isc-dhcp-server

Contents

isc-dhcp-server

About

Internet Systems Consortium, Inc. (ISC) DHCP-Server

Docs

The man-pages provided on the system are great and sufficient.

   1 man 5 dhcp-options
   2 man 5 dhcpd.conf
   3 man 5 dhcpd.leases
   4 man 8 dhcpd

isc-dhcp-server and openvswitch

If you are using ip interfaces on ovs fake bridges to provide a gateway to guest networks, you need some adjustments in the boot order. The dhcp-server is configured to listen on the interfaces of the fake brigdes. The problem is that dhcpd won't start up on boot, if not all interfaces are available and configured. So we need to configure the order to startup the services.

openvswitch-switch
networking
isc-dhcp-server

openvswitch-switch

Is WantedBy = multi-user.target and we need to add network.target to make it start earlier. /lib/systemd/system/openvswitch-switch.service

   1 [Unit]
   2 Description=Open vSwitch
   3 After=openvswitch-nonetwork.service
   4 Requires=openvswitch-nonetwork.service
   5 Before=networking.service
   6 
   7 [Service]
   8 Type=oneshot
   9 ExecStart=/etc/init.d/openvswitch-switch start
  10 ExecStop=/etc/init.d/openvswitch-switch stop
  11 RemainAfterExit=yes
  12 
  13 [Install]
  14 WantedBy=multi-user.target network.target

The dependency between openvswitch-switch and networking is already defined by Before=networking.service.

isc-dhcp-server

Is legacy software that starts with an init-script on the SYSV-compatibility layer. Therefore we need to adjust the Init lsb headers and update SYSV boot dependencies in /etc/rc.*.d. In my case i attached networking to the line # Required-Start:

We need to add the instance openvswitch-switch to Required-Start: /etc/init.d/isc-dhcp-server

   1 ### BEGIN INIT INFO
   2 # Provides:          isc-dhcp-server
   3 # Required-Start:    $remote_fs $network $syslog networking
   4 # Required-Stop:     $remote_fs $network $syslog
   5 # Should-Start:      $local_fs slapd $named
   6 # Should-Stop:       $local_fs slapd
   7 # Default-Start:     2 3 4 5
   8 # Default-Stop:      0 1 6
   9 # Short-Description: DHCP server
  10 # Description:       Dynamic Host Configuration Protocol Server
  11 ### END INIT INFO
  12

Now the links in /etc/rc.*.d have to be updated

   1 update-rc.d openvswitch-switch defaults
   2 update-rc.d isc-dhcp-server defaults
   3 ### CHECK IT WITH
   4 find /etc/rc* \( -name '*isc*' -o -name '*openvswitch*' \)

Dynamic DNS Updates

Generate shared secret

Since Version 4.2.8 isc-dhcp-server supports new TSIG algorithms - let's try them out. https://kb.isc.org/article/AA-01243/0/DHCP-4.2.8b1-Release-Notes.html

- TSIG-authenticated dynamic DNS updates now support the use of these
  additional algorithms: hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
  and hmac-sha512
  [ISC-Bugs #36947]

   1 man dnssec-keygen

Generate the key

For HMAC lenght (-b) must be between 1 and 512 depending on the algorithm.
Random numbers are perceived per default for /dev/random, but you can also use /dev/urandom or keyboard
HMAC-Algorithms are symmetric, so the .private and .key file contain both the same string.

   1 dnssec-keygen -a HMAC-SHA512 -b 512 -n USER DHCP_UPDATER

Configure isc-dhcp-server

algorithm (should be a FQDN with a terminating ".", but the configuration file parser will add both if you left them out.)

