Edgerouter DNSmasq send updates to BIND
TL;DR: How do I configure the Ubiquiti EdgeRouter, running DNSmasq or DHCPd, and NSupdate, to send its DHCP leases to a central BIND server?
I have a system comprised of a few Ubiquiti EdgeRouter X's all acting as DHCP and DNS servers for a local subnet. Inter-subnet routing between ERXs is handled by a core router. What I would like to do is configure the ERX gateways to update a master DNS server, running BIND, whenever they update their DHCP leases.
Referencing the diagram below: With each ERX serving DHCP and DNS for its local subnet, the clients can only resolve DNS names of other clients behind their local ERX. However, if each ERX sent its records to dns-master whenver a DHCP lease update occurred, and each client used dns-master as its DNS server, then any client could resolve the name of any other client. This is what I am trying to achieve.
router-core
/ | \
/ dns-master \
/ \
erx-1 erx-2
| |
|-- client-1a |-- client-2a
|-- client-1b |-- client-2b
What I've done so far:
- BIND is configured to accept updates via
nsupdateand I confirmed that it works from my local workstation - I've installed
dnsutilson the ERX's using Apt after activating the Debian repo - I've explored the
dhcp-scriptoption from the Dnsmasq config file (better description of that option in the man page), but I can't get my script to execute- Dnsmasq on the EdgeRouter seems to use both
/etc/dnsmasq.confand/etc/dnsmasq.d/dnsmasq-dhcp-config.conf, but adding thedhcp-scriptoption to the former had no effect and adding it to the latter generated a config syntax error - I have tried both modifying the Dnsmasq config files directly and setting options in the ERX config under
set service dhcp-server global-parametersand neither seemed to work (but I'm also not sure if I did them right)
- Dnsmasq on the EdgeRouter seems to use both
[EDIT]: The Edgerouter also supports using Dhcpd as a DHCP server, so I'd accept an answer describing how to configure DHCPd on the ER to do this as well; I'm not married to using DNSmasq
По предложению @Tom я нашел способ сделать это без использования сервера BIND.
Решение состоит в том, чтобы настроить каждый ERX как полномочный DNS-сервер для своей локальной подсети и создать делегирование серверов на основном маршрутизаторе для каждого поддомена, затем направить всех клиентов на основной маршрутизатор. Директивы конфигурации, специфичные для Edgerouter, перечислены ниже, в которых sub1.local заменяется на соответствующий поддомен DNS, а 192.168.100.5 - на IP-адрес ERX:
На ] core-router (LAN IP 192.168.100.1 ):
set service dns forwarding listen-on eth1 set service dns forwarding name-server 8.8.8.8 set service dns forwarding name-server 8.8.4.4 set service dns forwarding options "server=/.sub1.local/192.168.100.5"
На каждом ERX (например, WAN IP 192.168.100.5 ):
set service dns forwarding listen-on eth0 set service dhcp-server shared-network-name [server] subnet [subnet] domain-name sub1.local set service dhcp-server shared-network-name [server] subnet [subnet] dns-server 192.168.100.1
Когда клиент отправляет DNS-запрос к ядру маршрутизатора , тогда происходит одно из трех:
- Если
ядро маршрутизатораможет разрешить его, то оно выполняет - Если запрос соответствует субдомен, запрос перенаправляется на ERX, указанный для субдомена
- . Если запрос не соответствует, он передается на вышестоящие DNS-серверы