option routers 192.168.1.1;
max-lease-time 120000;
default-lease-time 12000;

}
}

-Here is a sniping of my named.conf

zone "***********.lan" {
type master;
file "************.lan.hosts";
allow-update { key wedb-dhcpd; };
};

zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.0.rev";
allow-update { key webdb-dhcpd; };
};

-There is one other odd problem. That has to due with when i shutdown bind. I get this ugly message in my log :

Aug 8 02:04:49 webdb named[10443]: app.c:561: unexpected error:
Aug 8 02:04:49 webdb named[10443]: isc_app_shutdown() pthread_kill: No such process

-And named continues to run. I wonder if redhat did this on purpose and compiled bind wrong.

-I have the following rpm's installed for bind and dhcpd :
dhcp-3.0pl1-23
bind-9.2.1-16

Anyone have any ideas?

try this in your /etc/dhcpd.conf
ddns-update-style interim;

Its there already...

Any other ideas?

have you included with include "/somewhere/webdb_dhcp.file" ? i think, it would be helpful, if you would post your whole dhcpd.conf, named.conf and a zone declare, because i don't see and included file for authorization and so on...

---- BEGIN DHCPD.CONF ---------------
ddns-update-style interim;
update-static-leases true;
ddns-ttl 600;

#DESCRIBE KEY
key webdb-dhcpd {
algorithm hmac-md5;
#DESCRIBE KEY
key webdb-dhcpd {
algorithm hmac-md5;
secret "tpfXhc4B0v8gmzgDJP59IDvdTp5ctLo9ugTWt5cxGEV+b9aerRl/F6N06Aa02ZUYKgnN9wkxnATio/IVhGxqYA==";
}

# DESCRIBE Fwding Zone
# additionally specify a key
zone ***********.lan. {
primary 192.168.2.194;
key webdb-dhcpd;
}

# DESCRIBE Reverse Zone allowing Updates
# additionaly specify a key
zone 1.168.192.in-addr.arpa. {
primary 127.0.0.1;
key webdb-dhcpd;
}

shared-network scottslan {
ddns-updates on;
option domain-name "**********.lan";
# scotts lan
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option ip-forwarding on;
option netbios-node-type 8;
option domain-name "***********.lan";
option domain-name-servers 192.168.1.194, 192.168.1.1;
option routers 192.168.1.1;
max-lease-time 120000;
default-lease-time 12000;

}
}
------------- END DHCPD.CONF ---------------------

------------- BEGIN NAMED.CONF -------------------
acl "xfer" {
none; // Allow no transfers. If we have other
// name servers, place them here.
// Note that in the Netherlands, for example,
// the TLD servers 193.176.144.2 and 193.176.144.138
// are allowed to perform zone tranfers
// from the domains under .nl.
};

acl "trusted" {
// Place our internal and DMZ subnets in here so that
// intranet and DMZ clients may send DNS queries. This
// also prevents outside hosts from using our name server
// as a resolver for other domains.

192.168.1.0/24;
localhost;
};

acl "bogon" {
// Filter out the bogon networks. These are networks
// listed by IANA as test, RFC1918, Multicast, experi-
// mental, etc. If you see DNS queries or updates with
// a source address within these networks, this is likely
// of malicious origin. CAUTION: If you are using RFC1918
// netblocks on your network, remove those netblocks from
// this list of blackhole ACLs!
0.0.0.0/8;
1.0.0.0/8;
2.0.0.0/8;
5.0.0.0/8;
7.0.0.0/8;
10.0.0.0/8;
23.0.0.0/8;
27.0.0.0/8;
31.0.0.0/8;
36.0.0.0/8;
37.0.0.0/8;
39.0.0.0/8;
41.0.0.0/8;
42.0.0.0/8;
49.0.0.0/8;
50.0.0.0/8;
58.0.0.0/8;
59.0.0.0/8;
60.0.0.0/8;
70.0.0.0/8;
71.0.0.0/8;
72.0.0.0/8;
73.0.0.0/8;
74.0.0.0/8;
75.0.0.0/8;
76.0.0.0/8;
77.0.0.0/8;
78.0.0.0/8;
79.0.0.0/8;
83.0.0.0/8;
84.0.0.0/8;
85.0.0.0/8;
86.0.0.0/8;
87.0.0.0/8;
88.0.0.0/8;
89.0.0.0/8;
90.0.0.0/8;
91.0.0.0/8;
92.0.0.0/8;
93.0.0.0/8;
94.0.0.0/8;
95.0.0.0/8;
96.0.0.0/8;
97.0.0.0/8;
98.0.0.0/8;
99.0.0.0/8;
100.0.0.0/8;
101.0.0.0/8;
102.0.0.0/8;
103.0.0.0/8;
104.0.0.0/8;
105.0.0.0/8;
106.0.0.0/8;
107.0.0.0/8;
108.0.0.0/8;
109.0.0.0/8;
110.0.0.0/8;
111.0.0.0/8;
112.0.0.0/8;
113.0.0.0/8;
114.0.0.0/8;
115.0.0.0/8;
116.0.0.0/8;
117.0.0.0/8;
118.0.0.0/8;
119.0.0.0/8;
120.0.0.0/8;
121.0.0.0/8;
122.0.0.0/8;
123.0.0.0/8;
124.0.0.0/8;
125.0.0.0/8;
126.0.0.0/8;
127.0.0.0/8;
169.254.0.0/16;
172.16.0.0/12;
192.0.2.0/24;
197.0.0.0/8;
201.0.0.0/8;
222.0.0.0/8;
223.0.0.0/8;
224.0.0.0/3;
};


