DHCP Dynamic DNS update to external BIND 9.18

[jonny5]

The OPNSense dhcpd produces this error when configured to update to an external BIND 9.18:

Code Select Expand

Unable to add reverse map from 10.1.168.192.in-addr.arpa. to host02.localnetdomain.home: NOTIMP
The other Subnet (10.10.0.0/16) has no problem updating its Reverse DNS/PTR records

BIND 9.18 produces the following output, showing that the OPNSense did a 2nd type of update run if you will, where the OPNSense deletes, and then adds it back with the new DHCP Lease Token/Key:

Code Select Expand

18-Jan-2024 13:26:31.718 client @0x0db29810a378 192.168.1.1#53080/key opnsensedhcp: signer "opnsensedhcp" approved
18-Jan-2024 13:26:31.718 client @0x0db29810a378 192.168.1.1#53080/key opnsensedhcp: updating zone 'localnetdomain.home/IN': update unsuccessful: host02.localnetdomain.home: 'name not in use' prerequisite not satisfied (YXDOMAIN)
18-Jan-2024 13:26:31.718 client @0x0db29810a378 192.168.1.1#53080/key opnsensedhcp: signer "opnsensedhcp" approved
18-Jan-2024 13:26:31.718 client @0x0db29810a378 192.168.1.1#53080/key opnsensedhcp: updating zone 'localnetdomain.home/IN': deleting rrset at 'host02.localnetdomain.home' TXT
18-Jan-2024 13:26:31.718 client @0x0db29810a378 192.168.1.1#53080/key opnsensedhcp: updating zone 'localnetdomain.home/IN': adding an RR at 'host02.localnetdomain.home' TXT "348b58c0d6248dc90762834bf6540b121a"
18-Jan-2024 13:26:31.718 client @0x0db29810a378 192.168.1.1#53080/key opnsensedhcp: updating zone 'localnetdomain.home/IN': deleting rrset at 'host02.localnetdomain.home' A
18-Jan-2024 13:26:31.718 client @0x0db29810a378 192.168.1.1#53080/key opnsensedhcp: updating zone 'localnetdomain.home/IN': adding an RR at 'host02.localnetdomain.home' A 192.168.1.10

It does complete its task correctly, the A+TXT get Updated, it appears the Reverse DNS record is not.

The error is about the inability to update the Reverse PTR record for the FQDN to the IP. The OPNSense doesn't appear to attempt to remove it first, or, is there more to the allowing DHCP Reverse DNS / PTR between OPNSense and an external BIND?

Instead of putting (? really just learning about BIND here ?) the Reverse Records/PTR in the 'localnetdomain.home' Zone, I put it in a '1.168.192.in-addr.arpa.' Zone, could that be part of the issue and how should I go about resolving it? I've also tried to just have a '168.192.in-addr.arpa.' Zone in addition to the '10.10.in-addr.arpa.' Zone that I have. Interestingly, the 10.10/16 subnet has no problem updating. Maybe I should just finish migration over to 10.10?

It would seem others would want to set it up that way too, but again, I'm only learning about DNS/BIND in greater detail recently. Thank you again for making/developing/releasing OPNSense everyone!!

[jonny5]

Just figured this out, Reverse DNS more or less expects /24... mine isn't

https://serverfault.com/questions/313659/setting-up-reverse-dns-for-a-25-block-of-ips

[Patrick M. Hausen]

Whoever controls the entire /24 needs to setup a classless reverse delegation according to RFC 2317. Without cooperation of that party it's impossible. But with their help it's not that hard, either.

https://datatracker.ietf.org/doc/html/rfc2317

[jonny5]

IMHO - It is far better to use /24s than attempt to subdivide your Homelab into subnets smaller than a /24, those Reverse DNS extra configs will be tedious and unless you have to have it, I would guide against that pattern.

Excellent reference into how one does it though! Not for the faint of heart lol.