1

I'm working on setting up DNS and DHCP on my homelab network using BIND9 and Kea, and I'm having trouble getting my zone files to update consistently. My setup is BIND 9.18.26 and Kea 2.4.1 on the same FreeBSD 14.0 server; clients are an assortment of FreeBSD, Debian-based, Android and a couple of commercial IoT devices, with a mixture of static, reserved and dynamic addresses.

Kea (so far as I can tell) is handing out all addresses, including the reserved addresses, correctly, but is not passing addresses to BIND, and since I have no idea what I'm doing, I appeal to those who do.

My configuration is as follows:

// named.conf include "/usr/local/etc/namedb/tsig.key"; include "/usr/local/etc/namedb/named.conf.options"; include "/usr/local/etc/namedb/named.conf.local"; include "/usr/local/etc/namedb/named.conf.default-zones"; acl internal-net { localhost; 192.168.0.0/24; }; server ::/0 { bogus yes; }; 
// named.conf.options options { // All file and path names are relative to the chroot directory, // if any, and should be fully qualified. directory "/usr/local/etc/namedb/working"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; allow-query { internal-net; }; allow-query-cache { internal-net; }; allow-recursion { internal-net; }; allow-transfer { none; }; check-names master ignore; check-names slave ignore; check-names response ignore; forwarders { 149.112.121.20; 149.112.122.20; }; }; 
// named.conf.local // // Local configuration goes here // zone "voncorax.internal" { type master; file "/var/lib/named/voncorax.internal.hosts"; allow-update { key tsig-key; }; }; zone "0.168.192.in-addr.arpa" { type master; file "/var/lib/named/0.168.192.rev"; allow-update { key tsig-key; }; };

tsig.key:

key "tsig-key" { algorithm hmac-sha256; secret "Shh! It's a secret!"; };

kea-dhcp4.conf:

{ "Dhcp4": { "valid-lifetime": 300, "interfaces-config": { "interfaces": [ "em0" ] }, "lease-database": { "type": "memfile", "persist": true, "name": "/var/lib/kea/dhcp4.leases" }, "subnet4": [ { "id": 1, "subnet": "192.168.0.0/24", "pools": [ { "pool": "192.168.0.100-192.168.0.254" } ], "option-data": [ { "name": "routers", "data": "192.168.0.1" } ], "reservations": [ { "hw-address": "dc:a6:32:12:2f:d2", "hostname": "dnsbox.voncorax.internal", "ip-address": "192.168.0.2" }, { "hw-address": "b8:ca:3a:7d:69:ad", "hostname": "prometheus.voncorax.internal", "ip-address": "192.168.0.98" } ] } ], "option-data": [ { "name": "domain-name-servers", "data": "192.168.0.97, 192.168.0.2" } ], "loggers": [ { "name": "kea-dhcp4", "output_options": [ { "output": "/var/log/kea-dhcp4.log" } ], "severity": "INFO", "debuglevel": 1 } ], "ddns-send-updates": true, "ddns-qualifying-suffix": "voncorax.internal", "ddns-override-no-update": true, "ddns-override-client-update": true, "dhcp-ddns": { "enable-updates": true, "server-ip": "127.0.0.1" } } }

kea-dhcp-ddns.conf:

{ "DhcpDdns": { "ip-address": "127.0.0.1", "port": 53001, "control-socket": { "socket-type": "unix", "socket-name": "/tmp/kea-ddns-ctrl-socket" }, "tsig-keys": [ { "name": "tsig-key", "algorithm": "hmac-sha256", "secret": "Shh! It's a secret!" } ], "forward-ddns" : { "ddns-domains": [ { "name": "voncorax.internal.", "key-name": "tsig-key", "dns-servers": [ { "ip-address": "192.168.0.97" } ] } ] }, "reverse-ddns" : { "ddns-domains": [ { "name": "0.168.192.in-addr.arpa.", "key-name": "tsig-key", "dns-servers": [ { "ip-address": "192.168.0.97" } ] } ] }, "loggers": [ { "name": "kea-dhcp-ddns", "output_options": [ { "output": "/var/log/kea-ddns.log" } ], "severity": "INFO", "debuglevel": 1 } ] } }

I'm basing my work on Lee Hutchinson's Ars Technica article Doing DNS and DHCP for your LAN the old way—the way that works along with my reading of the BIND 9 and Kea documentation.

Can anyone see what I'm doing wrong?

