Adding DNS ALG support to Bind?

Mark Andrews marka at isc.org
Fri Nov 6 21:14:55 UTC 2015 

In message <20151106120047.GA69370 at tiggr.ww.mens.de>, Jan-Piet Mens writes:
> Mark,
> 
> > may want to add a "_dns-update._udp.example.net SRV" record pointing
> > to the nameservers as someone convinced the router vendor(s) that
> > this is how you do it 
> 
> Is this a standard? Other than [1], which insinuates it's an Apple-only
> thing, the Goog turns up only 55 hit  for "_dns-update" and SRV. ;-)

It's registered with IANA for this purpose.  There is nothing
stopping anyone from using the value.

Dyn, from memory, use this record to send updates to the backend
systems rather than the nameservers for the zones.  It requires
multiple parties to support this.  Publish or to use the content.

> Can you mention any other vendors which support the SRV RR for directing
> updates?

I think Netgear does this but I'm not sure and am not going to
reflash my router to a factory image to find out.

It's certainly easy enough to do this in a shell script with dig
and nsupdate so any UNIX box is capable of doing this.

Tune for your OS and internal vs external views.  It also needs
error handling added but it gives you the idea.  The output is
expected to be fed into nsupdate and you can use TSIG or SIG(0) to
sign the request.

The first thing it does is find the zone.  The next think it does
is look for the SRV record.  Then it constructs the update message
by looking at the configured addresses.

#!/bin/sh
hostname=`hostname`
zone=$hostname
soa=`dig +short soa -q $zone`
while test -z "$soa"
do
	zone=`expr $zone : '[^\.]*.\(.*\)'`
	soa=`dig +short soa -q $zone`
done

srv=`dig +short _dns-update._udp.$zone SRV`
if test -n "$srv"
then
	server=`expr "$srv" : '.* .* .* \(.*\)'`
	port=`expr "$srv" : '.* .* \(.*\) .*'`
	echo server $server $port
fi
echo update delete $hostname A
echo update delete $hostname AAAA
ifconfig $1 |
sed -n -e 's/.*inet \([^ ]*\) .*/update add '$hostname' 120 IN A \1/p' \
    -e /temporary/d \
    -e 's/.*inet6 \([^ %]*\) .*/update add '$hostname' 120 IN AAAA \1/p'
echo send

[rock:~/git/bind9] marka% sh xxx.sh en0
server localhost.dv.isc.org. 53
update delete rock.dv.isc.org A
update delete rock.dv.isc.org AAAA
update add rock.dv.isc.org 120 IN A 172.30.42.121
update add rock.dv.isc.org 120 IN AAAA 2001:470:a001:5:2acf:e9ff:fe1b:508f
update add rock.dv.isc.org 120 IN AAAA 2001:470:a001:5::aea
send
[rock:~/git/bind9] marka% 

This one does all the addresses with the exception of the temporary
addreses and link local.  For the public side you can filter out
the ULA and RFC 1918 addresses.

> 
> [1] http://fmepnet.org/osx_dyndns.html
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list