Comprehension question to DDNS

Mark Andrews marka at isc.org
Fri Mar 26 19:53:57 UTC 2010


In message <hois3p$lc4$1 at dough.gmane.org>, Markus Feldmann writes:
> Hi All,
> 
> since about 1 year i got my DNS and DHCP to work but not DDNS. So i can 
> only work with static IP's.
> 
> Does my DHCP-Server request and DDNS-Update automatically, when a client 
>   gets an IP from the DHCP-Server.
> 
> Or:
> 
> Does the client ask the DHCP-Server for an IP and after he got one he 
> request a DDNS-Update by himself?

You can do it either way or a mix.  Which way you do it depends on
if you are assigning names or not.  If you want all the client
machines to live in forward domains you choose then I would have
the DHCP server update both the forward and reverse zones.  If you
let the client machines choose their own name then they should be
updating their own forward zones and the DHCP server updates the
reverse zone.

On the bind side you generate a TSIG key which you share with the
DHCP server.  You then add allow-update clauses to the appropriate
zones to say that if named receives a update signed with that key
that it should accept it.

e.g.
	key "dhcp-server-key" {
		algorithm "hmac-sha256";
		secret "xxxxxxxxxxxxxxxxxxxxxxxx";
	};

	zone "1.168.192.in-addr.arpa" {
		type master;
		...
		allow-update { key dhcp-server-key; };
	};

If the clients are updating the forward zone themselves then you
can distribute TSIG keys or use SIG(0) to allow them to update their
own records.  For this I would use the finer grain controls in
update-policy.

	e.g.
	key "foo.example.com" {
		algorithm "hmac-sha256";
		secret "xxxxxxxxxxxxxxxxxxxxxxxx";
	};

	zone "example.com" {
		type master;
		...
		allow-policy { grant *.example.com self . A AAAA; };
	};

For the DHCP side see dhcp-users at isc.org for how to configure dhcpd
and dhclient to fit the various senarios.

> If the second case is right, then how do i have to configure my Linux 
> client?
> 
> The DNS Server-System does not record any DDNS-Update request, so i 
> think he will not be asked???
> 
> Help!!! :-)
> 
> Regards Markus
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list