'Register DHCP static mappings in DNS forwarder' somewhat lacking
-
At line 279 of snapshot 2.1-RC0 (amd64) built on Mon Jul 29 02:58:44 EDT 2013:
if ($host['ipaddr'] && $host['hostname']) $dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']}I submit for consideration a slightly improved attempt at performing this task with sanity, giving priority first to host defined domain names then dhcp pool domain names before falling back to the system domain name:
if ($host['ipaddr'] && $host['hostname'] && $host['domain']) $dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$host['domain']} {$host['hostname']}\n"; else if ($host['ipaddr'] && $host['hostname'] && $dhcpifconf['domain']) $dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$dhcpifconf['domain']} {$host['hostname']}\n"; else if ($host['ipaddr'] && $host['hostname']) $dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";A similar modification to the dhcpv6 routine directly below that one may also be beneficial.
The suggested code adds 2 things, which is why there are so many posts here, as people are discussing the "merits" of the 1st part of the "if" statement - that allows the requesting host to specify a domain name of its own choosing, not desirable.
The first "else if" does the agreed useful thing, sets the domain to match the one given by the DHCP pool.
The last "else if" is the existing behaviour.
Something like this should be reasonable:if ($host['ipaddr'] && $host['hostname'] && $dhcpifconf['domain']) $dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$dhcpifconf['domain']} {$host['hostname']}\n"; else if ($host['ipaddr'] && $host['hostname']) $dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n";(I haven't tried this at all for real, I haven't looked at the surrounding code, it does need to make sure it is using the the domain name from the matching interface, and potentially the matching DHCP pool, when the interface has multiple pools…)
Edit: see the razzfazz post below, and ignore this one, I should have looked at the code properly first! -
The suggested code adds 2 things, which is why there are so many posts here, as people are discussing the "merits" of the 1st part of the "if" statement - that allows the requesting host to specify a domain name of its own choosing, not desirable.
No, that's not what it does: The foreach loop that encloses the statement iterates over all static DHCP entries, and the $host variable in this particular statement is simply the configuration map for one of these entries. As such, $host['domain'] is not a domain name supplied by the client host, but rather the domain name configured for a particular static DHCP lease on the pfSense side of things. This seems perfectly fine. As a matter of fact, leaving the first part out would lead to inconsistent behavior again where the client may end up getting a different domain name in the DHCP response than what the server registers in DNS.
Perhaps it is clearer when looking at the entire surrounding block of code:
275: if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpd'])) { 276: foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) 277: if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable'])) 278: foreach ($dhcpifconf['staticmap'] as $host) 279: if ($host['ipaddr'] && $host['hostname']) 280: $dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n"; 281: } -
Yes, agree - I should have actually looked at the code first and not guessed :)
I see you have done the pull request for review - see what the devs think of this… -
Submitted a similar request last year. But it was rejected for being LAN interface specific and needed to be more "generic". Does yours addresses that issue?
DNS Forwarder DHCP Domain Name FIX - /etc/inc/system.inc
https://github.com/pfsense/pfsense/pull/185Then there is also possibly an issue with getting dhcpleases / dnsmasq a few lines further down to work with multiple domains. I was never able to get it too anyway.
Here is the code I currently patch with. It uses the DHCP interface configured domain name. But it will apply the first one to all I think.
