Morning!
What I have not seen mentioned:
dhcpd.conf -> "deny unknown-clients;"
Beware if you use static leases as already mentioned, then dhcpd does
*not* feed the IPs to it's PF tables when it hands the IP out to the
client.
If you do:
host foobar { hardware ethernet a8:34:6a:e1:1d:1c; }
with "deny unknown-clients" directive, then the IP is taken from the
"range" pool but only for known MACs.
See net/arpd and net/arpwatch packages(7)!
As for your hosts(5) versus unbound(8) problem, I've the following:
$ whence vihosts
'doas vi /etc/hosts; hoststounbound'
$ whence hoststounbound
'grep -v -e ^# -e ^$ /etc/hosts | hoststounbound.sh hosts > \
/var/unbound/etc/localzone.hosts.conf; reload-unbound'
$ whence reload-unbound
'doas unbound-control -c /var/unbound/etc/unbound.conf reload'
"hoststounbound.sh" is a script that parses hosts(5) lines and outputs a
valid unbound.conf(5) config. feedback, improvements, all welcome:
#!/bin/sh -eu
_zone=${1:-"hosts"}
_ttl=${2:-"3600"}
_ip=""
_names=""
_name=""
_line=""
_word=""
print "server:\n"
print "local-zone: \"${_zone}\" transparent\n"
while read _line; do
_ip=""
_names=""
for _word in $_line; do
if [[ "X${_word}" == X"#"* ]]; then
break
elif [[ -z $_ip ]]; then
_ip="${_word}"
else
_names="${_names}${_word} "
fi
done
#[[ "X${_ip}" == X"127.0.0.1" || "X${_ip}" == X"::1" ]] && continue
a="A"
[[ "X${_ip}" == X*":"* ]] && a="AAAA"
for _name in ${_names}; do
[[ ${_name%%.*} == "*" ]] && { _name=${_name#*.}; \
print "local-zone: \"${_name}.\" redirect"; }
print "local-data: \"${_name}. ${_ttl} ${a} ${_ip}\""
[[ "X${_ip}" == X"0.0.0.0" ]] || \
print "local-data-ptr: \"${_ip} ${_ttl} ${_name}\"\n"
done
done
Marcus
pipat...@gmail.com (Anders Andersson), 2020.01.06 (Mon) 13:24 (CET):
> I'm in the process of replacing an aging OpenWRT device on my home LAN
> with an apu4d4 running OpenBSD as my personal router.
>
> I would like to use unbound as a caching DNS server for my local
> hosts, but I'm trying to figure out how to handle local hostnames. It
> seems like a common scenario but I can't find a solution that feels
> like the "right" way. I have two problems, one is trivial compared to
> the other.
>
>
> My first and very minor issue is that I would like to register my
> static hosts in a more convenient way than what's currently offered by
> unbound. From what I understand you would configure your local hosts
> something like this:
>
> local-zone: "home.lan." static
> local-data: "laptop.home.lan. IN A 10.0.0.2"
> local-data-ptr: "10.0.0.2 laptop.home.lan"
>
> Every time information has to be entered twice there is room for error
> and inconsistencies, so preferably this list should be automatically
> generated from a simpler file, maybe /etc/hosts. I can of course
> easily write such a script, but I'm wondering if there might be a
> standard, go-to way of doing this.
>
>
>
> My second and more difficult issue is that I can't seem to find a way
> to feed information from the DHCP server into unbound, so that locally
> assigned hosts can be queried by their hostnames. To clarify with an
> example:
>
> 1. I install a new system and in the installation procedure I name it "alice".
> 2. "alice" asks for and receives an IP number from my DHCP server.
> 3. Every other machine can now connect to "alice" by name, assuming
> that "alice" informed the DHCP server of its name when asking for an
> address.
>
> Currently this works because OpenWRT is using dnsmasq which is both a
> caching DNS server and a DHCP server, so the left hand knows what the
> right hand is doing. How can I solve this in OpenBSD base without
> jumping through hoops?
>
> Right now I'm considering something that monitors dhcpd.leases for
> changes and updates a running unbound using unbound-control(8) but I
> don't feel confident enough writing such a tool that does not miss a
> lot of corner cases and handle startup/shutdown gracefully. I'm also
> thinking that it can't be such an unusual use case, so someone surely
> must have written such a tool already. I just haven't found any in my
> search.
>
> Or am I doing this the wrong way? I've now read about things like mDNS
> and Zeroconf and Avahi and I'm just getting more and more confused.
> Ideas are welcome!
