Re: DHCP isn't updating DNS

[Joshua Schaeffer <jschaeffer0922@gmail.com>]

You should consider moving towards "standard", but "interim"'s not a
problem for now.
https://deepthought.isc.org/article/AA-01091/0/ISC-DHCP-support-for-Standard-DDNS.html

I've actually made a few changes since I've posted this in trying to figure this out and I did change to standard. This appears to have not made any difference. DNS is still not getting updated, but I will definitely keep the setting at standard.

      allow            client-updates;

I would recommend denying client-updates. This tells clients that they
can do the DNS update themselves. Given that you're trying TSIGs below,
that would mean deploying keys to all the clients etc etc. Better to
"deny client-updates" and centralise the work through the DHCP server.

This was also a change I made. I definitely do not want (and do not allow) clients to update DNS, so I changed this to deny.

Some other options I have are "update-static-leases on" (Make sure DNS
is updated even for hosts with a static address) "update-optimization
on" (Actually, for debugging purposes, I had that off for a while. If
it's off the DNS will be updated every time. If it's on, then the DNS
won't be updated if the lease hasn't changed. If you're changing from
'interim' to 'standard' you definitely want this off to ensure the
records get changed).

I saw these as well when I reread through the dhcpd.conf man page, but haven't tried them yet. I'll give that a go.

I'm assuming you've cut something out of your config here, but given the
config above, there's nothing that applies the DDNS settings to hosts.
The ddns-* settings should apply to everything in their current scope
and below (so, if you've put them in your subnet6 block, for example,
that should be fine).

Yes I didn't include my entire conf file as it is a little long. Here is my subnet6 declaration that I've been focusing on:

    subnet6 2620:5:e000:201e::/64 {
        default-lease-time    2419200;
        max-lease-time        2419200;

        # LDAP Servers.
        pool6 {
            allow members of "ldap_servers";
            range6 2620:5:e000:201e:0:1::/96;
        }
        # Kerberos Servers.
        pool6 {
            allow members of "krb5_servers";
            range6 2620:5:e000:201e:0:2::/96;
        }
        # DHCP Servers.
        pool6 {
            allow members of "dhcp_servers";
            range6 2620:5:e000:201e:0:3::/96;
        }
        # Puppet Servers.
        pool6 {
            allow members of "puppet_servers";
            range6 2620:5:e000:201e:0:4::/96;
        }
        # DNS Servers.
        pool6 {
            allow members of "dns_servers";
            range6 2620:5:e000:201e:0:5::/96;
        }
        # Catch-all DHCP group.
        pool6 {
            range6 2620:5:e000:201e:0:d::/96;
        }
    }

In particular I've been testing with a client that gets added to the "dhcp_servers" class. I know the classification works as the client actually gets an IP address in the the range specified, I just can't get DHCP to update the DNS servers with the AAAA and PTR records. Since all my subnet's use the same ddns-* settings I don't specify this at the subnet or pool level, I just leave it in the top scope.

Thanks for your response,
Joshua Schaeffer