Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-08 Thread Vick Khera 
On Mon, Sep 7, 2015 at 9:24 PM, Ryan Coleman  wrote:

> How do you get this to function with Dyn.com (formerly DynDNS.com <
> http://dyndns.com/
>
> >)? I have the paid domain and I’ve gotten CenturyLink DSL modems to
> negotiate the IP without issue before but I cannot seem to figure out the
> configuration for pfSense.
>

You'd have to ask Dyn if they can make host names within your own domain
dynamic. The dynamic DNS configuration in pfSense is for working with their
existing dynamic DNS domains, like foo.dyndns.org.

Personally, I set up my own personal domain (which I self-host in BIND9) to
work with the RFC 2136 client within pfSense. It involved having a
sub-domain to hold the dynamic parts for easier management. I did not spend
the effort to figure out if I could mix and match static and dynamic domain
names in the top level.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-08 Thread Chris Bagnall 

On 8/9/15 1:04 pm, Vick Khera wrote:

You'd have to ask Dyn if they can make host names within your own domain
dynamic.


I believe they can. I have dyn.mydomain.com delegated to Dyn for 
precisely this purpose (but mydomain.com is managed outside dyn). I can 
then create client1.dyn.mydomain.com, client2, etc. etc. for those 
clients which don't have a static IP (or don't take internet from my 
$dayjob).



Personally, I set up my own personal domain (which I self-host in BIND9) to
work with the RFC 2136 client within pfSense. It involved having a
sub-domain to hold the dynamic parts for easier management.


This sounds like an even better idea. When I investigated it a couple of 
years ago, the config to get RFC2136 working with PowerDNS (which I use 
as authoritative NS) looked scary and complicated, and not something I 
wanted to attempt on a production system.


Would you be willing to share your RFC2136/bind9 config?

Kind regards,

Chris
--
This email is made from 100% recycled electrons
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-08 Thread Ryan Coleman 
Yes. As I previously noted it already works from CenturyLink’s DSL modems.


> On Sep 8, 2015, at 7:04 AM, Vick Khera  wrote:
> 
> 
> You'd have to ask Dyn if they can make host names within your own domain
> dynamic. The dynamic DNS configuration in pfSense is for working with their
> existing dynamic DNS domains, like foo.dyndns.org .

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-08 Thread Vick Khera 
On Tue, Sep 8, 2015 at 8:14 AM, Chris Bagnall 
wrote:

> Would you be willing to share your RFC2136/bind9 config?
>

Here's a copy of my notes:

Dynamic DNS Update


   - Created by Vick Khera ,
   last modified on Nov 10, 2014
   



To support the ever-changing IP address that FiOS issues, dynamic DNS is
configured under the domain dyn.khera.org to work with RFC2136 clients.
The pfSense firewall is able to function as such a client, and to use these
dynamic host names within firewall rules to permit the client to move IP
yet still retain services via the firewall.
Initial Configuration

This configuration is based on that  from
http://www.shakabuku.org/writing/dyndns.html and
https://doc.pfsense.org/index.php/RFC2136_Dynamic_DNS.


*named.conf zone file additions*
1
2
3
4
5
6
7
8
9
include "../dyn-keys.conf";
zone "dyn.khera.org" {
type master;
file "../dynamic/dyn.khera.org";
update-policy {
grant *.dyn.khera.org. self dyn.khera.org. A ;
grant dyn-control zonesub ANY;
};
};



This defines the dynamic zone, which will be periodically written to the
dynamic/dyn.khera.org zone file. Line 1 includes by reference the list of
keys we will allow to update the zone. Line 6 permits keys of the name
format *.dyn.khera.org to update entries of that name only. That is,
foobar.dyn.khera.org key is only permitted to update A and  records for
the domain name foobar.dyn.khera.org and nothing else. The line 7
permissions allows our master control key to update any record in this
zone. Also, in khera.org zone, an entry for dyn.khera.org NS
kci.kcilink.com was
created to send all requests for the dynamic zone to the primary server.

The key for the "dyn-control" is generated using this command:
ddns-confgen -k dyn-control

The resulting key then copied to the top of the dyn-keys.conf file and to
the dyn-control.key file for use with nsupdate command.

