Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Option "Register connected OpenVPN clients in the DNS Resolver" does not create AAAA records

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 259 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bert64
      last edited by

      I have a number of OpenVPN clients connecting with dual stack addresses, and have the option "Register connected OpenVPN clients in the DNS Resolver" set however only A records are created and no AAAA records.

      $ host test-appliance-1.rt.ev6.net 2001:bd0:100:77::1
      Using domain server:
      Name: 2001:bd0:100:77::1
      Address: 2001:bd0:100:77::1#53
      Aliases:

      test-appliance-1.rt.ev6.net has address 127.1.0.3
      $ host -t AAAA test-appliance-1.rt.ev6.net 2001:bd0:100:77::1
      Using domain server:
      Name: 2001:bd0:100:77::1
      Address: 2001:bd0:100:77::1#53
      Aliases:

      test-appliance-1.rt.ev6.net has no AAAA record

      1 Reply Last reply Reply Quote 0
      • B
        bert64
        last edited by

        Upon further investigation, it seems openvpn calls /usr/local/sbin/openvpn.learn-address.sh specifying the domain, ip, fqdn and an "update" command....
        OpenVPN calls this script twice - once for legacy ipv4, and again immediately afterwards for ipv6.

        The problem seems to be that this script explicitly tries to create A records irrespective of the value provided for $IP, which when coupled with the ipv6 address are then rejected by the /usr/local/sbin/unbound-checkconf command.

        Forcing it to create AAAA records reverses the problem, it now only creates ipv6 records. Given more time i'l look at creating a patch that checks for and creates both.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.