Azure Dynamic DNS setup help



  • Does anyone know how to setup Dynamic DNS with Azure? I setup everything as best as I could figure (without instructions) but my IP won't update and the logs have a 403 error:

    Dec 29 02:31:33 	php-fpm 	92151 	/services_dyndns_edit.php: Beginning configuration backup to .https://acb.netgate.com/save
    Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: End of configuration backup to https://acb.netgate.com/save (success).
    Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: Dynamic DNS: updatedns() starting
    Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: Dynamic DNS azure (example.org): NN.NN.NN.NN extracted from local system.
    Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: Dynamic DNS (example.org): running get_failover_interface for wan. found igb0
    Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: Dynamic DNS azure (example.org): _update() starting.
    Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: Dynamic DNS azure (example.org): _checkStatus() starting.
    Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: phpDynDNS (example.org): PAYLOAD: 403
    Dec 29 02:31:34 	php-fpm 	92151 	/services_dyndns_edit.php: phpDynDNS (example.org): (Unknown Response) 
    

    To set this up I:

    1. Created an "App registration" in Azure
    2. Under that app registration I created a "Client secret"
    3. Created a DNS Zone for the domain and pointed my name servers at the Azure name servers
    4. Created a Dyn DNS client in pfSense with:
      • Service Type = Azure DNS
      • Interface to monitor = WAN
      • Hostname = my domain, let's say example.org
      • Username = A GUID copied from "Application (client) ID" in the Azure app registration
      • Password = The client secret I created above
      • Zone ID = the resource id of the DNS Zone, looks like /subscriptions/<GUID>/resourceGroups/<resource group>/providers/Microsoft.Network/dnszones/example.org
      • TTL = 900

    What can I do differently to get this to work?



  • I was missing this step:

    1. Go to DNS Zone in Azure
    2. Click "Access Control (IAM)"
    3. Click "Add" button under "Add role assignment"
      • Role = DNS Zone Contributor
      • Assign access to = Azure AD user, group, or service principal
      • Select = <Application ID guid from App Registration>

    I'm not sure if this is correct, but it is working.



  • I spoke too soon: the record that got created is for example.com.example.com. I guess I should be specifying @ or nothing as the hostname so that the correct record gets set, but pfSense just tells me The hostname contains invalid characters. when I try those values.

    EDIT: I was able to workaround this by creating an A alias record in the Azure DNS Zone from @ to example.com. This is a dumb workaround though, I'd rather pfSense just updated the correct record in the first place.


Log in to reply