Hi,
I noticed the flag(?) “dynamic-dns-update” within the dhcp-server configuration.
I assume it’s a start in order to configure the DHCP server to keep a DNS server updated… but how?
Even if that parameter is not what I think, I’d like to know if there is a way to have the DHCP server of VyOS to update an external DNS server zone with the addresses leased to the DHCP clients.
Thanks in advance for your help
Hello @Matwolf,
With option dynamic-dns-update dhcp-server will update /etc/hosts file on your VyOS router when clients obtaining/renewing IP addresses.
Maybe you can modify dhcp-scripts commands to update your DNS records if it supports it via API. Try to check show log tail 300 when a client trying to obtain IP address
Hi,
Are you talking about RFC 2136 dynamic dns updates to something like BIND or Knot? I had the same problem when I used an EdgeRouter-X for a short time and this is what I came up with: https://gist.github.com/helushune/1abc37b0e3c90f01300e7ce4c40fe6ab. I have not tested it on VyOS yet but I see that the same command path exists. I was recently in a car collision and am still recovering or I would lab this out for you because I am curious if it works as well.
Edit: If you have any questions about my example, please feel free to ask. It was sending updates for the zone “home.local” with RDNS for 10.1.x.x to a BIND 9 server at 10.1.2.2.
Hi @helushune
I’m referring to updates to a DNS zone (managed by a BIND server) adding hosts which receives IPs from the VyOS dhcp server.
I’ll definitely look into your solution and let you know.
Thanks
Hey @Matwolf
I was able to get some time to lab this out today. I’m pleased to say that my solution for EdgeOS also works on VyOS with some minor modifications. Some caveats:
The topology I used:
VyOS conf delta-
interfaces {
ethernet eth1 {
address 10.0.0.1/24
}
}
service {
dhcp-server {
dynamic-dns-update
global-parameters "key rndc-key { algorithm hmac-md5; secret <key>; };"
global-parameters "zone server.test. { primary 10.0.0.5; key rndc-key; }"
global-parameters "ddns-domainname "server.test.";"
global-parameters "ddns-rev-domainname "in-addr.arpa.";"
global-parameters "zone 0.10.in-addr.arpa. { primary 10.0.0.5; key rndc-key; }"
shared-network-name SERVER-TEST {
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 10.0.0.5
domain-name server.test
domain-search server.test
range RANGE0 {
start 10.0.0.100
stop 10.0.0.200
}
}
}
}
}
Which is sending RFC 2136 updates to 10.0.0.5; FreeBSD 12.1-RELEASE VM running BIND 9.16.9.
In /usr/local/etc/namedb/named.conf:
key "rndc-key" {
algorithm hmac-md5;
secret <key>;
};
zone "server.test" {
type master;
file "/usr/local/etc/namedb/dynamic/db.server.test";
allow-update {
key rndc-key;
};
};
zone "0.10.in-addr.arpa" {
type master;
file "/usr/local/etc/namedb/dynamic/db.0.10";
allow-update {
key rndc-key;
};
};
Both forward and reverse zones are updated appropriately:
It might be possible to also set under these following stanza and not set globally:
service dhcp-server shared-network-name <name> shared-network-parameters
Curiosity got the best of me and I wanted to know if it was possible to set this up using shared-network-parameters. Yes, it can. This would allow you to configure multiple different RNDC keys and send RFC 2136 updates to different servers per subnet.
To add to the caveat list, service dhcp-server dynamic-dns-update must be set or isc-dhcpd does not attempt to update the forward/reverse mapping.
I tried both 1.2.6 and 1.3-rolling-202010231135.
