Domain-Name-System

ISC-DHCP 和 Bind9:反向映射的 DDNS 更新失敗 (NOTAUTH)

  • September 3, 2017

我將 isc-dhcp-server 與此配置一起使用/etc/dhcp/dhcpd.conf

ddns-updates on;
ddns-update-style interim;
include "/etc/bind/rndc.key";
authoritative;
zone bat. {
 primary localhost;
 key rndc-key;
}
zone lan.bat. {
 primary localhost;
 key rndc-key;
}
zone wlan.bat. {
 primary localhost;
 key rndc-key;
}
zone 10.in-addr.arpa. {
 primary localhost;
 key rndc-key;
}
zone 50.10.in-addr.arpa. {
 primary localhost;
 key rndc-key;
}
zone 100.10.in-addr.arpa. {
 primary localhost;
 key rndc-key;
}
subnet 10.50.0.0 netmask 255.255.0.0 {
 range 10.50.100.100 10.50.100.199;
 interface eth0;
 option domain-name-servers 10.50.0.1;
 option domain-name "lan.bat";
 option domain-search "lan.bat", "bat", "wlan.bat";
 option routers 10.50.0.1;
 option broadcast-address 10.50.255.255;
 default-lease-time 600;
 max-lease-time 7200;
}
subnet 10.100.0.0 netmask 255.255.0.0 {
 range 10.100.100.100 10.100.100.199;
 interface wlan0;
 option domain-name-servers 10.100.0.1;
 option domain-name "wlan.bat";
 option domain-search "wlan.bat", "bat", "lan.bat";
 option routers 10.100.0.1;
 option broadcast-address 10.100.255.255;
 default-lease-time 600;
 max-lease-time 7200;
}

和 bind9 用這個/etc/bind/named.conf.local

include "/etc/bind/rndc.key";

zone "bat" {
       type master;
       file "/etc/bind/zones/db.bat.zone";
       notify yes;
       allow-update { key rndc-key; };
};

zone "lan.bat" {
       type master;
       file "/etc/bind/zones/db.lan.bat.zone";
       notify yes;
       allow-update { key rndc-key; };
};

zone "wlan.bat" {
       type master;
       file "/etc/bind/zones/db.wlan.bat.zone";
       notify yes;
       allow-update { key rndc-key; };
};

zone "10.in-addr-arpa" {
       type master;
       file "/etc/bind/zones/db.rev.10.in-addr-arpa.zone";
       allow-update { key rndc-key; };
};

zone "50.10.in-addr-arpa" {
       type master;
       file "/etc/bind/zones/db.rev.50.10.in-addr-arpa.zone";
       allow-update { key rndc-key; };
};

zone "100.10.in-addr-arpa" {
       type master;
       file "/etc/bind/zones/db.rev.100.10.in-addr-arpa.zone";
       allow-update { key rndc-key; };
};

當我與客戶端重新連接以選擇新 IP 時,我的系統日誌說:

Sep  3 07:09:12 alfred named[7393]: client 127.0.0.1#7429/key rndc-key: signer "rndc-key" approved
Sep  3 07:09:12 alfred named[7393]: client 127.0.0.1#7429/key rndc-key: updating zone 'lan.bat/IN': adding an RR at 'batmobil.lan.bat' A 10.50.100.100
Sep  3 07:09:12 alfred named[7393]: client 127.0.0.1#7429/key rndc-key: updating zone 'lan.bat/IN': adding an RR at 'batmobil.lan.bat' TXT "00b1a718622197bea9dacc93e33fb507f8"
Sep  3 07:09:12 alfred dhcpd[7367]: DHCPREQUEST for 10.50.100.100 (10.50.0.1) from 00:16:d3:39:2e:69 (batmobil) via eth0
Sep  3 07:09:12 alfred dhcpd[7367]: DHCPACK on 10.50.100.100 to 00:16:d3:39:2e:69 (batmobil) via eth0
Sep  3 07:09:12 alfred dhcpd[7367]: Added new forward map from batmobil.lan.bat to 10.50.100.100
Sep  3 07:09:12 alfred named[7393]: client 127.0.0.1#7429/key rndc-key: updating zone '10.IN-ADDR.ARPA/IN': update failed: not authoritative for update zone (NOTAUTH)
Sep  3 07:09:12 alfred dhcpd[7367]: DDNS: bad zone information, repudiating zone 50.10.in-addr.arpa.
Sep  3 07:09:12 alfred dhcpd[7367]: DDNS: Failed to retry after zone failure
Sep  3 07:09:12 alfred dhcpd[7367]: Unable to add reverse map from 100.100.50.10.in-addr.arpa. to batmobil.lan.bat: failure

從我的搜尋中,我了解到來自命名的消息update failed: not authoritative for update zone (NOTAUTH)指向不權威的 DHCP 伺服器。即使我相信已經發現了問題(如果我錯了,請告訴我),我無法修復它。所以我的問題是:如何配置 dhcp/bind 以獲得反向映射?

BIND 配置中的區域拼寫錯誤,例如,50.10.in-addr-arpa而不是50.10.in-addr.arpa.

此外,您應該考慮為此目的創建一個單獨的 TSIG 密鑰,而不是rndc在完全不同的上下文中濫用該密鑰。

引用自:https://serverfault.com/questions/871850