Enable Dynamic DNS when failing over to Backup



  • Hi all

    I am running my CARP setup on a dynamic IP environment (so I cannot use a WAN Virtual IP for failover). I have registered an URL which I keep up-to-date with pfsense's Dynamic DNS feature. What I am looking to do now is having the backup firewall register it's IP address as soon as it becomes the master firewall.

    Currently I have Dynamic DNS configured on both firewalls, but only enabled on my Master Firewall. My idea was to use the /etc/rc.carpmaster and /etc/rc.carpbackup scripts to enable/disable the Dynamic DNS client depending on which firewall is currently the Master.

    What are the commands necessary to enable/disable and force update?

    Thanks



  • I've just seen your post, if still interested try this:

    0) We are assuming that the first CARP VIP you have defined on both pfsense boxes is for the "master" (in normal condition) and the second VIP is for the "backup" (in normal condition). As a result, CARP interfaces are something like xxx_vip1 and xxx_vip2

    1) Setup 2 dyndns names, respectively the master and the backup FQDNs (be careful, the order matters) on both the "master" and the "backup" pfsense boxes

    E.g.:

    pfbox1.dyndns.org (master pfsense)
    pfbox2.dyndns.org (backup pfsense)

    2) Modify file rc.carpmaster adding the following at the end of it:

    /* Start DynDNS for CARP nodes */
    $config['dyndnses']['dyndns'][strval((int)(SUBSTR($argv[1],-1)-1))]['enable'] = true;
    write_config();
    shell_exec("/etc/rc.dyndns.update");
    

    3) Modify file rc.carpbackup adding the following at the end of it:

    /* Stop DynDNS for CARP nodes */
    $config['dyndnses']['dyndns'][strval((int)SUBSTR($argv[1],-1)-1))]['enable'] = false;
    write_config();
    shell_exec("/etc/rc.dyndns.update");
    

    Explanation:

    The above mentioned scripts trim the VIP interface name extracting its interface number (e.g. "xxx_vip1"->1), that becomes an index to access every pfsense's DynDNS table, enabling/disabling the service update for the given box, so there should be a 1:1 relationship between overall VIPs and DynDNSes sequence, being them defined in the same way on all the CARP boxes. Due to current code, this trick can support up to 9 pfsense systems, with related VIPs and DynDNSes (tested on nanobsd 2.1.5-release i386).