Hey @Matwolf
I was able to get some time to lab this out today. I’m pleased to say that my solution for EdgeOS also works on VyOS with some minor modifications. Some caveats:
- The order of setting the parameters matters. The RNDC key must be declared before the statements that reference it or dhcpd will fail to load.
- You must use hmac-md5 as the rndc algorithm or the ddns update will fail with “No tsec for use with key ”. There’s this bug from 2016 in the CentOS 7 tracker about it but no comments or progress. There may be a workaround for this, I didn’t dig too much in to it. I initially tried to use hmac-sha256, ran in to the tsec error, found that bug, switched to hmac-md5, and everything was peachy.
The topology I used:
VyOS conf delta-
interfaces {
ethernet eth1 {
address 10.0.0.1/24
}
}
service {
dhcp-server {
dynamic-dns-update
global-parameters "key rndc-key { algorithm hmac-md5; secret <key>; };"
global-parameters "zone server.test. { primary 10.0.0.5; key rndc-key; }"
global-parameters "ddns-domainname "server.test.";"
global-parameters "ddns-rev-domainname "in-addr.arpa.";"
global-parameters "zone 0.10.in-addr.arpa. { primary 10.0.0.5; key rndc-key; }"
shared-network-name SERVER-TEST {
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 10.0.0.5
domain-name server.test
domain-search server.test
range RANGE0 {
start 10.0.0.100
stop 10.0.0.200
}
}
}
}
}
Which is sending RFC 2136 updates to 10.0.0.5; FreeBSD 12.1-RELEASE VM running BIND 9.16.9.
In /usr/local/etc/namedb/named.conf:
key "rndc-key" {
algorithm hmac-md5;
secret <key>;
};
zone "server.test" {
type master;
file "/usr/local/etc/namedb/dynamic/db.server.test";
allow-update {
key rndc-key;
};
};
zone "0.10.in-addr.arpa" {
type master;
file "/usr/local/etc/namedb/dynamic/db.0.10";
allow-update {
key rndc-key;
};
};
Both forward and reverse zones are updated appropriately:
It might be possible to also set under these following stanza and not set globally:
service dhcp-server shared-network-name <name> shared-network-parameters