Using isc dhcpd to only update reverse DNS zone for selected hosts
Christ Schlacta
lists at aarcane.org
Sun Nov 6 01:07:37 UTC 2011
Better to issue them static IPs, and just manually set their reverse DNS.
On 11/5/2011 14:09, Kristian Pedersen wrote:
> Hi list,
>
> I have a isc dhcpd setup serving docsis cable modems with build-in
> router function. The routers are assigned dynamic public IPs from a
> pool. I use ISC to create nice forward and reverse DDNS entries for
> routers, such as:
>
> rg<mac>.cm.example.com A 123.x.x.8
> and
> 8.x.x.123 PTR rg<mac>.cm.example.com
>
> This all works fine, but I would like to expand my setup a bit, so I
> can have selected routers set up with just reverse DNS entries
> pointing to external domains. The scenario is my customers are asking
> if they can have a custom reverse DNS entry for their router, and they
> will themselves do the forward dns setup in their own DNS. So in
> essence, they just want me to do:
>
> 8.x.x.123 PTR <whatever.privatedomain.com>
>
> Below is the parts of my config I think is essential. To begin with I
> changed the dynamic ddns-hostname i generate from the router mac, so
> it grabs the hostname from the host section, if it exists:
>
> ddns-hostname = pick-first-value (ddns-hostname, concat("rg", macadr));
>
> I then added specific ddns-hostname and ddns-domainname within the
> host config for a test device:
>
> host whatever {
> hardware ethernet 11:22:33:44:55:66;
> fixed-address 123.x.x.8;
> ddns-hostname "whatever";
> ddns-domainname "privatedomain.com";
> }
>
> Its trying to update but times out on the forward record for
> whatever.privatedomain.com, which makes sense since I have no key for
> the domain. If i set ddns-domainname to my own "cm.example.com", then
> it will correctly add whatever.cm.example.com, so it is matching the
> host config correctly. I then tried adding "do-forward-updates off;"
> for the host, but it seems to turn off reverse DNS updates aswell.
> Which seems to match the manual page for dhcpd.conf:
>
> "If this statement is used to disable forward updates, the DHCP
> server will never attempt to update the client's A record, and will
> only ever attempt to update the client's PTR record if the client
> supplies an FQDN that should be placed in the PTR record using the
> fqdn option."
>
> However, my modems wont add a FQDN option .. and evne if they did, I
> would rather not trust any option coming from a device, I would like
> it to use the settings from the host configuration. I tried adding
> something like option fqdn.fqdn "whatever.privatedomain.com"; to the
> host config but could not get it to work.
>
> I hope I am missing some simple option :) I guess I could fool it by
> creating a dummy dns-server with forward-zones matching my customers
> private domains, but it seems like quite an ugly hack ..
>
> Here's what I think is important from my current config:
>
> # Global DDNS settings
> ddns-update-style interim;
> ignore client-updates;
> ddns-updates off;
> update-static-leases on;
> update-conflict-detection off;
> use-host-decl-names on;
> ddns-domainname "cm.example.com";
>
> # DNS update key
> key dhcp-key {
> algorithm hmac-md5;
> secret "<key>";
> }
>
> # DNS zones
> zone cm.example.com. { primary <ip>; key dhcp-key; }
> zone x.x.123.in-addr.arpa. { primary <ip>; key dhcp-key; }
>
> # Parse client mac-adresse with 0 as prefix
> set macadr = concat(
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware, 1, 1))),2),
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware, 2, 1))),2),
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware, 3, 1))),2),
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware, 4, 1))),2),
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware, 5, 1))),2),
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware, 6, 1))),2)
> );
>
> # Shared networks behind docsis CMTS
> shared-network klient-lan {
> # Match docsis routers
> class "docsis-rg" {
> match if substring(option vendor-class-identifier,0,6)
> = "RG 1.0";
> }
>
> # Ip-net for docsis routers
> subnet 123.x.x.0 netmask 255.255.255.0 {
> authoritative;
> option subnet-mask 255.255.255.0;
> option broadcast-address 123.x.x.255;
> option routers 123.x.x.1;
> ddns-updates on;
> ddns-hostname = pick-first-value (ddns-hostname,
> concat("rg", macadr));
>
> pool {
> failover peer "cm";
> allow members of "docsis-rg";
> range 123.x.x.50 123.x.x.254;
> }
> }
> }
>
> host whatever {
> hardware ethernet 11:22:33:44:55:66;
> fixed-address 123.x.x.8;
> ddns-hostname "whatever";
> ddns-domainname "privatedomain.com";
> do-forward-updates off;
> }
>
> Regards,
>
> Kristian
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list