Dynamic DNS and lotsa broadband clients

Discuss Networking
Post Reply
fredster
n00b
n00b
Posts: 2
Joined: Thu Apr 29, 2004 4:18 pm

Dynamic DNS and lotsa broadband clients

Post by fredster »

i apologise if i offend anybody for asking a question that others may have asked profusely on the forum. My scenario is that recently i've implemented quite a number of broadband\dsl connections for almost all of our smaller branch offices, and via smoothwall as a easy installed fw for them, I'm updating most of the offices dynamic ip changes to no-ip.com . Worx gr8 and all, but the free service only allows me to add 5 hosts per email addy. - Easy to spoof a shytload of email addies on the system and stiull use the free service, but I want a tidy solution that I could implement on a self managed dynamic dns server.

Did some STFW and although i can find endless info regarding bind and dynamic dns update clients, I cannot find a properly defined dynamic dns package ( i.e. server module and client ) to implement on any os.

I noticed some interesting stuff on your site Void, and I'd like to know if you ( or any other board member ) might be able to assist.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Since these are DSL connections you only have one dynamic IP address that you want to keep accurate in DNS right? I mean, you don't want to know what the off-net addresses of the clients behind the firewall right? I am not that familiar with smoothwall but it has to have a dhcp client to keep a correct IP address on the external interface from the service provider. It might use dhclient or dhcpcd or pump or something else. You can hook scripts into these programs so when an address is changed a script is executed afterword.

If it were me I would probably run a DNS server on a static address at the home office and have the smoothwall dhcp client update the DNS record when the IP changes or the interface is brought up. You would have to allow updates from the entire possible ranges that your client could have for an address which is a little unsecure. Another way is you could have the script automatically ssh into the DNS server and have a local script on the server that would do the update. I think that might be a little more secure. At any rate, you would probably want that DNS server in a DMZ.

Actually, if it were me and I had a small business with limited resources and a few branch offices where I had to use inexpensive DSL rather than dedicated circuits I would still run a VPN to all the branch offices. Does Smoothwall do IPSEC VPN. I do some consulting work for a company that runs a Netscreen firewall at the corporate office and uses Netscreen 5 devices on various types of remote connections (from Cable/DSL to Satellite). This works pretty good. Then no matter what the dynamic public address is, the private tunneled addresses remain static. You could also do this with FreeS/WAN (which Smoothwall might come with).

Just some ideas as I don't know exactly your situation and needs. You might also ask on the Smoothwall forums:

http://community.smoothwall.org/forum/

I work for a company right now that has around 8,000 remote offices. We do 100% dedicated connections though (mostly Satellite but we're in the process of switching everything we can to frame).

fredster
n00b
n00b
Posts: 2
Joined: Thu Apr 29, 2004 4:18 pm

Post by fredster »

first off, thnx for the reply - Then - I'm actually looking for the off net addresses for each of these connections as both the head office and all of the smaller offices with the dsl dialups, rings up to the same isp. Therefore I liked the no-ip.com service as it keeps both the external dedicated ip on the ISP side as well as the nat'ed 165.165.x.x address of the dsl connection.

True - As the smoothie handles the dsl connection, it is aware of the ip changes and what's more is that with ver2.0 express it allows you to configure custom dynamic dns hosts. so what i want to be able to do is to set up a dns that is dedicated to this task only, so that if it goes I only lose the downtime on the dns and not on some other mission critical services. I.e. configure a bsd machine with bind that would accept the dns calls made by smoothwall, so i'm also asking these questions on that side to see what the smoothwall update request looks like so that I could adapt it to suit. As always one hopes for a solution that has been defined and tested before that you can only adapt to your ranges and domains.

I also left out to mention that the main reason for the dns service is so i could easily provide remote support to these remote branches and not to host public www and mx records. And yes, you can adapt smoothwall to do IPSEC VPN or make use of the FreeS/WAN project to assist with the VPN connections. That is next on my list as eventually I want these smaller offices as part of the office network with the secure VPN connections.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

I gotta tell ya, I would put my energy into the VPN angle first. You get Smoothwall (or any other firewall) to do VPN between your central and remote offices and then you attack DNS pretty much the same way you would if you had dedicated circuits. Regarding the specifics of Smoothwall I really have to suggest you bring this question up on the Smoothwall forums as I do not have experience with it. Sorry about that. I would be interested to hear what the Smoothwallites come up with though. :)

Post Reply