IPsec on dynamic IP. PHP page that will update HOSTS for the unbound.



  • PHP page that will update HOSTS for the unbound.

    why?
    On a point to point IPSEC tunnel we need to have the IP from both ends.

    Most routers have an option do associate IP do an DNS address using an service like DynDNS, NoIp , etc.
    Same routers allow you to make a customize http call. Pfsense does it :)

    example: https://www.dtdns.com/api/autodns.cfm?id=xpto.flnet.org&pw=xptopass

    The problem is that every time the IP changes the IP takes a few minutes to be updated in the DNS servers. So until it checks correctly you cannot establish the IPSEC tunnel.

    My  question is, can we make a php page that can update the DNS a unbound Host?

    If so we would put the correct URL on the router to automatically update the host and the IPSEC tunnel would always established.



  • A good dynamic DNS provider will give you a TTL of no more than 30 seconds, and usually only 10 seconds or so, and updates are reflected immediately so the largest delay possible is the TTL. A public IP change is pretty disruptive already, so generally ~10 seconds pretty acceptable (where it isn't, you should be paying for something with a static IP). If it's the typical forced daily PPPoE reconnect, that can be scheduled at a time where disruption is minimized. Then using a better dynamic DNS provider would take care of the worst of the remainder.

    There isn't an easy way to update unbound like you're wanting. Its TTLs default to an hour, so doing that would actually make it worse.


Log in to reply