3

TL;DR: How do I configure the Ubiquiti EdgeRouter, running DNSmasq or DHCPd, and NSupdate, to send its DHCP leases to a central BIND server?

I have a system comprised of a few Ubiquiti EdgeRouter X's all acting as DHCP and DNS servers for a local subnet. Inter-subnet routing between ERXs is handled by a core router. What I would like to do is configure the ERX gateways to update a master DNS server, running BIND, whenever they update their DHCP leases.

Referencing the diagram below: With each ERX serving DHCP and DNS for its local subnet, the clients can only resolve DNS names of other clients behind their local ERX. However, if each ERX sent its records to dns-master whenver a DHCP lease update occurred, and each client used dns-master as its DNS server, then any client could resolve the name of any other client. This is what I am trying to achieve.

        router-core 
       /      |     \
      /  dns-master  \
     /                \
 erx-1                erx-2
   |                    |
   |-- client-1a        |-- client-2a
   |-- client-1b        |-- client-2b

What I've done so far:

  • BIND is configured to accept updates via nsupdate and I confirmed that it works from my local workstation
  • I've installed dnsutils on the ERX's using Apt after activating the Debian repo
  • I've explored the dhcp-script option from the Dnsmasq config file (better description of that option in the man page), but I can't get my script to execute
    • Dnsmasq on the EdgeRouter seems to use both /etc/dnsmasq.conf and /etc/dnsmasq.d/dnsmasq-dhcp-config.conf, but adding the dhcp-script option to the former had no effect and adding it to the latter generated a config syntax error
    • I have tried both modifying the Dnsmasq config files directly and setting options in the ERX config under set service dhcp-server global-parameters and neither seemed to work (but I'm also not sure if I did them right)

[EDIT]: The Edgerouter also supports using Dhcpd as a DHCP server, so I'd accept an answer describing how to configure DHCPd on the ER to do this as well; I'm not married to using DNSmasq

enpaul
  • 202
  • 2
  • 13
  • How is your DNS domain set up? Which zones are being used on the different edge routers? I think there must be better designs than to create what you want to achieve. – Tommiie Nov 12 '18 at 14:56
  • The underlying network topology is something I can't change, and is out of scope of the question regardless. That said, I'd welcome any input on design changes for the DNS layer. I am implementing DNS on an existing network, so for the purposes of answering the question you can assume that DNS is configured in any way that works with the underlying network as described. – enpaul Nov 12 '18 at 15:12
  • I still want to know how your zones are setup as this has an impact on the solution, i.e. pushing your updates to a central DNS "master". – Tommiie Nov 12 '18 at 15:22
  • It's a local zone. DHCP leases served off of the `router-core` are given a DNS name in the root zone (`*.local`) while each ERX serves a subdomain (`*.sub.local`). The BIND server is configured to be authoritative for the entire (`*.local`) domain – enpaul Nov 12 '18 at 15:30
  • Then why not use a combination of forwarders and child zones on the root DNS server to make DNS work? Instead of sending updates between DNS servers? – Tommiie Nov 12 '18 at 15:31
  • I'll be honest, I hadn't considered that. I've been treating the DNSmasq server on the ERs as a blackbox, so my rationale was "get the leases into BIND so I can work with them there". This sounds like it may be more promising though. – enpaul Nov 12 '18 at 15:37
  • 1
    If you, based on this, come up with a good solution yourself, please share it here and mark it as such. In case you still experience issues, either update the question or ask additional questions. – Tommiie Nov 12 '18 at 15:45

1 Answers1

2

With a suggestion from @Tom I figured out a way to do this without using a BIND server.

The solution is to configure each ERX as the authoritative DNS server for its local subnet and create server delegations on the core router for each subdomain, then point all clients at the core router. The Edgerouter specific configuration directives are listed below, replacing sub1.local with the proper DNS subdomain, and 192.168.100.5 with the IP address of the ERX:

On the core-router (LAN IP 192.168.100.1):

set service dns forwarding listen-on eth1
set service dns forwarding name-server 8.8.8.8
set service dns forwarding name-server 8.8.4.4
set service dns forwarding options "server=/.sub1.local/192.168.100.5"

On each ERX (Example, WAN IP 192.168.100.5):

set service dns forwarding listen-on eth0
set service dhcp-server shared-network-name [server] subnet [subnet] domain-name sub1.local
set service dhcp-server shared-network-name [server] subnet [subnet] dns-server 192.168.100.1

When a client submits a DNS query to the router-core, then one of three things happens:

  • If the router-core can resolve it, then it does
  • If the request matches a subdomain, the request is forwarded to the ERX specified for the subdomain
  • If the request does not match then it is passed to the upstream DNS servers
enpaul
  • 202
  • 2
  • 13