pfSense

Alfred Barnat wrote:

This should have been:
zone 208-209.24.172.in-addr.arpa {
primary 127.0.0.1;
}

While the suggested code fix does in fact generate the more correct classless zone name, it appears the issue might be more complex. This article sheds more light on the situation, which is that the observed behavior of not updating the reverse zone properly is in fact a limitation of dhcpd.

https://serverfault.com/questions/806875/how-to-tell-isc-dhcp-correct-zone-for-reverse-zone-ddns-update

note:

DHCP does NOT support updating of arbitrary zones, it takes the ip address, reverses the octets, and appends the reverse domain name (deafult in-addr.arpa). [sic]

For non "classful" boundaries (anything not /8, /16, /24, or /32), pfSense would still need to generate a zone that allows dhcpd to update it pursuant to the dhcpd limitations above, so it seems that it cannot contain a slash, hyphen, or non-IP-legal octet integer.

I think the easier way for the developers to help us work around this issue is by adding a general config option block in which one can type configuration that will go directly into dhcpd.conf. This way, a user can specify his or her own reverse zone files, or, as the article suggests, specify an alternate ddns-rev-domainname; this would allow one to use the CNAME delegation back to the in-addr.arpa zone.

I hope this helps; I really hope we can get a general config option block to add to dhcpd.conf. :)

Yousif Hassan wrote:

While the suggested code fix does in fact generate the more correct classless zone name, it appears the issue might be more complex. This article sheds more light on the situation, which is that the observed behavior of not updating the reverse zone properly is in fact a limitation of dhcpd.

https://serverfault.com/questions/806875/how-to-tell-isc-dhcp-correct-zone-for-reverse-zone-ddns-update

note:
[...]

For non "classful" boundaries (anything not /8, /16, /24, or /32), pfSense would still need to generate a zone that allows dhcpd to update it pursuant to the dhcpd limitations above, so it seems that it cannot contain a slash, hyphen, or non-IP-legal octet integer.

I think the easier way for the developers to help us work around this issue is by adding a general config option block in which one can type configuration that will go directly into dhcpd.conf. This way, a user can specify his or her own reverse zone files, or, as the article suggests, specify an alternate ddns-rev-domainname; this would allow one to use the CNAME delegation back to the in-addr.arpa zone.

I hope this helps; I really hope we can get a general config option block to add to dhcpd.conf. :)

Saw that this was updated a few months ago - is pfsense going to get a workaround for this? It's still generating incompatible reverse zone names in /var/dhcpd/etc/dhcpd.conf for anything not in traditional class boundaries. While the notation used by pfsense is technically correct, dhcpd does not support it for reverse zone dynamic updates. Specifying one's own "additional" reverse zone files in the GUI would be a simple workaround. Thanks.

Fix:
https://github.com/pfsense/pfsense/pull/4266

The PR is appreciated - However may I ask how this is going to help us? dhcpd doesn’t support the classless notation for reverse delegation, even if the computed reverse zone were corrected. Do you know something else, like does dhcpd now support updating classless reverse zones? If not, it will not generate a PTR update when an address is handed out (and the A record is generated). Thank you.

OMG for 4 years they cannot add custom block to DHCP config. Unbelievable level of support!

Azamat Khakimyanov wrote in #note-11:

Tested on 22.05

With IP: 172.24.208.1/23 on DMZ interface and enabled DHCP pool: 172.24.208.10-172.24.209.254 and dynamic DNS configured I got in /var/dhcpd/etc/dhcpd.conf
zone 208-209.24.172.in-addr.arpa. {
primary 127.0.0.1;
key "123adf";
}

I marked this Bug as Resolved.

Did a PTR get successfully updated? Does ISC dhcpd support classless dynamic DNS updates now? Otherwise this is still technically a problem with the way pfSense allows the user to interact, as it generates a (technically correct?) classless dhcp zone file but which does not work with dhcpd's DNS updating code.

Yousif Hassan wrote in #note-12:

Azamat Khakimyanov wrote in #note-11:

Tested on 22.05

With IP: 172.24.208.1/23 on DMZ interface and enabled DHCP pool: 172.24.208.10-172.24.209.254 and dynamic DNS configured I got in /var/dhcpd/etc/dhcpd.conf
zone 208-209.24.172.in-addr.arpa. {
primary 127.0.0.1;
key "123adf";
}

I marked this Bug as Resolved.

Did a PTR get successfully updated? Does ISC dhcpd support classless dynamic DNS updates now? Otherwise this is still technically a problem with the way pfSense allows the user to interact, as it generates a (technically correct?) classless dhcp zone file but which does not work with dhcpd's DNS updating code.

I closed this bug because the issue this bug was about were solved. I also reopened https://redmine.pfsense.org/issues/12779 so if you have something to add, please add your comment into https://redmine.pfsense.org/issues/12779.
If there is another issue related to reverse DNS zone, please open a new Bug.

It is working. @Yousif Hassan you have to set two zones:
208.24.172.in-addr.arpa and 209.24.172.in-addr.arpa
not 24.172.in-add.arpa.
That is my resoved problem https://forum.netgate.com/topic/174977/bind-dhcp-dynamic-update-reverse-zone-if-algin-is-non-octet-problem/6