IP Reverse DNS Resolution
Thibault Le Meur
Thibault.LeMeur at supelec.fr
Thu Sep 13 16:40:55 CEST 2007
Hi,
> I currently have a IPSEC/L2TP setup that uses FreeRadis (for
> Active Directory auth). Radius is handing out the IP
> addresses to the clients. Is there a way to have it update my
> DNS server so it can create reverse-dns entries for them?
Yes it is.
In acct_users make a rule that run a custom program at Acct-Start and
Acct-Stop time:
DEFAULT NAS-IP-Address == A.B.C.D, Acct-Status-Type == Start
Exec-Program = "/path/to/dnsupdate/acct-nsupdate.sh"
Then your acct-nsupdate.sh can use the "nsupdate" tool to update the DNS
server:
Note these interresting parameters that are available in the environment:
# ACCT_STATUS_TYPE = Start | Stop
# FRAMED_IP_ADDRESS = attributed IP address
# NAS_PORT
# USER_NAME
# ACCT_TERMINATE_CAUSE=User-Request (in normal case when Type=Stop)
# NAS_IP_ADDRESS
These parameters can be used to build the $newhostname, $assignedipaddr and
$A, $B, $C, $D decimal octets of the assigne IP addr.
For instance adding an IP:
nsupdate -k $KEYFILE > /dev/null << EOF
server $SERVER
zone $ZONE
prereq yxdomain $ZONE
update delete $newhostname A
update add $newhostname $TTL A $assignedipaddr
send
EOF
(This is with secure update, and KEYFILE holds the TSIG key file (man
dnssec-keygen))
Then updating reverse DNS:
nsupdate -k $KEYFILE > /dev/null << EOF
server $SERVER
zone $ZONEREV
prereq yxdomain $ZONEREV
update delete $D.$C.$B.$A.in-addr.arpa. PTR
update add $D.$C.$B.$A.in-addr.arpa. $TTL PTR $newhostname
send
EOF
HTH,
Thibault
More information about the Freeradius-Users
mailing list