Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
DHCPv4 Dynamic DNS (bind9): does it really work?
« previous
next »
Print
Pages: [
1
]
Author
Topic: DHCPv4 Dynamic DNS (bind9): does it really work? (Read 2397 times)
mtltt
Newbie
Posts: 15
Karma: 1
DHCPv4 Dynamic DNS (bind9): does it really work?
«
on:
June 14, 2020, 09:55:01 pm »
Hi,
I tried to set up a DHCPv4 server with Dynamic DNS support (bind9 server included as optional package).
I can't make it work since I ran into several issues:
The rndc-key generated by bind9 is a hmac-sha256; the DHCP Server only allows hmac-sha512 (see:
https://github.com/opnsense/core/issues/4136
).
Error message: security: error: client @0x44c22e2cf68 127.0.0.1#54103: request has invalid signature: TSIG rndc-key: tsig verify failure (BADKEY)
After the workaround it seems that updating the zone files is not allowed because of missing allow-update { key rndc-key; }; in the named.conf.
Error message: update-security: info: client @0x4613802c168 192.168.145.2#54889/key rndc-key: update '[domain]/IN' denied
After manually adding (which is removed by any config change) it seems that there are permission errors since bind9 can't create a journal file in /usr/local/etc/namedb/master since it is owned by root:wheel.
Error message: general: error: /usr/local/etc/namedb/master/[DOMAIN].db.jnl: create: permission denied
After manually changing the owner to bind:wheel it still doesn't seem to work despite no errors in the logs.
When trying to query the added dynamic host the server doesn't respond the IP address.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
DHCPv4 Dynamic DNS (bind9): does it really work?