Document toolboxDocument toolbox

Configuring DHCP for DDNS

Owned by Aliaksei Shautsou (Deactivated)
Dec 19, 2017
11 min read

Before a DHCP server can update DNS, the DHCP server needs to have an FQDN-to-IP address mapping. When a DHCP IPv4 client requests an IP address, it typically includes its host name in option 12 of the DHCPDISCOVER packet, and an IPv6 client includes its hostname in the Request packet. You can configure the NIOS appliance to include a domain name in option 15 of the IPv4 DHCPOFFER packet or in the IPv6 Reply packet. You specify this domain name in the IPv4 DHCP Options -> Basic and IPv6 DHCP Options -> Basic tabs of the Grid DHCP Properties editor, Member DHCP Configuration editor, and the Network editor. For IPv4 clients you can also specify a domain name in the DHCP Range and Fixed Address editors.
Then, you can enable the DHCP server to send DDNS updates for IPv4 and IPv6 clients, as described in Enabling DDNS for IPv4 and IPv6 DHCP Clients. After you enable the DHCP server to send DDNS updates, you can do the following:

Note: Whether you deploy NIOS appliance in a Grid or independently, they send updates to UDP port 53. Grid members do not send updates through a VPN tunnel; however, Grid members do authenticate updates between each other using TSIG (transaction signatures) based on an internal TSIG key.

Enabling DDNS for IPv4 and IPv6 DHCP Clients

You can enable the DHCP server to send DDNS updates for IPv4 clients at the Grid, member, shared network, network, address range, DHCP template, fixed address, and roaming host levels, and for IPv6 clients at the Grid, member, network, shared network, network template and roaming host levels.
You can specify a different domain name that the appliance uses specifically for DDNS updates. The appliance combines the hostname from the client and the domain name you specify to create the FQDN that it uses to update DNS. For IPv4 clients, you can specify the DDNS domain name at the network, network template, range, and range template levels. For IPv6 clients, you can specify the DDNS domain name at the Grid, member, network, shared network, and network template levels. You can also use the name of a roaming host record as the name of the client for DDNS updates, as described in Setting Properties for Roaming Hosts.
To enable DDNS and specify a DDNS domain name:

  1. Grid: From the Data Management tab, select the DHCP tab, expand the Toolbar and click Grid DHCP Properties. 
    Member: From the Data Management tab, select the DHCP tab and click the Members tab -> Members -> member check box -> Edit icon.
    Network: From the Data Management tab, select the DHCP tab and click the Networks tab -> Networks -> network check box -> Edit icon.
    Network Container: From the Data Management tab, select the IPAM tab -> network_container check box, and then click the Edit icon. 
    Network Template: From the Data Management tab, select the DHCP tab and click the Templates tab -> DHCP_template check box -> Edit icon.
    Roaming Host: From the Data Management tab, select the DHCP tab and click the Networks tab -> Roaming Hosts -> roaming_host -> Edit icon.
    For IPv4 clients only:IPv4 Address Range: From the Data Management tab, select the DHCP tab and click the Networks tab -> Networks -> network -> addr_range check box -> Edit icon. 
    IPv4 Fixed Address: From the Data Management tab, select the DHCP tab and click the Networks tab -> Networks -> network -> ip_addr check box -> Edit icon.
    IPv4 Address Range/Fixed Address Template: From the Data Management tab, select the DHCP tab and click the Templates tab -> DHCP_template check box -> Edit icon.
    To override an inherited property, click Override next to it and complete the appropriate fields.
  2. In the IPv4 DDNS -> Basic tab or the IPv6 DDNS -> Basic tab, complete the following:
    • Enable DDNS Updates: Select this check box to enable DDNS updates. When setting properties for DHCP objects other than the Grid, you must click Override and select Enable DDNS updates for the DDNS settings to take effect.

Note: In a dual mode Grid, if IPv6 DDNS updates is enabled at the Grid level, then when you join an IPv6 Grid member to the Grid, IPv6 DDNS updates is automatically disabled for the Grid member.

