EnGarde Secure Linux

[jetberrocal]

I need help to configure DHCP DNS integration.
Meaning to have the DHCP to update the DNS when ever it refresh or assign the IP to a client.

I included my dhcpd.conf and named.conf for inspection.
Is it something wrong or missing that I need for the updates to happen?

Engarde is running version 3.0.22

My network is:

Windows XP Client 192.168.1.151 DHCP Assign
|
^
Inside LAN 192.168.1.0/24
|
^
Engarde Inside NIC 192.168.1.75 Static IP, DHCP Server enabled
|||
Engarde Outside NIC 192.168.0.75 Static IP
|
^
Outside LAN 192.168.0.0/24 Static and DHCP assign by other DHCP server
|
^
Linksys Router Inside IP 192.168.0.90 Static IP
Linksys Router Outside IP Internet Static ISP Provider Assigned


My /etc/dhcpd.conf :
____________________________________________________

authoritative;
ddns-domainname "engnet.com.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;
ddns-updates on;
ignore client-updates;
allow unknown-clients;

key "rndc-key" {
algorithm hmac-md5;
secret "bF+l8xBFIDndq+QU5qhjkYEZMUJiBRa40clj8DCcuI2 ....";
};

zone engnet.com. {
primary 127.0.0.1;
key rndc-key;
}

subnet 192.168.1.0 netmask 255.255.255.0 {
### RangeID 1
option routers 192.168.1.75;
option subnet-mask 255.255.255.0;

option domain-name "engnet.com";
option domain-name-servers 192.168.1.75;

range 192.168.1.100 192.168.1.250;

default-lease-time 43200;
max-lease-time 86400;

zone 1.168.192.in-addr.arpa. {
primary 127.0.0.1;
key rndc-key;
}

}

_______________________________________________________
[end dhcpd.conf]


My /var/chroot/named/etc/named.conf :

_______________________________________________________
// This is a configuration file for named (from BIND 8.1 or later).
// It would normally be installed as /etc/named.conf.

controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};

include "/etc/rndc.key";

options {
# This was added for security purposes under BIND 9.
version "None of your business.";


directory "/var/named";
dump-file "/var/tmp/named_dump.db"; // _PATH_DUMPFILE
pid-file "/var/run/named.pid"; // _PATH_PIDFILE
statistics-file "/var/tmp/named.stats"; // _PATH_STATS
memstatistics-file "/var/tmp/named.memstats"; // _PATH_MEMSTATS

check-names master warn;
check-names slave warn;
check-names response warn;
notify yes;
datasize 20M;
allow-transfer {
any;
};
allow-query {
any;
};
forward only;
listen-on {
192.168.1.75;
};
forwarders {
192.168.0.80;
192.168.0.20;
192.168.0.1;
};
};


logging {
category lame-servers { null; };
category cname { null; };

// Configure default level of application debugging
channel named_debug {
file "/var/log/named.debug.log" versions 3 size 10m;
severity debug 4;
print-time yes;
print-category yes;
};
category default {
default_syslog; default_debug; named_debug;
};

// Send operating system problem messages to named.debug log
channel os_info {
severity debug;
file "/var/log/named.os.log" versions 3 size 5m;
print-time yes;
print-category yes;
};
category os { os_info; default_syslog; named_debug; };

// Record all queries to the box for now
// channel query_info {
// severity info;
// file "/var/log/named.query.log" versions 3 size 5m;
// print-time yes;
// print-category yes;
// };
// category queries { query_info; named_debug; };

// Print all security-related messages to named.security file
channel security_info {
severity debug;
file "/var/log/named.security.log" versions 3 size 5m;
print-time yes;
print-category yes;
};
category security { security_info; default_syslog; default_debug; };

// Print negative caching messages to named.cache.log
channel cache_info {
severity debug;
file "/var/log/named.cache.log" versions 3 size 5m;
print-time yes;
print-category yes;
};
category ncache { cache_info; default_syslog; default_debug; };