// Config file for caching only name server
//
// The version of the HOWTO you read may contain leading spaces
// (spaces in front of the characters on these lines ) in this and
// other files. You must remove them for things to work.
//
// Note that the filenames and directory names may differ, the
// ultimate contents of should be quite similar though.
options {
directory "/var/named";
pid-file "/var/named/named.pid";
statistics-file "/var/named/named.stats";
dump-file "/var/named/named.dump";
zone-statistics yes;
notify no;
transfer-format many-answers;
max-transfer-time-in 60;
interface-interval 0;
allow-transfer {
xfer;
};

allow-query {
trusted;
};
blackhole {
bogon;
};


// Uncommenting this might help if you have to go through a
// firewall and things are not working out. But you probably
// need to talk to your firewall admin.

// query-source port 53;
};

controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

key "rndckey" {
algorithm hmac-md5;
secret "dkutRASSIkqA0JvRxXhDqymSs7ReiQVxcAHNpOT8z18H8fBvVprCuaz99T2L";
};

key webdb-dhcpd {
algorithm hmac-md5;
secret "tpfXhc4B0v8gmzgDJP59IDvdTp5ctLo9ugTWt5cxGEV+b9aerRl/F6N06Aa02ZUYKgnN9wkxnATio/IVhGxqYA==";
};

zone "." {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

zone "****************.lan" {
type master;
file "***************.lan.hosts";
allow-update { key wedb-dhcpd; };
};

zone "1.168.192.in-addr.arpa" IN {
type master;
file "192.168.1.0.rev";
allow-update { key webdb-dhcpd; };
};
---- END NAMED.CONF -----------------

Does that help ?

already tried it with encrypted passwords without ""??

Your original error message is coming from dhcp, not bind.

It looks like your are trying to do a dynamic update of bind through dhcp.

Try place a zone entry in your dhcpd.conf file for your dhcp server address, sort of like the example below, but change it to match your setup. I use the key rndckey, to allow secure updates to my dns servers.

zone localhost {
primary 127.0.0.1;
key rndckey;
}

zone 0.0.127.in-addr.arpa {
primary 127.0.0.1;
key rndckey;
}

zone mylan.lan {
primary 192.168.100.1;
key rndckey;
}

zone 100.168.192.in-addr.arpa {
primary 192.168.100.1;
key rndckey;
}

YES!!!

I've been trying to get my dynamic dns working for the past few days, and the last problem i got was identical to yours...

I fixed it by (i think) getting rid of any TTL def in the zone file, in /var/named

I also changed, at the begginning of the SOA def, my domainname to a @ symbol, although that's standard, and probably isn't the cause of the "time out" problem. So try getting rid of TTL and see what happens

Getting rid of TTL won't fix his problem. It stems from dhcp NOT named.

TL (Time To Live), is the number of seconds remaining on a cached record before it is purged.