Create an empty zone file dyn.khera.org and run rndc reload to load the new
configuration.
Manual Zone Manipulation

Manual control of the zone is done via the nsupdate command. From time to
time, bind will write the dynamic/dyn.khera.org file with the current set
of entries. Between those writes, a journal file is kept to avoid losing
updates.
*Adding an Entry*
# nsupdate -k dyn-control.key
> server localhost
> update add test.dyn.khera.org 60 a 192.168.1.10
> send
*Delete an Entry*
# nsupdate -k dyn-control.key
> server localhost
> update delete test.dyn.khera.org a
> send
Adding Client

To add a client, newhost.dyn.khera.org, first create a key:
ddns-confgen -k newhost.dyn.khera.org -a hmac-md5

Copy the key into the dyn-keys.conf file and execute rndc reload to load
the new key into memory.

The client will then use the following settings:

   - Server: kci.kcilink.com
   - Hostname: newhost.dyn.khera.org
   - Key name: newhost.dyn.khera.org
   - Key: hmac key just generated
   - Key Type: host
   - TTL: 60

The configuration will permit the use of the key name newhost.dyn.khera.org
 to *only* update the A and  records for the domain name
newhost.dyn.khera.org. Any other updates using that key will be denied.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-07 Thread Andrew Mitchell 
Ryan,
I know this is not your question but, my company setup Dynster.net for DDNS 
needs. It's not built in to pfSense because we are trying to get info from devs 
but, we do support a simple manual pfSense integration work around. It does 
work.
Maybe it will help.
Andrew 


 On Monday, September 7, 2015 9:25 PM, Ryan Coleman  
wrote:
   

 This begs the question from me, then…

How do you get this to function with Dyn.com (formerly DynDNS.com 
)? I have the paid domain and I’ve gotten CenturyLink DSL 
modems to negotiate the IP without issue before but I cannot seem to figure out 
the configuration for pfSense.

Thanks!

—
Ryan


> On Sep 7, 2015, at 3:03 PM, David Christensen  
> wrote:
> 
> On 09/07/2015 12:19 PM, David Christensen wrote:
>> But, myself and he.net technical support are unclear as to what needs to
>> be done on the he.net end.
> 
> he.net created the DDNS record, username, and password hash for me.  I 
> entered the information into pfSense and now it works!  :-)
> 
> 
> David
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

  
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-07 Thread Ryan Coleman 
Yes, I know. I didn’t actually message you directly to ask - I asked the 
subscribers on the mailing list.


> On Sep 7, 2015, at 11:08 PM, David Christensen  
> wrote:
> 
> On 09/07/2015 06:24 PM, Ryan Coleman wrote:
>> How do you get this to function with Dyn.com (formerly DynDNS.com 
>> )?
> 
> My current setup has nothing to do with Dyn.  It's he.net and pfSense, 
> exclusively.
> 
> 
> David
> 
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-07 Thread Ryan Coleman 
Thank you. I’ll give it a whirl in a few days.


> On Sep 7, 2015, at 9:15 PM, Chris Bagnall  wrote:
> 
> On 8/9/15 2:24 am, Ryan Coleman wrote:
>> How do you get this to function with Dyn.com (formerly DynDNS.com 
>> )? I have the paid domain and I’ve gotten CenturyLink 
>> DSL modems to negotiate the IP without issue before but I cannot seem to 
>> figure out the configuration for pfSense.
> 
> I've just logged into one of our clients' pfSense boxes that's doing 
> precisely this (albeit with Virgin Media cable here in the UK, but the 
> dyn.com setup should be similar).
> 
> Service type: DynDNS (dynamic)
> Interface to monitor: WAN (or change in multi-wan environment)
> Hostname: FQDN you've set up on dyn.com
> Username / Password: your dyn.com login
> 
> That's about it.
> 
> Kind regards,
> 
> Chris
> -- 
> This email is made from 100% recycled electrons
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-07 Thread Chris Bagnall 

On 8/9/15 2:24 am, Ryan Coleman wrote:

How do you get this to function with Dyn.com (formerly DynDNS.com 
)? I have the paid domain and I’ve gotten CenturyLink DSL 
modems to negotiate the IP without issue before but I cannot seem to figure out the 
configuration for pfSense.