// Print any fatal problems to named.fatal.log
channel panic_info {
severity debug;
file "/var/log/named.panic.log" versions 3 size 5m;
print-time yes;
print-category yes;
};
category panic { panic_info; default_syslog; default_debug; };

// Print statistics information to named.stats.log
channel stats_info {
severity debug;
file "/var/log/named.stats.log" versions 3 size 5m;
print-time yes;
print-category yes;
};
category statistics { stats_info; };

channel response_info {
null;
};
category response-checks { response_info; };

};

zone "localhost" {
type master;
file "master/localhost";
check-names fail;
allow-update { none; };
allow-transfer { any; };
};

zone "0.0.127.in-addr.arpa" {
type master;
file "master/127.0.0";
allow-update { none; };
allow-transfer { any; };
};

zone "." {
type hint;
file "named.root";
};


zone "engnet.com." {
type master;
file "master/db.engnet.com.";
allow-query {
any;
};
allow-transfer {
any;
};
allow-update {
any;
};
};

zone "1.168.192.in-addr.arpa." {
type master;
file "master/db.1.168.192.in-addr.arpa.";
allow-query {
any;
};
allow-transfer {
any;
};
allow-update {
any;
};
};

_______________________________________________________
[end named.conf]

[jetberrocal]

Is there any other info needed, in order to help me

Jose

[Dave]

Hi,

You haven't really told us what you have done to make it work. What is the actual problem? What do the error logs say? Have you tried tcpdump to see if you are communicating with your dhcp server from the client? What clients are you using?

Read this HOWTO, written quite a while ago, but still highly recommended:

http://www.linuxquestions.org/linux/ans ... rver_Howto

Regards,
Dave

[jetberrocal]

Hi,

You haven't really told us what you have done to make it work. What is the actual problem? What do the error logs say? Have you tried tcpdump to see if you are communicating with your dhcp server from the client? What clients are you using?

Read this HOWTO, written quite a while ago, but still highly recommended:

http://www.linuxquestions.org/linux/ans ... rver_Howto

Regards,
Dave

Hi Dave,

Answering your questions in the hope that you could help me solve this problem:

[You haven't really told us what you have done to make it work.] By inspecting the dhcpd.conf and named.conf provided can be seen that I already added the:

dhcpd.conf:
ddns-update-style interim;
ddns-updates on;
etc ..

named.conf:
allow-update {
any;
};

[What is the actual problem?] I need help to configure DHCP DNS integration. Meaning to have the DHCP to update the DNS when ever it refresh or assign the IP to a client.

[What do the error logs say?]

At first there were no dhcpd/named error related logs for some time, now I am getting the following errors:

Filter by dhcpd:

Mar 25 09:48:34 engarde dhcpd: DHCPOFFER on 192.168.1.203 to 00:0c:29:c5:cc:62 (BATCH-HIST) via eth2
Mar 25 09:48:34 engarde dhcpd: Unable to add forward map from BATCH-HIST.engnet.com. to 192.168.1.203: connection refused
Mar 25 09:48:34 engarde dhcpd: DHCPREQUEST for 192.168.1.203 (192.168.1.75) from 00:0c:29:c5:cc:62 (BATCH-HIST) via eth2
Mar 25 09:48:34 engarde dhcpd: DHCPACK on 192.168.1.203 to 00:0c:29:c5:cc:62 (BATCH-HIST) via eth2
Mar 25 09:53:22 engarde dhcpd: DHCPDISCOVER from 00:0c:29:33:f1:94 via eth2
Mar 25 09:53:23 engarde dhcpd: DHCPOFFER on 192.168.1.158 to 00:0c:29:33:f1:94 (BATCH-EXEC) via eth2
Mar 25 09:53:23 engarde dhcpd: Unable to add forward map from BATCH-EXEC.engnet.com. to 192.168.1.158: connection refused
Mar 25 09:53:23 engarde dhcpd: DHCPREQUEST for 192.168.1.158 (192.168.1.75) from 00:0c:29:33:f1:94 (BATCH-EXEC) via eth2
Mar 25 09:53:23 engarde dhcpd: DHCPACK on 192.168.1.158 to 00:0c:29:33:f1:94 (BATCH-EXEC) via eth2
Mar 25 10:42:38 engarde dhcpd: Unable to add forward map from BackupServer.engnet.com. to 192.168.1.160: connection refused
Mar 25 10:42:38 engarde dhcpd: Wrote 10 leases to leases file.
Mar 25 10:42:39 engarde dhcpd: DHCPREQUEST for 192.168.1.160 from 00:0c:29:53:f9:b9 (BackupServer) via eth2
Mar 25 10:42:39 engarde dhcpd: DHCPACK on 192.168.1.160 to 00:0c:29:53:f9:b9 (BackupServer) via eth2
Mar 25 10:54:30 engarde dhcpd: Unable to add forward map from service2.engnet.com. to 192.168.1.152: connection refused
Mar 25 10:54:30 engarde dhcpd: DHCPREQUEST for 192.168.1.152 from 00:04:75:d3:9f:27 (service2) via eth2
Mar 25 10:54:30 engarde dhcpd: DHCPACK on 192.168.1.152 to 00:04:75:d3:9f:27 (service2) via eth2
Mar 25 10:54:38 engarde dhcpd: Unable to add forward map from SERVICE1.engnet.com. to 192.168.1.151: connection refused
Mar 25 10:54:38 engarde dhcpd: DHCPREQUEST for 192.168.1.151 from 00:10:b5:91:72:18 (SERVICE1) via eth2
Mar 25 10:54:38 engarde dhcpd: DHCPACK on 192.168.1.151 to 00:10:b5:91:72:18 (SERVICE1) via eth2
Mar 25 11:39:43 engarde dhcpd: DHCPINFORM from 192.168.1.160 via eth2
Mar 25 11:39:43 engarde dhcpd: DHCPACK to 192.168.1.160 (00:0c:29:53:f9:b9) via eth2
Mar 25 11:42:31 engarde dhcpd: DHCPINFORM from 192.168.1.159 via eth2
Mar 25 11:42:31 engarde dhcpd: DHCPACK to 192.168.1.159 (00:0c:29:78:dd:c7) via eth2

Filter by named:

