• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Enable Dynamic DNS when failing over to Backup

Scheduled Pinned Locked Moved HA/CARP/VIPs
2 Posts 2 Posters 1.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • I
    itsme01
    last edited by Jan 7, 2014, 5:23 PM

    Hi all

    I am running my CARP setup on a dynamic IP environment (so I cannot use a WAN Virtual IP for failover). I have registered an URL which I keep up-to-date with pfsense's Dynamic DNS feature. What I am looking to do now is having the backup firewall register it's IP address as soon as it becomes the master firewall.

    Currently I have Dynamic DNS configured on both firewalls, but only enabled on my Master Firewall. My idea was to use the /etc/rc.carpmaster and /etc/rc.carpbackup scripts to enable/disable the Dynamic DNS client depending on which firewall is currently the Master.

    What are the commands necessary to enable/disable and force update?

    Thanks

    1 Reply Last reply Reply Quote 0
    • W
      webmst
      last edited by Oct 28, 2014, 12:44 AM

      I've just seen your post, if still interested try this:

      0) We are assuming that the first CARP VIP you have defined on both pfsense boxes is for the "master" (in normal condition) and the second VIP is for the "backup" (in normal condition). As a result, CARP interfaces are something like xxx_vip1 and xxx_vip2

      1) Setup 2 dyndns names, respectively the master and the backup FQDNs (be careful, the order matters) on both the "master" and the "backup" pfsense boxes

      E.g.:

      pfbox1.dyndns.org (master pfsense)
      pfbox2.dyndns.org (backup pfsense)

      2) Modify file rc.carpmaster adding the following at the end of it:

      /* Start DynDNS for CARP nodes */
$config['dyndnses']['dyndns'][strval((int)(SUBSTR($argv[1],-1)-1))]['enable'] = true;
write_config();
shell_exec("/etc/rc.dyndns.update");

      3) Modify file rc.carpbackup adding the following at the end of it:

      /* Stop DynDNS for CARP nodes */
$config['dyndnses']['dyndns'][strval((int)SUBSTR($argv[1],-1)-1))]['enable'] = false;
write_config();
shell_exec("/etc/rc.dyndns.update");

      Explanation:

      The above mentioned scripts trim the VIP interface name extracting its interface number (e.g. "xxx_vip1"->1), that becomes an index to access every pfsense's DynDNS table, enabling/disabling the service update for the given box, so there should be a 1:1 relationship between overall VIPs and DynDNSes sequence, being them defined in the same way on all the CARP boxes. Due to current code, this trick can support up to 9 pfsense systems, with related VIPs and DynDNSes (tested on nanobsd 2.1.5-release i386).

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received