pfSense English Support > DHCP and DNS

RFC2136 Server Setup How-to

(1/4) > >>

jimp:
I just added a how-to on the wiki for setting up an RFC2136 server in BIND:

http://doc.pfsense.org/index.php/RFC2136_Dynamic_DNS

It's actually pretty easy/straightforward and works pretty well for me on over two dozen hosts so far.

I also plan on working on some improvements to the RFC2136 GUI as time allows.

NOYB:
 
What great timing.  Just set this up this afternoon using instructions found on internet; http://www.shakabuku.org/writing/dyndns.html (TSIG Signed Updates section).
 
A few variations from what you have here.  Also on a chroot installation of BIND 9 so a few path and permissions differences.
 
Would be interested in the significance of the differences.

--- Code: ---update-policy { grant *.dyn.example.com. self dyn.example.com. A AAAA; };
 vs.
allow-update { key home-dns.shakabuku.org.; };

--- End code ---


--- Code: ---/usr/sbin/dnssec-keygen -K /etc/namedb/keys -a HMAC-MD5 -b 128 -n HOST  myhost.dyn.example.com.
Kmyhost.dyn.example.com.+157+32768
 vs.
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST home-dns.shakabuku.org.

--- End code ---

jimp:
That tutorial is one of a few I drew on for information. I fished around for info from a number of places since several of them didn't agree and in some cases nobody mentioned important information (such as what the zone file should contain) or it wasn't suited for what I wanted to do.

The update-policy vs allow-update differences are just a matter of preference and what you want to do. In my example I wanted to set it up to allow a _lot_ of hosts to update themselves, rather than a single one, and I wanted to restrict them to only updating their A and AAAA records (RFC2136 does support IPv6 and it works fine, btw :-)

The keygen line you have is equivalent the only difference there is the -K which makes it output to the given directory not the current directory. My syntax there has a focus on scripting.

NOYB:
 
Thanks for the additional explanations.
 
Could the RFC2136 help (http://doc.pfsense.org/index.php/RFC2136_Dynamic_DNS) be added to the Dynamic DNS help table of contents and linked from there (http://doc.pfsense.org/index.php/Dynamic_DNS)?
 
You mentioned doing some work on the RFC2136 GUI.  A closed loop status to determine whether or not the update was successful and retry would be nice.  Does DDNS update return any status?  If not maybe a periodic nslookup or something could be used to determine state of the DNS record.
 
Nice work.  Thanks.
 

jimp:

--- Quote from: NOYB on June 28, 2013, 11:22:25 am ---Could the RFC2136 help (http://doc.pfsense.org/index.php/RFC2136_Dynamic_DNS) be added to the Dynamic DNS help table of contents and linked from there (http://doc.pfsense.org/index.php/Dynamic_DNS)?

--- End quote ---

Done!


--- Quote from: NOYB on June 28, 2013, 11:22:25 am ---You mentioned doing some work on the RFC2136 GUI.  A closed loop status to determine whether or not the update was successful and retry would be nice.  Does DDNS update return any status?  If not maybe a periodic nslookup or something could be used to determine state of the DNS record.

--- End quote ---

I'm not sure what all I'm going to do, but I do want to bring it closer in-line with what is being done by the main dyndns tab. So probably things like: Option to use a public IP if WAN is private, showing the cached IP/check if it's up-to-date, adding these hostnames to the rebinding/referer check lists, and adding gateway group support.

Navigation

[0] Message Index

[#] Next page

Go to full version