Using isc dhcpd to only update reverse DNS zone for selected hosts
Tom Schmitt
TomSchmitt at gmx.de
Mon Nov 7 06:44:40 UTC 2011
There are always several ways to solve a problem.
But in this case the easiest way shoult be:
- activate DDNS-updates again
- add to the subnets (or classes) where you don't wan't to update the domain this statement:
do-forward-updates off;
Should be easier then to do it manually :-)
Tom.
-------- Original-Nachricht --------
> Datum: Sat, 05 Nov 2011 18:07:37 -0700
> Von: Christ Schlacta <lists at aarcane.org>
> An: dhcp-users at lists.isc.org
> Betreff: Re: Using isc dhcpd to only update reverse DNS zone for selected hosts
> Better to issue them static IPs, and just manually set their reverse DNS.
>
> On 11/5/2011 14:09, Kristian Pedersen wrote:
> > Hi list,
> >
> > I have a isc dhcpd setup serving docsis cable modems with build-in
> > router function. The routers are assigned dynamic public IPs from a
> > pool. I use ISC to create nice forward and reverse DDNS entries for
> > routers, such as:
> >
> > rg<mac>.cm.example.com A 123.x.x.8
> > and
> > 8.x.x.123 PTR rg<mac>.cm.example.com
> >
> > This all works fine, but I would like to expand my setup a bit, so I
> > can have selected routers set up with just reverse DNS entries
> > pointing to external domains. The scenario is my customers are asking
> > if they can have a custom reverse DNS entry for their router, and they
> > will themselves do the forward dns setup in their own DNS. So in
> > essence, they just want me to do:
> >
> > 8.x.x.123 PTR <whatever.privatedomain.com>
> >
> > Below is the parts of my config I think is essential. To begin with I
> > changed the dynamic ddns-hostname i generate from the router mac, so
> > it grabs the hostname from the host section, if it exists:
> >
> > ddns-hostname = pick-first-value (ddns-hostname, concat("rg", macadr));
> >
> > I then added specific ddns-hostname and ddns-domainname within the
> > host config for a test device:
> >
> > host whatever {
> > hardware ethernet 11:22:33:44:55:66;
> > fixed-address 123.x.x.8;
> > ddns-hostname "whatever";
> > ddns-domainname "privatedomain.com";
> > }
> >
> > Its trying to update but times out on the forward record for
> > whatever.privatedomain.com, which makes sense since I have no key for
> > the domain. If i set ddns-domainname to my own "cm.example.com", then
> > it will correctly add whatever.cm.example.com, so it is matching the
> > host config correctly. I then tried adding "do-forward-updates off;"
> > for the host, but it seems to turn off reverse DNS updates aswell.
> > Which seems to match the manual page for dhcpd.conf:
> >
> > "If this statement is used to disable forward updates, the DHCP
> > server will never attempt to update the client's A record, and will
> > only ever attempt to update the client's PTR record if the client
> > supplies an FQDN that should be placed in the PTR record using the
> > fqdn option."
> >
> > However, my modems wont add a FQDN option .. and evne if they did, I
> > would rather not trust any option coming from a device, I would like
> > it to use the settings from the host configuration. I tried adding
> > something like option fqdn.fqdn "whatever.privatedomain.com"; to the
> > host config but could not get it to work.
> >
> > I hope I am missing some simple option :) I guess I could fool it by
> > creating a dummy dns-server with forward-zones matching my customers
> > private domains, but it seems like quite an ugly hack ..
> >
> > Here's what I think is important from my current config:
> >
> > # Global DDNS settings
> > ddns-update-style interim;
> > ignore client-updates;
> > ddns-updates off;
> > update-static-leases on;
> > update-conflict-detection off;
> > use-host-decl-names on;
> > ddns-domainname "cm.example.com";
> >
> > # DNS update key
> > key dhcp-key {
> > algorithm hmac-md5;
> > secret "<key>";
> > }
> >
> > # DNS zones
> > zone cm.example.com. { primary <ip>; key dhcp-key; }
> > zone x.x.123.in-addr.arpa. { primary <ip>; key dhcp-key; }
> >
> > # Parse client mac-adresse with 0 as prefix
> > set macadr = concat(
> > suffix (concat ("0", binary-to-ascii (16, 8, "",
> > substring(hardware, 1, 1))),2),
> > suffix (concat ("0", binary-to-ascii (16, 8, "",
> > substring(hardware, 2, 1))),2),
> > suffix (concat ("0", binary-to-ascii (16, 8, "",
> > substring(hardware, 3, 1))),2),
> > suffix (concat ("0", binary-to-ascii (16, 8, "",
> > substring(hardware, 4, 1))),2),
> > suffix (concat ("0", binary-to-ascii (16, 8, "",
> > substring(hardware, 5, 1))),2),
> > suffix (concat ("0", binary-to-ascii (16, 8, "",
> > substring(hardware, 6, 1))),2)
> > );
> >
> > # Shared networks behind docsis CMTS
> > shared-network klient-lan {
> > # Match docsis routers
> > class "docsis-rg" {
> > match if substring(option vendor-class-identifier,0,6)
> > = "RG 1.0";
> > }
> >
> > # Ip-net for docsis routers
> > subnet 123.x.x.0 netmask 255.255.255.0 {
> > authoritative;
> > option subnet-mask 255.255.255.0;
> > option broadcast-address 123.x.x.255;
> > option routers 123.x.x.1;
> > ddns-updates on;
> > ddns-hostname = pick-first-value (ddns-hostname,
> > concat("rg", macadr));
> >
> > pool {
> > failover peer "cm";
> > allow members of "docsis-rg";
> > range 123.x.x.50 123.x.x.254;
> > }
> > }
> > }
> >
> > host whatever {
> > hardware ethernet 11:22:33:44:55:66;
> > fixed-address 123.x.x.8;
> > ddns-hostname "whatever";
> > ddns-domainname "privatedomain.com";
> > do-forward-updates off;
> > }
> >
> > Regards,
> >
> > Kristian
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
--
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!
Jetzt informieren: http://www.gmx.net/de/go/freephone
More information about the dhcp-users
mailing list