Dynamic DNS on OpenWrt

OpenWRT

Because of the ongoing transition from ipv4 to ipv6 in the internet, ipv4 will be limited in routing capabilities on the ISP-side.

With today DS-Lite stacks given by the ISP, the NAT-routing mechanism has been shifted to the ISP-side and not more than a local ipv4 network without public IP's is offered.

In contrast to ipv4, ipv6 has a very large address space and plenty of public ip's. Also NAT could be avoided and peer-to-peer connections are possible. To have the OpenWrt-router be accessible behind a dial-up internet connection via ipv6, a DNS service like dynv6.com is used with the ddns scripts of OpenWrt.

Install and patch prerequisites

Login to OpenWrt and install the luci app and including dependencies:

opkg update
opkg install luci-app-ddns ddns-scripts-nsupdate drill

Because the script for updating the name with the nsupdate utility does not work properly with subdomains like openwrt.example.dynv6.net, the script from the maintainer must be patched:

--- /usr/lib/ddns/update_nsupdate.sh
+++ /usr/lib/ddns/update_nsupdate.sh

server $dns_server
+ zone $domain
key $username $password
- update del $domain $__RRTYPE                                                                    
- update add $domain $__TTL $__RRTYPE $__IP
+ update del $lookup_host $__RRTYPE                                                                    
+ update add $lookup_host $__TTL $__RRTYPE $__IP

Configuration

An account with a TSIG-key on dynv6.com must be provided to update names on DNS. The configuration could be made in luci but also in the config file /etc/config/ddns:

config service 'dynv6_ipv6_nsupdate'
        option use_ipv6 '1'
        option service_name 'bind-nsupdate'
        option ip_source 'script'
        option ip_script '/etc/ddns/getwanip'
        option interface 'wan'
        option use_syslog '2'
        option check_unit 'minutes'
        option force_unit 'minutes'
        option retry_unit 'seconds'
        option domain 'example.dynv6.net'
        option username 'hmac-sha256:tsig-12345.dynv6.com'
        option password 'ABCDEBase64...=='
        option enabled '1'
        option lookup_host 'openwrt.example.dynv6.net'
        option dns_server 'ns1.dynv6.com'

A script for determining the WAN ipv6 address given by the ISP router must be used in /etc/ddns/getwanip:

#!/bin/sh
. /lib/functions/network.sh
network_flush_cache
network_find_wan6 NET_IF6
network_get_ipaddr6 NET_ADDR6 "${NET_IF6}"
echo "${NET_ADDR6}"

The script must be made executable by chmod a+x /etc/ddns/getwanip.

Operation

After reloading of luci-app-ddns, the service dynv6_ipv6_nsupdate should be in state running and shows the openwrt name and its assigned ipv6 address, It could be tested by ping openwrt.example.dynv6.net from the internet area.

Because global ipv6 addresses are assigned by the clients themselve (SLAAC) by means of a prefix handout by the ISP, each client has to report its name and IP to the DNS service on its own.

Previous Post Next Post