    • DDNS domain name: Specify the domain name of the network that the appliance uses to update DNS. For IPv4 clients, you can specify this at the network, network template, range, and range template levels. For IPv6 clients, you can specify this at the Grid, member, network, shared network, and network template levels.
    • DDNS Update TTL: You can set the TTL used for A or AAAA and PTR records updated by the DHCP server. The default is shown as zero. If you do not enter a value here, the appliance by default sets the TTL to half of the DHCP lease time with a maximum of 3600 seconds. For example, a lease time of 1800 seconds results in a TTL of 900 seconds, and a lease time of 86400 seconds results in a TTL of 3600 seconds. For information about how to set the lease time, see Defining Lease Times.
    • DDNS Update Method: Select the method used by the DHCP server to send DDNS updates. You can select either Interim or Standard from the drop-down list. The default is Interim. When you select Interim, TXT record will be created for DDNS updates and when you select Standard, DHCID record will be created for DDNS updates. But in the IPv4 DDNS -> Advanced tab or the IPv6 DDNS -> Advanced tab, if you have selected No TXT Record mode for the DHCP server to use when handling DNS updates, then TXT record or DHCID record is not created for DDNS updates.
      If you change the DDNS update method from Interim to Standard or vice versa, then the DHCP server changes the DHCID type used from TXT record to DHCID record or vice versa as the leases are renewed.
      This is supported for clients that acquire both IPv4 and IPv6 leases. Infoblox recommends you to configure different DDNS update method for IPV4 leases and IPv6 leases, Interim for IPv4 lease and Standard for IPv6 lease.
    • Update DNS on DHCP Lease Renewal: Select this check box to enable the appliance to update DNS when a DHCP lease is renewed.

     3. Save the configuration and click Restart if it appears at the top of the screen.

Sending Updates to DNS Servers

The DHCP server can send DDNS updates to DNS servers in the same Grid and to external DNS servers. When you enable the appliance to send updates to Grid members, you must specify the DNS view to be updated. If a network view has multiple DNS views, you can select only one DNS view for DDNS updates. For information about DNS views, see About DNS Views.
When you enable DDNS updates for a Grid, member, shared network, network, address range, DHCP template, fixed address, or roaming host, the DHCP server sends updates to authoritative zones using the domain name (as DHCP option 15) you define in the DHCP properties. You can also define forward-mapping zones that receive DDNS updates for DHCP clients that use option 81 to define the domain name. For information, see About the Client FQDN Option. To allow DDNS updates for clients using option 81, you must first enable the support for option 81. For information, see Configuring DDNS Features.
 
For DNS zones that have multiple primary servers, you can define a primary name server to be used as the default primary server when performing DDNS updates from the appliance. Note that you cannot configure an external primary as the default primary. For more information, see Defining the Default Primary for DDNS Updates to Zones with Multiple Primaries.

Sending Updates to DNS Servers in the Grid

You must specify the DNS view to be updated for each network view.
To configure the DHCP server to send updates to DNS servers in the same Grid:

  1. If there are multiple network views in the Grid, select a network view.
  2. From the Data Management tab, select the DHCP tab, and then click Configure DDNS from the Toolbar.
  3. In the DDNS Properties editor, complete the following:
    • DNS View: If a network view has more than one DNS view, this field lists the associated DNS views. From the drop-down list, select the DNS view to which the DHCP server sends DDNS updates. Otherwise, the appliance uses the default DNS view.

      4. Save the configuration and click Restart if it appears at the top of the screen.

The appliance sends DDNS updates to the appropriate zones in the selected DNS view. Note that you cannot delete a DNS view that has been selected for DDNS updates. By default, the DHCP server sends DDNS updates to zones using the domain name that you define for DHCP objects, such as networks and DHCP ranges.

Sending Updates for Zones on an External Name Server

The DHCP server can send dynamic updates to an external name server that you specify. For each network view, you can specify the zone to be updated and the IP address of the primary name server for that zone. You can add information for a forward and reverse zone. The DHCP server updates the A record in the forward zone and the PTR record in the reverse zone.
You can also use TSIG (transaction signatures) or GSS-TSIG to secure communications between the servers. TSIG uses the MD5 (Message Digest 5) algorithm and a shared secret key to create an HMAC (hashed message authentication code)—sometimes called a digital fingerprint—of each update. Both the DHCP server sending the update and the DNS server receiving it must share the same secret key. Also, it is important that the time stamps on the TSIG-authenticated updates and update responses be synchronized, or the participants reject them. Therefore, use an NTP server to set the time on all systems involved in TSIG authentication operations.
Note that only a superuser can configure DDNS. To configure DDNS, a limited-access admin must contact a superuser.

