Dynamic Updates to Local DNS from DHCP clients


#1

I don’t know if I missed something in my configuration or something is not working as it’s suppose to, but local DNS resolution does not work as I thought it would or how it works on any of my other DD-WRT based routers.

In order for me to resolve any local devices via hostname, I have to add each device manually to “Local DNS Records” section under “Networking” which essentially means now each device has to have a DHCP reservation. I thought I would be able to ping/connect to any device listed under “Client List” under “Status” but this is not the case.

I really don’t want to have to add my 40+ devices as a static “Local DNS Records” entry and then having to create a DHCP reservations, which would mean I would have to do this every time a device connects to my network. I even tried adding a “Extended DHCP Option” of “15. DNS Domain Name” just in case it was a FQDN resolution issue but still no luck.

I really don’t want to have to use another router just for DHCP, I am trying to disable all “router” functionality on my other routers and just used them as AP’s or Bridges and have the SOHO as the “Master Router” on my network

Is anyone else having this issue or is there a specific configuration that needs to be set?


#2

Hi. I’m pretty sure that DD-WRT uses DNSMasq as its local DNS server normally (if it does then I also suspect that it uses DNSMasq for DHCP & TFTP too) and it is that service that intelligently adds DHCP leases to its local DNS database as you describe - its an advantageous side effect of using DNSMasq for all of these LAN side services.

Our products do not use DNSMasq - instead we have dedicated separate processes for DNS & DHCP services, and so for local DNS resolution of LAN devices, local DNS entries need to be added to the SOHO manually.

I do like the idea of dynamically adding DHCP leases to the local DNS though - it could be pretty useful on my home network here, although I question the security implications for business / corporate networks. I think if we did consider adding it as a feature in the future, we would want to make it optional to enable it to mitigate its misuse by locally connected nefarious users.

I’ll move this post to feature requests - lets see what the community thinks and what feed back we get.

Thanks, Martin


#3

Agree, this would be a welcomed addition!


#4

Thanks for the response Martin, Yes DD-WRT and other custom router firmware such as Tomato and OpenWRT all use DNSMasq for DHCP and DNS, I thought Peplink devices do as well, guess I was wrong, Most enterprise environments use the dynamic DNS updating from DHCP as well, and is on by default in Microsoft DHCP/DNS, Linux BIND and on IP Appliances such as InfoBlox. I welcome an update to the peplink’s firmware that either use DNSMasq or at least allow dynamic updates from DHCP to DNS.

Thanks again.


#5

Its definitely something we’ll take a closer look at.

Personally my only reservation is security related. You mention that in Microsoft networks there is auto DNS update however that’s only true if the DHCP client is an authenticated/approved member of the Active Directory domain and for good reason, since merry havoc could be caused by unauthenticated dynamic updates (for example a laptop running a web server with a computer name of www could perform man in the middle attacks on LAN clients trying to access the original www.mycompany.com server).

There are bound to be ways to mitigate this risk of course for critical deployments - hence the need for us to look at all the available options. I want the capability on my home network too though - so be assured I’ll be poking the dev team in the eye about this to see what we can come up with :wink:


#6

+1 for us. For SMBs not [strike]interested in self-flagellation[/strike] running AD, this would be a GREAT feature. This would allow us to stop using the Peplink WINS server, but keep internal name resolution functional.


#7

Any update on this? We’re moving to internal DNS resolvers, and having the ability for our peplink to send updates a-la BIND would be very helpful.


#8

As a clarification on this, if configured, Active Directory DNS can accept secure updates from any DHCP server that is capable of submitting them. For some of our clients, we run Active Directory at a main site, but have a number of small offices (1-4 machines) that don’t justify their own servers. We use Surf SOHO & Balance 20 clients at these locations connected back to the main office via PepVPN. The Surf SOHO/Balance 20 serves up local DHCP, and points the clients to use the main office DNS server, but having DHCP leases integrated back to Active Directory would be a huge benefit for us.