   1 key DHCP_UPDATER {
   2         algorithm       HMAC-SHA512.SIG-ALG.REG.INT.;
   3         secret          "KeyExtractedFromPrivateFile==";
   4 };

/etc/dhcp/dhcpd.conf

   1 # dhcpd.conf
   2 #
   3 # Configuration file for ISC dhcpd for Debian
   4 #
   5 
   6 # The ddns-updates-style parameter controls whether or not the server will
   7 # attempt to do a DNS update when a lease is confirmed. We default to the
   8 # behavior of the version 2 packages ('none', since DHCP v2 didn't
   9 # have support for DDNS.)
  10 ddns-update-style       standard;       #Default none, standard, interim, ad-hoc no longer supported
  11 ddns-updates            on;             #Default on
  12 do-forward-updates      on;             #Default on 
  13 ### DO NOT PERFORM DNS UPDATES WITH EVERY RENEW (DISABLED DURING TESTING)
  14 #update-optimization     false;          #Default on
  15 update-static-leases    on;             #Default off
  16 allow                   client-updates; #Default on 
  17 ### USE NAMES DECLARED IN STATIC HOST DECLARATIONS
  18 ### DURING DDNS UPDATES INSTEAD OF CLIENT-PROVIDED DDNS-HOSTNAME
  19 ### AND SEND THIS HOSTNAME TO CLIENT (USEFUL DURING INSTALLATIONS)
  20 use-host-decl-names     on;             #Default unknown
  21 
  22 default-lease-time              3600;
  23 max-lease-time                  14400;
  24 
  25 # If this DHCP server is the official DHCP server for the local
  26 # network, the authoritative directive should be uncommented.
  27 authoritative;
  28 
  29 # Use this to send dhcp log messages to a different log file (you also
  30 # have to hack syslog.conf to complete the redirection).
  31 log-facility local7;
  32 
  33 
  34 ### DYNAMIC DNS SETUP
  35 #key DHCP_UPDATER {
  36 #       algorithm       HMAC-MD5.SIG-ALG.REG.INT.;
  37 #       secret          "ShortMD5Secret";
  38 #};
  39 
  40 key DHCP_UPDATER {
  41         algorithm       HMAC-SHA512.SIG-ALG.REG.INT.;
  42         secret          LogSHA512Secret==;
  43 };
  44 
  45 ### ZONES
  46 
  47 ### KVM2
  48 zone 1a.rockstable.it. {
  49         primary                 127.0.0.1;
  50         key                     DHCP_UPDATER;
  51 }
  52 
  53 zone 1n.rockstable.it. {
  54         primary                 127.0.0.1;
  55         key                     DHCP_UPDATER;
  56 }
  57 
  58 zone 2a.rockstable.it. {
  59         primary                 127.0.0.1;
  60         key                     DHCP_UPDATER;
  61 }
  62 
  63 zone 2n.rockstable.it. {
  64         primary                 127.0.0.1;
  65         key                     DHCP_UPDATER;
  66 }
  67 
  68 ### FOR ARPA ZONES RANGES OR CIDR MAY BE ALSO USED LIKE
  69 ###zone 0-255.18.172.in-addr.arpa. {
  70 ###zone 64/24.18.172.in-addr.arpa. {
  71 zone 0.18.172.in-addr.arpa. {
  72         primary                 127.0.0.1;
  73         key                     DHCP_UPDATER;
  74 }
  75 
  76 zone 64.18.172.in-addr.arpa. {
  77         primary                 127.0.0.1;
  78         key                     DHCP_UPDATER;
  79 }
  80 
  81 zone 128.18.172.in-addr.arpa. {
  82         primary                 127.0.0.1;
  83         key                     DHCP_UPDATER;
  84 }
  85 
  86 zone 192.18.172.in-addr.arpa. {
  87         primary                 127.0.0.1;
  88         key                     DHCP_UPDATER;
  89 }
  90 
  91 ###KVM2
  92 group kvm2 {
  93         option domain-name              "rockstable.it";
  94         option domain-name-servers      ns3.rockstable.org, ns2.rockstable.org;
  95         option domain-search            "2n.rockstable.it", "2a.rockstable.it",
  96                                         "1n.rockstable.it", "1a.rockstable.it",
  97                                         "rockstable.it";
  98 
  99         ### SUBNET DECLARATIONS
 100         ### INTERFACE OVS-1A (VLAN 1000)
 101         subnet 172.18.0.0 netmask 255.255.255.0 {
 102                 ddns-domainname                 "1a.rockstable.it";
