DDNS with extra vhosts...

John Robson jrobson at zenoss.com
Wed Oct 2 11:21:08 UTC 2019 

As promised...

I now have this close enough to working as makes no odds for me ;)

There were a few bumps along the way, in particular Jan-Piet Mens says in
this (rather old, but still top hit in google) blog post:
https://jpmens.net/2011/07/06/execute-a-script-when-isc-dhcp-hands-out-a-new-lease/

> If you are using the built-in mechanisms for DNS updates, you must not
> define events, as they are then used internally by dhcpd. (The manual page
> does, however, give hint at how to overcome that problem.)


I didn't see anything in any of the man files (dhcpd/dhcpd.conf/dhcpd-eval)
which seemed relevant, and the post is quite old,   ...

So I set about testing for myself.  I have ended up with:

>   on commit {
>     set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
>     set ClientMac = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6));
>     set ClientHost = pick-first-value( host-decl-name,
>                                        option fqdn.hostname,
>                                        option host-name,
>                                        "none");
>     execute("/etc/dhcp/scripts/test", "commit", ClientIP, ClientMac,
> ClientHost);

  }



in my dhcp subnet definition, and the referenced script (owned by dhcpd)
calls nsupdate (it specifies the zone, server and key manually) to add in
the cname using:

> (echo server dns.example.org; echo zone example.org; echo add *.${host}.
> example.org 600 cname ${host}.example.org.; echo send) | nsupdate -v -k
> /etc/bind/ddns_key >> /tmp/ddns.log
>

That is correctly adding cname entries (I am currently assuming that bind
is being sensible in terms of not making multiple identical cnames).

NB - I haven't put anything in place to remove old entries - but since they
are cnames for machines which will likely get created again at some point
I'm not too fussed about that just yet (unless someone tells me I need to
be).


Just one issue left which is for a different thread.

Thanks for the pointers,

John

-- 

On Mon, 30 Sep 2019 at 09:09, John Robson <jrobson at zenoss.com> wrote:

> ISC DHCP hooks are probably the right way to go then - I'll need to do
> some research to figure out how to put those in place.
>
> Thanks for the hint - I'll come back when I have had a chance to poke a
> bit more.
>
> John
>
> On Sun, 29 Sep 2019 at 19:00, Crist Clark <cjc+bind-users at pumpky.net>
> wrote:
>
>> This isn’t really a BIND or DNS problem. There is not a standard way to
>> do this.
>>
>> If you’re going for some kind of automation or orchestration of these
>> services, there are a bunch of different places to build this in, depending
>> on the tools you are using.
>>
>> You did mention ISC DHCP. One approach would be to use the server-side
>> hooks when a lease is created  or renewed. You could add a script that
>> creates what ever additional names you want.
>>
>> On Sun, Sep 29, 2019 at 10:22 AM John Robson via bind-users <
>> bind-users at lists.isc.org> wrote:
>>
>>> Hi all,
>>>
>>> I've set up both ISC dhcpd and ISC bind to provide relevant services to
>>> a virtualised test lab.  In the test lab obviously boxes will be brought up
>>> and down fairly frequently, and I'm aiming to minimise the amount of effort
>>> that this takes our users.
>>>
>>> So - the machines get an IP address and dhcpd updates bind, so a
>>> specific internal domain gets updated - let's use example.orghere for
>>> ease of reading.
>>>
>>> That all works (after a little fight with permissions).
>>> I set up a machine with a hostname of 'foo' and there is an automagic
>>> DNS entry `foo.example.org`.
>>>
>>> BUT - what I'd like to do is have `*.foo.example.org` (or even a
>>> specific listing of subdomains) point to that IP as well - to enable the
>>> various vhost based services on the test machines to be accessed without
>>> having to mess with local hosts files or further mess with DNS each time.
>>>
>>> e.g. test.foo.example.org should point to the same IP as foo.example.org (heck,
>>> could even be a cname)
>>>
>>> Is there some simple configuration I am missing - or is this not
>>> possible?
>>> Is there a better way to get to where I want to be*?
>>>
>>> Cheers,
>>>
>>> John
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191002/045c94fe/attachment.html>

More information about the bind-users mailing list