VyOS config delta-
This config is similar to the one I pasted previously but I moved the RFC 2136 parameters under shared-network-parameters from global-parameters and then created another subnet.
interfaces {
ethernet eth1 {
address 10.0.0.1/24
}
ethernet eth2 {
address 172.16.0.1/24
}
}
service {
dhcp-server {
dynamic-dns-update
shared-network-name SERVER-TEST {
authoritative
shared-network-parameters "key rndc-key { algorithm hmac-md5; secret DJaP3k6VvQa4nZW4UTkN0Q==; };"
shared-network-parameters "ddns-domainname "server.test.";"
shared-network-parameters "ddns-rev-domainname "in-addr.arpa.";"
shared-network-parameters "zone server.test. { primary 10.0.0.5; key rndc-key; }"
shared-network-parameters "zone 0.10.in-addr.arpa. { primary 10.0.0.5; key rndc-key; }"
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 10.0.0.5
domain-name server.test
domain-search server.test
range RANGE0 {
start 10.0.0.100
stop 10.0.0.200
}
}
}
shared-network-name SERVER-TEST2-172 {
authoritative
shared-network-parameters "key oneseventwo-key { algorithm hmac-md5; secret ZnQmJVW11vVUcX3vlKAY7w==; };"
shared-network-parameters "ddns-domainname "test2.org.";"
shared-network-parameters "ddns-rev-domainname "in-addr.arpa.";"
shared-network-parameters "zone test2.org. { primary 10.0.0.5; key oneseventwo-key; }"
shared-network-parameters "zone 16.172.in-addr.arpa. { primary 10.0.0.5; key oneseventwo-key; }"
subnet 172.16.0.0/24 {
default-router 172.16.0.1
dns-server 10.0.0.5
domain-name test2.org
domain-search test2.org
range RANGE0 {
start 172.16.0.100
stop 172.16.0.200
}
}
}
}
}
VyOS correctly handles RFC 2136 for both subnets-
Dec 14 19:54:16 vyos isc-dhcp-server[4519]: Starting ISC DHCP server: dhcpd.
Dec 14 19:55:14 vyos dhcpd: DHCPREQUEST for 172.16.0.100 from 0c:c5:f6:1b:95:00 (freebsd) via eth2
Dec 14 19:55:14 vyos dhcpd: DHCPACK on 172.16.0.100 to 0c:c5:f6:1b:95:00 (temp2) via eth2
Dec 14 19:55:14 vyos dhcpd: Added new forward map from temp2.server.test. to 172.16.0.100
Dec 14 19:55:14 vyos dhcpd: Added reverse map from 100.0.16.172.in-addr.arpa. to temp2.server.test.
----
Dec 14 20:11:44 vyos dhcpd: DHCPDISCOVER from 0c:c5:f6:26:08:00 via eth2
Dec 14 20:11:45 vyos dhcpd: DHCPOFFER on 172.16.0.102 to 0c:c5:f6:26:08:00 (temp3) via eth2
Dec 14 20:11:48 vyos dhcpd: DHCPREQUEST for 172.16.0.102 (172.16.0.1) from 0c:c5:f6:26:08:00 (temp3) via eth2
Dec 14 20:11:48 vyos dhcpd: DHCPACK on 172.16.0.102 to 0c:c5:f6:26:08:00 (temp3) via eth2
Dec 14 20:11:48 vyos dhcpd: Added new forward map from temp3.test2.org. to 172.16.0.102
Dec 14 20:11:48 vyos dhcpd: Added reverse map from 102.0.16.172.in-addr.arpa. to temp3.test2.org.
----
Dec 14 22:16:44 vyos dhcpd: DHCPREQUEST for 10.0.0.100 from 0c:c5:f6:7d:87:00 (freebsd) via eth1
Dec 14 22:16:44 vyos dhcpd: DHCPACK on 10.0.0.100 to 0c:c5:f6:7d:87:00 (freebsdone) via eth1
Dec 14 22:16:44 vyos dhcpd: Removed forward map from freebsd.server.test. to 10.0.0.100
Dec 14 22:16:44 vyos dhcpd: Removed reverse map on 100.0.0.10.in-addr.arpa.
Dec 14 22:16:44 vyos dhcpd: Added new forward map from freebsdone.server.test. to 10.0.0.100
Dec 14 22:16:44 vyos dhcpd: Added reverse map from 100.0.0.10.in-addr.arpa. to freebsdone.server.test.