vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rewrote Dynamic DNS documentation/examples to align with T5791

Browse Source 
(cherry picked from commit 5a6aa7506d74b40db52a2852629898457cb5753f)
This commit is contained in:
Ginko (Giggum) 2024-03-06 13:15:26 -05:00 committed by Mergify
parent 99821111f4
commit a2b0eec03a
1 changed files with 92 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
docs/configuration/service/dns.rst
View File

@ -143,33 +143,6 @@ avoid being tracked by the provider of your upstream DNS server.
168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream 168.192.in-addr.arpa, 16-31.172.in-addr.arpa, which enabling upstream
DNS server(s) to be used for reverse lookups of these zones. DNS server(s) to be used for reverse lookups of these zones.
.. cfgcmd:: set service dns forwarding serve-stale-extension <0-65535>
Maximum number of times an expired records TTL is extended by 30s when
serving stale. Extension only occurs if a record cannot be refreshed. A
value of 0 means the Serve Stale mechanism is not used. To allow records
becoming stale to be served for an hour, use a value of 120.
.. cfgcmd:: set service dns forwarding exclude-throttle-address <ip|prefix>
When an authoritative server does not answer a query or sends a reply the
recursor does not like, it is throttled. Any servers matching the supplied
netmasks will never be throttled.
.. cfgcmd:: set service dns forwarding options ecs-add-for <address>
The requestor netmask for which the requestor IP Address should be used as the
EDNS Client Subnet for outgoing queries.
.. cfgcmd:: set service dns forwarding options ecs-ipv4-bits <number>
Number of bits of client IPv4 address to pass when sending EDNS Client Subnet
address information.
.. cfgcmd:: set service dns forwarding options edns-subnet-allow-list <address|domain>
The netmask or domain that EDNS Client Subnet should be enabled for in outgoing queries.
Example Example
======= =======
@ -231,8 +204,8 @@ this only one purpose.
ddclient_ uses two methods to update a DNS record. The first one will send ddclient_ uses two methods to update a DNS record. The first one will send
updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second updates directly to the DNS daemon, in compliance with :rfc:`2136`. The second
one involves a third party service, like DynDNS.com or any other similar one involves a third party service, like DynDNS.com or any other such
website. This method uses HTTP requests to transmit the new IP address. You service provider. This method uses HTTP requests to transmit the new IP address. You
can configure both in VyOS. can configure both in VyOS.
.. _dns:dynmaic_config: .. _dns:dynmaic_config:
@ -243,46 +216,43 @@ Configuration
:rfc:`2136` Based :rfc:`2136` Based
----------------- -----------------
.. cfgcmd:: set service dns dynamic address <interface> rfc2136 <service-name> .. cfgcmd:: set service dns dynamic name <service-name> address interface <interface>
Create new :rfc:`2136` DNS update configuration which will update the IP Create new dynamic DNS update configuration which will update the IP
address assigned to `<interface>` on the service you configured under address assigned to `<interface>` on the service you configured under
`<service-name>`. `<service-name>`.
.. cfgcmd:: set service dns dynamic address <interface> rfc2136 <service-name> .. cfgcmd:: set service dns dynamic name <service-name> description <text>
key <keyfile>
File identified by `<keyfile>` containing the secret RNDC key shared with Set description `<text>` for dynamic DNS service being configured.
remote DNS server.
.. cfgcmd:: set service dns dynamic address <interface> rfc2136 <service-name> .. cfgcmd:: set service dns dynamic name <service-name> key <filename>
server <server>
File identified by `<filename>` containing the TSIG authentication key for RFC2136
nsupdate on remote DNS server.
.. cfgcmd:: set service dns dynamic name <service-name> server <server>
Configure the DNS `<server>` IP/FQDN used when updating this dynamic Configure the DNS `<server>` IP/FQDN used when updating this dynamic
assignment. assignment.
.. cfgcmd:: set service dns dynamic address <interface> rfc2136 <service-name> .. cfgcmd:: set service dns dynamic name <service-name> zone <zone>
zone <zone>
Configure DNS `<zone>` to be updated. Configure DNS `<zone>` to be updated.
.. cfgcmd:: set service dns dynamic address <interface> rfc2136 <service-name> .. cfgcmd:: set service dns dynamic name <service-name> host-name <record>
record <record>
Configure DNS `<record>` which should be updated. This can be set multiple Configure DNS `<record>` which should be updated. This can be set multiple times..
times.
