Dynamic DNS & DHCP with macOS Server

Something I’ve been wanting to experiment with and make use of is Dynamic DNS on my network. What is it? It’s a way for your DHCP server to dynamically assign hostnames based on what you’ve named your device allowing DNS lookups instead of statically assigned IPs and Names. What does that mean?

The “old school” way of assigning DNS names on your network would be to assign a device a static IP or assign it a static address on your DHCP server, then give it a DNS name that resolves to that IP address. Example:

stevesmacbook.themajorshome.com would always resolve to 10.0.1.210 and would be tied to it’s MAC address.

But what if I got a new MacBook? Or my MacBook switches from wired network to wireless depending if I’m in my home office or not? As noted, the MAC is what controls the IP address and the DNS name is tied to the assigned IP address. Old school and very static.

Plus, if you have a lot of devices, naming them statically on the server really isn’t the way things are done nowadays. Your device name should be it’s DNS name and the IP assigned is irrelevant.

The exception to the above would be a service oriented item like a web or email server, but that isn’t the goal here.

Fortunately, macOS Server uses Bind behind the scenes and it’s had this capability for a long time. Unfortunately, Server.app doesn’t have a pretty GUI exposed to enable this, but it’s not too hard and Apple seems to allow the functionality with you just having to make a few tweaks to the conf files. Let’s get started:

First, switch into the directory of Server’s named service since we’re going to be working in here:

Next, you’re going to need to know your DNS server’s key because allowing a DHCP server or a utility to update your DNS records could turn into a nasty free-for-all if left wide open.  There is no need to generate a md5 key, Server did that already.  You can find it with:

That secret in quotes is the key you need for your DHCP server to update records, we’ll get to that later (…and no, that isn’t my key, just an example!)

Now, for each zone you want to allow updates for, you’re going to edit your named.conf file in that directory with your favorite text editor and change allow-update from none to key rndc-key:

You’ll also want to do this in corresponding reverse zone as well, eg:

That’s it for changes to Bind, very simple. Now, you just need to tell your DHCP server of choice that it’s okay to update your DNS records. I use OPNsense for my DHCP Server/Firewall, so the example below shows it’s configuration. Your DHCP server may be different, but it gives you the idea of what needs to be done:

dynamicdns

So, now when my notebook requests an address, I see this in the DNS log of Server as it updates records:

And, of course:

Its entry in the Server.app GUI:

dynamicdns2

Final notes:

I was initially confused because the update was working, however I didn’t see the entry in my zone file or in the GUI of Server. I was … concerned.  There was no reason to be.

Along side of my zone file, I noticed that an additional file with the extension .jnl had been created. It turns out that the .jnl is a binary file with your zone data represented during the updates. The changes in your .jnl file are merged into the main zone file about every 15 minutes.  So the changes to your zone will be added, but after a small delay.  You can stop and start Bind to force the merge, but that’s not necessary under normal conditions.

In addition, editing a zone directly or with the GUI will cause a journal file to become out of sync. For dynamically updated zones, the best practice is to freeze the zone, make the change, and unfreeze it.  This can be done as so:


If you forget you can just remove the .jnl files. You would only lose dynamic changes that occurred since the last sync. These would “self-correct” when the device again requests a DHCP assignment.

Given this, I’m finding that the command line utility called nsupdate is a fantastic alternative to editing the files directly or even the GUI.  The utility communicates with the dynamic service so no need to freeze/thaw zones.

For example, adding a record is as simple as:

Hopefully you’ll find this way of managing DNS as beneficial as I.

This entry was posted in macOS Server, Tech Trinkets. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *