This is project is for Mikrotik users who wants to import dhcp client names into dns. (BIND, FreeIPA, Active Directory) The script uses dig and nsupdate for dns management and Python Flask for webserver. Mikrotik doenst list client names over snmp, and does not support dns record deletion, so we need a workaround for a proper dns management in case we have our dhcp server running on our mikrotik devices. To fix this we use a script on the mikrotik router which creates disabled static records for all dhcp leases what is used by the cleanup feature. The script will trigger dns deletion of expired/removed leases, will also track changed and add new leases into dns.
- Dockerfile Centos 7 Based Dockerfile, for running the Python based webserver
- mikrotik.py This is the webserver, and this script communicates to dns via nsupdate and dig.
- mikrotik_script.txt This mikrotik script triggers the webserver if dns needs to be changed based on the dhcp list
- A Working DNS Setup. Any server which supports nsupdate based changes.
- A Working Mikrotik router based DHCP server setup.
- A Docker host, or optionally any host which can run python and has Flask, dig, nsupdate
digPath of the dig binary on the system. Defaults for linux systemsnsupdatePath of the nsupdate binary on the system. Defaults for linux systems.keynameKeyname for dynamic updates configured in Bind or any other supported nameserver.keyvalKey secret for the matching keyname.dnsserverThe DNS Server IP address which can be queried by dig.zoneThe DNS Zone what we managettlDNS TTL to set
:local dhcpserver "defconf"The DHCP Server what we will manage.:local zone "<DNS-ZONE>"The DNS Zone what we manage.:local dnsupdater "<IP>:<PORT>"Python Webserver address. Put the IP of the Python Webserver and default port is 5000
- open Scripts under
System / Scripts - add a new script via
+button. - change name (This will be used in scheduler) like
dns-updater - paste mikrotik_script.txt content into source
- click ok
- open Scheduler under
System / Scheduler - add new scheduler via
+button. - change name
- set interval to
00:00:10(10 Seconds) - put script name from before in on-event field. like
dns-updater - click ok
- you can debug under
Log. - For enable debug add under
System / Loggingdebug topic, or script topic.
- build docker cointainer in the directory where the Dockerfile is.
docker build -t mikrotik-dhcpdns . - run the container
docker run -d -p 5000:5000 --restart unless-stopped --name mikrotik-dhcpdns mikrotik-dhcpdns
- install dependencies
dns-utilsdig and nsupdatepython-flaskwebserver
- run script
./mikrotik.py
-
Generate Key
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST <key_name>dnssec-keygen -a HMAC-MD5 -b 512 -n HOST nsupdatensupdate is in this example the key name. -
You should end up with two new files. the secret is in the .private file in the line Starting with Key:
Key: tBoK9ec5CGBFE8VAwUKwqyKTaRidq6a1pt22r9+uFYPbLHEIpNaV8ekRm92nvooE1m3ShH60Musv2O+DGlH9Xw==This key is need innamed.confand inmikrotik.py -
Edit named.conf
key "<key_name>" { algorithm hmac-md5; secret "tBoK9ec5CGBFE8VAwUKwqyKTaRidq6a1pt22r9+uFYPbLHEIpNaV8ekRm92nvooE1m3ShH60Musv2O+DGlH9Xw=="; }; -
restart nameserver to take effect
We need to allow the managed FreeIPA zone, to be updated by the key what we configured in the named.conf
- Go to your IPA UI
Network ServicesthanDNS / DNS Zones - Choose the managed zone, and under
SettingsfindBIND Update policyand extend bygrant nsupdate zonesub A; grant nsupdate zonesub AAAA; grant nsupdate zonesub TXT;. Replace nsupdate by the key_name.
I took the original mikrotik script from https://www.tolaris.com/2014/09/27/synchronising-dhcp-and-dns-on-mikrotik-routers/ That script can be used to have status DNS entries without external DNS server.