Hi,
I currently have a IPSEC/L2TP setup that uses FreeRadis (for Active Directory auth). Radius is handing out the IP addresses to the clients. Is there a way to have it update my DNS server so it can create reverse-dns entries for them?
Yes it is. In acct_users make a rule that run a custom program at Acct-Start and Acct-Stop time: DEFAULT NAS-IP-Address == A.B.C.D, Acct-Status-Type == Start Exec-Program = "/path/to/dnsupdate/acct-nsupdate.sh" Then your acct-nsupdate.sh can use the "nsupdate" tool to update the DNS server: Note these interresting parameters that are available in the environment: # ACCT_STATUS_TYPE = Start | Stop # FRAMED_IP_ADDRESS = attributed IP address # NAS_PORT # USER_NAME # ACCT_TERMINATE_CAUSE=User-Request (in normal case when Type=Stop) # NAS_IP_ADDRESS These parameters can be used to build the $newhostname, $assignedipaddr and $A, $B, $C, $D decimal octets of the assigne IP addr. For instance adding an IP: nsupdate -k $KEYFILE > /dev/null << EOF server $SERVER zone $ZONE prereq yxdomain $ZONE update delete $newhostname A update add $newhostname $TTL A $assignedipaddr send EOF (This is with secure update, and KEYFILE holds the TSIG key file (man dnssec-keygen)) Then updating reverse DNS: nsupdate -k $KEYFILE > /dev/null << EOF server $SERVER zone $ZONEREV prereq yxdomain $ZONEREV update delete $D.$C.$B.$A.in-addr.arpa. PTR update add $D.$C.$B.$A.in-addr.arpa. $TTL PTR $newhostname send EOF HTH, Thibault