Bind et DHCP

vandman · Février 21, 2016, 9:34pm

Bonjour,

Je suis un peu perdu dans certaine notion concernant la résolution de nom, FQDN, machine et la mise à jour par dhcp des appareils connecté sur le réseau.

J’ai un serveur DNS qui fait bien son travail (résous bien les noms des machine déclaré en interne dans le serveur DNS et forward bien les demandes pour l’internet).
PS: pour le moment, l’inscription des machines est faite manuellement.
J’ai un serveur DHCP qui fait bien son travail (attribut bien les addresses IP aux machines).

j’ai essayé de suivre ce tuto Debian DDNS, sans succes.

La ou je suis perdu est dans la mise à jour de mon DNS par le serveur DHCP ne se fait pas. Je ne comprends pas pourquoi?

Dans mes logs, je vois bien des messages, mais je ne vois pas pourquoi il demande des réponses sécurisées?
De plus, je crois que ces messages font références à la partie forward des demandes interne pour internet. Est-ce le cas?

Message Bind.log

26-Apr-2015 12:19:32.133 dnssec: info: validating @0x7f1dc80df4e0: kr SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:21:10.617 dnssec: info: validating @0x7f1dc80df4e0: 178.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:21:10.637 dnssec: info: validating @0x7f1dc8000e60: 178.in-addr.arpa DNSKEY: got insecure response; parent indicates it should be secure 26-Apr-2015 12:21:10.658 dnssec: info: validating @0x7f1de1c086a0: 178.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:21:21.064 dnssec: info: validating @0x7f1dd03e3bc0: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:21:51.634 dnssec: info: validating @0x7f1dd0636650: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:21:51.638 dnssec: info: validating @0x7f1dc8000e60: googleads.g.doubleclick.net A: bad cache hit (doubleclick.net/DS) 26-Apr-2015 12:22:07.049 dnssec: info: validating @0x7f1dc80e0e00: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:22:09.396 dnssec: info: validating @0x7f1de1c086a0: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:22:09.533 dnssec: info: validating @0x7f1de1c086a0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:22:11.788 dnssec: info: validating @0x7f1de1c086a0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:22:12.162 dnssec: info: validating @0x7f1dc80e04f0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:22:12.543 dnssec: info: validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:22:14.582 dnssec: info: validating @0x7f1de1a856a0: co.kr SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:22:16.449 dnssec: info: validating @0x7f1dc80e0170: co.kr SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:22:33.659 dnssec: info: validating @0x7f1dc80de4d0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:23:47.198 dnssec: info: validating @0x7f1de1c086a0: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:24:04.461 dnssec: info: validating @0x7f1dd03e3bc0: me SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:24:04.577 dnssec: info: validating @0x7f1de1b5bdc0: me DNSKEY: got insecure response; parent indicates it should be secure 26-Apr-2015 12:24:17.096 dnssec: info: validating @0x7f1de1a856a0: 212.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:24:17.123 dnssec: info: validating @0x7f1de1c086a0: 212.in-addr.arpa DNSKEY: got insecure response; parent indicates it should be secure 26-Apr-2015 12:24:17.183 dnssec: info: validating @0x7f1dc80de4d0: 212.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:24:35.999 dnssec: info: validating @0x7f1de1c086a0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:25:06.988 dnssec: info: validating @0x7f1dc80e04f0: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:27:55.400 dnssec: info: validating @0x7f1de1c086a0: co.kr SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:28:52.175 dnssec: info: validating @0x7f1dd03e3bc0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:29:29.029 dnssec: info: validating @0x7f1de1a856a0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:29:29.926 dnssec: info: validating @0x7f1dd03e3bc0: co.kr SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:32:07.511 dnssec: info: validating @0x7f1de1a856a0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:32:12.811 dnssec: info: validating @0x7f1dd03e3bc0: 239.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:32:12.839 dnssec: info: validating @0x7f1de1a856a0: 239.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:32:12.929 dnssec: info: validating @0x7f1dc8000e60: 239.in-addr.arpa DNSKEY: got insecure response; parent indicates it should be secure 26-Apr-2015 12:32:12.965 dnssec: info: validating @0x7f1dd0636650: 239.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:32:13.182 dnssec: info: validating @0x7f1dc80de4d0: 239.