EDIT: Here is the log output from kea-ddns:

2024-05-28 12:02:48.657 DEBUG [kea-dhcp-ddns.dhcpddns/10658.0xf2290c12000] DHCP_DDNS_CONFIGURE configuration update received: { "control-socket": { "socket-name": "/tmp/kea-ddns-ctrl-socket", "socket-type": "unix" }, "forward-ddns": { "ddns-domains": [ { "dns-servers": [ { "ip-address": "192.168.0.97" } ], "key-name": "tsig-key", "name": "voncorax.internal." } ] }, "ip-address": "127.0.0.1", "loggers": [ { "debuglevel": 10, "name": "kea-dhcp-ddns", "output_options": [ { "output": "/var/log/kea-ddns.log" } ], "severity": "INFO" } ], "port": 53001, "reverse-ddns": { "ddns-domains": [ { "dns-servers": [ { "ip-address": "192.168.0.97" } ], "key-name": "tsig-key", "name": "0.168.192.in-addr.arpa." } ] }, "tsig-keys": [ { "algorithm": "hmac-sha256", "name": "tsig-key", "secret": "*****" } ] } 2024-05-28 12:02:48.657 DEBUG [kea-dhcp-ddns.dctl/10658.0xf2290c12000] DCTL_CONFIG_START parsing new configuration: { "control-socket": { "socket-name": "/tmp/kea-ddns-ctrl-socket", "socket-type": "unix" }, "forward-ddns": { "ddns-domains": [ { "dns-servers": [ { "ip-address": "192.168.0.97" } ], "key-name": "tsig-key", "name": "voncorax.internal." } ] }, "ip-address": "127.0.0.1", "loggers": [ { "debuglevel": 10, "name": "kea-dhcp-ddns", "output_options": [ { "output": "/var/log/kea-ddns.log" } ], "severity": "INFO" } ], "port": 53001, "reverse-ddns": { "ddns-domains": [ { "dns-servers": [ { "ip-address": "192.168.0.97" } ], "key-name": "tsig-key", "name": "0.168.192.in-addr.arpa." } ] }, "tsig-keys": [ { "algorithm": "hmac-sha256", "name": "tsig-key", "secret": "*****" } ] } 2024-05-28 12:02:48.659 INFO [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /tmp/kea-ddns-ctrl-socket 2024-05-28 12:02:48.660 INFO [kea-dhcp-ddns.dctl/10658.0xf2290c12000] DCTL_CONFIG_COMPLETE server has completed configuration: listening on 127.0.0.1, port 53001, using UDP 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.dctl/10658.0xf2290c12000] DCTL_RUN_PROCESS DhcpDdns starting application event loop 2024-05-28 12:02:48.660 INFO [kea-dhcp-ddns.dhcpddns/10658.0xf2290c12000] DHCP_DDNS_STARTED Kea DHCP-DDNS server version 2.4.1 started 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_REGISTERED Command build-report registered 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_REGISTERED Command config-get registered 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_REGISTERED Command config-hash-get registered 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_REGISTERED Command config-reload registered 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_REGISTERED Command config-set registered 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_REGISTERED Command config-test registered 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_REGISTERED Command config-write registered 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_REGISTERED Command shutdown registered 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_REGISTERED Command status-get registered 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_REGISTERED Command version-get registered 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_REGISTERED Command statistic-get registered 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_REGISTERED Command statistic-get-all registered 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_REGISTERED Command statistic-reset registered 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.commands/10658.0xf2290c12000] COMMAND_REGISTERED Command statistic-reset-all registered 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.dhcpddns/10658.0xf2290c12000] DHCP_DDNS_QUEUE_MGR_RECONFIGURING application is reconfiguring the queue manager 2024-05-28 12:02:48.660 DEBUG [kea-dhcp-ddns.dhcpddns/10658.0xf2290c12000] DHCP_DDNS_QUEUE_MGR_STARTED application's queue manager has begun listening for requests.

This isn't an excerpt; that is literally the entirety of what's been logged since I restarted the daemon several days ago.

I won't post the entire log from kea-dhcp4 because it's huge, but it appears that dhcp4 is doing its thing correctly, just not talking to d2. The following is an excerpt from kea-dhcp4.log which appears (to my inexperienced eye) to be all of a piece:

