CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.1
Configuring Dynamic DNS
Downloads: This chapterpdf (PDF - 117.0KB) The complete bookPDF (PDF - 12.93MB) | Feedback

Table of Contents

Configuring Dynamic DNS

Information About DDNS

Licensing Requirements for DDNS

Guidelines and Limitations

Configuring DDNS

Configuration Examples for DDNS

Example 1: Client Updates Both A and PTR RRs for Static IP Addresses

Example 2: Client Updates Both A and PTR RRs; DHCP Server Honors Client Update Request; FQDN Provided Through Configuration

Example 3: Client Includes FQDN Option Instructing Server Not to Update Either RR; Server Overrides Client and Updates Both RRs.

Example 4: Client Asks Server To Perform Both Updates; Server Configured to Update PTR RR Only; Honors Client Request and Updates Both A and PTR RR

Example 5: Client Updates A RR; Server Updates PTR RR

DDNS Monitoring Commands

Feature History for DDNS

Configuring Dynamic DNS

This chapter describes how to configure DDNS update methods and includes the following topics:

Information About DDNS

DDNS update integrates DNS with DHCP. The two protocols are complementary: DHCP centralizes and automates IP address allocation; DDNS update automatically records the association between assigned addresses and hostnames at predefined intervals. DDNS allows frequently changing address-hostname associations to be updated frequently. Mobile hosts, for example, can then move freely on a network without user or administrator intervention. DDNS provides the necessary dynamic update and synchronization of the name-to-address mapping and address-to-name mapping on the DNS server. To configure the DNS server for other uses, see the “Configuring the DNS Server” section. To configure DHCP, see the “Configuring the DHCP Server” section.

EDNS allows DNS requesters to advertise the size of their UDP packets and facilitates the transfer of packets larger than 512 octets. When a DNS server receives a request over UDP, it identifies the size of the UDP packet from the OPT resource record (RR) and scales its response to contain as many resource records as are allowed in the maximum UDP packet size specified by the requester. The size of the DNS packets can be up to 4096 bytes for BIND or 1280 bytes for the Windows 2003 DNS Server. Several additional message-length maximum commands are available:

  • The existing global limit: message-length maximum 512
  • A client or server specific limit: message-length maximum client 4096
  • The dynamic value specified in the OPT RR field: message-length maximum client auto

If the three commands are present at the same time, the ASA enforces the minimum of the three specified values.

Licensing Requirements for DDNS

The following table shows the licensing requirements for DDNS:

 

Model
License Requirement

All models

Base License.

Guidelines and Limitations

Failover Guidelines

Supports Active/Active and Active/Standby failover.

Firewall Mode Guidelines

Supported in routed firewall mode.

Context Mode Guidelines

Supported in single and multiple context modes.

Supported in transparent mode for the DNS Client pane.

IPv6 Guidelines

Supports IPv6.

Configuring DDNS

This section describes examples for configuring the ASA to support Dynamic DNS. When you use DHCP and dynamic DNS update, this configures a host automatically for network access whenever it attaches to the IP network. You can locate and reach the host using its permanent, unique DNS hostname. Mobile hosts, for example, can move freely without user or administrator intervention.

DDNS provides address and domain name mapping so that hosts can find each other, even though their DHCP-assigned IP addresses change frequently. The DDNS name and address mapping is held on the DHCP server in two resource records: the A RR includes the name-to-IP address mapping, while the PTR RR maps addresses to names. Of the two methods for performing DDNS updates—the IETF standard defined by RFC 2136 and a generic HTTP method—the ASA supports the IETF method in this release.

The two most common DDNS update configurations are the following:

  • The DHCP client updates the A RR, while the DHCP server updates the PTR RR.
  • The DHCP server updates both the A RR and PTR RR.

In general, the DHCP server maintains DNS PTR RRs on behalf of clients. Clients may be configured to perform all desired DNS updates. The server may be configured to honor these updates or not. To update the PTR RR, the DHCP server must know the FQDN of the client. The client provides an FQDN to the server using a DHCP option called Client FQDN.

