From 2aff21251018a6bf21fe255070db008b47e8933b Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Mon, 14 Mar 2022 19:40:48 -0600 Subject: [PATCH] isc-dhcp: detect whether ddns transfers are IPv4 only If named is configured to not listen on any IPv6 interfaces, then we should run 'nsupdate' with the '-4' argument. Also: * cleanup RFC-1918 address detection; * don't generate PTR records for domain entries that aren't RFC-1918 addresses or these will generate NOTAUTH failures; We're assuming that we're doing DNS split-horizon and that internal addresses aren't routable. Signed-off-by: Philip Prindeville --- net/isc-dhcp/files/dhcpd.init | 45 +++++++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 13 deletions(-) diff --git a/net/isc-dhcp/files/dhcpd.init b/net/isc-dhcp/files/dhcpd.init index 4309d5af5b..e3dcdfdd23 100755 --- a/net/isc-dhcp/files/dhcpd.init +++ b/net/isc-dhcp/files/dhcpd.init @@ -46,13 +46,31 @@ time2seconds() { echo $(( number * multiplier )) } -trim() -{ +trim() { local arg="$1" echo "$arg" | sed -e 's/^ *//' -e 's/ *$//' } +rfc1918_prefix() { + local octets="$(echo "${1%%/*}" | cut -d. -f1)" + + [ "$octets" = "10" ] && { echo "$octets"; return; } + + octets="$(echo "${1%%/*}" | cut -d. -f1-2)" + + case "$octets" in + 172.1[6789]|172.2[0-9]|172.3[01]|192.168) + echo "$octets" + ;; + esac +} + +no_ipv6() { + [ -n "$(named-checkconf -px \ + | sed -r -ne '1N; N; /^\tlisten-on-v6 ?\{\n\t\t"none";\n\t\};$/{ p; q; }; D')" ] +} + # duplicated from dnsmasq init script hex_to_hostid() { local var="$1" @@ -200,7 +218,8 @@ static_domain_add() { revip="$(rev_str "$ip" ".")" update "$name.$domain." IN A "$ip" - update "$revip.in-addr.arpa." IN PTR "$name.$domain." + [ -n "$(rfc1918_prefix "$ip")" ] && \ + update "$revip.in-addr.arpa." IN PTR "$name.$domain." done } @@ -377,15 +396,10 @@ dhcpd_add() { [ static = "$proto" ] || return 0 - local pair="$(echo "${subnet%%/*}" | cut -d. -f1-2)" - case "$pair" in - 10.*) - rfc1918_nets="$rfc1918_nets${rfc1918_nets:+ }10" - ;; - 172.1[6789]|172.2[0-9]|172.3[01]|192.168) - rfc1918_nets="$rfc1918_nets${rfc1918_nets:+ }$pair" - ;; - esac + local octets="$(rfc1918_prefix "$subnet")" + + [ -n "$octets" ] && rfc1918_nets="$rfc1918_nets${rfc1918_nets:+ }$octets" + [ $synthesize -eq 0 ] && return config_get_bool dynamicdhcp "$cfg" "dynamicdhcp" 1 @@ -583,7 +597,12 @@ EOF static_srvhosts >> $config_file if [ $dynamicdns -eq 1 ]; then - nsupdate -l -v $dyn_file + local args= + + no_ipv6 && args="-4" + + nsupdate -l -v $args $dyn_file + fi rm -f $dyn_file -- 2.30.2