> On Mar 31, 2018, at 12:57 PM, Eric Luehrsen <ericluehr...@gmail.com> wrote:
>
> It seems I have static-stub wrong for its purpose. dhcpd and bind do work
> together. To accomplish this, the bind instance needs to be master for the
> domain zone and ptr zone where DHCP records will be entered. This master zone
> needs to permit remote updates, preferably with a secure key. dhcpd needs to
> be configure to dynamically update DNS through binds remote
Rather than using a secure key, what about listening on localhost:xxxx and
allowing updates only from there? Bind has reasonable ACL capabilities…
Formatting below got a little buggered up.
What are we looking at?
Thanks,
-Philip
> control, again with the key if configured.
>
> dhcpd reference conf to get started, incomplete
> ```||
> |ddns-update-style standard;|||
> |ddns-rev-domainname "in-addr.arpa.";|||
> ||
> |zone openwrt.lan. {|
> ||| # where to send updates for hostid.openwrt.lan|
> | primary 127.0.0.1; };|
> ||
> |zone 1.168.192.in-addr.arpa. {|
> | primary 127.0.0.1; }|;
> ||
> |```|
> ||
> bind reference conf to get started, incomplete
> https://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#dynamic_update_policies
> ```||
> |zone "|||openwrt.lan|" { |
> | type master;|
> | file "/var/lib/bind/||||db.openwrt.lan||"; |
> | update-policy {
> # you can restrict record types, rather than "any"
> || grant [key-name] zonesub any; |
> | }; |
> |}; |
> ||
> |zone "1.168.192.in-addr.arpa" {|
> | type master;|
> | file "|||/var/lib/bind|/db.1.168.192.in-addr.arpa";|
> | update-policy {|
> | grant [key-name] zonesub any;|
> | };|
> |};|
> ```
>
>
> Both could include a key file like
> ```||
> |key "key-name" { |
> | algorithm [hash];
> secret "passphrase"; };|
> ```
_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
