Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Azure Dynamic DNS setup help

    DHCP and DNS
    1
    3
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      altano
      last edited by

      Does anyone know how to setup Dynamic DNS with Azure? I setup everything as best as I could figure (without instructions) but my IP won't update and the logs have a 403 error:

      Dec 29 02:31:33 	php-fpm 	92151 	/services_dyndns_edit.php: Beginning configuration backup to .https://acb.netgate.com/save
Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: End of configuration backup to https://acb.netgate.com/save (success).
Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: Dynamic DNS: updatedns() starting
Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: Dynamic DNS azure (example.org): NN.NN.NN.NN extracted from local system.
Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: Dynamic DNS (example.org): running get_failover_interface for wan. found igb0
Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: Dynamic DNS azure (example.org): _update() starting.
Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: Dynamic DNS azure (example.org): _checkStatus() starting.
Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: phpDynDNS (example.org): PAYLOAD: 403
Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: phpDynDNS (example.org): (Unknown Response)

      To set this up I:

      1. Created an "App registration" in Azure
      2. Under that app registration I created a "Client secret"
      3. Created a DNS Zone for the domain and pointed my name servers at the Azure name servers
      4. Created a Dyn DNS client in pfSense with:
        • Service Type = Azure DNS
        • Interface to monitor = WAN
        • Hostname = my domain, let's say example.org
        • Username = A GUID copied from "Application (client) ID" in the Azure app registration
        • Password = The client secret I created above
        • Zone ID = the resource id of the DNS Zone, looks like /subscriptions/<GUID>/resourceGroups/<resource group>/providers/Microsoft.Network/dnszones/example.org
        • TTL = 900

      What can I do differently to get this to work?

      1 Reply Last reply Reply Quote 1
      • A
        altano
        last edited by

        I was missing this step:

        1. Go to DNS Zone in Azure
        2. Click "Access Control (IAM)"
        3. Click "Add" button under "Add role assignment"
          • Role = DNS Zone Contributor
          • Assign access to = Azure AD user, group, or service principal
          • Select = <Application ID guid from App Registration>

        I'm not sure if this is correct, but it is working.

        1 Reply Last reply Reply Quote 1
        • A
          altano
          last edited by altano

          I spoke too soon: the record that got created is for example.com.example.com. I guess I should be specifying @ or nothing as the hostname so that the correct record gets set, but pfSense just tells me The hostname contains invalid characters. when I try those values.

          EDIT: I was able to workaround this by creating an A alias record in the Azure DNS Zone from @ to example.com. This is a dumb workaround though, I'd rather pfSense just updated the correct record in the first place.

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.