On Fri, Nov 17, 2017 at 2:36 PM, Timothe Litt <l...@acm.org> wrote: > > On 17-Nov-17 14:48, Mark Andrews wrote: > > Alternatively use a http server that can update the records for the > interfaces it is listening on. > > This sort of thing is possible. Named gets informed by the OS when addresses > get added and removed. It currently just adds and removes listening sockets > but you could trigger other actions like sending dynamic dns updates. > > Unless you ask for the functionality it won’t be added. > > > -- > Mark Andrews > > On 18 Nov 2017, at 06:38, Mark Andrews <ma...@isc.org> wrote: > > Just have the machine hosting the http server do a dynamic update of the A > ana AAAA records when they are assigned to the interface. > > It should be possible to get the os to run a program when this happens so it > can perform a second dynamic update on a the different name. > > -- > Mark Andrews > > We don't have the whole story from the OP, but in the typical configuration > that prompts this question, neither will solve the problem. The problem is > that the dhcp client and http server are likely not the same machine. > You are correct sir. :-)
> If you have a dynamic IP(v4) address & want to update DNS for a server, it's > probably NATed (by a router) before the HTTP server sees it. > All clients accessing the web server are also in the nat so this shouldn't matter > The HTTP server always listens on the inside NAT address. So it won't see > an address change on its interface. > No it sees a change when rebooted. The other issue is when it is cloned and renamed it is then two different machines that currently have it autogen a new zone and dname with the windows 2008r2 method > The router implementing NAT is what will get the dynamic address, from an > ISP. If it's a sealed box, it probably has support for updating DNS - > though it's typically the dyndns protocol, not DNS update. (Assuming the > ISP hasn't disabled the feature.) This is what dyndns, NO-IP, & others use. > If you can modify the URL that it uses, you can point it to your own script, > which then does a DNS UPDATE transaction. I use this approach with Cisco > IOS routers - though many others allow this - and still others can be fooled > (e.g. with a HOSTS entry for one of the update servers). What's nice about > this is that you don't have to jailbreak or modify anything. Just pretend > to be an update service. > > If you're using a jailbroken or other Linux router, and it happens to be the > same physical machine as HTTP server, it could look for routing updates on > the external interface. I don't think this is a common case (except for > jailbroken routers - like OpenWRT). > > Most often, the HTTP server is on a separate machine and LAN - it can't see > the external interface that gets the dynamic address. > > When the router won't notify someone about address changes, the usual > solution is for something behind the NAT to poll an external public server > for your IP address, then use the result to initiate a DNS UDPATE. (e.g. A > local script asks the external server to return the IP address that > contacted it. (REMOTE_ADDR)) There are a bunch of services and scripts for > this. Most of the scripts update a DNS provider with the dyndns protocol > (others use it). The nicer "what's my IP address) scripts return json. But > changing them to do DNS UPDATE is pretty simple - See Net::DNS if you're a > Perl person. > > If you have more than one site - or a friend - and prefer to be independent, > you can easily write your own CGI scripts to return the other's IP address. > echo "Content-Type: text/plain\nConnection:close\n\n$REMOTE_ADDR\n"; exit > (If your friend doesn't have a static IP address, beware of deadlocks.) > > If you have access to the DHCP client's status (e.g. a leases file or some > GUI or CLI on the router), you can sometimes get the external address from > there. > > A web search for "dynamic IP update script" will turn up lots of resources - > scripts & services. > > A drawback with polling solutions is that they're not instantaneous - you > get the polling delay on top of whatever minimum TTL the DNS service > imposes. (And there are limits on how fast you can - or would want to - > poll.) That's fine for home hobbyists - especially since dynamic IP > addresses are often stable for a VERY long time. But I would be careful > about running a business or other critical server where DNS updates lag > address changes. > > So get a router that talks some dynamic update protocol and go from there. > That minimizes the delay, and avoids having to retrieve your public address > from an external source. > > https://help.dyn.com/remote-access-api/perform-update/ defines the dyndns > update protocol - writing a server is straightforward. > > Of course if you have IPv6 - and are getting a dynamic address - you don't > have to deal with NAT. In that case, you can certainly have dhclient or > RTNETLINK (see ip monitor) trigger a script. > > But note that in the problem statement is: > > the super domain is managed by an outside service. > > This probably makes the OP's life more difficult. Those services tend not > to support DNS UPDATE (or even dyndns update). In that case, you're into > using curl/wget to forms to their web gui. And tracking their > "improvements". > > Grief like that is why I ended up running my own DNS master server...and > getting static IP addresses for my central site. > > I guess I should point out that the ISP that is providing the dynamic IP > address may consider running a server as a violation of their Terms of > Service, even if they don't block the port(s) that you want to use. > > > On 18 Nov 2017, at 04:19, Jeff Sadowski <jeff.sadow...@gmail.com> wrote: > > I am a bit confused by DNAME's > I had used them before but I may have used them wrong. > > On windows 2008r2 I have some zone's where I create a DNAME for the > root and point it to an A record. > > IE: > > zone bla.bla > SOA <standard SOA> > NS <mydns> > DNAME www.bla.com > > where www.bla.com is an A record. > > the reason I was doing this is because www.bla.com has a dhcp assigned > address > > and I want bla.bla to always point to it. > windows dns does not allow a cname at the root of a zone. > > as of 2012r2 with updates this no longer works. > > So I decided to see what bind would do with DNAME If I tried a similar > experiment > I have a db.self file I used when I want certain outside addresses to > point back to my inside addresses. > > my db.self file looks like so > > > $TTL 3D > @ 1D IN SOA ns jeffsadowski.gmail.com. ( > 2017081201 ; > 3H ; > 15 ; > 1w ; > 3h ; > ) > @ IN NS ns > ns IN A 192.168.1.252 > @ IN A 192.168.1.252 > > And I wand similar for my DNAME so I created db.dname that looks like so > > $TTL 3D > @ 1D IN SOA ns jeffsadowski.gmail.com. ( > 2017081201 ; > 3H ; > 15 ; > 1w ; > 3h ; > ) > @ IN NS ns > ns IN A 192.168.1.252 > @ IN DNAME methanemaker.mooo.com > > then when I try and start bind I get error messages like so > > Nov 17 09:55:53 methanemaker bash[7049]: zone bla.bla/IN: NS > 'ns.bla.bla' is below a DNAME 'bla.bla' (illegal) > Nov 17 09:55:53 methanemaker bash[7049]: zone bla.bla/IN: not loaded > due to errors. > > I tried without the NS likes and I get this message > > Nov 17 09:48:36 methanemaker bash[4872]: zone bla.bla/IN: has no NS records > Nov 17 09:48:36 methanemaker bash[4872]: zone bla.bla/IN: not loaded > due to errors. > > If anyone has a better idea how to map to a dhcp addressed machine > from a zone I'd like to know? > > I don't want to recreate the entire superdomain for just one record > that needs changed > IE: > the super domain is managed by an outside service. I don't want to > keep a second copy inside that has a few with different records. > _______________________________________________ > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
