Adding DNS ALG support to Bind?

Mark Andrews marka at
Fri Nov 6 21:14:55 UTC 2015

In message <20151106120047.GA69370 at>, Jan-Piet Mens writes:
> Mark,
> > may want to add a " SRV" record pointing
> > to the nameservers as someone convinced the router vendor(s) that
> > this is how you do it 
> Is this a standard? Other than [1], which insinuates it's an Apple-only
> thing, the Goog turns up only 55 hit  for "_dns-update" and SRV. ;-)

It's registered with IANA for this purpose.  There is nothing
stopping anyone from using the value.

Dyn, from memory, use this record to send updates to the backend
systems rather than the nameservers for the zones.  It requires
multiple parties to support this.  Publish or to use the content.

> Can you mention any other vendors which support the SRV RR for directing
> updates?

I think Netgear does this but I'm not sure and am not going to
reflash my router to a factory image to find out.

It's certainly easy enough to do this in a shell script with dig
and nsupdate so any UNIX box is capable of doing this.

Tune for your OS and internal vs external views.  It also needs
error handling added but it gives you the idea.  The output is
expected to be fed into nsupdate and you can use TSIG or SIG(0) to
sign the request.

The first thing it does is find the zone.  The next think it does
is look for the SRV record.  Then it constructs the update message
by looking at the configured addresses.

soa=`dig +short soa -q $zone`
while test -z "$soa"
	zone=`expr $zone : '[^\.]*.\(.*\)'`
	soa=`dig +short soa -q $zone`

srv=`dig +short _dns-update._udp.$zone SRV`
if test -n "$srv"
	server=`expr "$srv" : '.* .* .* \(.*\)'`
	port=`expr "$srv" : '.* .* \(.*\) .*'`
	echo server $server $port
echo update delete $hostname A
echo update delete $hostname AAAA
ifconfig $1 |
sed -n -e 's/.*inet \([^ ]*\) .*/update add '$hostname' 120 IN A \1/p' \
    -e /temporary/d \
    -e 's/.*inet6 \([^ %]*\) .*/update add '$hostname' 120 IN AAAA \1/p'
echo send

[rock:~/git/bind9] marka% sh en0
server 53
update delete A
update delete AAAA
update add 120 IN A
update add 120 IN AAAA 2001:470:a001:5:2acf:e9ff:fe1b:508f
update add 120 IN AAAA 2001:470:a001:5::aea
[rock:~/git/bind9] marka% 

This one does all the addresses with the exception of the temporary
addreses and link local.  For the public side you can filter out
the ULA and RFC 1918 addresses.

> [1]
> _______________________________________________
> Please visit to unsubscribe
>  from this list
> bind-users mailing list
> bind-users at
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the bind-users mailing list