Wanted: Local host DNS record and dynamic DHCP linkage

Help Community Help
1

Context: I am building a private IPSEC site-site network between family homes. I have separate subnets in each home with local domain names for each. Host names are not working the way I want. I am starting to deploy many IoT devices. The goal is to not use any cloud services or apps and to blacklist garbage - Im building my own VPN and secure network under HA or some other developments I’m working on. Pihole for DNS namespace protection and control…

GOAL: I want take any host device and enter it’s MAC address and my desired host name for it in a single master authoritative data store that is available/stored to a (set of) DHCP/DNS servers. Regardless of where I attach it anywhere in the VPN (through DHCP relay or a pihole on that subnet) - server performs DORA, allocates a lease, creates a local DNS record, and then I want my applications to be able to immediately access it by FQDN based on the local domain and dynamic IP@ it gets wherever I attach to the network. Normal DHCP - get available next address for the given subnet/VLAN. I do NOT want to use discovery apps or other garbage. I do NOT want to manage DHCP static leases for each subnet. I do NOT want to manage static IP space per subnet. I DO want the solution to work with dynamic/changing addressing. I want this for devices that advertise a host name during DORA (ideally an option on DNS to override or keep) - or provide the name from the file for the devices that do not advertise a host name. I am done with a life of dealing with managing static leases, address spaces, and host files (yes I have corporate lab PTSD).

HELP:

I am new to pihole. Does anyone have a solution that takes a client MAC address that is used to bind DHCP lease and subsequently activate/create local DNS records using DHCP updated lease records? Conversely - remove local DNS record when DHCP lease expires or is released? Or provide some direction on how I can go about some code to achieve this in pihole? My thoughts are - trigger when lease file adds a record, trigger with lease file record being deleted → update local DNS with the IP@/hostname indexed by client MAC → propogate DNS change to backup pihole(s). I’m a pihole NOOB, so I hope I can get some pointers on (a) has anyone done this, or (b) pointers on how to do this in pihole….. before I start digging this (pi)hole….

thanks for any constructive feedback.

2

Pi-hole's primary focus is DNS.
It exposes an optional DHCP server as just a last resort measure to control DNS for your network, when a router would not support to configure DNS at all. Accordingly, Pi-hole's DHCP UI is very basic.

But Pi-hole's embedded pihole-FTL is based on dnsmasq, and as such can be configured in much the same way, via custom dnsmasq options as documented by Man page of DNSMASQ - as long as those do not conflict with Pi-hole's own set of options.

When enabling Pi-hole's DHCP server, your requirements will likely be partially met by pihole-FTL/dnsmasq.

In particular, dnsmasq will automatically add A,AAAA and PTR records into its DNS server for registered DHCP leases, using names as presented by a client during DHCP negotiation, and it may be configured to also add respective records for FQDNs for a configured local domain (i.e. not for public DNS).

In theory, that feature would allow for any device registering a lease to have a hostname on the local network, without any static configuration.

However, clients are not required to present a name at all, others may also claim full FQDNs, some will claim names that are irritating at best (like android-389a54ef21be), or they randomise names for each network they connect to, and others again may claim generic names that would start to become ambiguous as soon as you run more than one of those devices (e.g. smart-lightbulb).

If you want friendly, predictable names for your clients, sooner or later you'd likely want to enforce hostnames for at least some of your clients - and that would require static configuration per subnet - which you don't want.
If that is really as hard a requirement as you made it sound, Pi-hole/dnsmasq may not be a match for you.

3

I would expect someone to ask about this when they have tried something and it did not work out the way they wanted, so I have to ask :

  • Which software are you using ?
  • What went wrong ?

You can force many of them tho! :slight_smile:

IMHO that’s old information and easily fixable these days :wink:

Those are the ones to worry about indeed !! :enraged_face:

And that’s what I have been doing for many, many, many years now :smiling_face_with_sunglasses: :grimacing: :+1: :+1:

If you take care of your backups and use the right software then everything can be restored very easily and fast too!

