samba - May 2021 - Using BIND DNS Causes Duplicate Host Entries

Hi All,

I've had some time to properly monitor my setup now that we've
switched to the new DHCP server that utilizes Samba's DNS through Bind
with Roland's script facilitating the DNS Updates. However, one issue
we've noticed is a considerable amount of duplication in the entries;
For example, a host (like my laptop for a perfect example) has
multiple nics, and thus has multiple IPs (Wifi, internal NIC, and Port
Extender NIC), in my case I have 2 IPs that are being sent to DNS via
the dyndns script; However there is now 2 entries in Bind for my
laptop's hostname with both IPs, even if only one interface is valid
lets say a day later (my wifi is turned off, or I'm only operating on
wifi). For some reason, the DNS entries created are not expiring after
the lease for DHCP expires causing multiple entries. I was wondering
if there is a configuration change that needs made to bind or dhcpd
that would help keep this clean? Is there maybe more tweaking needed
for Roland's script to handle those expirations in a different way?
Overall the goal here is to have DNS update at most with only active
IPs as it used to be before utilizing Samba to handle the maintenance
of the entries, since we'll have a lot of regular maintenance to keep
the DNS table cleaned up otherwise.

Below are my sanitized configs and a snippet of syslog for the DHCP server logs.
dhcpd: http://haste.thegamingcorner.net/peheqayehu.makefile
named.conf.options: http://haste.thegamingcorner.net/kixoqefike.cs
Log File: http://haste.thegamingcorner.net/jovufupoco.sql

I look forward to any insight!
Regards,
Ralph

On Tue, May 4, 2021 at 12:14 PM ralph strebbing
<blackbirdralph at gmail.com> wrote:
>
> Hi All,
>
> I've had some time to properly monitor my setup now that we've
> switched to the new DHCP server that utilizes Samba's DNS through Bind
> with Roland's script facilitating the DNS Updates. However, one issue
> we've noticed is a considerable amount of duplication in the entries;
> For example, a host (like my laptop for a perfect example) has
> multiple nics, and thus has multiple IPs (Wifi, internal NIC, and Port
> Extender NIC), in my case I have 2 IPs that are being sent to DNS via
> the dyndns script; However there is now 2 entries in Bind for my
> laptop's hostname with both IPs, even if only one interface is valid
> lets say a day later (my wifi is turned off, or I'm only operating on
> wifi). For some reason, the DNS entries created are not expiring after
> the lease for DHCP expires causing multiple entries. I was wondering
> if there is a configuration change that needs made to bind or dhcpd
> that would help keep this clean? Is there maybe more tweaking needed
> for Roland's script to handle those expirations in a different way?
> Overall the goal here is to have DNS update at most with only active
> IPs as it used to be before utilizing Samba to handle the maintenance
> of the entries, since we'll have a lot of regular maintenance to keep
> the DNS table cleaned up otherwise.
>
> Below are my sanitized configs and a snippet of syslog for the DHCP server
logs.
> dhcpd: http://haste.thegamingcorner.net/peheqayehu.makefile
> named.conf.options: http://haste.thegamingcorner.net/kixoqefike.cs
> Log File: http://haste.thegamingcorner.net/jovufupoco.sql
>
So thinking about this, would it be possible to just add an expiration
time to these DNS entries when they're added (For example to match the
current DHCP Lease time)? This way expirations are handled in a better
way since it looks like they don't delete properly.

Ralph

On 04.05.2021 18:14, ralph strebbing via samba wrote:
> Hi All,
>
> I've had some time to properly monitor my setup now that we've
> switched to the new DHCP server that utilizes Samba's DNS through Bind
> with Roland's script facilitating the DNS Updates. However, one issue
> we've noticed is a considerable amount of duplication in the entries;
> For example, a host (like my laptop for a perfect example) has
> multiple nics, and thus has multiple IPs (Wifi, internal NIC, and Port
> Extender NIC), in my case I have 2 IPs that are being sent to DNS via
> the dyndns script; However there is now 2 entries in Bind for my
> laptop's hostname with both IPs, even if only one interface is valid
> lets say a day later (my wifi is turned off, or I'm only operating on
> wifi). For some reason, the DNS entries created are not expiring after
> the lease for DHCP expires causing multiple entries. I was wondering
> if there is a configuration change that needs made to bind or dhcpd
> that would help keep this clean? Is there maybe more tweaking needed
> for Roland's script to handle those expirations in a different way?
> Overall the goal here is to have DNS update at most with only active
> IPs as it used to be before utilizing Samba to handle the maintenance
> of the entries, since we'll have a lot of regular maintenance to keep
> the DNS table cleaned up otherwise.
>
> Below are my sanitized configs and a snippet of syslog for the DHCP server
logs.
> dhcpd: http://haste.thegamingcorner.net/peheqayehu.makefile
> named.conf.options: http://haste.thegamingcorner.net/kixoqefike.cs
> Log File: http://haste.thegamingcorner.net/jovufupoco.sql
>
> I look forward to any insight!
> Regards,
> Ralph
>
Hi Ralf

ISC-dhcp never release or expire static defined entries.

I was only playing with IPV6, to overcome this problem and never tried 
it for ipV4 (and don't have the time right now to rewrite it

example:

#IMPOTANT: leading Zeros of MAC needs to be deleted and (not sure) lower 
case hex values; Pool address needs to be fully written ipv6
class "static-ip" { match binary-to-ascii(16, 8, ":",
suffix(option
dhcp6.client-id, 6)); }
#start defining the class and subclass
class "static-50:65:f3:29:2e:48" { match if binary-to-ascii(16, 8,
":",
suffix(option dhcp6.client-id, 6)) = "50:65:f3:29:2e:48";} subclass 
"static-ip" 50:65:f3:29:2e:48; #Mani-PC
class "static-b0:5a:da:e3:97:75" { match if binary-to-ascii(16, 8,
":",
suffix(option dhcp6.client-id, 6)) = "b0:5a:da:e3:97:75";} subclass 
"static-ip" b0:5a:da:e3:97:75; #Mani-LT
.......

#defining for every IP a single pool, which is now "dynamic" for dhcpd
and will time out.
pool6 {range6 fd90:fee2:de72:7c4d:0000:0000:0000:0010/128; allow members 
of "static-50:65:f3:29:2e:48";} # ddns-hostname "Mani-PC";
pool6 {range6 fd90:fee2:de72:7c4d:0000:0000:0000:0011/128; allow members 
of "static-b0:5a:da:e3:97:75";} # ddns-hostname "Mani-LT";
......

Hope this is helpful for you

Mani

BTW: I only have around 15 defined MAC addresses and don't see any time 
penalty