DHCP DNS registration on FreeIPA
-
@kiokoman said in DHCP DNS registration on FreeIPA:
allow-update { key rndc-key; };
^
it's inside your zone definition int.example.com ? -
I have set dynamic updates on the FreeIPA GUI to "dynamic updates":
.So I don't know if I can change this anymore, should I put this line into the named.conf file?
looking into this info I think it's not possible anymore:
https://www.freeipa.org/page/Howto/ISC_DHCPd_and_Dynamic_DNS_updateTHX
-
that's why i generally don't like webgui for this stuff
ok ,so freeipa use Update Policies
https://bind9.readthedocs.io/en/v9_16_5/reference.html#dynamic-update-policiesyou need
grant "rndc-key" zonesub ANY;or something like that
-
@kiokoman
Should I insert it to the named.conf under include "/etc/rndc.key"; ? -
no, you can put it in the gui inside
BIND update policy
or it go insideupdate-policy { };inside named.conf
-
@kiokoman said in DHCP DNS registration on FreeIPA:
grant "rndc-key" zonesub ANY
IT WORKED! YOUR THE GREATEST!
Will add the details later on.
-
nice !
-
@kiokoman said in DHCP DNS registration on FreeIPA:
grant "rndc-key" zonesub ANY;
I just added the:
grant "rndc-key" zonesub ANY;In to the update policy in the GUI, and it works, I see that the A records are automatically updated.
In regards of the reverse records, I didn’t have the time to check, but now I believe that this can easily be resolved by repeating the procedure also for reverse records.Thanks again
-
yes, you just need to create the reverse zone
zone "1.168.192.IN-ADDR.ARPA" IN { type master; file "/etc/bind/internal/reverse-192.168.1"; allow-update { key rndc-key; }; };the same options are available under "dhcpv6 server & RA"
-
So, the reverse records have not been created as I suspected.
I have just added the same line to the reverse zone using the GUI to the bond update policy (same as done before with the forward zone):
grant "rndc-key" zonesub ANY;With the “; “ after the last command, and it’s also working, reverse records are also being automatically registered from Pfsense DHCP.