Configuration Examples for DDNS

The following examples present five common scenarios:

Example 1: Client Updates Both A and PTR RRs for Static IP Addresses

The following example shows how to configure the client to request that it update both A and PTR resource records for static IP addresses.

To configure this scenario, perform the following steps:

Detailed Steps

 

Command
Purpose

Step 1

ddns update method name
 

ciscoasa(config)# ddns update method ddns-2

Creates a DDNS update method ddns-2 that dynamically updates DNS resource records (RRs).

Step 2

ddns both
 

ciscoasa(DDNS-update-method)# ddns both

Specifies that the client updates both the DNS A and PTR resource records (RRs ).

Step 3

interface mapped_name
 

ciscoasa(DDNS-update-method)# interface eth1

Configures an interface eth1 and enters interface configuration mode.

Step 4

ddns update [ method-name | hostname hostname]
 

ciscoasa(config-if)# ddns update ddns-2

ciscoasa(config-if)# ddns update hostname asa.example.com

Associates the the DDNS method ddns-2 with the eth1 interface and an update hostname.

Step 5

ip address ip_address [mask] [standby ip_address ]
 

ciscoasa(config-if)# ip address 10.0.0.40 255.255.255.0

Configures a static IP address for the interace eth1.

Example 2: Client Updates Both A and PTR RRs; DHCP Server Honors Client Update Request; FQDN Provided Through Configuration

The following example shows how to configure the DHCP client to request that it update both the A and PTR RRs, and the DHCP server to honor these requests.

To configure this scenario, perform the following steps:

Detailed Steps

 

Command
Purpose

Step 1

dhcp-client update dns [server {both | none}]
 

ciscoasa(config)# dhcp-client update dns server none

Configures the DHCP client to request that the DHCP server perform no updates

Step 2

ddns update method name
 

ciscoasa(config)# ddns update method ddns-2

Creates a DDNS update method ddns-2 that dynamically updates DNS resource records (RRs)

Step 3

ddns both
 

ciscoasa(DDNS-update-method)# ddns both

Specifies that the client updates both the DNS A and PTR resource records (RRs ).

Step 4

interface mapped_name
 

ciscoasa(DDNS-update-method)# interface Ethernet0

Configures an interface Ethernet 0and enters interface configuration mode.

Step 5

ddns update [ method-name | hostname hostname]
 

ciscoasa(config-if)# ddns update ddns-2

ciscoasa(config-if)# ddns update hostname asa.example.com

Associates the DDNS method ddns-2 with the Ethernet0 interface and an update hostname.

Step 6

ip address dhcp
 

ciscoasa(if-config)# ip address dhcp

Uses DHCP to obtain an IP address for the interface.

Step 7

dhcpd update dns [both] [override] [interface srv_ifc_name]
 

ciscoasa(if-config)# dhcpd update dns

Configures DHCP server to perform DDNS updates.

Example 3: Client Includes FQDN Option Instructing Server Not to Update Either RR; Server Overrides Client and Updates Both RRs.

The following example shows how to configure the DHCP client to include the FQDN option that instruct the DHCP server not to honor either the A or PTR updates. The example also shows how to configure the server to override the client request. As a result, the client does not perform any updates.

To configure this scenario, perform the following steps:

Detailed Steps

 

Command
Purpose

Step 1

ddns update method name
 

ciscoasa(config)# ddns update method ddns-2

Creates a DDNS update method ddns-2 that dynamically updates DNS resource records (RRs).

Step 2

ddns both
 

ciscoasa(DDNS-update-method)# ddns both

Specifies that the client updates both the DNS A and PTR resource records (RRs ).

Step 3

interface mapped_name
 

ciscoasa(DDNS-update-method)# interface Ethernet0

Configures an interface Ethernet 0and enters interface configuration mode.

Step 4

ddns update [ method-name | hostname hostname]
 

ciscoasa(config-if)# ddns update ddns-2

ciscoasa(config-if)# ddns update hostname asa.example.com

Associates the the DDNS method ddns-2 with the Ethernet0 interface and an update hostname.