.. cfgcmd:: set service dns dynamic address <interface> rfc2136 <service-name> .. cfgcmd:: set service dns dynamic name <service-name> ttl <ttl>
ttl <ttl>
Configure optional TTL value on the given resource record. This defaults to Configure optional TTL value on the given resource record. This defaults to
600 seconds. 600 seconds.
.. cfgcmd:: set service dns dynamic timeout <60-3600> .. cfgcmd:: set service dns dynamic interval <60-3600>
Specify timeout / update interval to check if IP address changed. Specify interval in seconds to wait between Dynamic DNS updates.
The default is 300 seconds.
This defaults to 300 seconds.
.. _dns:dynmaic_example: .. _dns:dynmaic_example:
@ -295,32 +265,48 @@ Example
.. code-block:: none .. code-block:: none
# Configuration commands entered:
#
set service dns dynamic name 'VyOS-DNS' address interface 'eth0'
set service dns dynamic name 'VyOS-DNS' description 'RFC 2136 dynamic dns service'
set service dns dynamic name 'VyOS-DNS' key '/config/auth/my.key'
set service dns dynamic name 'VyOS-DNS' server 'ns1.vyos.io'
set service dns dynamic name 'VyOS-DNS' zone 'vyos.io'
set service dns dynamic name 'VyOS-DNS' host-name 'example.vyos.io'
set service dns dynamic name 'VyOS-DNS' protocol 'nsupdate'
set service dns dynamic name 'VyOS-DNS' ttl '300'
# Resulting config:
#
vyos@vyos# show service dns dynamic vyos@vyos# show service dns dynamic
interface eth0.7 { name VyOS-DNS {
rfc2136 VyOS-DNS { address {
interface eth0
}
description "RFC 2136 dynamic dns service"
host-name example.vyos.io
key /config/auth/my.key key /config/auth/my.key
record example.vyos.io protocol nsupdate
server ns1.vyos.io server ns1.vyos.io
ttl 300 ttl 300
zone vyos.io zone vyos.io
} }
}
This will render the following ddclient_ configuration entry: This will render the following ddclient_ configuration entry:
.. code-block:: none .. code-block:: none
# ddclient configuration for interface "eth0":
# #
# ddclient configuration for interface "eth0.7":
#
use=if, if=eth0.7
# RFC2136 dynamic DNS configuration for example.vyos.io.vyos.io # Web service dynamic DNS configuration for VyOS-DNS: [nsupdate, example.vyos.io]
server=ns1.vyos.io use=if, \
protocol=nsupdate if=eth0, \
password=/config/auth/my.key protocol=nsupdate, \
ttl=300 server=ns1.vyos.io, \
zone=vyos.io zone=vyos.io, \
password='/config/auth/my.key', \
ttl=300 \
example.vyos.io example.vyos.io
.. note:: You can also keep different DNS zone updated. Just create a new .. note:: You can also keep different DNS zone updated. Just create a new
@ -335,40 +321,43 @@ VyOS is also able to use any service relying on protocols supported by ddclient.
To use such a service, one must define a login, password, one or multiple To use such a service, one must define a login, password, one or multiple
hostnames, protocol and server. hostnames, protocol and server.
.. cfgcmd:: set service dns dynamic address <interface> service <service> .. cfgcmd:: set service dns dynamic name <service-name> address interface <interface>
host-name <hostname>
Create new dynamic DNS update configuration which will update the IP
address assigned to `<interface>` on the service you configured under
`<service-name>`.
.. cfgcmd:: set service dns dynamic name <service-name> description <text>
Set description `<text>` for dynamic DNS service being configured.
.. cfgcmd:: set service dns dynamic name <service-name> host-name <hostname>
Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS
provider identified by `<service>` when the IP address on address provider identified by `<service-name>`.
`<interface>` changes.
.. cfgcmd:: set service dns dynamic address <interface> service <service> .. cfgcmd:: set service dns dynamic name <service-name> username <username>
username <username>
Configure `<username>` used when authenticating the update request for Configure `<username>` used when authenticating the update request for
DynDNS service identified by `<service>`. DynDNS service identified by `<service-name>`.
For Namecheap, set the <domain> you wish to update.
.. cfgcmd:: set service dns dynamic address <interface> service <service> .. cfgcmd:: set service dns dynamic name <service-name> password <password>
password <password>
Configure `<password>` used when authenticating the update request for Configure `<password>` used when authenticating the update request for
DynDNS service identified by `<service>`. DynDNS service identified by `<service-name>`.
