As part of the NS1 Filter Chain, the DHCP filter produces a DDNS-like capability where dynamic records are synthesized by the DNS server based on the lease information within the NS1 DHCP server. The filter is applied to a wildcard record within a zone associated with a DHCP scope group.
With traditional DDNS, as devices go in and out of the network using DHCP, the forward and reverse records are created and added to the DNS server. Then, they are removed on lease expiration. This method can cause data inconsistency between the management application and edge services when the DNS records aren’t scavenged properly. NS1’s approach to DDNS is a bit different: It uses the NS1 Filter Chain to achieve DNS lookups to the same effect allowing NS1 DNS servers to construct the correct response from a digest of streaming lease updates. This allows users to avoid having to manually remove outdated information leveraging rapid propagation.
During scope group configuration, a forward and reverse wildcard record are created in the corresponding existing forward and reverse zones. The records are tied to the lease information stored in the DHCP server. Instead of a DHCP server or client updating the DNS itself, the DNS server is already aware of the lease data and, as devices enter/exit the network, synthesizes the response based on the lease table—automatically matching to the qualifying suffix (zone name) and to the hostname or prefix+hostname.
By default, if a hostname is not requested, the synthesized hostname response takes the form of [qualifying prefix]-[IP].[qualifying suffix]. For example, if a hostname was not requested and the IP granted was 192.168.0.200, then the synthesized forward record is dynamic-192-168-0-200.example.local where example.local is the qualifying suffix and zone name. The synthesized reverse entry is 200-0-168-192.in-addr.arpa. If a client requested the hostname `laptop` and the IP granted was 192.168.0.200, then the synthesized forward response is `laptop.example.local` and the synthesized reversed entry remains 200-0-168-192.in-addr.arpa.
If you are implementing the DHCP filter via the NS1 Connect portal, the wildcard record is created for you automatically—whereas, if you are doing so via API, you must manually add the wildcard record to the appropriate zone.
Log into the NS1 Connect portal, and click IPAM from the top navigation bar.
Create a new subnet, setting the status to "assigned."
Click the menu (three-dots) icon next to the subnet you just created, and click Assign to scope group.
Select the desired scope group from the list.
Navigate to DHCP from the top navigation bar.
Click the menu (three-dots) icon next to the scope group you just created, and select Edit from the list.
Click the checkbox to Enable forward DNS. A new field appears prompting you to select an existing zone.
Start typing the name of the zone (see the note above), and then select it from the list. This adds a wildcard record to the zone.
Click the checkbox next to Generate reverse PTR records on scope assignment to automatically create a reverse zone and wildcard record.
Optionally, enter a prefix.
Create a new forward or reverse zone.
Create corresponding wildcard records in the forward or reverse zones.
For the forward zone: Create an A or AAAA record with a DHCP filter applied (refer to the specific example in the API docs).
For the reverse zone: Create a PTR record with a DHCP filter applied (refer to the specific example in the API docs).
Update the scope group with DDNS synthesis enabled (refer. to the specific example in the API docs), specifying the qualifying suffix, zone, and (optional) prefix.