DHCP not registering hostnames in DNS

hova

Motivation: I want to name my LAN devices centrally from pfSense, having the devices' MAC addresses mapped to useful names.

Situation:

• My LAN clients get the IP as expected from pfSense DHCP server's pool
• In the DHCP settings, I've a long list of MAC->Hostname mapping entered, so those DHCP client I wish get the correct IP
• When a client gets a random (i.e. I didn't have entered static IP mappings) IP, it won't get the corresponding hostname entered in the DHCP MAC->Hostname mapping
• Those 2 checkboxes in DNS settings (register DHCP leases/static mappings) are of course set

I've tried both DNS forwarder and resolver, just to be sure - both don't work.

The pfSense takes those names into the DNS, which the clients have internally set; e.g. if a camera is named from the factory like "Amcrest000AB", then the resulting FQDN usable in LAN is Amcrest000AB.domain.com, instead of "camera-door".

I've also tested with nslookup directly in the pfSense SSH terminal: the expected (DHCP configured mappings) are not known.

I'm searching/googling the whole day and find nothing - I guess I'm doing something wrong, but what :-o?

Thank you!

Gertjan

Hi,

You means these DHCP Static Mappings (bottom of the page ) :

I can ping "diskstation" from any device on my LAN.
I will resolve to "192.168.1.15" - my DNS ( Resolver mode ) is working.

johnpoz

Yeah this feature works without any issues..

What version of pfsense are you running? Is it current..
You sure your clients using pfsense for its dns?

$ dig @192.168.9.253 domotz-vm.local.lan

; <<>> DiG 9.12.3-P1 <<>> @192.168.9.253 domotz-vm.local.lan
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21791
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domotz-vm.local.lan.           IN      A

;; ANSWER SECTION:
domotz-vm.local.lan.    3600    IN      A       192.168.3.22

;; Query time: 0 msec
;; SERVER: 192.168.9.253#53(192.168.9.253)
;; WHEN: Mon Mar 18 05:16:02 Central Daylight Time 2019
;; MSG SIZE  rcvd: 64

Once you create a reservation for the lease - it will be loaded via the host_entries.conf file

Look in your unbound.conf

# Static host entries
include: /var/unbound/host_entries.conf

Then validate your lease is in the .conf file.

[2.4.4-RELEASE][admin@sg4860.local.lan]/var/unbound: cat host_entries.conf | grep domotz-vm
local-data-ptr: "192.168.3.22 domotz-vm.local.lan"
local-data: "domotz-vm.local.lan. A 192.168.3.22"

Your dhcp normal leases would be placed into the dhcpleases_entries.conf, and read into your unbound from that file..

hova

Thank you, but I'm still stuck. To recap:

• The DNS from DHCP works only when there is fixed IP mapped
• When there is only a MAC-to-HostName DHCP mapping, the "HostName" will not be mapped into the DNS.

My pfSense version:

A demo lease-reservation; notice please, that I don't want to put a fixed IP here:

This is then listed in the DHCP leases like this:

Notice please, that this record:

• is online
• was not used for assigning it a DNS name

Instead, there is another record listed in the leases:

Notice please, that it has the same MAC address, as the one which was not used.

In the host_entries.conf, there are only those names, which have static MAC-to-IP+Hostname DHCP mappings. Those host-names, which are getting a dynamic from-the-pool IP addresses, are not in this file - as in the above example, the "comp-mbp" is missing and will be replaced by the machine's internal (network settings under windows) host-name (see below).

In the dhcpleases_entries.conf, there are all dynamic MAC-to-Hostname mappings from the DHCP reservations, but this time, the "HostName" from the DHCP reservations is not used, rather, the host-name from those (dynamic, from the DHCP pool) machines' own internal host-name, like in the "MBP17" sample above.

I would love to be able to fix it, as I don't want to assign a static IP to all the known MAC addresses.

Grimson

@hova said in DHCP not registering hostnames in DNS:

Thank you, but I'm still stuck. To recap:

• The DNS from DHCP works only when there is fixed IP mapped
• When there is only a MAC-to-HostName DHCP mapping, the "HostName" will not be mapped into the DNS.

That is by design. The DNS entries for static mappings are static. That means they will be added to unbound host_entries.conf based on what you setup in the static mapping, they will not be touched when a lease is requested/updated/expired.

I would love to be able to fix it, as I don't want to assign a static IP to all the known MAC addresses.

