09-20-2018 07:20 AM
I have a host on which DHCP tries to register it's hostname in DDNS.
After 30ish seconds the A and PTR are removed again with the syslog telling me
'RRset exists (value dependent).' prerequisite not satisfied (NXRRSET)
I can't find anything else about that hostname in either IPAM, DHCP or DNS.
I don't understand why the DNS registration is always failing for that particular host.
09-21-2018 04:16 AM
"RRset exists (value dependent).' prerequisite not satisfied (NXRRSET)"
We have seen such errors often when the DDNS update is sent with a pre-requisite that matching TXT records (value dependent) should exist for the corresponding A record.
However, when the prerequisite is not met the DDNS update fails and returns NXRRSET error code.
This happens because, the TXT record is based on the DHCID unique to each client and is usually based on the MAC address or DUID of the interface.
For example, Devices such as laptops that connect to both wired and wireless networks have different MAC addresses or DUIDs and different DHCID values for each interface. In this scenario, after either one of the network interfaces inserts a DNS record, updates are allowed from that interface only.
When the other interface tries to make a DDNS update, the DHCID value does not match for the TXT record and the update would fail.
One of the methods to fix this would be to change your TXT record handling method to a less stringent one, such as, ISC Transitional in such environments.
Hope this helps.
09-21-2018 09:25 AM
To add to this- this behavior can be seen with computers that have multiple network interfaces, such as laptops with both a wired and wireless connection. What happens is that one interface gets registered in DNS first, and then when the second interface goes to register, it fails due to the TXT record handling check that finds that the hash value for the second NIC does not match the one recorded when the first NIC was registered.
Depending on your requirements, adjusting the TXT record handling mode may help with working around this. Before deciding on this, be sure to review the section titled "Configuring DDNS Update Verification" in the NIOS Administrators Guide. This includes a table which explains exactly how each mode works.
Another solution that may help here is by separating out the name space for different networks. By doing something like placing wireless networks in a different zone, you can avoid collisions between different NIC's attempting to register under the same name, and also provide you with an easy way to identify where clients are coming from based on the zone that the fall under.
Hope this helps.