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:32:34.181 dnssec: info: validating @0x7f1de1c086a0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:32:34.245 dnssec: info: validating @0x7f1dc80df4e0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:32:34.829 dnssec: info: validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:32:51.311 dnssec: info: validating @0x7f1de1c086a0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:33:06.656 dnssec: info: validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:33:06.828 dnssec: info: validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:33:44.628 edns-disabled: info: success resolving 'www-segye.cache.cdn.cloudn.co.kr/AAAA' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets 26-Apr-2015 12:35:11.393 dnssec: info: validating @0x7f1dc80e04f0: 239.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:35:11.420 dnssec: info: validating @0x7f1de1a856a0: 239.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:35:11.464 dnssec: info: validating @0x7f1dd0636650: 239.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:36:34.586 dnssec: info: validating @0x7f1de1c086a0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:37:24.926 dnssec: info: validating @0x7f1dd0539890: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:37:37.637 dnssec: info: validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:38:15.007 edns-disabled: info: success resolving 'onore77.godohosting.com/A' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets 26-Apr-2015 12:38:16.661 dnssec: info: validating @0x7f1dd03e3bc0: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:38:19.068 edns-disabled: info: success resolving 'goeg.c-cdn.infralab.net/A' (in 'net'?) after reducing the advertised EDNS UDP packet size to 512 octets 26-Apr-2015 12:39:17.582 dnssec: info: validating @0x7f1dd0539890: co.kr SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:40:20.646 dnssec: info: validating @0x7f1dc80df4e0: go.kr SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:40:21.265 dnssec: info: validating @0x7f1dd03e3bc0: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:40:36.796 dnssec: info: validating @0x7f1de1a856a0: org SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:43:10.084 dnssec: info: validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:43:10.192 dnssec: info: validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:43:25.333 dnssec: info: validating @0x7f1de1a856a0: me SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:43:55.955 dnssec: info: validating @0x7f1de1c086a0: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:44:49.412 dnssec: info: validating @0x7f1dd03e3bc0: 224.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:44:49.436 dnssec: info: validating @0x7f1de1a856a0: 224.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:44:49.470 dnssec: info: validating @0x7f1dd0634630: 224.in-addr.arpa DNSKEY: got insecure response; parent indicates it should be secure 26-Apr-2015 12:44:49.498 dnssec: info: validating @0x7f1dd0636650: 224.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:44:49.615 dnssec: info: validating @0x7f1de1a856a0: 224.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:45:38.264 dnssec: info: validating @0x7f1de1a856a0: co.kr SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:45:54.646 dnssec: info: validating @0x7f1de1c086a0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:45:56.775 dnssec: info: validating @0x7f1de1a856a0: 110.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:45:56.811 dnssec: info: validating @0x7f1de1b5bdc0: 110.in-addr.arpa DNSKEY: got insecure response; parent indicates it should be secure 26-Apr-2015 12:45:56.844 dnssec: info: validating @0x7f1dc80df4e0: 110.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:46:25.165 dnssec: info: validating @0x7f1dc80e0170: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:46:25.238 dnssec: info: validating @0x7f1de1a856a0: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:46:55.613 dnssec: info: validating @0x7f1dd0539890: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:46:57.166 dnssec: info: validating @0x7f1dc80e0170: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:47:12.360 dnssec: info: validating @0x7f1dc80e0170: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:47:27.628 dnssec: info: validating @0x7f1de1a856a0: org SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:47:27.667 dnssec: info: validating @0x7f1dc80df4e0: org DNSKEY: got insecure response; parent indicates it should be secure 26-Apr-2015 12:47:44.190 dnssec: info: validating @0x7f1dc80df4e0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:47:59.888 