There is nothing you can fix, you can add a feature request on redmine though: https://redmine.pfsense.org

hova

May be I'm wrong of course, but exactly this should be possible with this setting:

Reading Netgate's documentation:

I read it like this:

1. "Register DHCP leases" are static mappings in the context of "MAC->HostName"
2. "Register DHCP static mappings" are static mappings in the context of "MAC->StaticIP+HostName"

Otherwise, these settings would make no sense, would they. When the "static mapping" would mean "MAC->StaticIP is always needed", why would there be the "Register DHCP lease"?

Grimson

@hova said in DHCP not registering hostnames in DNS:

May be I'm wrong of course, but exactly this should be possible with this setting:

Read the actual description right there in the image.

Edit:
Also this:

This should only be enabled on networks where the client hostnames can be trusted or controlled.

should be a big hint that this option uses the hostname supplied by the client.

hova

Ok, so I try understand how you're explaining it: is this correct?

1. The "DHCP Registration" means: when there is a MAC->StaticIP, use the HostName from that DHCP mapping, when such MAC is requesting such static-mapped IP
2. The "Static DHCP" means: when there is a MAC->StaticIP mapping, use the HostName as defined in the requesting MAC

Is that correct? Thank you!

Gertjan

Welll ... I prefer this explanation :

If this option is set, then machines that specify their hostname when requesting an IPv4 DHCP lease will be registered in the DNS Resolver so that their name can be resolved. The domain in System > General Setup should also be set to the proper value.

DHCP Static Mappings :
If a device asks for an IP, an this device has a 'known' (listed) MAC, then give him 'his' IP from predetermined list.

johnpoz

Register leases is ANY lease.. You don't have to set a hostname, or you can set a hostname.. If you care about the hostname, why would you not just set the IP while your setting the reservation.

dhcp leases that are not reservations are normally for any client that connects, it will give you a name, etc..

So, just changed mine to register all dhcp leases - the check mark shown..

Got a dhcp address

$ ipconfig /all                                                             
                                                                            
Windows IP Configuration                                                    
                                                                            
   Host Name . . . . . . . . . . . . : i5-win                               
   Primary Dns Suffix  . . . . . . . : local.lan                            
   Node Type . . . . . . . . . . . . : Broadcast                            
   IP Routing Enabled. . . . . . . . : No                                   
   WINS Proxy Enabled. . . . . . . . : No                                   
   DNS Suffix Search List. . . . . . : local.lan                            
                                                                            
Ethernet adapter Ethernet:                                                  
                                                                            
   Connection-specific DNS Suffix  . : local.lan                            
   Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller   
   Physical Address. . . . . . . . . : 00-13-3B-2F-67-62                    
   DHCP Enabled. . . . . . . . . . . : Yes                                  
   Autoconfiguration Enabled . . . . : Yes                                  
   IPv4 Address. . . . . . . . . . . : 192.168.9.200(Preferred)             
   Subnet Mask . . . . . . . . . . . : 255.255.255.0                        
   Lease Obtained. . . . . . . . . . : Tuesday, March 19, 2019 4:56:30 AM   
   Lease Expires . . . . . . . . . . : Saturday, March 23, 2019 4:56:30 AM  
   Default Gateway . . . . . . . . . : 192.168.9.253                        
   DHCP Server . . . . . . . . . . . : 192.168.9.253                        
   DNS Servers . . . . . . . . . . . : 192.168.3.10                         
   NetBIOS over Tcpip. . . . . . . . : Enabled                              

It resolve per its name to that IP.

$ dig @192.168.9.253 i5-win.local.lan                                  
                                                                       
; <<>> DiG 9.12.3-P1 <<>> @192.168.9.253 i5-win.local.lan              
; (1 server found)                                                     
;; global options: +cmd                                                
;; Got answer:                                                         
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27799              
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
                                                                       
;; OPT PSEUDOSECTION:                                                  
; EDNS: version: 0, flags:; udp: 4096                                  
;; QUESTION SECTION:                                                   
;i5-win.local.lan.              IN      A                              
                                                                       
;; ANSWER SECTION:                                                     
i5-win.local.lan.       3600    IN      A       192.168.9.200          
                                                                       
;; Query time: 0 msec                                                  
;; SERVER: 192.168.9.253#53(192.168.9.253)                             
;; WHEN: Tue Mar 19 04:58:52 Central Daylight Time 2019                
;; MSG SIZE  rcvd: 61                                                  

And if I look in the file I said to look, there it is.. Along with all my other dhcp leases that have kicked in.