 103                 range                           172.18.0.128    172.18.0.254;
 104                 option domain-name              "1a.rockstable.it";
 105                 option domain-name-servers      router.1a.rockstable.it,
 106                                                 ns3.rockstable.org,
 107                                                 ns2.rockstable.org;
 108                 option routers                  router.1a.rockstable.it;
 109         }
 110 
 111         ### INTERFACE OVS-1N (VLAN 1500)
 112         subnet 172.18.64.0 netmask 255.255.255.0 {
 113                 ddns-domainname                 "1n.rockstable.it";
 114                 range                           172.18.64.128   172.18.64.254;
 115                 option domain-name              "1n.rockstable.it";
 116                 option domain-name-servers      router.1n.rockstable.it,
 117                                                 ns3.rockstable.org,
 118                                                 ns2.rockstable.org;
 119                 option routers                  router.1n.rockstable.it;
 120         }
 121 
 122         ### INTERFACE OVS-2A (VLAN 2000)
 123         subnet 172.18.128.0 netmask 255.255.255.0 {
 124                 ddns-domainname                 "2a.rockstable.org";
 125                 range                           172.18.128.128  172.18.128.254;
 126                 option domain-name              "2a.rockstable.it";
 127                 option domain-name-servers      router.2a.rockstable.it,
 128                                                 ns3.rockstable.org,
 129                                                 ns2.rockstable.org;
 130                 option routers                  router.2a.rockstable.it;
 131         }
 132 
 133         ### INTERFACE OVS-2N (VLAN 2500)
 134         subnet 172.18.192.0 netmask 255.255.255.0 {
 135                 ddns-domainname                 "2n.rockstable.it";
 136                 range                           172.18.192.128  172.18.192.254;
 137                 option domain-name              "2n.rockstable.it";
 138                 option domain-name-servers      router.2n.rockstable.it,
 139                                                 ns3.rockstable.org,
 140                                                 ns2.rockstable.org;
 141                 option routers                  router.2n.rockstable.it;
 142         }
 143 
 144         group 1n {
 145                 ddns-domainname                 "1n.rockstable.it";
 146 
 147                 ### HOST DECLARATIONS
 148                 ### GIT
 149                 host git1.1n {
 150                         hardware ethernet               52:54:00:00:00:01;
 151                         fixed-address                   172.18.0.11;
 152                 }
 153 
 154                 #host git-run1.1n {
 155                 #       hardware ethernet               52:54:00:00:00:02;
 156                 #       fixed-address                   172.18.72.21;
 157                 #}
 158 
 159                 #host git-run2.1n {
 160                 #       hardware ethernet               52:54:00:00:00:03;
 161                 #       fixed-address                   172.18.72.22;
 162                 #}
 163 
 164                 host mx1.1n {
 165                         hardware ethernet               52:54:00:00:00:04;
 166                         fixed-address                   172.18.0.41;
 167                 }
 168 
 169                 host wiki1.1n {
 170                         hardware ethernet               52:54:00:00:00:05;
 171                         fixed-address                   172.18.0.31;
 172                 }
 173 
 174                 host www2.1n {
 175                         hardware ethernet               52:54:00:00:00:06;
 176                         fixed-address                   172.18.0.32;
 177                 }
 178         }
 179 }

Some notes on dhcpd.conf

Host-declarations should reside in global scope (not in subnet)
Groups can be nested and inherit from each other.
For DDNS to work isc-dhcp-server needs information which zone a host is assigned to. This can be achieved by using ddns-domainname (may in a wrapping group). If dhcpd does not initiate a DNS update, it was probably notz able to find out which zone a host should be assigned to.
For statically defined hosts the client-specified ddns-hostname = gethostname() is superseeded by the name that was declared in host-declaration, if use-host-decl-names is enabled.
There is no super debug-level, information in syslog is sufficient.

Check dhcpd.conf

Always check isc-dhcp-server config after a change!

   1 dhcpd -t

List dynamic dhcp-leases

Unfortunately statically addressed leased cannot be displayed, as they are not stored in /var/lib/dhcp/dhcpd.leases.

To see interface-card manufacturer

   1 aptitude install ieee-data
   2 pushd /usr/share/misc;
   3 ln -s ../ieee-data/oui.txt;
   4 popd

   1 dhcp-lease-list --all
   2 Reading leases from /var/lib/dhcp/dhcpd.leases
   3 MAC                IP              hostname       valid until         manufacturer        
   4 ===============================================================================================
   5 52:54:00:00:00:01  172.18.0.128    -NA-           2019-07-01 14:56:57 
   6 52:54:00:00:00:02  172.18.0.129    -NA-           2019-07-01 18:27:46

Configure bind9

There is a small tool that can help to generate a ddns configuration for bind9

   1 host # ddns-confgen
   2 # To activate this key, place the following in named.conf, and
   3 # in a separate keyfile on the system or systems from which nsupdate
   4 # will be run:
   5 key "ddns-key" {
   6         algorithm hmac-sha256;
   7         secret "GEFaX01eF/DdUicA+WQviHFq+airvu5w59sg3AA2LJ0=";
   8 };
   9 
  10 # Then, in the "zone" statement for each zone you wish to dynamically
  11 # update, place an "update-policy" statement granting update permission
  12 # to this key.  For example, the following statement grants this key
  13 # permission to update any name within the zone:
  14 update-policy {
  15         grant ddns-key zonesub ANY;
  16 };
  17 
  18 # After the keyfile has been placed, the following command will
  19 # execute nsupdate using this key:
  20 nsupdate -k <keyfile>

How isc-bind9 checks its algorithms: lib/bind9/check.c:2172:bind9_check_key

   1           static const algorithmtable algorithms[] = {
   2                   { "hmac-md5", 128 },
   3                   { "hmac-md5.sig-alg.reg.int", 0 },
   4                   { "hmac-md5.sig-alg.reg.int.", 0 },
   5                   { "hmac-sha1", 160 },
   6                   { "hmac-sha224", 224 },
   7                   { "hmac-sha256", 256 },
   8                   { "hmac-sha384", 384 },
   9                   { "hmac-sha512", 512 },
  10                   {  NULL, 0 }
  11           };

Configure named.conf.local

so an algorithm with fqdn (like in dhcpd.conf) will not work

   1 key DHCP_UPDATER {
   2         algorithm       HMAC-SHA512;
   3         secret          "KeyExtractedFromPrivateFile==";
   4 };
   5 
   6 zone "16.172.in-addr.arpa" {
   7         type                    master;
   8         file                    "/var/lib/bind/zones/db.16.172";
   9         update-policy {
  10                 grant DHCP_UPDATER      zonesub ANY;
  11         };
  12         allow-query             { dmz; localhost; };                    # { address_match_list };
  13         allow-query-on          { 172.17.0.1; localhost;};              # { address_match_list };
  14 };
  15 
  16 zone "17.172.in-addr.arpa" {
  17         type                    master;
  18         file                    "/var/lib/bind/zones/db.17.172";
  19         update-policy {
  20                 grant DHCP_UPDATER      zonesub ANY;
  21         };
  22         allow-query             { inside; localhost; };                 # { address_match_list };
  23         allow-query-on          { 172.17.0.1; localhost;};              # { address_match_list };
  24 };
  25 
  26 zone "dmz.rockstable.org" {
  27         type                    master;
  28         masterfile-format       text;                                   # (text|raw)
  29         file                    "/var/lib/bind/zones/db.org.rockstable.dmz";
  30         journal                 "/var/lib/bind/journal/db.org.rockstable.dmz.jnl";      # string ;
  31         allow-query             { dmz; inside; localhost; };            # { address_match_list };
  32         allow-query-on          { 172.16.0.1; 172.17.0.1; localhost;};  # { address_match_list };
  33         update-policy   {
  34                 grant DHCP_UPDATER      zonesub ANY;
  35         };
  36         check-names             warn;                                   # (warn|fail|ignore) ;
  37         check-mx                warn;                                   # (warn|fail|ignore) ;
  38         check-wildcard          yes;                                    # yes_or_no;
  39         check-integrity         yes;                                    # yes_or_no ;
  40         notify                  yes;                                    # yes_or_no | explicit | master-only ;
  41         zone-statistics         yes;                                    # yes_or_no ;
  42 };
  43 
  44 zone "inside.rockstable.org" {
  45         type                    master;
  46         masterfile-format       text;                                   # (text|raw)
  47         file                    "/var/lib/bind/zones/db.org.rockstable.inside";         # string ;
  48         journal                 "/var/lib/bind/journal/db.org.rockstable.inside.jnl";   # string ;
  49         update-policy   {
  50                 grant DNS_REPLICATOR    zonesub ANY;
  51                 grant DHCP_UPDATER      zonesub ANY;
  52         };
  53         allow-query             { inside; localhost; };                 # { address_match_list };
  54         allow-query-on          { 172.17.0.1; localhost;};              # { address_match_list };
  55         check-names             warn;                                   # (warn|fail|ignore) ;
  56         check-mx                warn;                                   # (warn|fail|ignore) ;
  57         check-wildcard          yes;                                    # yes_or_no;
  58         check-integrity         yes;                                    # yes_or_no ;
  59         notify                  yes;                                    # yes_or_no | explicit | master-only ;
  60         zone-statistics         yes;                                    # yes_or_no ;
  61 };

