> On Jan 6, 2020, at 04:24, Anders Andersson <pipat...@gmail.com> wrote:
> Right now I'm considering something that monitors dhcpd.leases for
> changes and updates a running unbound using unbound-control(8) but I
> don't feel confident enough writing such a tool that does not miss a
> lot of corner cases and handle startup/shutdown gracefully. I'm also
> thinking that it can't be such an unusual use case, so someone surely
> must have written such a tool already. I just haven't found any in my
> search.
>
> Or am I doing this the wrong way? I've now read about things like mDNS
> and Zeroconf and Avahi and I'm just getting more and more confused.
> Ideas are welcome!
So, on my little home network, I do the following (well, it’s in progress, but
I used to do the same thing with Bind):
1) run unbound for name resolution for all devices (after the recent discussion
about turning your network inside out, I’m debating turning on PF to redirect
all DNS queries to my unbound server).
2) I run nsd to provide name services for my domains. So, I use
“int.domain.name” for all local addresses. I just point unbound at nsd
(running on a different port) for those domains.
3) I use static assignment of IPv4 address to *most* of my devices (this is the
part in progress). This is what everyone’s talking about using:
host alice {
hardware ethernet 00:19:b9:e0:2f:de;
fixed-address 192.168.0.68;
}
Of course, I could use dynamic DNS updates for all devices, but I find that as
the “owner” of basically everything, it’s easier to have fixed addresses
instead. The problem is for every device I need some sort of DB for every
device that includes the ETHERNET address as well as the IP address (because
devices get replaced, etc., but I want to keep the name and the IP, but change
the ethernet). From that, I can generate both the dhcpd.conf file *and* the
nsd PTR and A records. That’s the bit I’m working on now.
The upshot is that unbound redirects certain domains to nsd, NSD controls all
the domains (both my internal ones and some external ones) and DHCPD points all
the clients to unbound for name resolution.
I have a small range for non-known devices — I don’t mind friends coming over
and using my wireless. Soon I hope to put THOSE devices on another vlan and
give them rate-limited access. But I haven’t finished the whole “create
everything from one DB” yet, so. . . WIP.
Yes, I could just have unbound return addresses for the local network, but
what’s the fun in that? :-)
Sean
