Document toolboxDocument toolbox

Enabling DDNS for IPv4 Clients

Owned by Sri Raghu
Last updated: Sept 06, 2024
6 min read

The DHCP server can send dynamic updates to an external primary server that you specify. For each IP space, you can specify the zone to be updated and the IP address of the primary server for that zone. You can add information for a forward and reverse zone. By default, the reverse zone is empty, which causes the server to ignore the reverse update portions of a request. The DHCP server updates the A record in the forward zone and the PTR record in the reverse zone. During lease reclamation, which is the process through which an expired lease becomes available for assignment to the same or a different client, any DNS entries associated with the expired lease are removed. You can also use keys to secure communications between the servers. Both the DHCP server sending the update and the DNS server receiving it must share the same secret key.

You can enable the DHCP server to send DDNS updates for IPv4 clients at the DHCP global and DHCP server levels. You can specify a different domain name that the application uses specifically for DDNS updates. It combines the NIOS-X Server name from the client and the domain name you specify to create the FQDN that it uses to update DNS. For IPv4 clients, you can specify the DDNS domain name at the DHCP global and server levels.

To enable DDNS, complete the following:

  1. From the Infoblox Portal, click Manage > IPAM/DHCP > Global DHCP Configuration.

  2. Use TSIG: Select this checkbox to use the standards-based TSIG key that uses the one-way hash function to secure transfers between name servers. For more information, see Configuring TSIG Keys.

  3. On the Global DHCP Configuration page, click DDNS and complete the following:

    • Enable DDNS Updates: Select this checkbox to enable DDNS updates. DDNS (Dynamic DNS) is a method to update DNS data (A, TXT, and PTR records) from sources such as DHCP servers and other systems that support DDNS updates.

    • Send DDNS Updates: Select this checkbox to send DDNS updates to external systems that support DDNS updates. 

    • Default DDNS Domain Name: Specify the domain name of the network that the application uses to update DNS. For IPv4 clients, you can specify this at the DHCP global and DHCP server levels.

    • GSS-TSIG: You can send a signed DDNS update to a DNS server by using GSS-TSIG; for details, see Configuring GSS-TSIG. Universal DDI can send GSS-TSIG–authenticated DDNS updates to Microsoft DNS servers. DDNS updates are used to dynamically update DNS data according to the following details of the DHCP client:

      • KDC IP Address: Specify the IP address of the Kerberos Key Distribution Center (KDC). The Kerberos Key Distribution Center (KDC) is a network service that supplies session tickets and temporary session keys to users and computers within an Active Directory domain. The KDC runs on each domain controller as part of Active Directory Domain Services.

      • GSS-TSIG Client Principal: Select the GSS-TSIG client principal from the drop-down.

      • KEYS: The available keys are shown with their version, encryption type, and the date of the last update. If you do not want to use a key, select it and click Remove Key. 

    • DDNS ZONES: Select the DDNS zones from the column selector. 

    • Add External Zone: Choose this option to add an external zone for sending DDNS requests from the DHCP server to an external server. For example, you can configure another DNS server like NIOS to perform the role of an external primary server. Configure the following options for the external zone:

      • Zone: Enter the FQDN of a valid forward-mapping or reverse-mapping zone to which the DHCP server sends the updates.  

      • DNS Server: Enter the IP address of the external primary server for that zone.

    • Add Internal Zone: Choose this option to add an internal zone for sending DDNS requests from DHCP Server to primary zones in Universal DDI. Consequently, the resource records are updated in the primary zones. Configure the following options and click Add to add an internal zone:

      • DNS View: Choose a DNS View from the column selector. For more information, see Configuring DNS Views.

      • DNS Zone: Choose a zone from the column selector. For more information, see Configuring DNS Zones. 

      • DDNS Zone: Select the DDNS zones from the column selector. 

    • Generate NIOS-X Server name if not sent by client: Select this checkbox to enable the DHCP server to generate a NIOS-X Server name and update DNS with this NIOS-X Server name, when the DHCP request of a client does not include a NIOS-X Server name.

    • Default DDNS Prefix:  Specify the default DDNS prefix. 

