Procedurally inserting dns entries



  • I've got a bunch of cloud based servers with IP addresses that change regularly.  Currently my client machines manually invoke a script which will query the cloud API and add/update a hosts file entry.  I'd like to just let pfsense's DNS handle this.  Currently I'm using the DNS forwarder since I was getting random segfaults from unbound.

    So my 2 main questions are:

    • What's the best way to go about getting my host mappings into the DNS forwarder

    • What's the best way to invalidate the DNS cache on the client when I update the mappings on the server


  • LAYER 8 Global Moderator

    Why would you want to do this in pfsense host over rides.. Why wouldn't your cloud based servers not just update say a dyn dns entry..  Curious what your running where the IPs of cloud servers (vps?) would change anyway?

    As to a clients local cache - this would be controlled with a short ttl entry no matter where its being looked up at.



  • @shreek:

    Currently I'm using the DNS forwarder since I was getting random segfaults from unbound.

    You logged this on Redmine as a bug and can reproduce it easily or at least describe what you think is possibly causing Unbound to segfault?

    Nevermind I see you commented on another thread.



  • @johnpoz:

    Why would you want to do this in pfsense host over rides.. Why wouldn't your cloud based servers not just update say a dyn dns entry..  Curious what your running where the IPs of cloud servers (vps?) would change anyway?

    As to a clients local cache - this would be controlled with a short ttl entry no matter where its being looked up at.

    We use a battery of EC2-Classic instances that get turned off and on as needed. Anywhere between zero and dozens of them, with the capacity to create more on demand.  EC2-Classic doesn't persist IP addresses when an instance is shut down, and I'd rather not carve off a block of elastic IPs for them.  Moving over to VPCs would solve this but is a more involved process and I/we simply don't have time to make that transition right now.  As such a quick-and-easy solution would be to take the script that's updating our clients and adapt it to inject the host mappings into our DNS server, in this case pfSense.


  • LAYER 8 Global Moderator

    You can load a file into forwarder, this is how you add lots of hosts.  So if you change this file and restart forwarder you should be good.

    In the advanced section

    addn-hosts=/etc/extrahosts

    in that file example
    192.168.1.14 test.local.lan
    192.168.1.15 test2.local.lan
    192.168.1.16 test.other.lan

    Fairly sure the detail ttl for host over rides is only like a minute so you shouldn't have to worry about local cache.



  • @johnpoz:

    You can load a file into forwarder, this is how you add lots of hosts.  So if you change this file and restart forwarder you should be good.

    In the advanced section

    addn-hosts=/etc/extrahosts

    in that file example
    192.168.1.14 test.local.lan
    192.168.1.15 test2.local.lan
    192.168.1.16 test.other.lan

    Fairly sure the detail ttl for host over rides is only like a minute so you shouldn't have to worry about local cache.

    Awesome, sounds perfect.


Log in to reply