Franta Hanzlik
2024-Aug-24 10:33 UTC
[Samba] kaa supported? ISC DHCP update DNS records: garbages in dhcp.leases in case on expiry/on release
Please, is possible to do DNS updates with ISC kaa or another dhcp daemon?
Why am I asking? Because ISC dhcpd (not supported for two years now) - for
me version isc-dhcpd-4.4.3-P1 on Fedora 40 x86_64) seems to have problems
with crazy file bloat if some commands (especially log concat) are used
in event directives "on release" and/or "on expiry" - it
seems that
the commands of these events dhcpd try to save to the dhcpd.leases file
and this can cause them to grow a lot, while the file itself can contain
nonsense.
What is interesting is that file verification (dhcpd -T) passes without
error on such a file full of nonsense.
Probably the same problem is also described on the Zentyal forum:
https://forum.zentyal.org/index.php?topic=35695.0
my example (based on the page
https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records ):
1) "on expire" and "on exit" only contain the execute
command.
The dhcpd.leases file entry then looks something like this:
lease 192.168.17.10 {
starts 6 2024/08/24 10:14:26;
ends 6 2024/08/24 11:14:26;
cltt 6 2024/08/24 10:14:26;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 88:a1:20:56:07:36;
uid "\001\210\241 V\0076";
set ClientName = "dhcp-192-168-17-10";
set ClientDHCID = "88:a1:20:56:07:36";
set ClientIP = "192.168.17.10";
set noname = "dhcp-192-168-17-10";
set vendor-class-identifier = "android-dhcp-9";
on expiry {
set ClientIP binary-to-ascii (10, 8, ".", leased-address)
;
execute ("/usr/local/bin/dhcp-ad-dyndns.sh", "delete",
ClientIP, "",
"0");
}
on release {
set ClientIP binary-to-ascii (10, 8, ".", leased-address)
;
execute ("/usr/local/bin/dhcp-ad-dyndns.sh", "delete",
ClientIP, "9");
}
}
2) "on expire" and "on exit" also contain a log command:
lease 192.168.1.253 {
starts 5 2024/08/23 18:01:57;
ends 5 2024/08/23 19:01:57;
cltt 5 2024/08/23 18:01:57;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 88:a1:20:56:07:36;
uid "\001\210\241 V\0076";
set vendor-class-identifier = "android-dhcp-9";
set noname = "dhcp-192-168-1-253";
set ClientIP = "192.168.1.253";
set ClientDHCID = "88:a1:20:56:07:36";
set ClientName = "dhcp-192-168-1-253";
set isst = "dynamic";
on expiry {
set ClientIP binary-to-ascii (10, 8, ".", leased-address)
;
set ClientDHCID concat (concat (concat (concat (concat (concat
(concat (concat
(concat (
concat
(
suffix
(
concat
(
"0",
binary-to-ascii
(16
,
8,
""
,
substring
(
hardware,
1,
1)
))
,
2)
,
":")
,
suffix
(
concat
(
"0",
binary-to-ascii
(16
,
8,
""
,
substring
(
hardware,
2,
1)
))
,
2)
),
":"),
suffix
(concat (
"0",
... (cca 400 similar garbage lines)
--
Thanks, Franta Hanzlik
Rowland Penny
2024-Aug-24 10:54 UTC
[Samba] kaa supported? ISC DHCP update DNS records: garbages in dhcp.leases in case on expiry/on release
On Sat, 24 Aug 2024 12:33:23 +0200 Franta Hanzlik via samba <samba at lists.samba.org> wrote:> Please, is possible to do DNS updates with ISC kaa or another dhcp > daemon? > > Why am I asking? Because ISC dhcpd (not supported for two years now) > - for me version isc-dhcpd-4.4.3-P1 on Fedora 40 x86_64) seems to > have problems with crazy file bloat if some commands (especially log > concat) are used in event directives "on release" and/or "on expiry" > - it seems that the commands of these events dhcpd try to save to the > dhcpd.leases file and this can cause them to grow a lot, while the > file itself can contain nonsense. > > What is interesting is that file verification (dhcpd -T) passes > without error on such a file full of nonsense. > > Probably the same problem is also described on the Zentyal forum: > https://forum.zentyal.org/index.php?topic=35695.0 > > my example (based on the page > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records > ): > > 1) "on expire" and "on exit" only contain the execute command. > The dhcpd.leases file entry then looks something like this: > > lease 192.168.17.10 { > starts 6 2024/08/24 10:14:26; > ends 6 2024/08/24 11:14:26; > cltt 6 2024/08/24 10:14:26; > binding state active; > next binding state free; > rewind binding state free; > hardware ethernet 88:a1:20:56:07:36; > uid "\001\210\241 V\0076"; > set ClientName = "dhcp-192-168-17-10"; > set ClientDHCID = "88:a1:20:56:07:36"; > set ClientIP = "192.168.17.10"; > set noname = "dhcp-192-168-17-10"; > set vendor-class-identifier = "android-dhcp-9"; > on expiry { > set ClientIP > binary-to-ascii (10, 8, ".", leased-address) ; > execute ("/usr/local/bin/dhcp-ad-dyndns.sh", "delete", ClientIP, > "", "0"); > } > on release { > set ClientIP > binary-to-ascii (10, 8, ".", leased-address) ; > execute ("/usr/local/bin/dhcp-ad-dyndns.sh", "delete", ClientIP, > "9"); } > } > > > 2) "on expire" and "on exit" also contain a log command: > lease 192.168.1.253 { > starts 5 2024/08/23 18:01:57; > ends 5 2024/08/23 19:01:57; > cltt 5 2024/08/23 18:01:57; > binding state active; > next binding state free; > rewind binding state free; > hardware ethernet 88:a1:20:56:07:36; > uid "\001\210\241 V\0076"; > set vendor-class-identifier = "android-dhcp-9"; > set noname = "dhcp-192-168-1-253"; > set ClientIP = "192.168.1.253"; > set ClientDHCID = "88:a1:20:56:07:36"; > set ClientName = "dhcp-192-168-1-253"; > set isst = "dynamic"; > on expiry { > set ClientIP > binary-to-ascii (10, 8, ".", leased-address) ; > set ClientDHCID > concat (concat (concat (concat (concat (concat (concat > (concat (concat ( > > concat > > ( > > suffix > > ( > > concat > > ( > > "0", > > > > binary-to-ascii > > (16 > > , > > 8, > > "" > > , > > > substring > > ( > > hardware, > > 1, > > 1) > > )) > > , > > 2) > > , > > ":") > > , > > > suffix > > ( > > concat > > ( > > "0", > > > > binary-to-ascii > > (16 > > , > > 8, > > "" > > , > > > substring > > ( > > hardware, > > 2, > > 1) > > )) > > , > > 2) > ), > ":"), > > suffix > (concat ( > > "0", > ... (cca 400 similar garbage lines) >The problem here is that: A) I personally think that using kea to run a script to update dns on a Samba AD DC is like using the worlds largest hydraulic press to crack a hazel nut, kea is just too bloated. B) I do not need the script at the moment (all my machines have a fixed IP at present), so I have no inclination to come up with something else (this is mostly because of isc-dhcp-server going EOL). C) People have asked for IPv6 support, my ISP does not use IPv6 and hence my router doesn't either, so there is no reason for me to use IPv6. If anyone else wants to have a go, be my guest. Rowland