    • DDNS Update TTL: Specify the value in %. You can set the TTL used for A or AAAA and PTR records updated by the DHCP server. The default is shown as zero. If you do not enter a value here, the DHCP server by default sets the TTL to one-third of the DHCP lease time. For example, a lease time of 1800 seconds results in a TTL of 600 seconds, and a lease time of 86400 seconds results in a TTL of 28,800 seconds (8 hours). The minimum default value is 10 minutes (600 seconds).

    • Update DNS records on DHCP lease renewals: Select this checkbox to update the DNS records when the DHCP lease is renewed. The new IP address generated with the new lease gets updated in the DNS record. The DNS record is updated even if the DNS information for the lease (for example, the FQDN or the flag for updating the DNS direction) has not changed. The DHCP server self-heals if it was previously unable to add DNS entries or if the DNS server has lost them. This scenario is applicable only to lease renewals. The checkbox is not selected by default.

    • Use Conflict Resolution: Conflicts occur when more than one DHCP client attempts to associate with a single FQDN. Conflict resolution ensures that the DNS record's information associated with one DHCP client is not updated by other DHCP clients. For more information, see Conflict Resolution. Choose one of the following options depending on how stringently you want to configure record handling :

      • Update DNS if DHCID values match: This option is selected by default.

      • Update DNS if DHCID record exists (match not required)

      • Update DNS and add or update DHCID records

      • Update DNS without checking for or creating DHCID records

    • OPTION 12 HANDLING

      • Prefer Option 12 over Option 81: Select this checkbox if you want the DHCP server to choose option 12 (NIOS-X Server name) over option 81 (FQDN) for DDNS updates.The client FQDN in option 81 is sanitized to remove any invalid character before zone and qualifying suffix comparison. The sanitization is done using the regex configured in NIOS-X Server name-rewrite-regex for DDNS. In order to configure this, the NIOS-X Server name-rewrite-char needs to be set appropriately, most likely to empty to remove the invalid characters.

    • CLIENT FQDN HANDLING (OPTION 81)

      • DHCP server overrides client's preference to do update itself and DHCP server performs update: Choose this option to allow the DHCP server to perform an update even if the client's preference is to perform the update. 

      • DHCP server overrides client's preference not to perform updates: Choose this option to allow the DHCP server to override client's preference not to perform an update. 

      • Remove suffix: Choose this option to remove the suffix from the FQDN (option 81) in the incoming client request. The suffix is removed before checking if the suffix matches the default domain name or any domain names in the zone list. This occurs before Kea appends a qualifying suffix. 

    • NIOS-X Server name REWRITE POLICY

      • Enable NIOS-X Server name rewrite policy: Select this checkbox to use a NIOS-X Server name rewrite policy for DHCP leases and DDNS updates for IPv4 DHCP clients. 

      • Invalid Characters: Enter a list of invalid characters that must be replaced in the NIOS-X Server name when Enable NIOS-X Server name rewrite policy is selected. Ensure that you consider the following rules:

        • You can include only printable ASCII characters, including space.

        • Universal DDI includes period (.) as a valid character for label separators by default.

        • You can also use shortcuts for a series or range of characters. For example, when you enter a-d, the application includes the following: A, B, C, D, a, b, c, and d. When you enter 0-5, the application includes the following: 0, 1, 2, 3, 4, and 5. In a character range, ensure that the start character is less than the end character.

        • If you want to use dash (-) as a character, ensure that you put it in front of the valid character pattern. Otherwise, the application treats the string as a range of characters.

        • You can build a POSIX regular expression based on the string you enter here, but you cannot enter an empty string.

        • You cannot use the meta character (^) as a start or end character in a range. For example, a-^ is invalid. You also cannot use duplicate characters as character sets. For example, aa is invalid. Universal DDI supports POSIX regex bracket expressions. For more information, refer to http://pubs.opengroup.org/onlinepubs/9699919799/.  

      • Replace Invalid Characters with: Enter a character Universal DDI uses to replace invalid characters. Only enter one printable ASCII character. You can specify only a single replacement character or no character if the invalid characters should be removed without replacement. 

  4. Click Save & Close to save the details or click Cancel to exit.