Step 5

dhcp-client update dns [server {both | none}]
 

ciscoasa(config)# dhcp-client update dns server none

Configures the DHCP client to request that the DHCP server perform no updates.

Step 6

ip address dhcp
 

ciscoasa(if-config)# ip address dhcp

Uses DHCP to obtain an IP address for the interface.

Step 7

dhcpd update dns [both] [override] [interface srv_ifc_name]
 

ciscoasa(if-config)# dhcpd update dns both override

Configures DHCP server to override the client update requests.

Example 4: Client Asks Server To Perform Both Updates; Server Configured to Update PTR RR Only; Honors Client Request and Updates Both A and PTR RR

The following example shows how to configure the server to perform only PTR RR updates by default. However, the server honors the client request that it perform both A and PTR updates. The server also forms the FQDN by appending the domain name (example.com) to the hostname that the client (asa) has provided.

To configure this scenario, perform the following steps:

Detailed Steps

 

Command
Purpose

Step 1

interface mapped_name
 

ciscoasa(config)# interface Ethernet0

Configures an interface Ethernet 0.

Step 2

dhcp-client update dns [server {both | none}]
 

ciscoasa(config-if)# dhcp-client update dns both

DHCP client requests that the DHCP server update both the DNS A and PTR resource records.

Step 3

ddns update [ method-name | hostname hostname]
 

ciscoasa(config-if)# ddns update hostname asa

Configures the DHCP client on interface Ethernet 0.

Step 4

dhcpd update dns [both] [override] [interface srv_ifc_name]
 

ciscoasa(config-if)# dhcpd update dns

Configures DHCP server to perform DDNS updates.

Step 5

dhcpd domain domain_name [interface if_name]
 

ciscoasa(config-if)# dhcpd domain example.com

Defines the DNS domain name for DHCP clients.

Example 5: Client Updates A RR; Server Updates PTR RR

The following example shows how to configure the client to update the A resource record and how to configure the server to update the PTR records. Also, the client uses the domain name from the DHCP server to form the FQDN.

To configure this scenario, perform the following steps:

Detailed Steps

 

Command
Purpose

Step 1

ddns update method name
 

ciscoasa(config)# ddns update method ddns-2

Creates a DDNS update method ddns-2 that dynamically updates DNS resource records (RRs).

Step 2

ddns [both]
 

ciscoasa(DDNS-update-method)# ddns

Specifies a dynamic DNS (DDNS) update method.

Step 3

interface mapped_name
 

ciscoasa(DDNS-update-method)# interface Ethernet0

Configures an interface Ethernet 0.

Step 4

dhcp-client update dns [server {both | none}]
 

ciscoasa(config-if)# dhcp-client update dns

Configures the update parameters that the DHCP client passes to the DHCP server.

Step 5

ddns update [ method-name | hostname hostname]
 

ciscoasa(config-if)# ddns update ddns-2

ciscoasa(config-if)# ddns update hostname asa

Associates the the DDNS method ddns-2 with the Ethernet0 interface and an update hostname.

Step 6

dhcpd update dns [both] [override] [interface srv_ifc_name]
 

ciscoasa(if-config)# dhcpd update dns

Configures DHCP server to perform DDNS updates.

Step 7

dhcpd domain domain_name [interface if_name]
 

ciscoasa(config-if)# dhcpd domain example.com

Defines the DNS domain name for DHCP clients.

DDNS Monitoring Commands

To monitor DDNS, enter one of the following commands:

 

Command
Purpose

show running-config ddns

 

Shows the current DDNS configuration.

show running-config dns server-group

 

Shows the current DNS server group status.

Feature History for DDNS

Table 15-1 lists each feature change and the platform release in which it was implemented.

 

Table 15-1 Feature History for DDNS

Feature Name
Releases
Feature Information

DDNS

7.0(1)

We introduced this feature.

We introduced the following commands: ddns , ddns update , dhcp client update dns , dhcpd update dns , show running-config ddns, and show running-config dns server-group .