03-21-2019 03:17 AM
I have a problem updating DNS entries for PCs.
In infoblox logs, I have the following errors:
- Forward map update for XX.XX.XX.XX because of non-retryable failure: NXRRSET
- Forward map from pcname.domain.fr to XX.XX.XX.XX FAILED: Has an address record but no DHCID, not mine.
- client XX.XX.XX.XX # 64384 / key dhcp_updater_default: zone update 'domain.fr/IN': update unsuccessful: pcname.domain.fr: 'name not in use' prerequisite not satisfied (YXDOMAIN)
Domain controllers are allowed to do updates (DNS Properties option).
Do you have an idea to solve this problem?
Thanks for your help.
03-22-2019 06:46 AM
What these log messages tell you is that it attempted to update an existing record that it expects to already exist (prerequisite not satisfied (YXDOMAIN)), but the record does not exist (NXRRSET). With the addition of the log message "Has an address record but no DHCID, not mine.", I am guessing that TXT record handling is enabled and is set for ISC mode.
This is the default setting when DDNS is enabled in DHCP, so that would not be unexpected. Infoblox (by default) uses TXT records that contain a hash value that locks the record to a particular MAC address. This prevents clients from overwriting the records for other systems but has the downside that computers with multiple NICs (such as laptops) will be unable to update DNS for both interfaces- only the first one to go online will be registered.
How best to solve this depends on exactly what your use case is here. If you simply have missing TXT records, you can change the TXT record handling mode to "ISC Transitional" for a couple of lease cycles. This will allow the system to clean this up for you automatically and after which, you can put it back to ISC mode. If the issue is due to multiple NICs, one recommendation is to split up DNS for the wired and wireless interfaces so that they don't conflict. For example, if you place wireless clients in a 'wireless' subzone, this will allow you see separate records for each interface and make it easier to identify exactly where each connection is coming from. Of course, this depends on updating DHCP for your AP's to use the different zone.
The other alternative is to change the TXT record handling mode to check-only or disable it altogether. The downside to this is that you lose a level of security as now records can be readily overwritten by other systems.
For more information regarding the TXT record handling configuration, be sure to check out the section titled "Configuring DDNS Update Verification" in the NIOS documentation (Administrator Guide). This outlines exactly how each mode works and how to update the setting.
Hope this helps.
03-28-2019 07:22 AM
Thank you for your help.
When I pass the option on ISC Transitional, the DNS is correctly updated but when I pass the option on ISC the DNS doesn't anymore updated.
I have always the same error.