Selected ASDM VPN Configuration Procedures for the Cisco ASA 5500 Series, Version 5.2
Configuring DDNS Update
Downloads: This chapterpdf (PDF - 195.0KB) The complete bookPDF (PDF - 4.16MB) | Feedback

Configuring DDNS Updates

Table Of Contents

Configuring DDNS Updates

Overview of DDNS Resource Records

Overview of DDNS Example: Server Updates Both Records

Defining an Update Method

Assigning the Update Method to an Interface

Configuring the DHCP Server


Configuring DDNS Updates


This chapter describes how to configure Dynamic DNS updates, a process by which two types of DNS resource records (RRs) are updated with the latest IP address and hostname information. There are several scenarios for updating these records; this chapter presents the procedure for configuring the following common scenario:

The DHCP client asks the DHCP server to update both DNS RRs. The server, configured to update PTR RRs only, honors the client request and updates both the A and PTR RRs.

This chapter includes the following sections:

Overview of DDNS Resource Records

Overview of DDNS Example: Server Updates Both Records

Defining an Update Method

Assigning the Update Method to an Interface

Configuring the DHCP Server

Overview of DDNS Resource Records

DDNS provides address and domain name mappings so hosts can find each other even though their DHCP-assigned IP addresses change frequently. Mappings are contained in two types of records that reside on the DNS server. These records, A RRs and PTR RRs, allow identification of a host either by IP address or by domain name. A RRs contain domain name to IP address mappings while PTR RRs contain IP address to domain name mappings. Of the two methods for performing DDNS updates to these records—the IETF standard defined by RFC 2136 and a generic HTTP method—the security appliance supports the IETF method in this release.

Each of the records can be updated by either the DHCP server or the client depending upon how you configure the updates. The client can request that the server perform the updates on its behalf. However, you must configure the server to either honor the client request or override it.

To update the PTR RR, the DHCP server must know the Fully Qualified Domain Name of the client. The client provides an FQDN to the server using a DHCP option called Client FQDN.

This chapter presents the steps for configuring the DHCP server to update both the A RR and the PTR RR. This is one of the most common configurations. Other configuration scenarios discussed in the Cisco Security Appliance Command Line Configuration Guide include:

The DHCP client updates both the A and PTR RRs for static IP addresses.

The DHCP client updates both the A and PTR RRs. The DHCP server honors the client update request. FQDN provided through configuration.

The DHCP client includes the FQDN option instructing the server not to update either RR. The server overrides client request and updates both RRs.

The DHCP client updates the A resource record while the DHCP server updates the PTR records. The client uses the domain name from the server to form the fully qualified domain name.

Overview of DDNS Example: Server Updates Both Records

This section configures the DHCP server to perform only PTR RR updates by default. However, the server honors the client request that it perform both A and PTR updates.

.To complete this configuration example, perform the following tasks.

1. Define the DDNS update method.

2. Assign the DDNS update method to a security appliance interface.

3. Configure the DHCP server.


Note Prerequisite steps that are outside the scope of this procedure include configuring DHCP servers, configuring DNS clients, and enabling DHCP on interfaces.


Defining an Update Method

To define a DDNS update method, perform the following steps:


Step 1 In the Configuration > Properties > DNS > Dynamic DNS window, click Add.

The Edit Dynamic DNS Update Methods dialog box appears as shown in Figure 5-1.

Figure 5-1 Edit Dynamic DNS Update Methods Dialog Box

Step 2 In the Name field, enter a DDNS method name.

In this example, we name the method DDNS-3.

Step 3 In the Days field, enter the number of days between update attempts.

Days can be from 0 to 364.

Step 4 From the Hours menu, choose a number of hours between update attempts.

Step 5 From the Minutes menu, choose a number of minutes between update attempts.

In this example, we schedule an update attempt every minute.

Step 6 From the Seconds menu, choose a number of seconds between update attempts.


Note These time units are additive. That is, if you enter 0 days, 0 hours, 5 minutes and 15 seconds, the update method will attempt an update every 5 minutes and 15 seconds for as long as the method is active


Step 7 Next to Update Records, click either the Both (PTR and A Records) radio button or the A Records only radio button to configure the DHCP client to update records.


Note You can select either radio button because the interface or the DHCP server can be configured to override the method setting.


Step 8 Click OK to accept the update method configuration.


Assigning the Update Method to an Interface

To assign a DDNS update method to a security appliance interface, perform the following steps:


Step 1 In the Configuration > Properties > DNS > Dynamic DNS window, click Add.

The Add Dynamic DNS Interface Settings dialog box appears as shown in Figure 5-2.

Figure 5-2 Add Dynamic DNS Interface Settings Dialog Box

Step 2 Select the interface to be configured from the Interface menu.

In this example, we select the outside interface.

Step 3 Select the update method to be applied to the interface from the Update Method menu.

In this example, we select DDNS-3.

Step 4 Enter the Dynamic DNS hostname in the Hostname field.

In this example, we enter asa.

Step 5 In the DHCP Client area, click Both (PTR and A Records).

Step 6 Click OK to accept the interface configuration settings.

The Add Dynamic DNS Interface Settings dialog box closes.

Step 7 At the bottom of the Dynamic DNS panel, click Both (PTR Records and A Records) to set the global DHCP server update setting to update both resource records.

Step 8 Click Apply to add the new DDNS settings to the running security appliance configuration.


Configuring the DHCP Server

To configure the DHCP server to update PTR records and to also honor DHCP client update requests, perform the following steps:


Step 1 In the Configuration > Properties > DHCP Services > DHCP Server window, select the DHCP server you want to update the DNS records.

Step 2 In the Dynamic DNS Settings for DHCP Server area, perform the following steps:

a. Check the Update DNS Clients check box.

b. Uncheck the Update Both Records check box.

c. Uncheck the Override Client Settings check box.

The Dynamic DNS Settings for DHCP Server area should appear as shown in Figure 5-3.

Figure 5-3 The Dynamic DNS Settings for DHCP Server area.

Step 3 Click Apply to add the DHCP server setting to the security appliance running configuration.