But then again : What is ?!?!

There is no “Magic Solution” for all of this sadly…

4

I struggle with this - the names presented by IoT hosts etc are mostly useless if they exist at all. I want to have the network operator (me), not the device, define the local host name for a device that I can deploy on any subnet and reliably use for automation.

Yes, I have used static DHCP leases in the past and I know I can do manual local records. I want to find a better solution for applications… and for non-technical people who want to deploy something that generates usable naming without having a network engineering degree.

The current solution takes the host name field and populates a local record.

What would be ideal - an option to use the client ID, which is guaranteed to exist and be unique, and retrieve a centralized store of MAC to host name that applications users can easily create with names they want to identify the device...

For example - is there an option for a local LDAP or RADIUS dip to authenticate a DHCP request? Either could provide a clean method to return a host name to overwrite the DHCP host name option that could be used to populate the local DNS record. Failing that - a code kludge that read a separate “global” host file of MAC to host name.

I have not found any solution that can do this. I moved to pihole because it is DNS oriented and hoped to find a “better” method to feed host names into local records.

5

Sorry, meant MAC address which is usually easily obtained by non-technical people.

6

Does below do the job?

140cf25113127e2ecaebf955ea4dbf1f25db1f0f_2_1380x584
140cf25113127e2ecaebf955ea4dbf1f25db1f0f_2_1380x5841380×584 97.5 KB

1 Like
7

This is under static DHCP configuration. I had been assigning the IP@ and the host name here, which is what prompted my email. Removing the IP@ and allowing the binding of name to MAC address is what I’m looking for with dynamic DHCP. If that works without specifying the IP@ - is there a way to populate that without going through the GUI (API calls?).

8

The challenge here is that if the device is moved to another subnet, that is in a different domain. So in a perfect world, the instantiation of what you have there would be triggered by DORA - if the host with that MAC gets a lease, then activate the local record. This is because the MAC could appear in one of N domains and the domain where it is deployed would be the binding that is activated. However, this could be a reasonable compromise until I have more time to dig into it.

9

Exactly my point:

As mentioned, if you want to avoid those hassles, you'd have to enforce hostnames somehow.

That hope isn't justified, at least as far as DNS is involved: The DNS protocol is unaware of MAC addresses,

But dnsmasq's DHCP server may be able to do what you do, just as deHakkelaar mentioned.
Please refer to dnsmasq's documentation as linked above. In particular, take a closer look at its dhcp-host option, which seems to allow what you want (and the on-screen help deHakkelaar has pointed to is largely inspired by dnsmasq's man page).

As this concerns dnsmasq rather than Pi-hole, it may also be worth considering to post your question in dnsmasq's mailing list.

10

It does.

Not that I know of except for what Bucking_Horn suggested if want to put it in your own dnsmasq config file:

$ man dnsmasq
[..]
       -G,   --dhcp-host=[<hwaddr>][,id:<client_id>|*][,set:<tag>][,tag:<tag>][,<ipaddr>][,<host‐
       name>][,<lease_time>][,ignore]
              Specify per host parameters for the DHCP server. This allows a machine with a  par‐
              ticular  hardware  address to be always allocated the same hostname, IP address and
              lease time. A hostname specified like this  overrides  any  supplied  by  the  DHCP
              client  on  the  machine.

I think embedded dnsmasq can deal with that as below localise-queries directive is active OOTB:

$ sudo cat /etc/pihole/dnsmasq.conf
[..]
# Return answers to DNS queries from /etc/hosts and interface-name and
# dynamic-host which depend on the interface over which the query was
# received. If a name has more than one address associated with it, and
# at least one of those addresses is on the same subnet as the interface
# to which the query was sent, then return only the address(es) on that
# subnet and return all the available addresses otherwise.
localise-queries
1 Like