Configuring Dynamic Dns; Example 1: Client Updates Both A And Ptr Rrs For Static Ip Addresses - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring Dynamic DNS
hostname(config)# dhcprelay timeout seconds
(Optional) To change the first default router address in the packet sent from the DHCP server to the
Step 4
address of the security appliance interface, enter the following command:
hostname(config)# dhcprelay setroute interface_name
This action allows the client to set its default route to point to the security appliance even if the DHCP
server specifies a different router.
If there is no default router option in the packet, the security appliance adds one containing the interface
address.
The following example enables the security appliance to forward DHCP requests from clients connected
to the inside interface to a DHCP server on the outside interface:
hostname(config)# dhcprelay server 201.168.200.4
hostname(config)# dhcprelay enable inside
hostname(config)# dhcprelay setroute inside
Configuring Dynamic DNS
This section describes examples for configuring the security appliance to support Dynamic DNS. DDNS
update integrates DNS with DHCP. The two protocols are complementary—DHCP centralizes and
automates IP address allocation, while dynamic DNS update automatically records the association
between assigned addresses and hostnames. When you use DHCP and dynamic DNS update, this
configures a host automatically for network access whenever it attaches to the IP network. You can locate
and reach the host using its permanent, unique DNS hostname. Mobile hosts, for example, can move
freely without user or administrator intervention.
DDNS provides address and domain name mappings so hosts can find each other even though their
DHCP-assigned IP addresses change frequently. The DDNS name and address mappings are held on the
DHCP server in two resource records: the A RR contains the name to IP address mapping while the PTR
RR maps addresses to names. Of the two methods for performing DDNS updates—the IETF standard
defined by RFC 2136 and a generic HTTP method—the security appliance supports the IETF method in
this release.
The two most common DDNS update configurations are:
•
•
In general, the DHCP server maintains DNS PTR RRs on behalf of clients. Clients may be configured
to perform all desired DNS updates. The server may be configured to honor these updates or not. To
update the PTR RR, the DHCP server must know the Fully Qualified Domain Name of the client. The
client provides an FQDN to the server using a DHCP option called Client FQDN.
The following examples present these common scenarios:
•
•
•
Cisco Security Appliance Command Line Configuration Guide
10-6
The DHCP client updates the A RR while the DHCP server updates PTR RR.
The DHCP server updates both the A and PTR RRs.
Example 1: Client Updates Both A and PTR RRs for Static IP Addresses, page 10-7
Example 2: Client Updates Both A and PTR RRs; DHCP Server Honors Client Update Request;
FQDN Provided Through Configuration, page 10-7
Example 3: Client Includes FQDN Option Instructing Server Not to Update Either RR; Server
Overrides Client and Updates Both RRs., page 10-8
Chapter 10
Configuring DHCP, DDNS, and WCCP Services
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
