Hi Rowland,
I don't want to to run an AD DC on firewall device, barely DHCP and
maybe DNS.
What you have pointed me to is similar to what I have in place:
https://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/
and which is working fine.
NOW I want to switch DHCP from isc-dhcp-server 4.2.2 on Debian to DHCP
on pfSense firewall (based on FreeBSD 11.2) which reports as below:
pkg info | grep dhcp
dhcp6-20080615.2?????????????? KAME DHCP6 client, server, and relay
dhcpleases-0.3_1?????????????? read dhpcd.lease file and add it to hosts
file
dhcpleases6-0.1_2????????????? read dhpcd6.leases file and trigger
command on modification
isc-dhcp43-client-4.3.6P1????? The ISC Dynamic Host Configuration
Protocol client
isc-dhcp43-relay-4.3.6P1_1???? The ISC Dynamic Host Configuration
Protocol relay
isc-dhcp43-server-4.3.6P1_1??? ISC Dynamic Host Configuration Protocol
server
I've set it up and everything is working fine apart from DDNS integration.
PfSense web GUI is limiting my config choices to the following:
Dynamic DNS
Enable: Check the box to enable registration of DHCP client names in DNS
using an external
(non-pfSense) DNS server.
DDNS Domain: The domain name used for registering clients in DNS
Primary DDNS Address: The DNS server used for registering clients in DNS
DNS Domain Key: The encryption key used for DNS registration
DNS Domain Key: Secret The secret for the key used for DNS registration
Does it mean it's not going to work as it doesn't involve Kerberos
authentication?
Personally I would be happy with dynamic DNS updates being controlled by
DHCP secured with a shared secret only.
Regards,
Adam
On 20/06/19 12:33, Rowland penny via samba wrote:> You might want to read this:
>
>
https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9
>
>
> Though why you want to run an AD DC on firewall device, beats me.
>
> Rowland
>
>
>