.. cfgcmd:: set service dns dynamic address <interface> service <service> .. cfgcmd:: set service dns dynamic name <service-name> protocol <protocol>
protocol <protocol>
When a ``custom`` DynDNS provider is used the protocol used for communicating When a ``custom`` DynDNS provider is used, the protocol used for communicating
to the provider must be specified under `<protocol>`. See the embedded to the provider must be specified under `<protocol>`. See the embedded
completion helper for available protocols. completion helper when entering above command for available protocols.
.. cfgcmd:: set service dns dynamic address <interface> service <service> .. cfgcmd:: set service dns dynamic name <service-name> server <server>
server <server>
When a ``custom`` DynDNS provider is used the `<server>` where update When a ``custom`` DynDNS provider is used the `<server>` where update
requests are being sent to must be specified. requests are being sent to must be specified.
.. cfgcmd:: set service dns dynamic address <interface> ipv6-enable .. cfgcmd:: set service dns dynamic name <service-name> ip-version 'ipv6'
Allow explicit IPv6 address for the interface. Allow explicit IPv6 address for the interface.
@ -376,14 +365,17 @@ hostnames, protocol and server.
Example: Example:
^^^^^^^^ ^^^^^^^^
Use DynDNS as your preferred provider: Use deSEC (dedyn.io) as your preferred provider:
.. code-block:: none .. code-block:: none
set service dns dynamic address eth0 service dyndns set service dns dynamic name dedyn description 'deSEC dynamic dns service'
set service dns dynamic address eth0 service dyndns username my-login set service dns dynamic name dedyn username 'myusername'
set service dns dynamic address eth0 service dyndns password my-password set service dns dynamic name dedyn password 'mypassword'
set service dns dynamic address eth0 service dyndns host-name my-dyndns-hostname set service dns dynamic name dedyn host-name 'myhostname.dedyn.io'
set service dns dynamic name dedyn protocol 'dyndns2'
set service dns dynamic name dedyn server 'update.dedyn.io'
set service dns dynamic name dedyn address interface 'eth0'
.. note:: Multiple services can be used per interface. Just specify as many .. note:: Multiple services can be used per interface. Just specify as many
services per interface as you like! services per interface as you like!
@ -393,12 +385,14 @@ Example IPv6 only:
.. code-block:: none .. code-block:: none
set service dns dynamic address eth0 ipv6-enable set service dns dynamic name dedyn description 'deSEC ipv6 dynamic dns service'
set service dns dynamic address eth0 service dyndns6 username my-login set service dns dynamic name dedyn username 'myusername'
set service dns dynamic address eth0 service dyndns6 password my-password set service dns dynamic name dedyn password 'mypassword'
set service dns dynamic address eth0 service dyndns6 host-name my-dyndns-hostname set service dns dynamic name dedyn host-name 'myhostname.dedyn.io'
set service dns dynamic address eth0 service dyndns6 protocol dyndns2 set service dns dynamic name dedyn protocol 'dyndns2'
set service dns dynamic address eth0 service dyndns6 server dyndns-v6-server set service dns dynamic name dedyn ip-version 'ipv6'
set service dns dynamic name dedyn server 'update6.dedyn.io'
set service dns dynamic name dedyn address interface 'eth0'
Running Behind NAT Running Behind NAT
@ -408,21 +402,15 @@ By default, ddclient_ will update a dynamic dns record using the IP address
directly attached to the interface. If your VyOS instance is behind NAT, your directly attached to the interface. If your VyOS instance is behind NAT, your
record will be updated to point to your internal IP. record will be updated to point to your internal IP.
Above, command syntax isn noted to configure dynamic dns on a specific interface. ddclient_ has another way to determine the WAN IP address. This is controlled
It is possible to overlook the additional address option, web, when completeing by:
those commands. ddclient_ has another way to determine the WAN IP address, using
a web-based url to determine the external IP. Each of the commands above will
need to be modified to use 'web' as the 'interface' specified if this functionality
is to be utilized.
This functionality is controlled by adding the following configuration: .. cfgcmd:: set service dns dynamic name <service-name> address web <url>
.. cfgcmd:: set service dns dynamic address web web-options url <url>
Use configured `<url>` to determine your IP address. ddclient_ will load Use configured `<url>` to determine your IP address. ddclient_ will load
`<url>` and tries to extract your IP address from the response. `<url>` and tries to extract your IP address from the response.
.. cfgcmd:: set service dns dynamic address web web-options skip <pattern> .. cfgcmd:: set service dns dynamic name <service-name> address web skip <pattern>
ddclient_ will skip any address located before the string set in `<pattern>`. ddclient_ will skip any address located before the string set in `<pattern>`.