...well, it *might* be the reason...
dhcp times out when trying to update the zone file. One reason might be that it sees something its not expecting inside the zone file, and so it can't be updated. I might've done something different to solve the problem, but i can't remember now. Anyways; here is my zone def file; see if yours is the same format:
my nameserver and mail server and stuff are all on the same machine

make sure you have all the dots after the domain names, named throws a fit if you don't (a fit that you don't discover until much much later, after trying for hours to fix a problem that seems to be totally unrelated...)

i didn't had to change this, and it works now fine (but i didn't test with windows-clients now, only linux-clients) so for discussion, i put here me dhcpd.conf, named.conf and both zone def's

-----------------------------------------named.conf----------------------------
trinity:/etc # more named.conf
options {
directory "/var/named";
notify no;
forward first;
forwarders { 62.2.17.61; 62.2.24.158; 62.2.17.60; } ;

};

controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

include "/etc/rndc.key";

zone"." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

include "/etc/dhcpd.key";

zone "mydomain.net" IN {
type master;
file "mydomain.net.db";
allow-update { key DHCP_UPDATER; };
};

zone "0.0.10.in-addr.arpa" IN {
type master;
file "0.10.db";
allow-update { key DHCP_UPDATER; };
};
----------------------------dhcpd.conf------------------------------------------
trinity:/etc # more dhcpd.conf
subnet 10.0.0.0 netmask 255.0.0.0 {
ddns-updates on;
ddns-domainname "mydomain.net";
ddns-rev-domainname "in-addr.arpa";
option domain-name "mydomain.net";
option domain-name-servers 10.0.0.2;
option routers 10.0.0.2;
range 10.0.0.5 10.0.0.99;
allow unknown-clients;
allow client-updates;
authoritative;
max-lease-time 43200;
default-lease-time 28800;

}

ddns-update-style interim;

key DHCP_UPDATER {
algorithm hmac-md5;
cleartextpassword
encryptedpassword;
}

zone mydomain.net. {
primary 127.0.0.1;
key DHCP_UPDATER;
}

zone 0.0.10.in-addr.arpa. {
primary 127.0.0.1;
key DHCP_UPDATER;
}

zone 168.192.in-addr.arpa. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
------------------------------forward-zone-------------------------------------
trinity:/var/named # more mydomain.net.db
$ORIGIN .
$TTL 86400 ; 1 day
mydomain.net IN SOA trinity.mydomain.net. root.trinity.mydomain.net. (
2003081150 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS trinity.mydomain.net.
A 10.0.0.2
MX 0 link.mydomain.net.
$ORIGIN mydomain.net.
connect A 192.168.0.1
link A 192.168.0.101
morpheus A 10.0.0.1
$TTL 21600 ; 6 hours
neo A 10.0.0.6 ---> DDNS-Entry
TXT "319309b4b8f43bba864ca90fea231f9006"
$TTL 86400 ; 1 day
trinity A 10.0.0.2
A 192.168.0.100
www CNAME link
----------------------------reverse-zone---------------------------------------
$ORIGIN .
$TTL 84600 ; 23 hours 30 minutes
0.0.10.in-addr.arpa IN SOA trinity.mydomain.net. root.trinity.mydomain.net. (
2003081155 ; serial
10800 ; refresh (3 hours)
900 ; retry (15 minutes)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS trinity.mydomain.net.
A 10.0.0.2
$ORIGIN 0.0.10.in-addr.arpa.
1 PTR morpheus.mydomain.net.
2 PTR trinity.mydomain.net.
$TTL 21600 ; 6 hours
6 PTR neo.mydomain.net. ---> DDNS-entry
----------------------------dhcpd.key------------------------------------------
trinity:/etc # more dhcpd.key
key DHCP_UPDATER {
algorithm hmac-md5;
cleartextpassword
encryptedpassword;
};

oh, and how about access-rights on your zone-files??? with which user do you run named? what rights does this user have on your zone-files??

I hope some people will see this thru, since it's been a while this thread didn't receive any post...

Anyway, here it is!

After putting back on track DNS where i work - i didn't even know BIND before, but i did it - i decide to do some experiments on my own; i have an old IBM laptop on which i install Mandrake 8.1 some time ago with Bind 9.2 and ISC DHCPd 3.0 pre-installed... i haven't fiddle with it at first, but now it's working fine, except that i have the same message as locutus233 had in the beginning :

Aug 8 01:31:51 webdb dhcpd: if IN A ultima.********.lan domain doesn't exist add 600 IN A ultima.********.lan 192.168.1.193 add 600 IN TXT ultima.********.lan "31e9804e381d924f2a981f1510deca1603": timed out.

The laptop is the only Linux box i have, and i have the same message for 2 winxp-client with DHCP activated!

Is the problem Win-based ? If so, why the message originate from dhcpd ?

I could post more info, but i'll wait to see if this thread is not lost in Oblivion...

tanks