[2.4.4-RELEASE][admin@sg4860.local.lan]/root: cat /var/unbound/dhcpleases_entries.conf 

# dhcpleases automatically entered
local-data: "i5-win.local.lan IN A 192.168.9.200"
local-data-ptr: "192.168.9.200 i5-win.local.lan"
local-data: "2k12r2.local.lan IN A 192.168.2.220"
local-data-ptr: "192.168.2.220 2k12r2.local.lan"
local-data: "HS105.local.lan IN A 192.168.4.211"
local-data-ptr: "192.168.4.211 HS105.local.lan"
local-data: "amazon-80bd5abdf.local.lan IN A 192.168.4.220"
local-data-ptr: "192.168.4.220 amazon-80bd5abdf.local.lan"
local-data: "ESP_6B8B9E.local.lan IN A 192.168.4.203"
local-data-ptr: "192.168.4.203 ESP_6B8B9E.local.lan"
local-data: "ESP_DF841E.local.lan IN A 192.168.4.213"
local-data-ptr: "192.168.4.213 ESP_DF841E.local.lan"
local-data: "Johns-XR.local.lan IN A 192.168.7.109"
local-data-ptr: "192.168.7.109 Johns-XR.local.lan"
local-data: "DIRECTV-HS17R05-B448CC64.local.lan IN A 192.168.7.104"
local-data-ptr: "192.168.7.104 DIRECTV-HS17R05-B448CC64.local.lan"
local-data: "HarmonyHub.local.lan IN A 192.168.7.103"
local-data-ptr: "192.168.7.103 HarmonyHub.local.lan"
[2.4.4-RELEASE][admin@sg4860.local.lan]/root: 

So what exactly do you feel is not working?

Your setting a reservation with hostname and not calling out IP?

So I set reservation for mac and just put in hostname testname.. When My client gets an IP.. it registers its OWN name, the i5-win.. So testname is not there..

If you want to have say your box called testname, then just setup a reservation that calls out its name, and the IP... And then you will get what you want... So example here..

[2.4.4-RELEASE][admin@sg4860.local.lan]/root: cat /var/unbound/host_entries.conf | grep test
local-data-ptr: "192.168.9.42 testname.local.lan"
local-data: "testname.local.lan. A 192.168.9.42"

$ dig testname.local.lan

; <<>> DiG 9.12.3-P1 <<>> testname.local.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61076
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;testname.local.lan.            IN      A

;; ANSWER SECTION:
testname.local.lan.     3600    IN      A       192.168.9.42

;; Query time: 3 msec
;; SERVER: 192.168.3.10#53(192.168.3.10)
;; WHEN: Tue Mar 19 05:18:27 Central Daylight Time 2019
;; MSG SIZE  rcvd: 63

$ ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : i5-win
   Primary Dns Suffix  . . . . . . . : local.lan
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : local.lan

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : local.lan
   Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller
   Physical Address. . . . . . . . . : 00-13-3B-2F-67-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.9.42(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 19, 2019 5:19:31 AM
   Lease Expires . . . . . . . . . . : Saturday, March 23, 2019 5:19:31 AM
   Default Gateway . . . . . . . . . : 192.168.9.253
   DHCP Server . . . . . . . . . . . : 192.168.9.253
   DNS Servers . . . . . . . . . . . : 192.168.3.10
   NetBIOS over Tcpip. . . . . . . . : Enabled

hova

Ok, that makes sense to me, how you described it, i.e. I must set also the IP address, not only the MAC + host-name, in the DHCP reservation, so that host-name from the reservation will be used - otherwise, the DHCP-client's internal/random host-name will be used.

What I wanted: I don't care nor like to manage the IP addresses for a lot of known MAC-addresses on my LAN (like mobile phones for example), but I would like anyway to give them some nice host-names, centrally, like "phone-andy". I understand such clients like "these are not servers, don't bother with their current IP, but I can ping/reach them by a nice host-name"

Like it's designed, I have only these 2 options:

1. To have a nice host-name as "phone-andy" being registered, I must reserve a concrete IP for its MAC
2. Otherwise, the phone's internal host-name (like empty-string, or "Motorola3455.AA") will be taken, although the phone's MAC is known and has set a custom host-name in the DHCP reservation.

Is it like that? Thank you ;-)!

