> On Mar 31, 2018, at 12:57 PM, Eric Luehrsen <ericluehr...@gmail.com> wrote:
> 
> It seems I have static-stub wrong for its purpose. dhcpd and bind do work 
> together. To accomplish this, the bind instance needs to be master for the 
> domain zone and ptr zone where DHCP records will be entered. This master zone 
> needs to permit remote updates, preferably with a secure key. dhcpd needs to 
> be configure to dynamically update DNS through binds remote


Rather than using a secure key, what about listening on localhost:xxxx and 
allowing updates only from there?  Bind has reasonable ACL capabilities…

Formatting below got a little buggered up.

What are we looking at?

Thanks,

-Philip



> control, again with the key if configured.
> 
> dhcpd reference conf to get started, incomplete
> ```||
> |ddns-update-style standard;|||
> |ddns-rev-domainname "in-addr.arpa.";|||
> ||
> |zone openwrt.lan. {|
> |||   # where to send updates for hostid.openwrt.lan|
> |   primary 127.0.0.1; };|
> ||
> |zone 1.168.192.in-addr.arpa. {|
> |   primary 127.0.0.1; }|;
> ||
> |```|
> ||
> bind reference conf to get started, incomplete
> https://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#dynamic_update_policies
> ```||
> |zone "|||openwrt.lan|" { |
> |  type master;|
> |  file "/var/lib/bind/||||db.openwrt.lan||"; |
> |  update-policy {
>     # you can restrict record types, rather than "any"
> ||    grant [key-name] zonesub any; |
> |  }; |
> |}; |
> ||
> |zone "1.168.192.in-addr.arpa" {|
> |  type master;|
> |  file "|||/var/lib/bind|/db.1.168.192.in-addr.arpa";|
> |  update-policy {|
> |    grant [key-name] zonesub any;|
> |  };|
> |};|
> ```
> 
> 
> Both could include a key file like
> ```||
> |key "key-name" { |
> |  algorithm [hash];
>   secret "passphrase"; };|
> ```


_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

Reply via email to