2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.packets/11509.0x1a25f9c12000] DHCP4_BUFFER_RECEIVED received buffer from 192.168.0.98:68 to 192.168.0.97:67 over interface em0 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.options/11509.0x1a25f9c15f00] DHCP4_BUFFER_UNPACK parsing buffer received from 192.168.0.98 to 192.168.0.97 over interface em0 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.packets/11509.0x1a25f9c15f00] DHCP4_PACKET_RECEIVED [hwtype=1 b8:ca:3a:7d:69:ad], cid=[01:b8:ca:3a:7d:69:ad], tid=0xd3f53501: DHCPREQUEST (type 3) received from 192.168.0.98 to 192.168.0.97 on interface em0 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.packets/11509.0x1a25f9c15f00] DHCP4_QUERY_DATA [hwtype=1 b8:ca:3a:7d:69:ad], cid=[01:b8:ca:3a:7d:69:ad], tid=0xd3f53501, packet details: local_address=192.168.0.97:67, remote_address=192.168.0.98:68, msg_type=DHCPREQUEST (3), transid=0xd3f53501, options: type=012, len=010: "prometheus" (string) type=053, len=001: 3 (uint8) type=055, len=010: 1(uint8) 28(uint8) 2(uint8) 121(uint8) 3(uint8) 15(uint8) 6(uint8) 12(uint8) 119(uint8) 26(uint8) type=061, len=007: 01:b8:ca:3a:7d:69:ad 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.dhcpsrv/11509.0x1a25f9c15f00] DHCPSRV_SUBNET4_SELECT_NO_RAI_OPTIONS No RAI options found to use for subnet selection. 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.dhcpsrv/11509.0x1a25f9c15f00] DHCPSRV_SUBNET4_SELECT_NO_RELAY_ADDRESS Relay address (giaddr) in client packet is empty. 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.dhcpsrv/11509.0x1a25f9c15f00] DHCPSRV_CFGMGR_SUBNET4_ADDR selected subnet 192.168.0.0/24 for packet received by matching address 192.168.0.98 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.packets/11509.0x1a25f9c15f00] DHCP4_SUBNET_SELECTED [hwtype=1 b8:ca:3a:7d:69:ad], cid=[01:b8:ca:3a:7d:69:ad], tid=0xd3f53501: the subnet with ID 1 was selected for client assignments 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.packets/11509.0x1a25f9c15f00] DHCP4_SUBNET_DATA [hwtype=1 b8:ca:3a:7d:69:ad], cid=[01:b8:ca:3a:7d:69:ad], tid=0xd3f53501: the selected subnet details: 192.168.0.0/24 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.hosts/11509.0x1a25f9c15f00] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4 reservation for subnet id 1, identified by hwaddr=B8CA3A7D69AD 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.hosts/11509.0x1a25f9c15f00] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: hwaddr=B8CA3A7D69AD 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.hosts/11509.0x1a25f9c15f00] HOSTS_CFG_GET_ALL_IDENTIFIER_HOST using identifier: hwaddr=B8CA3A7D69AD, found host: hwaddr=B8CA3A7D69AD ipv4_subnet_id=1 hostname=prometheus.voncorax.internal ipv4_reservation=192.168.0.98 siaddr=(no) sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none) 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.hosts/11509.0x1a25f9c15f00] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier hwaddr=B8CA3A7D69AD, found 1 host(s) 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.hosts/11509.0x1a25f9c15f00] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_HOST using subnet id 1 and identifier hwaddr=B8CA3A7D69AD, found host: hwaddr=B8CA3A7D69AD ipv4_subnet_id=1 hostname=prometheus.voncorax.internal ipv4_reservation=192.168.0.98 siaddr=(no) sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none) 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.dhcp4/11509.0x1a25f9c15f00] DHCP4_CLASS_ASSIGNED [hwtype=1 b8:ca:3a:7d:69:ad], cid=[01:b8:ca:3a:7d:69:ad], tid=0xd3f53501: client packet has been assigned to the following class(es): KNOWN 2024-05-28 17:25:55.169 DEBUG [kea-dhcp4.dhcp4/11509.0x1a25f9c15f00] DHCP4_CLASS_ASSIGNED [hwtype=1 b8:ca:3a:7d:69:ad], cid=[01:b8:ca:3a:7d:69:ad], tid=0xd3f53501: client packet has been assigned to the following class(es): ALL, KNOWN 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.ddns/11509.0x1a25f9c15f00] DHCP4_CLIENT_HOSTNAME_PROCESS [hwtype=1 b8:ca:3a:7d:69:ad], cid=[01:b8:ca:3a:7d:69:ad], tid=0xd3f53501: processing client's Hostname option 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.ddns/11509.0x1a25f9c15f00] DHCP4_CLIENT_HOSTNAME_DATA [hwtype=1 b8:ca:3a:7d:69:ad], cid=[01:b8:ca:3a:7d:69:ad], tid=0xd3f53501: client sent Hostname option: prometheus 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.ddns/11509.0x1a25f9c15f00] DHCP4_RESERVED_HOSTNAME_ASSIGNED [hwtype=1 b8:ca:3a:7d:69:ad], cid=[01:b8:ca:3a:7d:69:ad], tid=0xd3f53501: server assigned reserved hostname prometheus.voncorax.internal 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.dhcpsrv/11509.0x1a25f9c15f00] DHCPSRV_MEMFILE_GET_CLIENTID