Gertjan

@hova said in DHCP not registering hostnames in DNS:

I must reserve a concrete IP for its MAC

When setting up a static DHCP, you will see :

To identify a device (host) you have to copy over the MAC.

hova

Yes, of course I must put inside that MAC ;-)! But I do not want to define also the IP address - I want it to be assigned randomly from the pool, what is also working fine, with the only problem, that such dynamically assigned DHCP-client will not be entered into the DNS with the host-name as entered in this reservation, but with the DHCP-client's own/internal host-name, which is entered into the device itself.

I'm not sure you understand my problem; everything is working fine, but the host-name from my DHCP-reservation is only then used, when I also define a static IP address in the DHCP-reservation, i.e. the MAC+host-name is not enough, I must enter also an IP, which I don't want in some cases (like mobile-phones in my LAN etc.)

Gertjan

I do understand ^^

I guess it boils down to : no IP means : the self defined host-name will not be taken in account.

If you want to supply a host name, then at least a client identifier (like a MAC) and an IPv4 must be present.

I consulted :
ISC dhcp man pages
The initial RFC 1531 and 7 RFC 2131

johnpoz

How can you create an dns record if there is NO IP? When the client gets an IP it will also give its own name..

For you to do what you want the dhcp server would have to ignore the supplied hosts name, and use the one in the lease. I do not think that is possible.

And to be honest do not understand the use case at all. If your going to take the time to give a device a name, why not just also give it and IP. This way you know for sure 2 things about the device - is NAME, and the IP..

Just makes no sense to me what your asking for - please give an example of how this use case makes any sense.

Lets say I have some device with some odd name like deviceABC472 or something.. And you want to call it deviceX.. Ok then create a static lease for its mac, with name deviceX, AND!!! IP address 1.2.3.4

Now you have dns record that points devicex.yourdomain.tld to 1.2.3.4, and can look up PTR for 1.2.3.4 that says deviceX.yourdomain.tld.. And even if dns fails you still will KNOW that your device is at 1.2.3.4

So you can easy create firewall rules on this IP... It takes all of .2 seconds when your creating the reservation to give it an IP as well at that time.. Now your done - it will have your name deviceX and an IP - and dns will reflect this.

hova

Yes, I understand it now, thank you. Anyway, I see technically no problem with taking the host-name from the reservation into the DNS: the client gets its IP from the pool, the server realizes it and inserts/replaces (whatever the timing is) the client's name with that one from the reservation.

Why this makes sense?

• Because you can look into your DHCP-leases and see hundreds of devices, once, and not twice (once comes the internal device's name, once that from the known MAC with the preset name, which is ignored without setting the IP manually)
• Because you can telnet/ping/whatever those machines by their names, ignoring the IPs: say in your Synology Surveillance Station, you can enter the camera's FQDN instead of the IP
• Because you don't have to "count +1" IP addresses manually: when a camera reboots, it doesn't matter it gets possibly another IP; it goes online in the surveillance SW thanks to its name
• Because when you decide to re-factore your LAN (say VLANs, subnets..), you don't have to go through all those devices once again and count again "+1" all these - just redesign the DHCP pool and good is.

Of course, I would not rely on this for stuff like pfSense itself, or NAS, or some VM boxes running as servers; but with the most devices I run (cameras, mobiles..) I would prefer to ignore their IP addresses - those seldom hassles not being able to reach them are much outweighed by not being forced to provide manually IP addresses.

I would not like to block unknown MAC at home - but also I like to see all those unknown devices, which are not pre-configured yet; so when somebody/something new enters my LAN, I can see it, visually, when I care.

I see no technical problem implement this - the server knows the MAC, it assigns the pre-defined host-name and ignores that in the device. And it enters this record into the DNS.

We are not talking about an enterprise security level, I'm talking about those zillions folks running pfSense also at their homes, having tons of devices, wanting having them simply handled/named. Some "opt-in" feature in the DNS resolver or DHCP for that matter.

It would help me, YMMV of course; but it was one of the most obvious things I've expected from pfSense when installed at home. In TomatoVPN/ddwrt, this is a no-brainer - it just works, without forcing me to enter the static IP addresses.

johnpoz

Again it works JUST fine - you can create reservation for mac and let it pull from the pool.. Just again seems to be stupid... You don't need to create reservation if all you want it to do is pull from the pool.

The only time this makes sense if your wanting to lock down your dhcp to not hand out IPs unless there is a reservation.