To send updates to a DNS server that is external to your Grid:

  1. If there are multiple network views in the Grid, select a network view.
  2. From the Data Management tab, select the DHCP tab, expand the Toolbar and click Configure DDNS.
  3. In the DDNS Updates to External Zones section of the DDNS Properties editor, click the Add icon. Complete the following fields in the Add External DDNS Zone panel, and then click Add:
    • Zone Name: Enter the FQDN of a valid forward-mapping or reverse-mapping zone to which the DHCP server sends the updates. Do not enter the zone name in CIDR format. To specify a zone name in IDN, manually convert IDN to punycode and use the punycode representation.
    • DNS Server Address: Enter the IP address of the primary name server for that zone.
    • Security: Select one of the following security methods:
      • None: Select this to use unsecured DDNS updates. This is the default.
      • TSIG: Select this to use the standards-based TSIG key that uses the one-way hash function MD5 to secure transfers between name servers. You can either specify an existing key or generate a new key.
        To specify an existing key, complete the following:
        Key Name: Enter the TSIG key name. The key name entered here must match the TSIG key name on the external name server.
        Key Algorithm: Select either HMAC-MD5 or HMAC-SHA256.
        Key Data: To use an existing TSIG key, type or paste the key in the Key Data field. Alternatively, you can select the key algorithm, select the key length from the GenerateKeyData drop down list, and then click Generate Key Data to create a new key.

      • GSS-TSIG: For information about using GSS-TSIG, see About GSS-TSIG.

       4. Save the configuration and click Restart if it appears at the top of the screen.

Defining the Default Primary for DDNS Updates to Zones with Multiple Primaries

If you have configured multiple primary servers for an authoritative zone, you can define the default primary that the appliance uses to perform DDNS updates for the zone. Note that you can configure a Grid primary, but not an external primary, as the default primary. If you do not configure a default primary, the Grid Master becomes the default primary for the zones that it serves. Otherwise, the appliance selects a primary server that serves the zone as the default primary. For external zones that have multiple primaries, the first external primary server becomes the default primary.

Configuring a default primary for DDNS updates is useful when you have DHCP members that span across different locations. Performing DDNS updates becomes more efficient when you configure a default primary that is close in proximity to the DHCP member. For example, zone corpxyz.com has two primaries (usa.corpxyz.com and japan.corpxyz.com) serving two locations (USA and Japan). Service performance is faster when you select usa.corpxyz.com as the default primary for DDNS updates in the USA region and japan.corpxyz.com as the default primary for the Japan region.

When you configure a preferred or default primary server for DDNS updates to a zone that has multiple primaries, ensure that the following are in place:

  • The zone that you select contains multiple primary servers.
  • The primary server has DNS service enabled and is authoritative for the zone.
  • The appliance has DHCP service enabled.

Note: You can define the default primary for the Grid and override the setting at the member level, and you must restart service for the configuration to take effect. Primary selection is performed at service restart, not at runtime.


To define the default primary:

  1. Grid: From the Data Management tab, select the DHCP tab, expand the Toolbar and click Configure DDNS. In the DDNS Properties editor, scroll down to the Master Preferences for DDNS Updates to Multi-master DNS Zones section.
    Member: From the Data Management tab, select the DHCP tab and click the Members tab -> member check box -> Edit icon. In the Member DHCP Properties editor, select the DDNS tab.
  2. In the Master Preferences for DDNS Updates to Multi-master DNS Zones section, click the Add icon and select one of the following from the list:
    • Grid Zone: In the Add Grid Zone panel, complete the following:
      • Zone: Click Select Zone to select the zone that has multiple primaries. Note that when configuring for the Grid, only zones that belong to the selected DNS view are displayed in the Zone Selector dialog box. For a Grid member however, if it is associated with a network view or if you have defined a DNS view for DDNS updates for that network view, only zones that belong to the DNS view configured for the associated network view are displayed.
      • DNS View: Displays the DNS view to which this zone belongs.
      • DNS Primary: From the drop-down list, select the primary name server you want the appliance to use when performing DDNS updates. Note that the list displays only primary servers that are defined for the selected zone.
    • Default Primary: In the Add Default Primary panel, complete the following:
      • DNS Primary: Click Select to select a primary name server from the Member Selector dialog. When you select a default primary, the appliance uses this name server for DDNS updates to all zones.
  3. Click Add to add the zone and primary name server to the table, which displays the following information:
    • DNS View: The DNS view to which the zone belongs.
    • Zone: The selected zone that has multiple primaries.
    • DNS Primary: The primary server to be used when performing DDNS updates from a NIOS DHCP server to the selected zone.

    Note: All zones added to the table belong to the same DNS view.

  4. Concatenated with the following rules defined at the Grid level: This section appears only in the Member DHCP Properties editor. This table displays rules that are defined for zones with multiple primaries at the Grid level. Rules configured at the member level automatically override those configured for the Grid. Note that all rules configured for both the Grid and the member apply.