ISC DHCP Users

Can you somehow send DDNS update twice for zone?

Classic

List

Threaded

4 messages Options

SoLoR

Can you somehow send DDNS update twice for zone?

Hey, hope someone can help or at least tell me its not possible because im
going crazy already :)

Here is the scenario.

Im runing both DHCPv4 and DHCPv6 server, v4 is serving local IPs and v6 is
serving public ips. Both are currently updating in to lets say
lan.domain.com and everything is working as it suppose to however i dont
like that if you resolve host from outside (lets say test.lan.domain.com)
you will get local A and public AAAA record. So i decided it would be good
to split configuration in bind in to internal and public view for that
doimain. In internal view resolving hosts in lan.domain.com would give both
A and AAAA records, but in public view you would only get AAAA. However here
is a problem, to get this to work i would need to somehow convince dhcpv6
server to send AAAA record update TWICE, one for public and one for
internal, however since its technically same domain i cant find combination
that would work. I tried adding 2 ips in to primary, in hope it will update
both primary and i can separate them in bind with proper matching key/ip,
without success, i tried double zone statements with different key/primary
combination, no luck...

So bottom line, is there a way for dhcp to send dns update for same zone
twice? Or i guess other option would be to somehow pass update from one view
to the other in bind...

--
Sent from: http://isc-dhcp-users.2343191.n4.nabble.com/
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Tony Finch

Re: Can you somehow send DDNS update twice for zone?

SoLoR <[hidden email]> wrote:

> Or i guess other option would be to somehow pass update from one view
> to the other in bind...

If your zone isn't very big or updated very frequently, and if you are up
for a bit of duct-tape-and-string scripting, you can sort of do this with
a couple of my tools:

Get BIND to send NOTIFY messages to `nsnotifyd` when the internal view is
updated. `nsnotifyd` is a tiny server which fires off a script when it is
notified:

http://www.dotat.at/prog/nsnotifyd/

Write a script to `dig axfr` the internal zone and create the external
version.

Use `nsdiff` to update the live external zone based on the version your
script created.

https://dotat.at/prog/nsdiff/

Tony.
--
f.anthony.n.finch <[hidden email]> http://dotat.at/
Sole, Lundy, Fastnet: Southwest 5 to 7, perhaps gale 8 later in west Sole.
Moderate or rough, occasionally very rough in Sole. Rain or showers. Good,
occasionally poor.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Simon Hobson

Re: Can you somehow send DDNS update twice for zone?

In reply to this post by SoLoR

SoLoR <[hidden email]> wrote:

> Im runing both DHCPv4 and DHCPv6 server, v4 is serving local IPs and v6 is
> serving public ips. Both are currently updating in to lets say
> lan.domain.com and everything is working as it suppose to however i dont
> like that if you resolve host from outside (lets say test.lan.domain.com)
> you will get local A and public AAAA record. So i decided it would be good
> to split configuration in bind in to internal and public view for that
> doimain. In internal view resolving hosts in lan.domain.com would give both
> A and AAAA records, but in public view you would only get AAAA. However here
> is a problem, to get this to work i would need to somehow convince dhcpv6
> server to send AAAA record update TWICE, one for public and one for
> internal, however since its technically same domain i cant find combination
> that would work. I tried adding 2 ips in to primary, in hope it will update
> both primary and i can separate them in bind with proper matching key/ip,
> without success, i tried double zone statements with different key/primary
> combination, no luck...
>
> So bottom line, is there a way for dhcp to send dns update for same zone
> twice? Or i guess other option would be to somehow pass update from one view
> to the other in bind...

AFAIK there is no way to do this directly - there will be other ways such as that suggested by Tony.

However, I would question whether this is actually what you want to do.
For services which are to be externally accessible, I would expect those to have static entries. In general, I would expect other internal host to not appear in the DNS at all - so they would not have AAAA record in your public view.

Also, what are you doing for reverse lookups ? The same problem would apply there unless you configure the relevant ip6.arpa zone in one view to be a forwarder or slave of the same zone in the other view. But from a privacy perspective, having public reverse lookups gives a name to each IP address - making the use of privacy addressing moot.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

SoLoR

Re: Can you somehow send DDNS update twice for zone?

in-addr.arpa for domain with local ips is only for local view and ip6.arpa is for both, for ip6.arpa i can use in-view or set 1 view as a master and other one as a slave.., i had only issue with forward zone since you kinda need to update it twice with different records for each view.

Also this is just for my home network, ~20-25 devices most dont even have ipv6, im just playing around trying to find out if/what is possible and after basically a day of searching google and reading docs i run out of ideas so i decided to write here 😊

Gonna try Tonys idea tomorrow (or maybe in the evening). Thanks!

From: dhcp-users <[hidden email]> on behalf of Simon Hobson <[hidden email]>
Sent: 05 December 2018 12:23
To: Users of ISC DHCP
Subject: Re: Can you somehow send DDNS update twice for zone?

SoLoR <[hidden email]> wrote:

> Im runing both DHCPv4 and DHCPv6 server, v4 is serving local IPs and v6 is
> serving public ips. Both are currently updating in to lets say
> lan.domain.com and everything is working as it suppose to however i dont
> like that if you resolve host from outside (lets say test.lan.domain.com)
> you will get local A and public AAAA record. So i decided it would be good
> to split configuration in bind in to internal and public view for that
> doimain. In internal view resolving hosts in lan.domain.com would give both
> A and AAAA records, but in public view you would only get AAAA. However here
> is a problem, to get this to work i would need to somehow convince dhcpv6
> server to send AAAA record update TWICE, one for public and one for
> internal, however since its technically same domain i cant find combination
> that would work. I tried adding 2 ips in to primary, in hope it will update
> both primary and i can separate them in bind with proper matching key/ip,
> without success, i tried double zone statements with different key/primary
> combination, no luck...
>
> So bottom line, is there a way for dhcp to send dns update for same zone
> twice? Or i guess other option would be to somehow pass update from one view
> to the other in bind...

AFAIK there is no way to do this directly - there will be other ways such as that suggested by Tony.

However, I would question whether this is actually what you want to do.
For services which are to be externally accessible, I would expect those to have static entries. In general, I would expect other internal host to not appear in the DNS at all - so they would not have AAAA record in your public view.

Also, what are you doing for reverse lookups ? The same problem would apply there unless you configure the relevant ip6.arpa zone in one view to be a forwarder or slave of the same zone in the other view. But from a privacy perspective, having public reverse lookups gives a name to each IP address - making the use of privacy addressing moot.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users