Mar 25 09:48:18 engarde named[3399]: master/db.1.168.192.in-addr.arpa..jnl: open: permission denied
Mar 25 09:48:18 engarde named[3399]: client 192.168.1.159#64320: updating zone '1.168.192.in-addr.arpa/IN': error: journal open failed: unexpected error
Mar 25 09:50:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': deleting an RR
Mar 25 09:50:32 engarde named[3399]: master/db.1.168.192.in-addr.arpa..jnl: open: permission denied
Mar 25 09:50:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': error: journal open failed: unexpected error
Mar 25 09:50:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': deleting rrset at '155.1.168.192.in-addr.arpa' PTR
Mar 25 09:50:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '155.1.168.192.in-addr.arpa' PTR
Mar 25 09:50:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '155.1.168.192.in-addr.arpa' PTR
Mar 25 09:55:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': deleting an RR
Mar 25 09:55:32 engarde named[3399]: master/db.1.168.192.in-addr.arpa..jnl: open: permission denied
Mar 25 09:55:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': error: journal open failed: unexpected error
Mar 25 09:55:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': deleting rrset at '155.1.168.192.in-addr.arpa' PTR
Mar 25 09:55:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '155.1.168.192.in-addr.arpa' PTR
Mar 25 09:55:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '155.1.168.192.in-addr.arpa' PTR
Mar 25 09:58:18 engarde named[3399]: client 192.168.1.159#55763: updating zone '1.168.192.in-addr.arpa/IN': deleting rrset at '159.1.168.192.in-addr.arpa' PTR
Mar 25 09:58:18 engarde named[3399]: client 192.168.1.159#55763: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '159.1.168.192.in-addr.arpa' PTR
Mar 25 09:58:18 engarde named[3399]: master/db.1.168.192.in-addr.arpa..jnl: open: permission denied
Mar 25 09:58:18 engarde named[3399]: client 192.168.1.159#55763: updating zone '1.168.192.in-addr.arpa/IN': error: journal open failed: unexpected error
Mar 25 10:03:18 engarde named[3399]: client 192.168.1.159#64332: updating zone '1.168.192.in-addr.arpa/IN': deleting rrset at '159.1.168.192.in-addr.arpa' PTR
Mar 25 10:03:18 engarde named[3399]: client 192.168.1.159#64332: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '159.1.168.192.in-addr.arpa' PTR
Mar 25 10:03:18 engarde named[3399]: master/db.1.168.192.in-addr.arpa..jnl: open: permission denied
Mar 25 10:03:18 engarde named[3399]: client 192.168.1.159#64332: updating zone '1.168.192.in-addr.arpa/IN': error: journal open failed: unexpected error
Mar 25 10:55:33 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': deleting an RR
Mar 25 10:55:33 engarde named[3399]: master/db.1.168.192.in-addr.arpa..jnl: open: permission denied
Mar 25 10:55:33 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': error: journal open failed: unexpected error
Mar 25 10:55:33 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': deleting rrset at '155.1.168.192.in-addr.arpa' PTR
Mar 25 10:55:33 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '155.1.168.192.in-addr.arpa' PTR
Mar 25 10:55:33 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '155.1.168.192.in-addr.arpa' PTR
Mar 25 11:03:19 engarde named[3399]: client 192.168.1.159#57776: updating zone '1.168.192.in-addr.arpa/IN': deleting rrset at '159.1.168.192.in-addr.arpa' PTR
Mar 25 11:03:19 engarde named[3399]: client 192.168.1.159#57776: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '159.1.168.192.in-addr.arpa' PTR

[Have you tried tcpdump to see if you are communicating with your dhcp server from the client? What clients are you using?]
I am new to Linux and Engarde. I do not even know that (tcpdump) exists or how to use it.
Also I though that it was clear from "My Network is" description that the clients are getting their IP assigned by DHCP and that were Windows Clients


I hope this has made the problem more clear!
Thanks for inquiring.

Jose

PS: In my opinion this feature (DHCP/DNS updates) should be included as part of the provided Web Configurator on any package, it even should be the default behavior between DHCP and DNS services.

[jetberrocal]

From the named logs we see there is a permission denied error when trying to open the .jnl files.
So I am including the files permission setting of the .jnl for more info, so anyone may help me solve the problem.
The process list is below it.

Still waiting for help;

Jose T.

[root@engarde named]# ls -la
total 56
drwxr-xr-x 4 root root 4096 2010-03-02 13:08 .
drwxr-xr-x 6 root root 4096 2010-02-26 17:02 ..
drwx------ 2 named named 4096 2010-03-12 17:30 master
-rw------- 1 named root 4156 2007-03-03 11:24 named.conf
-rw------- 1 named root 2514 2008-11-20 10:41 named.root
-rw------- 1 named root 0 1998-07-24 08:50 *beep*
drwx------ 2 named named 4096 1998-07-24 08:50 slave

[root@engarde master]# ls -la
total 132
drwx------ 2 named named 4096 2010-03-12 17:30 .
drwxr-xr-x 4 root root 4096 2010-03-02 13:08 ..
-rwx------ 1 named named 201 2000-11-09 17:00 127.0.0
-rwx------ 1 named named 169 2000-11-09 17:00 bind
-rw-r--r-- 1 named named 434 2010-03-12 17:30 db.1.168.192.in-addr.arpa.
-rw-r--r-- 1 named named 58932 2010-03-12 17:16 db.1.168.192.in-addr.arpa..jnl
-rw-r--r-- 1 named named 389 2010-03-09 17:15 db.engnet.com.
-rw-r--r-- 1 named named 759 2010-03-09 17:01 db.engnet.com..jnl
-rwx------ 1 named named 169 2000-11-09 17:00 localhost


