ISC-DHCP and PowerDNS for DDNS "Unable to add forward map <FQDN> to <IP>:unexpected error

1.8k views Asked by At

I have trouble implementing isc-dhcp with powerdns for ddns, no matter how many time i've change to configuration, it will always came back with this error "Unable to add forward map from to : operation canceled"

then this "Unable to add forward map from to : unexpected error"

this is my dhcpd.conf file

authoritative;
log-facility local7;

key dhcp-key {
        algorithm hmac-sha256;
        secret "some comfusing scramble alphabet and number and symbol ass well";
};

default-lease-time 720000;
max-lease-time 2160000;


ddns-updates on;
ddns-update-style interim;
update-static-leases on;

ping-check true;

ddns-domainname "gwusers.lan";
ddns-rev-domainname "in-addr.arpa.";

zone gwusers.lan. {
        primary 192.168.183.111;
        key dhcp-key;
}

shared-network user-ip {
        subnet 172.17.183.0 netmask 255.255.255.0 {
                option routers 172.17.183.254;
                option domain-name-servers 192.168.183.111, 192.168.183.222;
                option domain-search "mycomp.local";

                pool {
                        #one-lease-per-client true;
                        ping-check true;
                        range 172.17.183.1 172.17.183.229;
                }
                zone 183.17.172.in-addr.arpa. {
                        primary 192.168.183.111;
                        key dhcp-key;
                }
        }

        subnet 172.21.183.0 netmask 255.255.255.0 {
                option routers 172.21.183.254;
                option domain-name-servers 192.168.183.111, 192.168.183.222;
                option domain-search "mycomp.local";

                pool {
                        #one-lease-per-client true;
                        ping-check true;
                        range 172.21.183.1 172.21.183.229;
                }

                zone 183.21.172.in-addr.arpa. {
                       primary 192.168.183.111;
                       key dhcp-key;
               }
        }
}

on my pdns.conf

i have enable "dnsupdate=yes" and "allow-dnsupdate-from="

i have follow this guide but doesn't seem to work at all

NB : dhcp-server (Centos 8 with dhcpd version is 4.3.6) and dns server (centos 7 with pdns version is 4.3.0) is not under 1 machine, i have installed them separately.

does anybody know how to fix this?

2

There are 2 answers

0
Ardi On BEST ANSWER

Ok, i found solution myself, so i'm gonna answer this, turns out my powerdns authoritative server run under different port because i run powerdns-recursor under the same machine as powerdns authoritative. so the solution is add another NIC and assign another ip to that new NIC and problem solved.

0
Alexander van Trijffel On

I had the same issue with powerdns-recursor running on port 53 and preventing dynamic dns updates from isc-dhcp-server. Instead of binding powerdns authoritative to another NIC from the solution of Ardi, I forwarded outgoing traffic to port 53 to port 54 on which my powerdns authoritative is running.

This can be done with the following commands. By adding the dhcpd owner to the rule, the traffic is only forwarded for the dhcpd process. Replace with the ip adress on which the powerdns authoritative dns server is running.

iptables -t nat -A OUTPUT -p udp --dport 53 -m owner --uid-owner dhcpd -j DNAT --to-destination <destionation-ip>:54
iptables -t nat -A OUTPUT -p tcp --dport 53 -m owner --uid-owner dhcpd -j DNAT --to-destination <destination-ip>:54