On 03/31/2018 06:03 PM, Philip Prindeville wrote:
On Mar 31, 2018, at 12:57 PM, Eric Luehrsen <ericluehr...@gmail.com> wrote:
It seems I have static-stub wrong for its purpose. dhcpd and bind do work
together. To accomplish this, the bind instance needs to be master for the
domain zone and ptr zone where DHCP records will be entered. This master zone
needs to permit remote updates, preferably with a secure key. dhcpd needs to be
configure to dynamically update DNS through binds remote
Rather than using a secure key, what about listening on localhost:xxxx and
allowing updates only from there? Bind has reasonable ACL capabilities…
Formatting below got a little buggered up.
What are we looking at?
Thanks,
-Philip
Local host ACL would work I think. The encryption key is just part of
the reference manual. And cleaning up the noise....
dhcpd incomplete reference conf to get started
```
ddns-update-style standard;
ddns-rev-domainname "in-addr.arpa.";
zone openwrt.lan. {
# where to send updates for hostid.openwrt.lan
primary 127.0.0.1; };
zone 1.168.192.in-addr.arpa. {
primary 127.0.0.1; };
```
bind incomplete reference conf to get started
https://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#dynamic_update_policies
```
zone "openwrt.lan" {
type master;
file "/var/lib/bind/db.openwrt.lan";
update-policy {
# you can restrict record types, rather than "any"
grant [key-name] zonesub any;
};
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/lib/bind/db.1.168.192.in-addr.arpa";
update-policy {
grant [key-name] zonesub any;
};
};
```
optional key file for both
```
key "key-name" {
algorithm [hash];
secret "passphrase"; };
```
_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
