From owner-freebsd-questions@FreeBSD.ORG Thu Jul 8 20:51:06 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4816C16A4D0 for ; Thu, 8 Jul 2004 20:51:06 +0000 (GMT) Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id B9C6743D1F for ; Thu, 8 Jul 2004 20:51:05 +0000 (GMT) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id A10A625A; Thu, 8 Jul 2004 14:51:04 -0600 (CST) Date: Thu, 8 Jul 2004 14:51:04 -0600 From: Tillman Hodgson To: FreeBSD-Questions Message-ID: <20040708205104.GE37443@seekingfire.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers User-Agent: Mutt/1.5.6i Subject: dhclient.conf and DDNS via TSIG to Bind 9.2.3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jul 2004 20:51:06 -0000 Howdy, I have a backup connection on an ADSL line with an IP address provided by DHCP. My main line, which has static IPs, hosts my Bind 9.2.3 DNS server. I don't have control of the DHCP server for the backup line, it's simply provided by the ISP. I'm using dhclient from -CURRENT on i386, dated June 17 2004. I'd like to have dhclient on the backup line update a DNS entry in one of my zones so that I can always reach my network via the backup line at the same name. I'm following http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html as well as a similar thread from the freebsd hackers lsit from last November: http://groups.google.ca/groups?hl=en&lr=&ie=UTF-8&th=86443cc1d80de8da&rnum=2 I set up the named.conf on the DNS host as follows (IPs aren't mangled ... they're dyanmic, after all :-)): key "adsl.seekingfire.com." { algorithm hmac-md5; secret ""; }; view "us" { match-clients { MyNets; }; // Master zones zone "seekingfire.com" { type master; file "master/seekingfire.com"; allow-transfer { MyNets; AccessComm; }; // for dynamic DNS allow-update { key adsl.seekingfire.com.; }; // Note: I've also tried: //update-policy { // grant adsl.seekingfire.com. name // adsl.seekingfire.com. A TXT; //}; }; And I've set up dhclient.conf as follows: ### Keys and DDNS (see http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html) send fqdn.fqdn "adsl.seekingfire.com."; send fqdn.encoded on; send fqdn.server-update off; key adsl.seekingfire.com. { algorithm HMAC-MD5; secret "; } zone seekingfire.com { key adsl.seekingfire.com.; } interface "xl0" { send dhcp-client-identifier "adsl"; send host-name "adsl"; } When I add "dhclient_flags="-v"" to /etc/rc.conf and run /etc/rc.d/dhclient restart, I get: Releasing DHCP leases: xl0. Starting dhclient. Internet Software Consortium DHCP Client V3.0.1rc12 Copyright 1995-2002 Internet Software Consortium. All rights reserved. For info, please visit http://www.isc.org/products/DHCP Listening on BPF/xl0/00:01:02:2d:17:47 Sending on BPF/xl0/00:01:02:2d:17:47 Sending on Socket/fallback DHCPDISCOVER on xl0 to 255.255.255.255 port 67 interval 6 DHCPOFFER from 64.110.241.254 DHCPREQUEST on xl0 to 255.255.255.255 port 67 DHCPACK from 64.110.241.254 bound to 142.165.192.118 -- renewal in 6982 seconds. xl0: flags=8843 mtu 1500 options=9 inet6 fe80::201:2ff:fe2d:1747%xl0 prefixlen 64 scopeid 0x2 inet 142.165.192.118 netmask 0xffffff00 broadcast 142.165.192.255 ether 00:01:02:2d:17:47 media: Ethernet 10baseT/UTP (10baseT/UTP ) status: active So, yeah, I get my new lease just fine. But it doesn't mention anything about DNS ... and when I run a tcpdump on the adsl host, I don't see any traffic on port 53. It's like it's just ignoring that part of dhclient.conf completely. Is there something I missing or have messed up in my dhclient.conf configuration? -T -- Page 12: Unix is a set of tools for smart people. - Harley Hahn, _The Unix Companion_