Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Possible to define a local host override pointing to an externally hosted CNAME?

    Scheduled Pinned Locked Moved DHCP and DNS
    15 Posts 4 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      diegoqueiroz
      last edited by

      This really does not appear to be the same thing.

      Anyway, I have static members in my network.
      I can not assume my users will respect the policies of my DHCP, but I can force them to use my DNS.

      Diego Queiroz

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        huh?

        The guy wants his unifi aps to talk to the controller..  He can point them to his controllers IP with correct inform, or just handing out the controllers IP via dhcp for the unifi ap..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • D
          diegoqueiroz
          last edited by

          Oh, OK. I get it. I really was not reading the user problem, but only his request. My fault.

          The request is to add a CNAME to DNS Resolver (this is the title of this topic), and this is the problem that my answer intend to solve.

          Diego Queiroz

          1 Reply Last reply Reply Quote 0
          • luckman212L
            luckman212 LAYER 8
            last edited by

            Thank you for posting that.  I wound up going about it differently- I installed nsd and run it on port 10053 on localhost. Then created a stub-zone that serves my CNAME.  It's fragile (I doubt it will survive an upgrade) but it does work for me.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              still confused why you dont set the AP to use the correct fqdn in their inform, or just setup option 43 in your dhcp to hand the AP the IP for the controller directly?

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • D
                diegoqueiroz
                last edited by

                @johnpoz. You are just thinking on luckman212's problem itself and how you would solve it without the need of any DNS hack.

                But you must consider that allowing a domain name to be included in the DNS Resolver has thousand of uses.

                For example, my problem has nothing to with luckman212's problem. Some offices of my company use ISPs that provide a dynamic IP address, and each of these offices is set to update its IP address using some DDNS service (no-ip, dyndns, etc). I do not want to provide ugly unrelated names to my users like "xpto.no-ip.net", but "service.mycompany.com" instead. Since I do not have access to my company's name servers, a DNS override was my solution.

                Anyway, it is just a solution. It is up to the network admin to choose the one that best fits his needs.

                Diego Queiroz

                1 Reply Last reply Reply Quote 0
                • luckman212L
                  luckman212 LAYER 8
                  last edited by

                  @johnpoz:

                  still confused why you dont set the AP to use the correct fqdn in their inform, or just setup option 43 in your dhcp to hand the AP the IP for the controller directly?

                  The reasons are simple:

                  1. DHCP 43 is only looked up once (at boot time) - if the IP changes, the site goes "down" until someone manually power cycles the WAPs which is not always possible.  We use managed switches wherever we can but sometimes we are forced to use whatever was in place.  Also a scalability nightmare for making changes if you have to log on to many firewalls to update the IP.

                  2. Manually setting the inform URL on the AP – suffers the same problem as #1 if the IP changes.

                  In my testing, at least with the Unifi equipment, the only robust option is to have a local DNS server serve out the IP of the controller. This is really something Ubiquiti should enhance but for now it is what it is.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Curious why would your IP change in a DC??  At a loss to understand how that would happen on any sort of schedule.. I would think this would only change very rarely to be honest.

                    "The problem is we recently got assigned a new IP block by the ISP"

                    How often does that happen??  When it does your reboot the AP, you should be able to redo that remotely very simple since they are POE and you can just remove the POE power from them if done via a switch and not injector.  If not just have local on hands power cycle them..

                    As to your firewall changes - yeah that is something you would have to do..  But that could be setup to use a fqdn that refreshes depending on the firewall being used..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • luckman212L
                      luckman212 LAYER 8
                      last edited by

                      Thanks for your input & questions.  The unifi stuff will not accept an fqdn.  Only an IP (sucks) which is how this whole conversation started.

                      True our IPs in the DC don't usually change but we expanded to a new set of cabinets and at the same time there was a circuit change so yeah we got a new block.  Hopefully it will not happen again but you never know.  And updating stuff manually on 50-100 devices really puts a dent in your day.

                      1 Reply Last reply Reply Quote 0
                      • D
                        diegoqueiroz
                        last edited by

                        @johnpoz:

                        Curious why would your IP change in a DC??  At a loss to understand how that would happen on any sort of schedule.. I would think this would only change very rarely to be honest.

                        Believe, strange things just happen. Two offices with fixed IP address suddenly started to change its IP every week. The ISP was contacted and it is trying to solve the problem, but the problem is still happening, despite my fixed IP contract.

                        I don't know who to blame, but instead of blaming the poor service that is offered to me, I acted and now my company's infrastructure is mostly dynamic.
                        When they solve the problem, I'll have nothing to do and everything will just work. If the same problem happens again, nobody will notice.

                        Diego Queiroz

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.