I noticed the flag(?) “dynamic-dns-update” within the dhcp-server configuration.
I assume it’s a start in order to configure the DHCP server to keep a DNS server updated… but how?
Even if that parameter is not what I think, I’d like to know if there is a way to have the DHCP server of VyOS to update an external DNS server zone with the addresses leased to the DHCP clients.
With option dynamic-dns-update dhcp-server will update /etc/hosts file on your VyOS router when clients obtaining/renewing IP addresses.
Maybe you can modify dhcp-scripts commands to update your DNS records if it supports it via API. Try to check show log tail 300 when a client trying to obtain IP address
Hi,
Are you talking about RFC 2136 dynamic dns updates to something like BIND or Knot? I had the same problem when I used an EdgeRouter-X for a short time and this is what I came up with: config.boot · GitHub. I have not tested it on VyOS yet but I see that the same command path exists. I was recently in a car collision and am still recovering or I would lab this out for you because I am curious if it works as well.
Edit: If you have any questions about my example, please feel free to ask. It was sending updates for the zone “home.local” with RDNS for 10.1.x.x to a BIND 9 server at 10.1.2.2.
I was able to get some time to lab this out today. I’m pleased to say that my solution for EdgeOS also works on VyOS with some minor modifications. Some caveats:
The order of setting the parameters matters. The RNDC key must be declared before the statements that reference it or dhcpd will fail to load.
You must use hmac-md5 as the rndc algorithm or the ddns update will fail with “No tsec for use with key ”. There’s this bug from 2016 in the CentOS 7 tracker about it but no comments or progress. There may be a workaround for this, I didn’t dig too much in to it. I initially tried to use hmac-sha256, ran in to the tsec error, found that bug, switched to hmac-md5, and everything was peachy.
It might be possible to also set under these following stanza and not set globally: service dhcp-server shared-network-name <name> shared-network-parameters
Curiosity got the best of me and I wanted to know if it was possible to set this up using shared-network-parameters. Yes, it can. This would allow you to configure multiple different RNDC keys and send RFC 2136 updates to different servers per subnet.
To add to the caveat list, service dhcp-server dynamic-dns-update must be set or isc-dhcpd does not attempt to update the forward/reverse mapping.
VyOS config delta-
This config is similar to the one I pasted previously but I moved the RFC 2136 parameters under shared-network-parameters from global-parameters and then created another subnet.
Dec 14 19:54:16 vyos isc-dhcp-server[4519]: Starting ISC DHCP server: dhcpd.
Dec 14 19:55:14 vyos dhcpd: DHCPREQUEST for 172.16.0.100 from 0c:c5:f6:1b:95:00 (freebsd) via eth2
Dec 14 19:55:14 vyos dhcpd: DHCPACK on 172.16.0.100 to 0c:c5:f6:1b:95:00 (temp2) via eth2
Dec 14 19:55:14 vyos dhcpd: Added new forward map from temp2.server.test. to 172.16.0.100
Dec 14 19:55:14 vyos dhcpd: Added reverse map from 100.0.16.172.in-addr.arpa. to temp2.server.test.
----
Dec 14 20:11:44 vyos dhcpd: DHCPDISCOVER from 0c:c5:f6:26:08:00 via eth2
Dec 14 20:11:45 vyos dhcpd: DHCPOFFER on 172.16.0.102 to 0c:c5:f6:26:08:00 (temp3) via eth2
Dec 14 20:11:48 vyos dhcpd: DHCPREQUEST for 172.16.0.102 (172.16.0.1) from 0c:c5:f6:26:08:00 (temp3) via eth2
Dec 14 20:11:48 vyos dhcpd: DHCPACK on 172.16.0.102 to 0c:c5:f6:26:08:00 (temp3) via eth2
Dec 14 20:11:48 vyos dhcpd: Added new forward map from temp3.test2.org. to 172.16.0.102
Dec 14 20:11:48 vyos dhcpd: Added reverse map from 102.0.16.172.in-addr.arpa. to temp3.test2.org.
----
Dec 14 22:16:44 vyos dhcpd: DHCPREQUEST for 10.0.0.100 from 0c:c5:f6:7d:87:00 (freebsd) via eth1
Dec 14 22:16:44 vyos dhcpd: DHCPACK on 10.0.0.100 to 0c:c5:f6:7d:87:00 (freebsdone) via eth1
Dec 14 22:16:44 vyos dhcpd: Removed forward map from freebsd.server.test. to 10.0.0.100
Dec 14 22:16:44 vyos dhcpd: Removed reverse map on 100.0.0.10.in-addr.arpa.
Dec 14 22:16:44 vyos dhcpd: Added new forward map from freebsdone.server.test. to 10.0.0.100
Dec 14 22:16:44 vyos dhcpd: Added reverse map from 100.0.0.10.in-addr.arpa. to freebsdone.server.test.
Hi there. There’s multiple ways you can generate the key, I typically use dnssec-keygen or rndc-confgen but anything that generates an HMAC-MD5 key should work.
Yes, the key needs to be present in both configs with the same name. Eg, I can’t call it “rndckey.” in VyOS but have it called “dhcpkey.” in Knot/BIND.
I hope this helps.
EDIT:
In this post I give an example of using the rndc-key with BIND’s config. If you’re using BIND, the stanzas are slightly different than the rest of the configuration format. In Knot, it’s standard YAML.