Reverse DNS (PTR records) and the pfSense DHCP server
-
Fellows,
I currently have a pfSense DHCP server setup to update forward DNS zones - but reverse DNS updates seem to elude me...
My question is as follows:
- Where in the DHCP settings to I specify a reverse zone to be updates (something alike "ddns-rev-domainname" for the ISC DHCP server) or -
- If this isn't handled by the DHCP server and is a function of DNS (BIND, in my environmnet) how do I configure the server to dynamically update these reverse records?
Please let me know what additional information I can provide - thanks!
-
@laserguidedcake Where do you get your IPs from, normally you configure it there I would guess, if we are talking about public IPs.
-
Hey @bob-dig,
This is all internal - addresses are distributed from the pfSense. I nmy environment I have 3 networks, with 3 scopes, updating 3 forward DNS zones, but ovibously, I se no way to update my reverse... -
@laserguidedcake I would guess this is a "bind" thing, and what do you mean by dynamically updating those records? But I am out, enough guessing.
-
hey again @bob-dig
In the DHCP settings, you can specify how a DHCP client can update a DNS server, here are the settings for that from my deployment - blanked out some info for privacy:
-
For anyone else who is watching - I did find this post that touches my topic in breif, but is more focused on interesting subnet sizes and the like:
https://forum.netgate.com/topic/157782/dhcp-server-and-ptr-creation
-
alright, so for those interested:
- it appears that pfSense uses the standard ISC DHCP server
- its config is stored in /var/dhcpd/etc/dhcpd.conf
- When making dhcp scopes, I can see there there are some reverse declarations at the bottom of the zone file. The standard
zone 12.10.10.in-addr.arpa. { primary 10.10.12.14; key "mykeyhere";kinda stuff.
4. In looking at the logs from the DNS server (BIND) I can see registrations of the forwards, but not fo the reverseses...
5. After setting up my own DHCP server and creating a config file, I noticed that I needed some config the get the reverse zones to register. Something kinda like this? (config I scavanged from other forums)ddns-update-style standard; ddns-rev-domainname "in-addr.arpa.";- I dont see any options is the pfSense gui that controls for either of these options, even though it creates the reverse registration...
At this point, I think this topic is closed, but anyone else feel free to comment regarding DHCP and reverse registration.
Thanks again all!
-
Sorry to dig up an old topic but this the same issue I'm having
I have a Bind DNS server (separate host to pfsense), pfsense is the DHCP server for my network, i have pfsense updating bind however no reverse entry is created, no attempt by pfsense to create a reverse entry is even made
Has anyone been able to get pfsense DHCP to update reverse DNS when issuing an IP to an internal network ?
-
I've set up my DHCP6 LAN servers to update the reverse on my BIND DNS server.
My BIND isn't somewhere local, but on the Internet, as my primary domain name server for all my domain names.
I'm not updating IPv4 stuff, as IMHO it doesn't make sense to make available to the public that the IPv4 of my (example) LAN based NAS has the IPv4 192.168.1.45 - neither the reverse.
If your bind is doing stuff for your LAN? then I can imagine that it does make sense.For IPv6 GUA's, it does make sense.
10-Nov-2023 12:21:29.441 update: client @0x7fd4dc004fa0 82.127.26.100#63539/key update: updating zone 'c.d.6.a.7.0.9.0.9.1.b.c.1.0.a.2.ip6.arpa/IN': deleting rrset at 'c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.d.6.a.7.0.9.0.9.1.b.c.1.0.a.2.ip6.arpa' PTR 10-Nov-2023 12:21:29.441 update: client @0x7fd4dc004fa0 82.127.26.100#63539/key update: updating zone 'c.d.6.a.7.0.9.0.9.1.b.c.1.0.a.2.ip6.arpa/IN': adding an RR at 'c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.d.6.a.7.0.9.0.9.1.b.c.1.0.a.2.ip6.arpa' PTR epackferpar22.bhf.tld. 10-Nov-2023 12:22:31.211 update-security: client @0x7fd4dc004fa0 82.127.26.108#63539/key update: signer "update" approvedAs I'm using KEA (for testing) right now, this updating stopped.
I don't care, as my IPv6 prefixes are static, so the GUA is static.The ISC DHCPv4 uses 'nsupdate' which is the same ting as this : Services > Dynamic DNSRFC 2136 Clients.
My pfSense acme package uses the exact same 'nsupdate' = RFC2136 to talk to the same BINS server so I can obtain a certificate for my locally used domain name.
About my NAS on my LAN :
On my PC : reverse lookup :C:\Users\Gauche>nslookup 192.168.1.33 Serveur : pfSense.bhf.tld Address: 2a01:cb19:ffff:a6dc:92ec:77ff:fe29:392c Nom : diskstation2.bhf.tld Address: 192.168.1.33This always worked out of the box.
And again : I'm using the rather limited 'kea' right now, not even isc dhcpd. No "bind", just unbound with default settings.