--- /etc/inc/system.inc 2012-08-29 14:11:57.000000000 -0700 +++ /etc/inc/system.inc.DNSForwarderDHCPDomainName.FIX.Patched 2012-08-30 11:48:47.000000000 -0700 @@ -274,10 +274,16 @@ } if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpd'])) { foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) - if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable'])) + if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable'])) { + if ($config['dhcpd'][$dhcpif]['domain']) + $dyndhcpifdomainname = $config['dhcpd'][$dhcpif]['domain']; // Use Services DHCP Interface Domain Name + else + $dyndhcpifdomainname = $syscfg['domain']; // Use System General Domain Name + foreach ($dhcpifconf['staticmap'] as $host) if ($host['ipaddr'] && $host['hostname']) - $dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n"; + $dhosts .= "{$host['ipaddr']} {$host['hostname']}.{$dyndhcpifdomainname} {$host['hostname']}\n"; + } } if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpdv6'])) { foreach ($config['dhcpdv6'] as $dhcpif => $dhcpifconf) @@ -281,10 +287,16 @@ } if (isset($dnsmasqcfg['regdhcpstatic']) && is_array($config['dhcpdv6'])) { foreach ($config['dhcpdv6'] as $dhcpif => $dhcpifconf) - if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable'])) + if(is_array($dhcpifconf['staticmap']) && isset($dhcpifconf['enable'])) { + if ($config['dhcpdv6'][$dhcpif]['domain']) + $dyndhcpifdomainname = $config['dhcpdv6'][$dhcpif]['domain']; // Use Services DHCP Interface Domain Name + else + $dyndhcpifdomainname = $syscfg['domain']; // Use System General Domain Name + foreach ($dhcpifconf['staticmap'] as $host) if ($host['ipaddrv6'] && $host['hostname']) - $dhosts .= "{$host['ipaddrv6']} {$host['hostname']}.{$syscfg['domain']} {$host['hostname']}\n"; + $dhosts .= "{$host['ipaddrv6']} {$host['hostname']}.{$dyndhcpifdomainname} {$host['hostname']}\n"; + } } if (isset($dnsmasqcfg['dhcpfirst'])) @@ -327,8 +339,17 @@ @touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases"); if (isvalidpid("{$g['varrun_path']}/dhcpleases.pid")) sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "HUP"); - else - mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$config['system']['domain']} -p {$g['varrun_path']}/dnsmasq.pid -h {$g['varetc_path']}/hosts"); + else { +// foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) { + $dhcpif = 'lan'; + if ($config['dhcpd'][$dhcpif]['domain']) { + $dyndhcpifdomainname = $config['dhcpd'][$dhcpif]['domain']; // Use Services DHCP Interface Domain Name + } else { + $dyndhcpifdomainname = $config['system']['domain']; // Use System General Domain Name + } + mwexec("/usr/local/sbin/dhcpleases -l {$g['dhcpd_chroot_path']}/var/db/dhcpd.leases -d {$dyndhcpifdomainname} -p {$g['varrun_path']}/dnsmasq.pid -h {$g['varetc_path']}/hosts"); +// } + } } else { sigkillbypid("{$g['varrun_path']}/dhcpleases.pid", "TERM"); @unlink("{$g['varrun_path']}/dhcpleases.pid"); -
Submitted a similar request last year. But it was rejected for being LAN interface specific and needed to be more "generic". Does yours addresses that issue?
DNS Forwarder DHCP Domain Name FIX - /etc/inc/system.inc
https://github.com/pfsense/pfsense/pull/185Then there is also possibly an issue with getting dhcpleases / dnsmasq a few lines further down to work with multiple domains. I was never able to get it too anyway.
I think the complaint about being too LAN-specific is related to the dhcpleases part, which I assume makes this work for dynamic leases as well? The code suggested by TechSmurf does not have this issue because it only deals with static assignments.
-
FWIW, the proposed change has been merged into master and RELENG_2_1.
-
Hooray to no more patching ;)
-
Nice job :). This probably should be mentioned in the release notes for the final 2.1 that this is a behavior change. Just in case someone set the DHCP scope domain to something different than the firewall domain for whatever reason. It would be nice to let them know to check it in case they depend on internal DNS names registered by the DNS Forwarder for resolution. If they didn't set the DHCP scope domain at all then it will still work as it did before.
EDIT: rewrote this to make more sense.
-
adam, I stumbled acros this thread out of interet in doing so - that means that in the upcoming snapshots I should be able to do the following?
I'd not want to register in DNS <hostname>. <pfsensedomain.example.org>but wanted to register <hostname>.<network-vlanname>. <pfsense|anyotherdomain.example.org>What would be then be the correct thing to do? Set a domain in the DHCP server for that port dhcpd runs on and "just" tell the DNS server to register it?
(or is there any other black magic required)If so that would a great opportunity to re-jump on a new build :-)</pfsense|anyotherdomain.example.org></network-vlanname></hostname></pfsensedomain.example.org></hostname>
-
Yes, but note that this will only work for static leases at this point.
-
I'm afraid of new things :o