Using isc dhcpd to only update reverse DNS zone for selected hosts

Christ Schlacta lists at aarcane.org
Sun Nov 6 01:07:37 UTC 2011 

Better to issue them static IPs, and just manually set their reverse DNS.

On 11/5/2011 14:09, Kristian Pedersen wrote:
> Hi list,
>
> I have a isc dhcpd setup serving docsis cable modems with build-in 
> router function. The routers are assigned dynamic public IPs from a 
> pool. I use ISC to create nice forward and reverse DDNS entries for 
> routers, such as:
>
> rg<mac>.cm.example.com A 123.x.x.8
> and
> 8.x.x.123 PTR rg<mac>.cm.example.com
>
> This all works fine, but I would like to expand my setup a bit, so I 
> can have selected routers set up with just reverse DNS entries 
> pointing to external domains. The scenario is my customers are asking 
> if they can have a custom reverse DNS entry for their router, and they 
> will themselves do the forward dns setup in their own DNS. So in 
> essence, they just want me to do:
>
> 8.x.x.123 PTR <whatever.privatedomain.com>
>
> Below is the parts of my config I think is essential. To begin with I 
> changed the dynamic ddns-hostname i generate from the router mac, so 
> it grabs the hostname from the host section, if it exists:
>
> ddns-hostname = pick-first-value (ddns-hostname, concat("rg", macadr));
>
> I then added specific ddns-hostname and ddns-domainname within the 
> host config for a test device:
>
> host whatever {
>     hardware ethernet 11:22:33:44:55:66;
>     fixed-address 123.x.x.8;
>     ddns-hostname "whatever";
>     ddns-domainname "privatedomain.com";
> }
>
> Its trying to update but times out on the forward record for 
> whatever.privatedomain.com, which makes sense since I have no key for 
> the domain. If i set ddns-domainname to my own "cm.example.com", then 
> it will correctly add whatever.cm.example.com, so it is matching the 
> host config correctly. I then tried adding "do-forward-updates off;" 
> for the host, but it seems to turn off reverse DNS updates aswell. 
> Which seems to match the manual page for dhcpd.conf:
>
> "If this statement is used to disable forward updates,  the  DHCP  
> server  will never attempt to update the client's A record, and will 
> only ever attempt to update the client's PTR record if the client 
> supplies an FQDN that should be placed in the PTR record using the 
> fqdn option."
>
> However, my modems wont add a FQDN option .. and evne if they did, I 
> would rather not trust any option coming from a device, I would like 
> it to use the settings from the host configuration. I tried adding 
> something like option fqdn.fqdn "whatever.privatedomain.com"; to the 
> host config but could not get it to work.
>
> I hope I am missing some simple option :) I guess I could fool it by 
> creating a dummy dns-server with forward-zones matching my customers 
> private domains, but it seems like quite an ugly hack ..
>
> Here's what I think is important from my current config:
>
> # Global DDNS settings
> ddns-update-style interim;
> ignore client-updates;
> ddns-updates off;
> update-static-leases on;
> update-conflict-detection off;
> use-host-decl-names on;
> ddns-domainname "cm.example.com";
>
> # DNS update key
> key dhcp-key {
>         algorithm hmac-md5;
>         secret "<key>";
> }
>
> # DNS zones
> zone cm.example.com.       { primary <ip>; key dhcp-key; }
> zone x.x.123.in-addr.arpa. { primary <ip>; key dhcp-key; }
>
> # Parse client mac-adresse with 0 as prefix
> set macadr = concat(
>         suffix (concat ("0", binary-to-ascii (16, 8, "", 
> substring(hardware, 1, 1))),2),
>         suffix (concat ("0", binary-to-ascii (16, 8, "", 
> substring(hardware, 2, 1))),2),
>         suffix (concat ("0", binary-to-ascii (16, 8, "", 
> substring(hardware, 3, 1))),2),
>         suffix (concat ("0", binary-to-ascii (16, 8, "", 
> substring(hardware, 4, 1))),2),
>         suffix (concat ("0", binary-to-ascii (16, 8, "", 
> substring(hardware, 5, 1))),2),
>         suffix (concat ("0", binary-to-ascii (16, 8, "", 
> substring(hardware, 6, 1))),2)
> );
>
> # Shared networks behind docsis CMTS
> shared-network klient-lan {
>         # Match docsis routers
>         class "docsis-rg" {
>                 match if substring(option vendor-class-identifier,0,6) 
> = "RG 1.0";
>         }
>
>         # Ip-net for docsis routers
>         subnet 123.x.x.0 netmask 255.255.255.0 {
>                 authoritative;
>                 option subnet-mask 255.255.255.0;
>                 option broadcast-address 123.x.x.255;
>                 option routers 123.x.x.1;
>                 ddns-updates on;
>                 ddns-hostname = pick-first-value (ddns-hostname, 
> concat("rg", macadr));
>
>                 pool {
>                         failover peer "cm";
>                         allow members of "docsis-rg";
>                         range 123.x.x.50 123.x.x.254;
>                 }
>         }
> }
>
> host whatever {
>     hardware ethernet 11:22:33:44:55:66;
>     fixed-address 123.x.x.8;
>     ddns-hostname "whatever";
>     ddns-domainname "privatedomain.com";
>     do-forward-updates off;
> }
>
> Regards,
>
> Kristian
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list