Azure Dynamic DNS setup help
-
Does anyone know how to setup Dynamic DNS with Azure? I setup everything as best as I could figure (without instructions) but my IP won't update and the logs have a 403 error:
Dec 29 02:31:33 php-fpm 92151 /services_dyndns_edit.php: Beginning configuration backup to .https://acb.netgate.com/save Dec 29 02:31:34 php-fpm 92151 /services_dyndns_edit.php: End of configuration backup to https://acb.netgate.com/save (success). Dec 29 02:31:34 php-fpm 92151 /services_dyndns_edit.php: Dynamic DNS: updatedns() starting Dec 29 02:31:34 php-fpm 92151 /services_dyndns_edit.php: Dynamic DNS azure (example.org): NN.NN.NN.NN extracted from local system. Dec 29 02:31:34 php-fpm 92151 /services_dyndns_edit.php: Dynamic DNS (example.org): running get_failover_interface for wan. found igb0 Dec 29 02:31:34 php-fpm 92151 /services_dyndns_edit.php: Dynamic DNS azure (example.org): _update() starting. Dec 29 02:31:34 php-fpm 92151 /services_dyndns_edit.php: Dynamic DNS azure (example.org): _checkStatus() starting. Dec 29 02:31:34 php-fpm 92151 /services_dyndns_edit.php: phpDynDNS (example.org): PAYLOAD: 403 Dec 29 02:31:34 php-fpm 92151 /services_dyndns_edit.php: phpDynDNS (example.org): (Unknown Response)
To set this up I:
- Created an "App registration" in Azure
- Under that app registration I created a "Client secret"
- Created a DNS Zone for the domain and pointed my name servers at the Azure name servers
- Created a Dyn DNS client in pfSense with:
- Service Type = Azure DNS
- Interface to monitor = WAN
- Hostname = my domain, let's say example.org
- Username = A GUID copied from "Application (client) ID" in the Azure app registration
- Password = The client secret I created above
- Zone ID = the resource id of the DNS Zone, looks like
/subscriptions/<GUID>/resourceGroups/<resource group>/providers/Microsoft.Network/dnszones/example.org
- TTL = 900
What can I do differently to get this to work?
-
I was missing this step:
- Go to DNS Zone in Azure
- Click "Access Control (IAM)"
- Click "Add" button under "Add role assignment"
- Role = DNS Zone Contributor
- Assign access to = Azure AD user, group, or service principal
- Select = <Application ID guid from App Registration>
I'm not sure if this is correct, but it is working.
-
I spoke too soon: the record that got created is for
example.com.example.com
. I guess I should be specifying@
or nothing as the hostname so that the correct record gets set, but pfSense just tells meThe hostname contains invalid characters.
when I try those values.EDIT: I was able to workaround this by creating an A alias record in the Azure DNS Zone from
@
toexample.com
. This is a dumb workaround though, I'd rather pfSense just updated the correct record in the first place.