nsupdate(8) rc.d Script

From: Crist J. Clark <cristjc_at_comcast.net> Date: Mon, 27 Sep 2004 22:17:08 -0700 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:14 UTC

Silence from -net. Anyone have an opinion one way or the other
whether this would be useful to add to the rc.d startup?

----- Forwarded message from "Crist J. Clark" <cristjc_at_comcast.net> -----

Date: Fri, 24 Sep 2004 10:24:18 -0700
From: "Crist J. Clark" <cristjc_at_comcast.net>
To: freebsd-net_at_freebsd.org
Subject: nsupdate(8) rc.d Script

As I was setting up DNS for IPv6 on a test network, I started
to get really tired of entering 128-bit addresses, for both
forward and reverse lookups, into DNS by hand. It seemed somewhat
silly to be doing all of this manually when the actual IPv6 hosts
pretty much configure themselves with rtsol(8).

So I went ahead setting up an nsupdate script to have the systems
automatically use DNS updates to "register" themselves. I figured
I might as well do IPv4 while I was at it.

Now I'm wondering if this is something other people may find useful
and whether I should commit it. I think there are enough knobs to
make it work for most people. But there very well may be some
assumptions that may make it totally unsuitable for a lot of systems
too.

I'm not 100% sure where to drop it into the rc.d order. Obviously,
it is a network service, but it would be nice to sign up in DNS
early so we have entries in DNS when other machines might try to
look us up when we contact them in later rc.d scripts. One thing
that might be nice is if we wait until a local DNS server starts
in the case we are the server, but having a DNS server auto-update
its own info... kinda a chicken-and-egg problem there, may not be a
best practice.

Finally, that is one long awk script. Is there a better tool or
method for converting an IPv6 presentation address into the ip6.arpa
format? And the script is not optimized to do the updates in the
fewest number of packets. An update can only contain updates for a
single zone. It makes the only safe assumption that any two domain
names are not in the same zone unless they are the same. I do not
know how to reduce the number of updates without making things a
LOT more complicated and doing more total DNS queries to find out
SOA information.

To enable the updates, just add,

	nsupdate_enable="YES"

To rc.conf(5). The patch to the default rc.conf has it disabled by
default. IPv4 and IPv6 updates may be toggled individually, but
IPv6 only works if ipv6_enable is also "on." Patch is against RELENG_5,
but it should work fine in CURRENT.

Suggestions, comments, or criticisms, public or private, are welcome.
-- 
Crist J. Clark                     |     cjclark_at_alum.mit.edu
                                   |     cjclark_at_jhu.edu
http://people.freebsd.org/~cjc/    |     cjc_at_freebsd.org