> On Mar 31, 2018, at 12:57 PM, Eric Luehrsen <ericluehr...@gmail.com> wrote: > > It seems I have static-stub wrong for its purpose. dhcpd and bind do work > together. To accomplish this, the bind instance needs to be master for the > domain zone and ptr zone where DHCP records will be entered. This master zone > needs to permit remote updates, preferably with a secure key. dhcpd needs to > be configure to dynamically update DNS through binds remote
Rather than using a secure key, what about listening on localhost:xxxx and allowing updates only from there? Bind has reasonable ACL capabilities… Formatting below got a little buggered up. What are we looking at? Thanks, -Philip > control, again with the key if configured. > > dhcpd reference conf to get started, incomplete > ```|| > |ddns-update-style standard;||| > |ddns-rev-domainname "in-addr.arpa.";||| > || > |zone openwrt.lan. {| > ||| # where to send updates for hostid.openwrt.lan| > | primary 127.0.0.1; };| > || > |zone 1.168.192.in-addr.arpa. {| > | primary 127.0.0.1; }|; > || > |```| > || > bind reference conf to get started, incomplete > https://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#dynamic_update_policies > ```|| > |zone "|||openwrt.lan|" { | > | type master;| > | file "/var/lib/bind/||||db.openwrt.lan||"; | > | update-policy { > # you can restrict record types, rather than "any" > || grant [key-name] zonesub any; | > | }; | > |}; | > || > |zone "1.168.192.in-addr.arpa" {| > | type master;| > | file "|||/var/lib/bind|/db.1.168.192.in-addr.arpa";| > | update-policy {| > | grant [key-name] zonesub any;| > | };| > |};| > ``` > > > Both could include a key file like > ```|| > |key "key-name" { | > | algorithm [hash]; > secret "passphrase"; };| > ``` _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev