My purpose here is to allow dynamic dns updates
via nsupdate from a dhcp clients where addresses
are subject to change. I have a solution that
will remain stable so long as the !command
hook in hostname.if remains stable. This is
not as good as the dhclient.conf script interface
as it can't exclude calls that don't change
the interface, but hey...
# more /etc/hostname.nfe0
dhcp
!/usr/local/sbin/dydns.sh $if
more /usr/local/sbin/dydns.sh
#!/bin/ksh
#rdate to make sure we're sync'd with the dydns server
echo $@ >> /tmp/ddns.log
date >> /tmp/ddns.log
/usr/sbin/rdate -o 192.168.1.22
export ADDR=`ifconfig $1 | grep "inet "| cut -d ' ' -f 2`
echo "server 192.168.1.22
zone indx.ca
key u32.indx.ca 7U6+9Bqymcyn21vLHIlf9DWVIYvljkn/GIMqNhg3YpaSxUDoarpBPz/J
Pm52kWD9GG1mpewiiKsYCcarWF2wUg==
update delete u32.indx.ca. A
update add u32.indx.ca. 86400 A $ADDR
send
" | nsupdate
exit 0
where key is the shared private key produced by the output of
dnssec-keygen -a HMAC-MD5 -b 512 -n USER u32.indx.ca.
found in the output file Ku32.indx.ca.+157+08659.private
and added to /var/named/keys.conf on the named server
in the form
key "u32.indx.ca" {
algorithm hmac-md5;
secret "7U6+9Bqymcyn21vLHIlf9DWVIYvljkn/GIMqNhg3YpaSxUDoarpBPz/J
Pm52kWD9GG1mpewiiKsYCcarWF2wUg==";
};
and an entry to etc/named.conf
zone "indx.ca"
{
...
allow-update
{
.
.
key u32.indx.ca ;
.
.
};
};
Dhu
On Mon, 29 Sep 2014 14:13:48 +0200
Bruno Flueckiger <inform...@gmx.net> wrote:
> On 29.09.2014 13:39, Duncan Patton a Campbell wrote:
> > On Mon, 29 Sep 2014 05:28:27 -0600
> > Duncan Patton a Campbell <campb...@neotext.ca> wrote:
> >
> >> /etc/dhclient.conf used to contain a
> >>
> >> script "tosomfile" ;
> >>
> >> option that could, amongst other things, be used to
> >> set a dynamic assigned dns address to a named server.
> >>
> >> This functionality has been removed and I am trying to
> >> figure out if there was some other mechanism to accomplish
> >> this but I can't find any refs to it in the changes
> >> between 5.1 and 5.5.
> >>
> >> Any info would be appreciated.
> >>
> >> Thanks,
> >>
> >> Dhu
> >>
> >> --
> >> Ne obliviscaris, vix ea nostra voco.
> >>
> >>
> >>
> >
> > I found it in the 5.3 changes..
> >
> > "Removed dhclient-script(8) and dhclient.conf(5) "script" directive.
> > Do all interface and route configuration via ioctl's and routing
> > sockets. "
> >
> > Unfortunately this mechanism was used for more than just routing. And
> > without a dhclient-script to
> > hack I don't see how a dynamic address can be updated vi the named/key
> > mechanism.
> >
> > Dhu
>
> If your goal is to set entries in DNS for a machine which acts as DHCP
> client there are two other possibilities I know of:
>
> 1. Use a reservation in DHCP server together with fixed entries in DNS
>
> 2. Get ISC DHCP from ports and configure it to make dynamic updates to
> BIND
>
> Depending on your exact setup there may be other ways to achieve the
> same as you did with the script.
>
> Bruno
>
>
--
Ne obliviscaris, vix ea nostra voco.
