DHCP static mapped hostname to DNS resolver, without specifying IP
-
So here's the scenario:
- Lots of internal devices on network that I don't have much control over. Let's use one particular IOT device for this example, which is a set of 6 Wemo switches
- I cannot control the hostname config or client identifier on these devices directly
- I don't really care what the device calls itself (so pushing a hostname over DHCP isn't really needed, but is fine)
- Each device pushes "wemo" as its hostname to DHCP
I'm hoping to setup DHCP static reservations for hostnames based on MAC, but I do not want to have to manually specify ip addresses (so let them assign from a pool).
If I set a static IP and hostname, the hostname appears to get pushed to the device (which is fine), and the name is registered in my local resolver DNS per the "Enable registration of DHCP client names in DNS" option. This does override any client supplied hostname.
But if I remove the static IP from the DHCP reservation (field says "If no IPv4 address is given, one will be dynamically allocated from the pool"), then it appears that the DHCP reservation has no meaning at this point. The hostname isn't pushed to the client (which I don't really care about), but more importantly there is no override of hostname for my DNS entry. The effect is that I have 6 Wemo devices all registered as "wemo" in DNS (I appear to get a random one when looking up "wemo"). And no device gets a DNS entry for the static hostname that I'm trying to assign to each MAC.
I think my issue is more DHCP server side than DNS, as best I can tell, a hostname entry in a static DHCP reservation with no IP given, has no meaning.
- I don't want to have to set a manual IP for each device. I could, but this just doesn't seem as clean as letting them grab an IP from the pool, but mapping a DNS entry to particular devices if I see them (based on their MAC address). Any way to do what I'm looking to do?
-
DNS provides an IP address only, not MAC. When a device queries a host name, it expects an IP address back and then uses that IP address to determine whether the destination is on the local network or not and then handles it appropriately. There is nothing that supports what you want of going directly to a MAC address.
-
DNS provides an IP address only, not MAC. When a device queries a host name, it expects an IP address back and then uses that IP address to determine whether the destination is on the local network or not and then handles it appropriately. There is nothing that supports what you want of going directly to a MAC address.
I'm not trying to go directly to MAC, but I want the DHCP server to take the MAC->IP static mapping and then push the entry to DNS. It does this just fine when I have a static IP in DHCP, but not when I want it to assign an address from the pool.
To be clear…
DOES work:
- client asks for DHCP address, pushes hostname
- DHCP server assigns address from pool, takes client hostname and pushes DNS entry for this that resolves in DNS resolver
DOES work:
- client asks for DHCP address, gets static IP and assigned hostname
- DHCP server assigns static IP from reservation, pushes static reservation hostname to DNS resolver
DOES NOT work:
- client asks for DHCP address
- DHCP server assigns address from pool
- DHCP server pushes static hostname configured in reservation (based on MAC), and pushes this hostname to DNS resolver
What doesn't appear to have any effect is configuring an IP-less static DHCP reservation with a hostname.
-
And let me get to where this is going, in case there's another way.
- What I'm really trying to do is to map known devices so they are easier to report in various pfsense areas.
- I'm also hoping to do this without having to manually assign IPs to every device. (Although if this ends up being the only way, so be it, but bleh.)
- I do not have control of what many of these devices self-report as a client identifier or hostname. (which may be nothing, or may repeat, as in the case of my wemos)
I'm open to other ways to do this. It seems to me that DNS is probably the most straightforward way to get this done, so that reverse lookups just work for anything trying to identify an IP.
-
I've been trying to set this up too.
Same situation: I have a tonne of devices which supply unfriendly hostnames when doing a DHCP request. However, I don't care what IP they get.
When I used to run an isc-dhcpd instance manually, I'd configure DHCPD to hand out an IP from the pool, but use a pre-set hostname for each device MAC.
I think this is actually a pfSense bug. It's a perfectly valid configuration for a DHCP server, and even (as the OP mentions), the text below the IP Address field on the Static DHCP Mapping config page describes the desired behaviour.
What actually happens is that the DHCP Leases page shows the static mappings as expected, without IP addresses. When the host collects an IP, it does not update the IP field against the mapping as expected. Instead, an additional row appears with an identical MAC but an empty hostname/description. I've attached a screenshot.
The static-defined hostname is not resolvable, but also, the device-supplied hostname is not displayed in the Leases list.
-
Hi
Same need and some behavior here :'( Anyone made any progress ? -
I have set up pfSense to use (relay to) my Linux isc-dhcpd server
Now i can do all the fancy stuff there.
/Bingo
-
This really seems like a bug. The interface suggests that you can just create a static lease without specifying an IP address, but you can specify a hostname to register it in DNS.
But currently, this seems ignored and a new entry is created without registering the hostname. -
@michaelarnauts It definitely looks like a bug to me -- pfSense doesn't behave how the UI suggests it will. I give this another go after each update, but the behaviour hasn't been fixed.
It's a shame because it's a real pain to manage static allocations just to get usable resolvable hostnames.
-
So after a brief excursion with using a Unifi USG, I'm back with pfSense.
...and it still doesn't look like there's been any change with this -- unless anyone knows otherwise?
However, after some digging, it seems to be the
dhcpleasesprocess which updates the unbound DNS server with hostnames from the lease file. This appears to periodically (or maybe in response to changes in the lease file) generate a config for unbound, then restart it.This feels like a bit of a bodge. An effective one, but a bodge nonetheless.
So, I disabled pfSense's DNS Resolver and installed the bind package.
I've configured ddns with bind before, so quickly got up and running with forward and reverse zones for my local LAN, then configured ddns between
dhcpdandbind.Everything's now working as expected. The DHCP Leases page is still a little odd for me (hoping that clears up as old leases expire and get renewed), but my LAN hosts can now resolve the names I set in the DHCP static definition, rather than the garbage provided by the device -- and the devices still get their IP dynamically, so no pointless static IP management just to get a readable dns entry!
-
So your using RFC 2136, with bind right? I do not believe unbound supports that method of update.. So yeah there are some differences and depending on what your wanting to do unbound is not the best choice.
If what your wanting to do isn't supported by unbound - then yeah I would concur setting up bind is good choice.. unbound not really meant as authoritative ns anyway. If what your wanting is authoritative name services on your local lan - bind is going to be the best choice again..
Also the dhcpd gui config in pfsense does not expose every possible config scenario either. So yeah when you want to do more fancy stuff with dhcpd - run it on another box is always great idea.
I think there is a bit of misconception in some of these services that pfsense provides that are really outside the scope of a firewall/router... While sure its nice to provide features like dhcp and name services - makes it really easy for small shops and less experienced admins... But in the big picture as the size of the network grows - such services are almost always hosted elsewhere in the network..
I do not believe the end goal of pfsense is to be the end all get all do it all box for all network services a network might need.. with every possible configuration of dhcpd or dns to be exposed via a simple gui.
And since the configurations are started in the xml, and specific things to provide good setups while its possible to adjust the scripts that setup the configs, etc. to do uncommon things - if what your wanting to do is outside the scope of the gui interface to these services provided by pfsense.. Yup run them full on some other box in your network..
If not too crazy of a thing - you could always put in a feature request or bounty to get some feature or configuration functionality exposed in the pfsense gui for for that service.
In unbound you can do good stuff in the custom options box - but depending on what your doing that could become cumbersome.
