Procedurally inserting dns entries
-
I've got a bunch of cloud based servers with IP addresses that change regularly. Currently my client machines manually invoke a script which will query the cloud API and add/update a hosts file entry. I'd like to just let pfsense's DNS handle this. Currently I'm using the DNS forwarder since I was getting random segfaults from unbound.
So my 2 main questions are:
-
What's the best way to go about getting my host mappings into the DNS forwarder
-
What's the best way to invalidate the DNS cache on the client when I update the mappings on the server
-
-
Why would you want to do this in pfsense host over rides.. Why wouldn't your cloud based servers not just update say a dyn dns entry.. Curious what your running where the IPs of cloud servers (vps?) would change anyway?
As to a clients local cache - this would be controlled with a short ttl entry no matter where its being looked up at.
-
Currently I'm using the DNS forwarder since I was getting random segfaults from unbound.
You logged this on Redmine as a bug and can reproduce it easily or at least describe what you think is possibly causing Unbound to segfault?Nevermind I see you commented on another thread.
-
Why would you want to do this in pfsense host over rides.. Why wouldn't your cloud based servers not just update say a dyn dns entry.. Curious what your running where the IPs of cloud servers (vps?) would change anyway?
As to a clients local cache - this would be controlled with a short ttl entry no matter where its being looked up at.
We use a battery of EC2-Classic instances that get turned off and on as needed. Anywhere between zero and dozens of them, with the capacity to create more on demand. EC2-Classic doesn't persist IP addresses when an instance is shut down, and I'd rather not carve off a block of elastic IPs for them. Moving over to VPCs would solve this but is a more involved process and I/we simply don't have time to make that transition right now. As such a quick-and-easy solution would be to take the script that's updating our clients and adapt it to inject the host mappings into our DNS server, in this case pfSense.
-
You can load a file into forwarder, this is how you add lots of hosts. So if you change this file and restart forwarder you should be good.
In the advanced section
addn-hosts=/etc/extrahosts
in that file example
192.168.1.14 test.local.lan
192.168.1.15 test2.local.lan
192.168.1.16 test.other.lanFairly sure the detail ttl for host over rides is only like a minute so you shouldn't have to worry about local cache.
-
You can load a file into forwarder, this is how you add lots of hosts. So if you change this file and restart forwarder you should be good.
In the advanced section
addn-hosts=/etc/extrahosts
in that file example
192.168.1.14 test.local.lan
192.168.1.15 test2.local.lan
192.168.1.16 test.other.lanFairly sure the detail ttl for host over rides is only like a minute so you shouldn't have to worry about local cache.
Awesome, sounds perfect.