07-10-2015 02:19 PM - edited 03-01-2019 05:47 PM
For my IPv6 deployment i need that the hosts should be automatically updated on my DNS server. what are different ways to do that? for IPv4 we have a script that create hostnames and links it to host but in ipv6 there are many address. need suggestions
07-12-2015 10:38 AM
There are two main classes of solutions:
1) use DHCPv6 and have the DHCP server update the DNS server. You don't mention your infrastructure, but both Linux and Windows servers can manage this. The problem with this is that lots of stuff wants to use SLAAC and not everything implements DHCPv6 at all, or correctly.
2) scrape live addresses off of switch ports using SNMP, keep a DB of MAC addresses so you can correlate them, and script DNS updates. This works with pretty much any client (until the IEEE starts pushing randomized MAC addresses), but requires a lot of IPAM tools and/or work.
The problem gets easier if you don't need a 100% solution, e.g. is it good enough to track windows desktops, or do printers and IP phones and other random IoT devices like HVAC monitors come into it too?
In terms of multiple addresses, any given interface is going to have both a link-local scope fe80::/64 address and presumably a global scope 2000::/3 address. If you need to track both you are back at #2, because the link-local addresses are almost always host-generated, and necessarily precede DHCP. It's best to stay away from fd00::/7 ULA, because most OS's are confused about their scope and make really perverse source address choices if they have both ULA and global.
Windows clients by default want to update their DNS themselves; you may or may not allow that, and if you do it doesn't extend to the non-windows clients. Meanwhile the windows clients also want to use privacy addresses, and want to mutate those daily. You can tone that down via either group policy or disabling SLAAC on all the prefixes in your router advertisements, but that gets you back to the "do all your devices handle DHPCv6" issues. And probably not everything on your network is a standard PC running windows 7 or later.
Meanwhile, you probably want your mobile devices to use privacy addresses, and unless they are very bleeding edge, they probably don't support rfc7217 stable privacy addresses (randomized in general, but stable on particular subnets). This tends to drive you back to solution #2.
Don't forget that for forensic purposes all your devices are dual stack, and they will be doing a mixture of IPv4 and IPv6 if you offer them both kinds of addresses - just try to find a pure IPv6 only web site, for example. Needing to correlate the v4 and v6 traffic tends to drive folks toward #2 again.
This is not a well solved problem, and what you want to do depends on what you need and what you can afford.
-- Jim Leinweber, WI State Lab of Hygiene
07-12-2015 11:13 AM
I am looking for a way like Dynamic DNS but the problem in that is initially we have to enter hostnames manually and then when the ip address changes of a host it will update the DNS server. I am using ISC DHCPv6 and not SLAAC and Bind for DNS. I do not want to manually enter it even for the first time and not using a script because it will take long time to update DNS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide