When a DHCP client (like a computer or mobile device) obtains an IP address from the DHCP service, the Kea Dynamic DNS service can automatically update DNS records, mapping the client`s hostname to its assigned IP address.
This is particularly useful in environments where devices frequently join or leave the network, or where devices` IP addresses change regularly.
When the DDNS server wants to perform the update, it identifies itself with a TSIG key on the DNS server.
The DNS server with the same key accepts the communication and updates its DNS record base on the indicated domain.
¶ Create a TSIG key
- On the left menu, go to
DHCP > DDNS - Click on Authorized Keys button
- On the Authorized Keys section, click on new record
- Set the key name and use the the button Generate key.
The key name specified in the configuration must match exactly with the key name defined in target DNS servers, including case sensitivity. - This section lets you either save the TSIG key you've generated on the DNS server, or generate a key based on supported algorithms.
Please note that if you select one of the randomly generated keys, you'll have to replicate it on the DNS servers that are to receive the updates.
TSIG uses timestamps to prevent replay attacks, so if the time difference between the client and the server exceeds a certain threshold (Artica DNS servers are set to 30mins difference) , you'll encounter a
BADTIMEerror.
¶ Add domain and target DNS servers.
Once you've added your keys, you can specify which domains will have their DNS records replicated.
Click on new DNS server button
- This button lets you specify which domain produced by the DHCP server will be replicated on one or more DNS servers.
In this example, the DHCP server for a specific vlan will force workstations to use the domainhome.lan
I then indicatehome.lanin the domain section.
In the DNS servers' address fields, I can indicate either a single address or several separated by commas.
If DNS servers use a specific port, I'd indicate them in the form IP:port like this:1.2.34:5353,1.2.3.5:8053,1.2.3.6:53
If I don't specify a port, they'll take the value indicated in the Remort Port field
In this case, my remote DNS server is an Artica server which has the DDNS receiving agent.
- Specifies the TSIG key hosted by remote DNS servers.