dnssec: info: validating @0x7f1dd03e3bc0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:48:15.137 dnssec: info: validating @0x7f1dd0539890: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:49:02.438 dnssec: info: validating @0x7f1dd03e3bc0: . SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:49:02.458 dnssec: info: validating @0x7f1dc80e04f0: . SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:49:02.586 dnssec: info: validating @0x7f1dc80df4e0: . SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:49:09.457 dnssec: info: validating @0x7f1dc80e1180: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:49:41.461 dnssec: info: validating @0x7f1de1a856a0: kr SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:51:18.269 dnssec: info: validating @0x7f1dc80e1180: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:52:17.859 dnssec: info: validating @0x7f1dc80e1500: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:52:29.491 dnssec: info: validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:52:43.609 dnssec: info: validating @0x7f1dc80df4e0: . SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:52:43.654 dnssec: info: validating @0x7f1de1a856a0: . SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:53:32.827 dnssec: info: validating @0x7f1dc80e0170: 173.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:54:18.065 dnssec: info: validating @0x7f1dd0636650: me SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:54:18.087 dnssec: info: validating @0x7f1dc8000e60: me DNSKEY: got insecure response; parent indicates it should be secure 26-Apr-2015 12:54:18.321 dnssec: info: validating @0x7f1dc80e0170: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:54:18.360 dnssec: info: validating @0x7f1dc80e0170: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:55:13.333 dnssec: info: validating @0x7f1dc80df4e0: 74.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:55:34.520 dnssec: info: validating @0x7f1de1a856a0: fr SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:55:34.643 dnssec: info: validating @0x7f1dc80e04f0: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:56:36.760 dnssec: info: validating @0x7f1de1c086a0: fr SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:58:06.176 dnssec: info: validating @0x7f1dc80e04f0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:59:07.703 dnssec: info: validating @0x7f1dc80e1180: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:59:27.205 dnssec: info: validating @0x7f1de1a856a0: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 12:59:27.937 dnssec: info: validating @0x7f1de1c086a0: co.kr SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 13:00:15.799 dnssec: info: validating @0x7f1dc80e04f0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 13:00:31.022 dnssec: info: validating @0x7f1dd0539890: net SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 13:01:04.425 dnssec: info: validating @0x7f1de1b5bdc0: 112.64-26.75.195.82.in-addr.arpa PTR: no valid signature found 26-Apr-2015 13:01:16.494 dnssec: info: validating @0x7f1dc80e0170: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 13:01:33.150 dnssec: info: validating @0x7f1dc80e0170: 213.in-addr.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 13:02:51.901 dnssec: info: validating @0x7f1dd0539890: ip6.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 13:02:51.928 dnssec: info: validating @0x7f1dc80df4e0: ip6.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 13:02:52.841 dnssec: info: validating @0x7f1de1a856a0: ip6.arpa SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 13:03:53.116 dnssec: info: validating @0x7f1dd03e3bc0: com SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 13:06:29.262 dnssec: info: validating @0x7f1dd0636650: fr SOA: got insecure response; parent indicates it should be secure 26-Apr-2015 13:08:22.827 edns-disabled: info: success resolving 'onore77.godohosting.com/A' (in '.'?) after disabling EDNS

La config DNS se trouve dans un précédent post:DNSSEC: pas de mise à jour via DHCP

Comment faire pour que DHCP mette à jour bind?

Merci pour votre aide.
vandman

alpha · Février 21, 2016, 9:36pm

je ne sais pas si je peux t’aider. Mais, juste par curiosité, je veux savoir si tu es sûr que tu as bien fais cette étape wiki.debian.org/DDNS#Generate_a … rification ?

vandman · Février 21, 2016, 9:37pm

Merci Alpha,

J’ai réussi à résoudre mon problème. c’était un problème de droit d’écriture.

J’ai du autoriser BIND à écrire dans le répertoire /etc/bind,
Stopper Bind,
Créer des liens symboliques dans /var/cache/bind vers les fichiers db.local, db.local.inv et db.local.jnl, db.local.inv.jnl.
remettre les bonnes autorisations dans /etc/bind.

Cordialement,
Vandman