DNS: allow update from DHCP #29
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
In order to enable a user to simply reach a headless device such as a Raspberry Pi via DNS we should:
dns-intern
to sqlite backendusers.binary.kitchen
(or similar)I am still not sure how to handle sync/resync/consistency issues considering that there are two DHCP and two DNS servers running
Why do we need two DHCP or DNS servers? Couldn't we just allow ddns updates from the user ip range to the users.binary.kitchen zone?
We need two DHCP and DNS servers for redudndancy reasons, because without an IP and being able to resolve domain names the doorlock won't work.
I think I'll just do a proof of concept, maybe with
users.binary.kitchen
as its own zone so it can update independently of the server/service entries.ISC dhcpd can only send ddns updates to a server running on port 53 - this means that we are required to use dnsdist as frontend for DNS running on port 53 which will then forward queries (and updates) to either the local auth. server, or the local recursor - depending on the domain.
Another problem to solve is the initial content of the
users.binary.kitchen
zone.Vague idea: check if if the zone name is in the output of
pdnsutil list-all-zones
and if not callpdnsutil load-zone
Another question is how to keep the DNS zones in sync.
First idea would be to make one of the authoritative servers primary for the
users.binary.kitchen
zone and the other secondary. Which would mean no updates at all while the primary is down. On the other hand both servers would be in sync and give consistent answers.Another Option would be to always update both servers, but this approach might eventually go out of sync if one of them is offline.
Proof of concept (Update from dhcpd against localhost, dnsdist on port 53, sqlite backed zone) seems to work okay so far.
Forward entries for clients implemented in
e8dcf169e2
using a master/slave setup