Jon Murphy jon.murphy@ipfire.org
On Nov 30, 2023, at 2:26 PM, Michael Tremer michael.tremer@ipfire.org wrote:
Hello Jon,
I like this idea. This might not be the most performant approach, but maybe that isn’t the biggest problem here. Correctness comes before performance at least.
On 30 Nov 2023, at 16:01, jon jon.murphy@ipfire.org wrote:
Michael & All,
I am offering a Proof Of Concept (POC) for a DHCP to DNS bridge. The POC below is written in bash and may not be fast enough for thousands of devices.
It uses the On Commit/Release/Expiry (CRE) already included into ISC DHCP. I believe these are known as EVENTS.
=== NOTE === REFERENCE: EVENTS - There are three kinds of events that can happen regarding a lease, and it is possible to declare statements that occur when any of these events happen. These events are the commit event, when the server has made a commitment of a certain lease to a client, the release event, when the client has released the server from its commitment, and the expiry event, when the commitment expires.
To declare a set of statements to execute when an event happens, you must use the on statement, followed by the name of the event, followed by a series of statements to execute when the event happens, enclosed in braces.
If I did this correctly is should simplify the bridge by eliminating some of the parsing though `/var/ipfire/dhcp/fixleases` and searching for new or expired leases.
If I understand CRE correctly, it should also simplify the separated Dynamic Leases and Fixed Leases. CRE seems to handle both FIXED and DYNAMIC. The downside (or upside depending on your point of view) is the elimination of the DHCP configuration "Remarks" appearing to unbound as client domain names. See DHCP configuration - Current fixed leases (at menu Network > DHCP Server)
This is not complete and it currently does not include the Hostname (static) items at `/etc/unbound/hosts.conf`
There are many extra lines included to help me test & debug (i.e., "logger"). Most to be removed.
If this helps, please offer ideas or corrections. If not, then I will be :-(
This is only one half the solution I would say - but probably fixes the problem of the past…
I think that we can easily use this script to dynamically load/remove entries from Unbound with removing it. Since we already have to fork unbound-control, I do not consider this too bad.
But: A new problem would be that we have a bootstrap problem: How do we load an initial set of leases into Unbound - either on boot or when Unbound gets restarted?
Bootstrap: When you say bootstrap, I think "first boot" after install. I hope that is correct! - The first time through the client would request an IP address via a DHCP request (same as today). - DHCPACK causes a "commit" EVENT entered into the `dhcpd.conf`config file at `/var/ipfire/dhcp/dhcpd.conf` - NOTE: today I have this in `/var/ipfire/dhcp/dhcpd.conf.local` for testing. - The `dhcpEvent.sh` script does its thing and drops A and PTR records into the `/etc/unbound/dhcp-leases.conf`. - It appears Unbound is constantly monitoring this file. Unbound seems to recognize the changes and accept the A and PTR records. - NOTE: I began my tests by manually entering file and they seem to be accepted fine. - NOTE: I still have testing to do to make sure this works properly! - NOTE: Unbound is the part that worries me the most since I don't understand why this works! I need to keep testing by removing/adding the unbound reload code in the existing bridge!
IPFire Reboot / Shutdown: I’ve rebooted IPFire a few times. Nothing needs to be re-populated. I did the CU 181 update with this running. The leases survive the reboot since the `/etc/unbound/dhcp-leases.conf` file is still intact and full of leases. So far it has not been an issue. More testing to do! (Especially with shutdown)
Unbound & DHCP restarts: I’ve restarted unbound and dhcp many, many times. Nothing needs to be re-populated Same as a reboot, the leases survive the restart since the `/etc/unbound/dhcp-leases.conf` file is still intact and full of leases. So far it has not been an issue. More testing to do!
Clients and DHCP: I still need to test device hostname changes. Initial tests seem OK. I still need to test static to DHCP to static changes. I still need to test Fixed to Dynamic to Fixed changes.
- Parsing the leases file in shell is painful and veeeery slow. Not really a problem since we only do this once, but it has to work.
- Keeping the existing Python code feels like the wrong choice.
- I played around with awk and I think that could be an option, but it is not fun to write - not the biggest problem again.
I tried the "davidbarnhart" awk code for the DHCP leases file. To me it seems awkward (pun certainly intended!). Awk was fun to play with, but I dont think this is needed if we use EVENTS already built into ISC dhcp.
- Another option could be that we don’t bother with the leases file at all. We could simply create yet another file that we write any events to and hope that we will never miss one.
I’m not sure I understand this option…
I am really not sure which ones of these options I would disfavour the least. What do you think?
To be honest I think I like my proof of concept (POC)! DHCP has a nice mechanism to get leases out and Unbound has a nice mechanism to get leases in. I believe we should take advantage of it (if everything works as hoped).
Like I said I am still testing so there may be a "gotcha" that causes all of the POC stop. (And we could end up being dependent of the unbound-reload)
So far the only items missing from my temp leases list are items related to "Remarks" appearing to unbound as client domain names. I am not sure if these should be added…
My question to you: What is the difference between a DHCP lease that EXPIRES and a DHCP lease that is RELEASED??
I am note sure if I answered all of your questions. Does this help? Jon
-Michael
File = `/var/ipfire/dhcp/dhcpd.conf.local`
<dhcpd.conf.local.txt>
File = `dhcpEvent_v6.sh`
<dhcpEvent_v6.sh.txt>
The bash script currently writes to `/etc/unbound/dhcp-leases2.conf` so I can compare it to `dhcp-leases.conf`. It does NOT provide any data to unbound (yet!)
Is this script helpful?
Jon
Inspiration link: https://jpmens.net/2011/07/06/execute-a-script-when-isc-dhcp-hands-out-a-new...
Reference Link: Still looking!! https://stackoverflow.com/questions/51550326/is-there-any-hook-for-finishing...