top | item 37881268

(no title)

dxld | 2 years ago

Well dnsmasq has --dynamic-host for this use-case. Example:

    dynamic-host=cafe.dxld.at,::cafe,lan0

Firewalls tend to support DNS, use it :)

I know for a fact nftables and pfSense allow this, worst case you need a cronjob to periodically reload your ruleset to refresh the DNS data as it's evaluated at ruleset load time (for nftables). Incidentally another TODO project of mine is a daemon to allow running scripts when RA information (such as the prefix) changes, this would come in handy here too.

For anyone interested in making IPv6 bettter come talk to me in #ipv6:ungleich.ch (Matrix).

--Daniel

discuss

Macha|2 years ago

> Firewalls tend to support DNS, use it :)

So I did check and my firewall (the one built into my Unifi UDM), doesn't.

dxld|2 years ago

Sad to say I'm surprised the proprietary vendors are lagging behind here, but there should be no architectural reason you can't deploy a more reasonable firewall.