[Samba] pfSense DHCP integration with Samba AD DDNS
Adam Weremczuk
adamw at matrixscience.com
Thu Jun 20 11:55:03 UTC 2019
Hi Rowland,
I don't want to to run an AD DC on firewall device, barely DHCP and
maybe DNS.
What you have pointed me to is similar to what I have in place:
https://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/
and which is working fine.
NOW I want to switch DHCP from isc-dhcp-server 4.2.2 on Debian to DHCP
on pfSense firewall (based on FreeBSD 11.2) which reports as below:
pkg info | grep dhcp
dhcp6-20080615.2 KAME DHCP6 client, server, and relay
dhcpleases-0.3_1 read dhpcd.lease file and add it to hosts
file
dhcpleases6-0.1_2 read dhpcd6.leases file and trigger
command on modification
isc-dhcp43-client-4.3.6P1 The ISC Dynamic Host Configuration
Protocol client
isc-dhcp43-relay-4.3.6P1_1 The ISC Dynamic Host Configuration
Protocol relay
isc-dhcp43-server-4.3.6P1_1 ISC Dynamic Host Configuration Protocol
server
I've set it up and everything is working fine apart from DDNS integration.
PfSense web GUI is limiting my config choices to the following:
Dynamic DNS
Enable: Check the box to enable registration of DHCP client names in DNS
using an external
(non-pfSense) DNS server.
DDNS Domain: The domain name used for registering clients in DNS
Primary DDNS Address: The DNS server used for registering clients in DNS
DNS Domain Key: The encryption key used for DNS registration
DNS Domain Key: Secret The secret for the key used for DNS registration
Does it mean it's not going to work as it doesn't involve Kerberos
authentication?
Personally I would be happy with dynamic DNS updates being controlled by
DHCP secured with a shared secret only.
Regards,
Adam
On 20/06/19 12:33, Rowland penny via samba wrote:
> You might want to read this:
>
> https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9
>
>
> Though why you want to run an AD DC on firewall device, beats me.
>
> Rowland
>
>
>
More information about the samba
mailing list