[Pdns-users] PowerDNS Recursor (+PDNS?) and auto-update of local hostname DNS

Sat Oct 17 07:49:00 UTC 2020

On 17/10/2020 03:22, Nicholas Williams via Pdns-users wrote:
> Hello all,
>
> For background/context, I currently run a geographically-dispersed 
> PowerDNS infrastructure with a MySQL backend publicly, and then on a 
> private network I run PowerDNS Recursor for name resolution.
>
> My router software is VyOs <https://www.vyos.io/>, which is the base 
> OS on which UniFi’s router software is based. It is set up to push out 
> the IP addresses for my PowerDNS Recursor servers with DHCP 
> assignments. Recursor has a single authoritative domain for which it 
> uses a hand-coded zone file to serve out the static IPs for all the 
> known hostnames on the internal network. It recurses all other domains.
>
> I know that when hosts get DHCP assignments, they can tell the DHCP 
> server what their hostname is, and the DHCP server can do “something” 
> with that. As much as I know about DNS, I find myself not knowing what 
> this protocol is called or how it works. What I would like to do is 
> add/update that host name to the authoritative local domain. I don’t 
> think I can do this with just Recursor (but maybe I’m wrong). I think 
> I will probably need to also run an Authoritative server and point 
> Recursor to that server for the local domain.
>
> What I am looking for are any suggestions, tutorials, documentation, 
> or write-ups about how to do this.

For questions along the lines of "how does VyOS's DHCP server interact 
with a DNS server?" you'd be better off asking on a VyOS forum.

FWIW: all DHCP servers I've worked with that interact with DNS work as 
follows:

1. They receive a DHCP request from the client (which may include a 
hostname that the client requests)
2. They assign an IP address from a pool
3. They perform a Dynamic DNS update (RFC 2136) for a pre-configured 
zone, inserting the given hostname.

But you said something else: VyOS is "set up to push out the IP 
addresses for my PowerDNS Recursor servers with DHCP assignments".  Now, 
DHCP servers *can* give out specific IP addresses to specific clients, 
with a table of assignments to give out.  Normally it's done by MAC 
address, but it can be done based on the client-provided hostname.  
However, if you do it that way round, there's no need for dynamic DNS 
updates, since essentially every client gets a static IP address anyway.

 From your description I'm also confused as to whether you are giving 
out DHCP addresses to regular clients, or just to the servers where PDNS 
recursor is running.

You also said:

 > Recursor has a single authoritative domain for which it uses a 
hand-coded zone file to serve out the static IPs for all the known 
hostnames on the internal network. It recurses all other domains.

I presume you mean via the "auth-zones" configuration? That's a frig for 
a handful of statically configured addresses, and you won't be able to 
do dynamic DNS updates on that.  If you need DDNS updates with powerdns 
then you need a separate pdns-authoritative server with a database 
backend, and you'd forward the zone to that, just as you said.  (It has 
to be a database backend - pdns-auth's BIND backend doesn't accept DDNS 
updates).

Depending on the specifics of VyOS's DHCP server, the likely 
configuration is to set up a PDNS zone which can be updated using a TSIG 
key for authentication, and put that into the VyOS DHCP server.  If the 
VyOS DHCP server can do that, then there's no need for LUA scripting.

> I think I can probably hack a non-standard solution with a Lua script 
> that runs on my router to execute a command to update a host MySQL 
> record every time a DHCP assignment happens, but I am hoping that 
> there is an accepted/standard/common way of doing this that I don’t 
> know about.
>
For the pdns side, see 
https://docs.powerdns.com/authoritative/dnsupdate.html

I can't speak to specifics of VyOS, but "dynamic DNS updates", "TSIG", 
"RFC2136" may be useful search terms when going through their documentation.

Regards,

Brian.