I've just logged into one of our clients' pfSense boxes that's doing 
precisely this (albeit with Virgin Media cable here in the UK, but the 
dyn.com setup should be similar).


Service type: DynDNS (dynamic)
Interface to monitor: WAN (or change in multi-wan environment)
Hostname: FQDN you've set up on dyn.com
Username / Password: your dyn.com login

That's about it.

Kind regards,

Chris
--
This email is made from 100% recycled electrons
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-07 Thread Ryan Coleman 
This begs the question from me, then…

How do you get this to function with Dyn.com (formerly DynDNS.com 
)? I have the paid domain and I’ve gotten CenturyLink DSL 
modems to negotiate the IP without issue before but I cannot seem to figure out 
the configuration for pfSense.

Thanks!

—
Ryan


> On Sep 7, 2015, at 3:03 PM, David Christensen  
> wrote:
> 
> On 09/07/2015 12:19 PM, David Christensen wrote:
>> But, myself and he.net technical support are unclear as to what needs to
>> be done on the he.net end.
> 
> he.net created the DDNS record, username, and password hash for me.  I 
> entered the information into pfSense and now it works!  :-)
> 
> 
> David
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-07 Thread David Christensen 

On 09/07/2015 06:24 PM, Ryan Coleman wrote:

How do you get this to function with Dyn.com (formerly DynDNS.com 
)?


My current setup has nothing to do with Dyn.  It's he.net and pfSense, 
exclusively.



David


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

2015-09-07 Thread Ryan Coleman 

> On Sep 7, 2015, at 8:58 PM, Andrew Mitchell  wrote:
> 
> Ryan,
> I know this is not your question but, my company setup Dynster.net 
>  for DDNS needs. It's not built in to pfSense because we 
> are trying to get info from devs but, we do support a simple manual pfSense 
> integration work around. It does work.
> Maybe it will help.
> Andrew 

Andrew,

I appreciate your message but I have no intention of moving my domain anytime 
soon. It’s just one that I use this for and with it I pay $30/year… I have 15 
named hosts on my personal domain (NS’d there).

I looked at your website and it appears that your service rate of $3/host after 
the first one per month I wouldn’t be able to use the service at all.

Thank you,
Ryan
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client, and Hurricane Electric

2015-09-07 Thread David Christensen 

On 09/07/2015 12:19 PM, David Christensen wrote:

But, myself and he.net technical support are unclear as to what needs to
be done on the he.net end.


he.net created the DDNS record, username, and password hash for me.  I 
entered the information into pfSense and now it works!  :-)



David

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] pfSense 2.2.4, Services: Dynamic DNS client, and HE.net service types

2015-09-07 Thread David Christensen 

pfSense:

The pfSense 2.2.4 "Services: Dynamic DNS client" web control panel page 
"Service Type" drop-down list offers the following three choices (in 
addition to several others):


HE.net
HE.net (v6)
HE.net Tunnelbroker


Do they refer to Hurricane Electric (he.net)?


David
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client, and Hurricane Electric

2015-09-07 Thread David Christensen 

On 09/07/2015 11:39 AM, Vick Khera wrote:

On Mon, Sep 7, 2015 at 2:37 PM, David Christensen  Dynamic DNS client page as follows (I have not 
clicked the "Save" button):


Disable unchecked
Service typeHE.net
Hostname.holgerdanske.com
MX  
Wildcards   unchecked
Verbose logging unchecked
Username
Password
Description 

But, myself and he.net technical support are unclear as to what needs to 
be done on the he.net end.



Is IPv4 dynamic DNS known to work between pfSense and he.net?


Any comments or suggestions to get it working?


TIA,

David

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client, and HE.net service types

2015-09-07 Thread Vick Khera 
On Mon, Sep 7, 2015 at 2:37 PM, David Christensen  wrote:

> Do they refer to Hurricane Electric (he.net
>
> )?
>

yes.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold