[Pdns-users] PowerDNS Recursor (+PDNS?) and auto-update of local hostname DNS

Nicholas Williams nicholas at nicholaswilliams.net
Sat Oct 17 19:54:43 UTC 2020


I have a follow-up question and a follow-up concern:

First, the concern. I run MySQL in master/slave replication mode. I have a master MySQL server that I write to, and the PowerDNS servers connect to the slaves, not the master. Is there some way to tell PowerDNS to send updates to the master, or will I have to change one of the servers to connect to the master and explicitly send updates only to that server?

Second, my question: Is there anyway to customize the queries that PowerDNS uses to update the records? Specifically, I would like to add a flag to records that were added or updated with Dynamic DNS so that my administrative console can differentiate between those and explicit records.

Thanks,

Nick

> On Oct 17, 2020, at 06:22, Nicholas Williams <nicholas at nicholaswilliams.net> wrote:
> 
> Thanks, everyone! I knew about DDNS and how it works, but I just thought it was how public hosts that can’t have static IPs update their own DNS records. I did not realize that DHCP servers employ DDNS to update DNS records on behalf of DHCP clients. I’ll look into this more, and also post in the VyOS forums.
> 
> Thanks!
> 
> Nick
> 
>>> On Oct 17, 2020, at 02:49, Brian Candler <b.candler at pobox.com> wrote:
>>> 
>>> On 17/10/2020 03:22, Nicholas Williams via Pdns-users wrote:
>>> Hello all,
>>> 
>>> For background/context, I currently run a geographically-dispersed PowerDNS infrastructure with a MySQL backend publicly, and then on a private network I run PowerDNS Recursor for name resolution.
>>> 
>>> My router software is VyOs <https://www.vyos.io/>, which is the base OS on which UniFi’s router software is based. It is set up to push out the IP addresses for my PowerDNS Recursor servers with DHCP assignments. Recursor has a single authoritative domain for which it uses a hand-coded zone file to serve out the static IPs for all the known hostnames on the internal network. It recurses all other domains.
>>> 
>>> I know that when hosts get DHCP assignments, they can tell the DHCP server what their hostname is, and the DHCP server can do “something” with that. As much as I know about DNS, I find myself not knowing what this protocol is called or how it works. What I would like to do is add/update that host name to the authoritative local domain. I don’t think I can do this with just Recursor (but maybe I’m wrong). I think I will probably need to also run an Authoritative server and point Recursor to that server for the local domain.
>>> 
>>> What I am looking for are any suggestions, tutorials, documentation, or write-ups about how to do this.
>> 
>> For questions along the lines of "how does VyOS's DHCP server interact with a DNS server?" you'd be better off asking on a VyOS forum.
>> 
>> FWIW: all DHCP servers I've worked with that interact with DNS work as follows:
>> 
>> 1. They receive a DHCP request from the client (which may include a hostname that the client requests)
>> 2. They assign an IP address from a pool
>> 3. They perform a Dynamic DNS update (RFC 2136) for a pre-configured zone, inserting the given hostname.
>> 
>> But you said something else: VyOS is "set up to push out the IP addresses for my PowerDNS Recursor servers with DHCP assignments".  Now, DHCP servers *can* give out specific IP addresses to specific clients, with a table of assignments to give out.  Normally it's done by MAC address, but it can be done based on the client-provided hostname.  However, if you do it that way round, there's no need for dynamic DNS updates, since essentially every client gets a static IP address anyway.
>> 
>> From your description I'm also confused as to whether you are giving out DHCP addresses to regular clients, or just to the servers where PDNS recursor is running.
>> 
>> You also said:
>> 
>>> Recursor has a single authoritative domain for which it uses a hand-coded zone file to serve out the static IPs for all the known hostnames on the internal network. It recurses all other domains.
>> 
>> I presume you mean via the "auth-zones" configuration? That's a frig for a handful of statically configured addresses, and you won't be able to do dynamic DNS updates on that.  If you need DDNS updates with powerdns then you need a separate pdns-authoritative server with a database backend, and you'd forward the zone to that, just as you said.  (It has to be a database backend - pdns-auth's BIND backend doesn't accept DDNS updates).
>> 
>> Depending on the specifics of VyOS's DHCP server, the likely configuration is to set up a PDNS zone which can be updated using a TSIG key for authentication, and put that into the VyOS DHCP server.  If the VyOS DHCP server can do that, then there's no need for LUA scripting.
>> 
>> 
>>> I think I can probably hack a non-standard solution with a Lua script that runs on my router to execute a command to update a host MySQL record every time a DHCP assignment happens, but I am hoping that there is an accepted/standard/common way of doing this that I don’t know about.
>>> 
>> For the pdns side, see https://docs.powerdns.com/authoritative/dnsupdate.html
>> 
>> I can't speak to specifics of VyOS, but "dynamic DNS updates", "TSIG", "RFC2136" may be useful search terms when going through their documentation.
>> 
>> Regards,
>> 
>> Brian.
>> 


More information about the Pdns-users mailing list