netbsd-users: help with DDNS using BIND9/DHCPD

Subject: help with DDNS using BIND9/DHCPD
To: None <netbsd-users@netbsd.org>
From: Amadeus Stevenson <amadeus.stevenson@gmail.com>
List: netbsd-users
Date: 01/06/2005 00:37:55
Hello

I've read a few "how-to's" for setting up dynamic dns updating via
dhcpd on a lan:

http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
http://www.mattfoster.clara.co.uk/ddns.htm

Neither of which have been "cut&paste" easy. I realise this isn't the
best way to understand it but I was looking for a quick method to get
this working.

I'm struggling to find documentation on this and was wondering if
anyone could shed some light?

At the moment the link in the netbsd documentation for DNS and BIND in
netbsd isn't up: http://www.muine.org/~hoang/dns.html

Basically all the clients are given ip addresses via dhcpd and it
would nice if their addresses could be added to the local dns zone.

I ran rndc-confgen initially and kept the hmac-md5 key suggested:

/etc/rndc.conf:
key "rndc-key" {
        algorithm hmac-md5;
        secret "md5hash...==";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};

named.conf:
key "rndc-key" {
      algorithm hmac-md5;
      secret "md5hash...==";
};

controls {
      inet 127.0.0.1 port 953
              allow { 127.0.0.1; 192.168.0.1; } keys { "rndc-key"; };
};

zone "0.168.192.in-addr.arpa" {
        type master;
        notify no;
        file "0.168.192";
        allow-update { key rndc-key; };
};

zone "DOMAIN.org" {
        type master;
        notify no;
        file "DOMAIN.org";
        allow-update { key rndc-key; };
};

/etc/dhcpd.conf:
key "rndc-key" {
      algorithm hmac-md5;
      secret "md5hash...==";
}

ddns-update-style interim;

zone 0.168.192.in-addr.arpa {
        key rndc-key;
}

zone DOMAIN.org. {
        key rndc-key;
}

This all loads up OK. Then when trying to adding a new client:

Jan  6 00:13:49 gateway named[8634]: client 192.168.0.1#62328: request
has invalid signature: TSIG rndc-key: tsig verify failure (BADKEY)
Jan  6 00:13:49 gateway dhcpd: Unable to add forward map from
dhcp-192-168-0-147.DOMAIN.org to 192.168.0.147: bad DNS key

So something is going wrong with the keys. I tried generating with
dnssec-keygen but I get the same errors so I figured something was
wrong with the setup.

I have unrelated errors which may cause something:

Jan  6 00:13:50 gateway named[7664]: no IPv6 interfaces found
Jan  6 00:13:50 gateway named[7664]: listening on IPv4 interface rtk0,
84.9.104.213#53
Jan  6 00:13:50 gateway named[7664]: could not listen on UDP socket:
address in use
Jan  6 00:13:50 gateway named[7664]: creating IPv4 interface rtk0
failed; interface ignored
Jan  6 00:13:50 gateway named[7664]: listening on IPv4 interface ex0,
192.168.0.1#53
Jan  6 00:13:50 gateway named[7664]: could not listen on UDP socket:
address in use
Jan  6 00:13:50 gateway named[7664]: creating IPv4 interface ex0
failed; interface ignored
Jan  6 00:13:50 gateway named[7664]: listening on IPv4 interface lo0,
127.0.0.1#53
Jan  6 00:13:50 gateway named[7664]: could not listen on UDP socket:
address in use
Jan  6 00:13:50 gateway named[7664]: creating IPv4 interface lo0
failed; interface ignored
Jan  6 00:13:50 gateway named[7664]: not listening on any interfaces
Jan  6 00:13:50 gateway named[7664]: /etc/namedb/named.conf:16:
couldn't add command channel 127.0.0.1#953: address in use

But named9 works OK despite all of these.

Thanks in advance for any help,

Amadeus