DHCP nsupdate via RFC 2136

Hi,

I used to use pfSense as my firewall but I migrated to OpenWrt on Ubiquiti Edgerouter X.
For the clients in my LAN I used to update the DNS records in my self hosted DNS server via NSUPDATE (RFC 2136).
Is there something similar in OpenWrt. Primarily I need this for IPv6, lPv4 is legacy protocol

Thank you

https://openwrt.org/packages/table/start?dataflt[Name_pkg-dependencies*~]=nsupdate

I came here to ask the same question as OP. Nsupdate is in the bind-client package, but can we configure odhcpd to use it when assigning addresses via DHCPv6, like we can with the ISC DHCP server?

unbound provides integration with odhcpd in the form of a glue script (option dhcp_link 'odhcpd') which reads/parses lan clients records from odhcpd lease file and generates simple PTR records, if that is what you are looking for.

1 Like

According to the unbound readme, it is designed to be used as a recursive resolver only. I use bind as an authoritative nameserver for my local domain and as forwarding nameserver for the LAN. Furthermore RPZ are used to resolve ULA addresses internally and the public addresses externally. Bind has the features I want and works fine on OpenWRT. Currently I am using bind and isc-dhcp-server-ipv6 from entware on my OpenWRT router, it's working fine but I would rather do it the OpenWRT way. Perhaps I should to write a script to monitor the odhcpd lease file and fire off the RFC2136 updates as needed.

Just be aware that the vanilla setup for odhcpd is to cater for DHCPv6 only, though being capable to handle DHCPv4 as well, and dnsmasq doing the DHCPv4 portion - that is if your instance features dual-stack.


Since you seem comfortable with bind there is probably no need then look into unbound (capabilities) any further.

2 Likes

@pmisch
Did you resolve this?
I'm too looking for a way to trigger RFC2136 dnsupdates to my auth DNS server from DHCP leases.

It might be possible by a script in /etc/hotplug.d/dhcp/.
I'm surprised that nobody seems to have already done this.

I'm sorry I did not. I'm also surprised why there is no solution for that because it's so convenient.