obtaining IPv4 leases for client ID 01:b8:ca:3a:7d:69:ad 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.hosts/11509.0x1a25f9c15f00] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS4 get one host with reservation for subnet id 1 and IPv4 address 192.168.0.98 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.hosts/11509.0x1a25f9c15f00] HOSTS_CFG_GET_ALL_ADDRESS4 get all hosts with reservations for IPv4 address 192.168.0.98 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.hosts/11509.0x1a25f9c15f00] HOSTS_CFG_GET_ALL_ADDRESS4_HOST using address 192.168.0.98 found host: hwaddr=B8CA3A7D69AD ipv4_subnet_id=1 hostname=prometheus.voncorax.internal ipv4_reservation=192.168.0.98 siaddr=(no) sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none) 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.hosts/11509.0x1a25f9c15f00] HOSTS_CFG_GET_ALL_ADDRESS4_COUNT using address 192.168.0.98, found 1 host(s) 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.hosts/11509.0x1a25f9c15f00] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS4_HOST using subnet id 1 and address 192.168.0.98, found host: hwaddr=B8CA3A7D69AD ipv4_subnet_id=1 hostname=prometheus.voncorax.internal ipv4_reservation=192.168.0.98 siaddr=(no) sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none) 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.dhcpsrv/11509.0x1a25f9c15f00] DHCPSRV_MEMFILE_GET_ADDR4 obtaining IPv4 lease for address 192.168.0.98 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.alloc-engine/11509.0x1a25f9c15f00] ALLOC_ENGINE_V4_REQUEST_EXTEND_LEASE [hwtype=1 b8:ca:3a:7d:69:ad], cid=[01:b8:ca:3a:7d:69:ad], tid=0xd3f53501: extending lifetime of the lease for address 192.168.0.98 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.dhcpsrv/11509.0x1a25f9c15f00] DHCPSRV_MEMFILE_UPDATE_ADDR4 updating IPv4 lease for address 192.168.0.98 2024-05-28 17:25:55.170 INFO [kea-dhcp4.leases/11509.0x1a25f9c15f00] DHCP4_LEASE_ALLOC [hwtype=1 b8:ca:3a:7d:69:ad], cid=[01:b8:ca:3a:7d:69:ad], tid=0xd3f53501: lease 192.168.0.98 has been allocated for 300 seconds 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.options/11509.0x1a25f9c15f00] DHCP4_PACKET_PACK [hwtype=1 b8:ca:3a:7d:69:ad], cid=[01:b8:ca:3a:7d:69:ad], tid=0xd3f53501: preparing on-wire format of the packet to be sent 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.packets/11509.0x1a25f9c15f00] DHCP4_PACKET_SEND [hwtype=1 b8:ca:3a:7d:69:ad], cid=[01:b8:ca:3a:7d:69:ad], tid=0xd3f53501: trying to send packet DHCPACK (type 5) from 192.168.0.97:67 to 192.168.0.98:68 on interface em0 2024-05-28 17:25:55.170 DEBUG [kea-dhcp4.packets/11509.0x1a25f9c15f00] DHCP4_RESPONSE_DATA [hwtype=1 b8:ca:3a:7d:69:ad], cid=[01:b8:ca:3a:7d:69:ad], tid=0xd3f53501: responding with packet DHCPACK (type 5), packet details: local_address=192.168.0.97:67, remote_address=192.168.0.98:68, msg_type=DHCPACK (5), transid=0xd3f53501, options: type=001, len=004: 4294967040 (uint32) type=003, len=004: 192.168.0.1 type=006, len=008: 192.168.0.97 192.168.0.2 type=012, len=028: "prometheus.voncorax.internal" (string) type=051, len=004: 300 (uint32) type=053, len=001: 5 (uint8) type=054, len=004: 192.168.0.97 type=061, len=007: 01:b8:ca:3a:7d:69:ad

EDIT: I've hacked around with Wireshark a bit (from a Server Fault post) and it appears that kea-dhcp4 is not sending anything to kea-ddns over the lo0 interface. Can anyone suggest why not, or how I can figure out why not?

Improve this question
4
  • Post the logs.... Turn up debugging... Saying it only passing some of the dynamic addresses without any info, does not help us. Secondly, I do not believe any system updates the DNS with reserved data - why should it, it is reserved? Commented May 27, 2024 at 11:46
  • @Bib Okay, give me a few days to read up on Kea and BIND logging - as I said, I have no idea what I'm doing, and depend on questions like yours to guide me toward a solution. Commented May 27, 2024 at 21:16
  • 1
    After much mucking about with .conf files, I've got everything working including the reserved addresses, with one exception which I am willing to ignore, as it is a security alarm panel and thus exempt from the normal rules of civilized behaviour. What I did was to set "ddns-update-on-renew": true in kea-dhcp4.conf, even though the documentation says not to. I intend to beat on things a bit more to determine if this is the fix, and then I shall post my solution as an answer. Commented Jun 7, 2024 at 20:36
  • At present, there are more options to control this. See example in source code here. Commented Mar 31 at 13:53

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.