Where are you seeing hundreds of devices in the dhcp lease table? Maybe that is your problem your trying to solve with some nonsense?? If your device is pulling multiple leases then you have something wrong!! A device will either get a lease, renew the lease.. Why would it get multiple leases? Unless its mac changed or it changed to a different network?

Lets see these multiple leases for the same mac, etc. with different names on them..

You would have to look to the rfc and the actual details of the dhcpd on how you can tell it to ignore the name of the device when it hands out the lease, and use the name you put in the reservation for dns, etc.

Maybe the option

Ignore client identifiers
If a client includes a unique identifier in its DHCP request, that UID will not be recorded in its lease. This option may be useful when a client can dual boot using different client identifiers but the same hardware (MAC) address. Note that the resulting server behavior violates the official DHCP specification.

Will do what you want? But I am still not understand your use case for this feature.. If you have multiple lease by the same device with multiple names and IPs then you have something wrong.. The correct thing to do is not try and override the problem with some sort of odd setup... But to understand why the issue is happening in the first place and correct it.

hova

I think I still was not able to explain it - I try to name a device with a known MAC - without being forced to reserve a fix IP for it.

When I don't put an IP beside a MAC in the reservations, I see this MAC-item/row twice in the current DHCP leases/status: once as I've set it in the reservations and once as it got the IP with the device's internal host-name.

This is a very basic elementary use-case, which works even in products like ddwrt/Tomato etc. - you assign a host-name to a MAC-address, that's it.

.thank you for being patient with me ;-)!

Grimson

@hova said in DHCP not registering hostnames in DNS:

I think I still was not able to explain it - I try to name a device with a known MAC - without being forced to reserve a fix IP for it.

Which is rather pointless.

This is a very basic elementary use-case, which works even in products like ddwrt/Tomato etc. - you assign a host-name to a MAC-address, that's it.

Those two use dnsmasq for both DNS and DHCP, in that case dnsmasq is doing this internally.

In pfSense dhcp and dns are handled by individual daemons, so you would need an additional communication layer between them. This adds more complexity, may require upstream code changes and might introduce additional bugs.

Even the currently implemented option to register dynamic leases in the Resolver has the drawback that every time a lease is created/updated unbound has to restart, which empties the DNS cache and can in combination with pfBlockerNG and big DNSBL lists cause DNS outages for a few seconds.

IMO any further discussion of that topic here is rather pointless, you have the following options:

• Create a feature request on redmine. Then you'll see if, and with what priority, the developers are interested in such an option.
• Add IPs to your static leases and be done with it.
• Don't use pfSense for DNS and DHCP, instead use an additional host for that. Pi-Hole for example uses dnsmasq so check whether it can also be used as an DHCP server.
• Don't use pfSense at all and go back to dd-wrt or tomato.

johnpoz

You might be able to do this with this statement

The use-host-decl-names statement

use-host-decl-names flag;

If the use-host-decl-names parameter is true in a given scope, then for every host declaration within that scope, the name provided for the host declaration will be supplied to the client as its hostname. So, for example,

group {
use-host-decl-names on;

host joe {
hardware ethernet 08:00:2b:4c:29:32;
fixed-address joe.example.com;
}
}

is equivalent to

host joe {
hardware ethernet 08:00:2b:4c:29:32;
fixed-address joe.example.com;
option host-name "joe";
}

Additionally, enabling use-host-decl-names instructs the server to use the host declaration name in the the forward DNS name, if no other values are available. This value selection process is discussed in more detail under DNS updates.

An option host-name statement within a host declaration will override the use of the name in the host declaration.

It should be noted here that most DHCP clients completely ignore the host-name option sent by the DHCP server, and there is no way to configure them not to do this. So you generally have a choice of either not having any hostname to client IP address mapping that the client will recognize, or doing DNS updates. It is beyond the scope of this document to describe how to make this determination.

But this is not able to do currently without major hack to the dhcpd.conf file.. Its possible to do some custom options in this file... But pfsense creates the files from info in the xml, etc. So I its not just click click.

And I understand what your saying - I just don't get the actual use case... I just don't If your going to go to the trouble of creating a reservation.. Just freaking put in an IP and all of your problems go away!! you get exactly what your asking

deviceABC4762X will resolve via customname.yourdomain.xyz...

Its like your causing your own pain because for some odd reason you can not take .2 seconds to put in IP address 1.2.3.X when you create the reservation.