Check bind9 config

   1 named-checkconf

This is an excerpt of what i have in my /etc/bind/named.conf.logging concerning ddns updates:

   1 logging {
   2         channel update_debug {
   3                 file            "/var/log/bind/update-debug.log" versions 10 size 10m;
   4                 severity        debug   3;
   5                 print-category  yes;
   6                 print-severity  yes;
   7                 print-time      yes;
   8         };
   9 
  10         category update         { update_debug; };
  11 };

Test

Attach to logs

   1 tail -f /var/log/dhcpd.log /var/log/bind/update-debug.log

Restart services

   1 systemctl restart bind9
   2 systemctl restart isc-dhcp-server.service

You can raise the loglevel during the tests

   1 # rndc debug 8
   2

Test it by releasing ip from interface and requesting a new dhcp-lease

   1 ip addr del 172.17.181.143/16 dev ens3
   2 dhclient ens3

And it works even with the long SHA2 signatures.

   1 20-Jul-2017 23:30:25.712 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': prerequisites are OK
   2 20-Jul-2017 23:30:25.712 update: info: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': update failed: rejected by secure update (REFUSED)
   3 20-Jul-2017 23:30:25.712 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': rolling back
   4 20-Jul-2017 23:30:30.625 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': prerequisites are OK
   5 20-Jul-2017 23:30:30.626 update: info: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': update failed: rejected by secure update (REFUSED)
   6 20-Jul-2017 23:30:30.626 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': rolling back
   7 20-Jul-2017 23:30:30.791 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': prerequisites are OK
   8 20-Jul-2017 23:30:30.791 update: info: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': update failed: rejected by secure update (REFUSED)
   9 20-Jul-2017 23:30:30.791 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': rolling back
  10 20-Jul-2017 23:33:12.116 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': prerequisites are OK
  11 20-Jul-2017 23:33:12.116 update: info: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': update failed: rejected by secure update (REFUSED)
  12 20-Jul-2017 23:33:12.116 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': rolling back
  13 20-Jul-2017 23:36:24.076 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': prerequisites are OK
  14 20-Jul-2017 23:36:24.076 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': update section prescan OK
  15 20-Jul-2017 23:36:24.076 update: info: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': adding an RR at 'www1.inside.rockstable.org' A 172.17.181.143
  16 20-Jul-2017 23:36:24.076 update: info: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': adding an RR at 'www1.inside.rockstable.org' TXT "0041e742142b95b84c48c66835a0bf3e6b"
  17 20-Jul-2017 23:36:24.076 update: debug 3: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': checking for NSEC3PARAM changes
  18 20-Jul-2017 23:36:24.076 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': writing journal /var/lib/bind/journal/db.org.rockstable.inside.jnl
  19 20-Jul-2017 23:36:24.223 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': committing update transaction
  20 20-Jul-2017 23:36:24.265 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone '17.172.in-addr.arpa/IN': prerequisites are OK
  21 20-Jul-2017 23:36:24.265 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone '17.172.in-addr.arpa/IN': update section prescan OK