[root@engarde master]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Mar23 ? 00:00:27 init [3]
root 2 0 0 Mar23 ? 00:00:00 [kthreadd]
root 3 2 0 Mar23 ? 00:00:00 [migration/0]
root 4 2 0 Mar23 ? 00:00:06 [ksoftirqd/0]
root 5 2 0 Mar23 ? 00:00:00 [watchdog/0]
root 6 2 0 Mar23 ? 00:01:00 [events/0]
root 7 2 0 Mar23 ? 00:00:00 [khelper]
root 62 2 0 Mar23 ? 00:00:00 [kblockd/0]
root 63 2 0 Mar23 ? 00:00:00 [kacpid]
root 64 2 0 Mar23 ? 00:00:00 [kacpi_notify]
root 131 2 0 Mar23 ? 00:00:00 [ata/0]
root 132 2 0 Mar23 ? 00:00:00 [ata_aux]
root 135 2 0 Mar23 ? 00:00:00 [ksuspend_usbd]
root 141 2 0 Mar23 ? 00:00:00 [khubd]
root 144 2 0 Mar23 ? 00:00:00 [kseriod]
root 176 2 0 Mar23 ? 00:00:00 [pdflush]
root 177 2 0 Mar23 ? 00:00:16 [pdflush]
root 178 2 0 Mar23 ? 00:00:00 [kswapd0]
root 179 2 0 Mar23 ? 00:00:00 [aio/0]
root 916 2 0 Mar23 ? 00:00:10 [kjournald]
root 986 2 0 Mar23 ? 00:00:04 [kjournald]
root 987 2 0 Mar23 ? 00:00:07 [kjournald]
root 1163 2 0 Mar23 ? 00:00:00 [scsi_eh_0]
root 1255 1 0 Mar23 ? 00:00:00 pump -i eth1
root 3243 1 0 Mar23 ? 00:00:17 /sbin/syslog-ng --cfgfile=/etc/s
root 3251 1 0 Mar23 ? 00:00:00 klogd -c 1
root 3264 1 0 Mar23 ? 00:00:07 crond
root 3353 1 0 Mar23 ? 00:00:00 /usr/sbin/smartd
root 3365 1 0 Mar23 ? 00:00:00 /usr/sbin/acpid
root 3383 1 0 Mar23 ? 00:00:00 xinetd -reuse -stayalive
named 3399 1 0 Mar23 ? 00:00:43 /usr/sbin/named -4 -c /var/named
ntp 3419 1 0 Mar23 ? 00:00:42 ntpd -A -c /etc/ntp/ntp.conf -f
root 3429 1 0 Mar23 ? 00:00:00 /usr/sbin/sshd
root 3441 1 0 Mar23 ? 00:00:01 /usr/sbin/dhcpd
root 3459 1 0 Mar23 tty1 00:00:00 /sbin/mingetty tty1
root 3460 1 0 Mar23 tty2 00:00:00 /sbin/mingetty tty2
root 3461 1 0 Mar23 tty3 00:00:00 /sbin/mingetty tty3
root 3462 1 0 Mar23 tty4 00:00:00 /sbin/mingetty tty4
root 3463 1 0 Mar23 tty5 00:00:00 /sbin/mingetty tty5
root 3464 1 0 Mar23 tty6 00:00:00 /sbin/mingetty tty6
root 26955 3429 0 13:32 ? 00:00:00 sshd: root@ttyp0
root 26959 26955 0 13:32 ttyp0 00:00:00 -bash
root 26974 26959 0 13:32 ttyp0 00:00:00 newrole -r sysadm_r
root 26975 26974 0 13:32 ttyp0 00:00:00 -/bin/bash
root 27065 26975 0 13:41 ttyp0 00:00:00 ps -ef
root 28293 1 0 Mar26 ? 00:00:23 webtoold