[Pdns-users] PowerDNS Recursor (+PDNS?) and auto-update of local hostname DNS

jb-wisemo jb-powerdns at wisemo.com
Mon Oct 19 14:26:02 UTC 2020 

On 2020-10-17 09:49, Brian Candler via Pdns-users wrote:
> On 17/10/2020 03:22, Nicholas Williams via Pdns-users wrote:
>> Hello all,
>>
>> For background/context, I currently run a geographically-dispersed 
>> PowerDNS infrastructure with a MySQL backend publicly, and then on a 
>> private network I run PowerDNS Recursor for name resolution.
>>
>> My router software is VyOs <https://www.vyos.io/>, which is the base 
>> OS on which UniFi’s router software is based. It is set up to push 
>> out the IP addresses for my PowerDNS Recursor servers with DHCP 
>> assignments. Recursor has a single authoritative domain for which it 
>> uses a hand-coded zone file to serve out the static IPs for all the 
>> known hostnames on the internal network. It recurses all other domains.
>>
>> I know that when hosts get DHCP assignments, they can tell the DHCP 
>> server what their hostname is, and the DHCP server can do “something” 
>> with that. As much as I know about DNS, I find myself not knowing 
>> what this protocol is called or how it works. What I would like to do 
>> is add/update that host name to the authoritative local domain. I 
>> don’t think I can do this with just Recursor (but maybe I’m wrong). I 
>> think I will probably need to also run an Authoritative server and 
>> point Recursor to that server for the local domain.
>>
>> What I am looking for are any suggestions, tutorials, documentation, 
>> or write-ups about how to do this.
>
> For questions along the lines of "how does VyOS's DHCP server interact 
> with a DNS server?" you'd be better off asking on a VyOS forum.
>
> FWIW: all DHCP servers I've worked with that interact with DNS work as 
> follows:
>
> 1. They receive a DHCP request from the client (which may include a 
> hostname that the client requests)
> 2. They assign an IP address from a pool
> 3. They perform a Dynamic DNS update (RFC 2136) for a pre-configured 
> zone, inserting the given hostname.
>
For your information, there are some DHCP servers that use different 
(non-public) protocols for sending the name/IP pairs to a same-brand DNS 
server.  Most commonly, dnsmasq-dhcp (used in many routers) has a DNS 
server in the same process, while Microsoft DHCP/DNS uses the Active 
directory LDAP as a common database for DHCP and DNS.


> But you said something else: VyOS is "set up to push out the IP 
> addresses for my PowerDNS Recursor servers with DHCP assignments".  
> Now, DHCP servers *can* give out specific IP addresses to specific 
> clients, with a table of assignments to give out.  Normally it's done 
> by MAC address, but it can be done based on the client-provided 
> hostname.  However, if you do it that way round, there's no need for 
> dynamic DNS updates, since essentially every client gets a static IP 
> address anyway.
>
You missed the most obvious case of DHCP pushing out DNS IPs: DHCP 
servers can be (and usually are) configured to tell all clients what the 
IP addresses of the DNS recursors on the network are, so the DHCP 
clients can configure themselves to use those servers.


> From your description I'm also confused as to whether you are giving 
> out DHCP addresses to regular clients, or just to the servers where 
> PDNS recursor is running.
>
> You also said:
>
> > Recursor has a single authoritative domain for which it uses a 
> hand-coded zone file to serve out the static IPs for all the known 
> hostnames on the internal network. It recurses all other domains.
>
> I presume you mean via the "auth-zones" configuration? That's a frig 
> for a handful of statically configured addresses, and you won't be 
> able to do dynamic DNS updates on that.  If you need DDNS updates with 
> powerdns then you need a separate pdns-authoritative server with a 
> database backend, and you'd forward the zone to that, just as you 
> said.  (It has to be a database backend - pdns-auth's BIND backend 
> doesn't accept DDNS updates).
>
> Depending on the specifics of VyOS's DHCP server, the likely 
> configuration is to set up a PDNS zone which can be updated using a 
> TSIG key for authentication, and put that into the VyOS DHCP server.  
> If the VyOS DHCP server can do that, then there's no need for LUA 
> scripting.
>
>
>> I think I can probably hack a non-standard solution with a Lua script 
>> that runs on my router to execute a command to update a host MySQL 
>> record every time a DHCP assignment happens, but I am hoping that 
>> there is an accepted/standard/common way of doing this that I don’t 
>> know about.
>>
> For the pdns side, see 
> https://docs.powerdns.com/authoritative/dnsupdate.html
>
> I can't speak to specifics of VyOS, but "dynamic DNS updates", "TSIG", 
> "RFC2136" may be useful search terms when going through their 
> documentation.
>


Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the Pdns-users mailing list