  22 20-Jul-2017 23:36:24.265 update: info: client 127.0.0.1#7440/key dhcp_updater: updating zone '17.172.in-addr.arpa/IN': deleting rrset at '143.181.17.172.in-addr.arpa' PTR
  23 20-Jul-2017 23:36:24.265 update: info: client 127.0.0.1#7440/key dhcp_updater: updating zone '17.172.in-addr.arpa/IN': adding an RR at '143.181.17.172.in-addr.arpa' PTR www1.inside.rockstable.org.
  24 20-Jul-2017 23:36:24.265 update: debug 3: client 127.0.0.1#7440/key dhcp_updater: updating zone '17.172.in-addr.arpa/IN': checking for NSEC3PARAM changes
  25 20-Jul-2017 23:36:24.265 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone '17.172.in-addr.arpa/IN': writing journal /var/lib/bind/zones/db.17.172.jnl
  26 20-Jul-2017 23:36:24.437 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone '17.172.in-addr.arpa/IN': committing update transaction
  27 21-Jul-2017 00:02:07.954 update: info: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': update unsuccessful: www1.inside.rockstable.org: 'name not in use' prerequisite not satisfied (YXDOMAIN)
  28 21-Jul-2017 00:02:07.954 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': rolling back
  29 21-Jul-2017 00:02:08.014 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': prerequisites are OK
  30 21-Jul-2017 00:02:08.014 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': update section prescan OK
  31 21-Jul-2017 00:02:08.014 update: info: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': deleting rrset at 'www1.inside.rockstable.org' A
  32 21-Jul-2017 00:02:08.014 update: info: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': adding an RR at 'www1.inside.rockstable.org' A 172.17.128.1
  33 21-Jul-2017 00:02:08.014 update: debug 3: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': checking for NSEC3PARAM changes
  34 21-Jul-2017 00:02:08.014 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': writing journal /var/lib/bind/journal/db.org.rockstable.inside.jnl
  35 21-Jul-2017 00:02:08.108 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone 'inside.rockstable.org/IN': committing update transaction
  36 21-Jul-2017 00:02:08.109 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone '17.172.in-addr.arpa/IN': prerequisites are OK
  37 21-Jul-2017 00:02:08.109 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone '17.172.in-addr.arpa/IN': update section prescan OK
  38 21-Jul-2017 00:02:08.109 update: info: client 127.0.0.1#7440/key dhcp_updater: updating zone '17.172.in-addr.arpa/IN': deleting rrset at '1.128.17.172.in-addr.arpa' PTR
  39 21-Jul-2017 00:02:08.109 update: info: client 127.0.0.1#7440/key dhcp_updater: updating zone '17.172.in-addr.arpa/IN': adding an RR at '1.128.17.172.in-addr.arpa' PTR www1.inside.rockstable.org.
  40 21-Jul-2017 00:02:08.109 update: debug 3: client 127.0.0.1#7440/key dhcp_updater: updating zone '17.172.in-addr.arpa/IN': checking for NSEC3PARAM changes
  41 21-Jul-2017 00:02:08.109 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone '17.172.in-addr.arpa/IN': writing journal /var/lib/bind/zones/db.17.172.jnl
  42 21-Jul-2017 00:02:08.195 update: debug 8: client 127.0.0.1#7440/key dhcp_updater: updating zone '17.172.in-addr.arpa/IN': committing update transaction

Configurations

Services

Sports

Navigation

isc-dhcp-server

About

Docs

isc-dhcp-server and openvswitch

openvswitch-switch

isc-dhcp-server

Dynamic DNS Updates

Generate shared secret

Configure isc-dhcp-server

Some notes on dhcpd.conf

Check dhcpd.conf

List dynamic dhcp-leases

Configure bind9

Test