Good afternoon, we are currently looking for an optimal solution to dynamically resolve A records in firewall proxmox, currently as I understand proxmox does not know how to do it and has no plans to learn how to do it. There are several solutions on the internet how to do it with the help of external scripts, resolve records and put them in ipset. Is there any recommended/optimal solution to this problem.
UDP: I've read this thread, but it's been a while, so maybe there is a new approach.
Right now it's seen as a script like this and a cron job
UDP: I've read this thread, but it's been a while, so maybe there is a new approach.
Right now it's seen as a script like this and a cron job
Code:
#!/bin/bash
DOMAIN="example.com"
IPSET_NAME="trusted_hosts"
LOG="/var/log/dns_firewall.log"
NEW_IP=$(dig +short $DOMAIN A @8.8.8.8)
[ -z "$NEW_IP" ] && { echo "$(date) - DNS resolution failed" >> $LOG; exit 1; }
CURRENT_IP=$(pvesh get /cluster/firewall/ipset/$IPSET_NAME --output-format json | \
jq -r ".[] | select(.name == \"$DOMAIN\") | .cidr | sub(\"/.*\"; \"\")")
if [ "$NEW_IP" != "$CURRENT_IP" ]; then
[ -n "$CURRENT_IP" ] && pvesh delete /cluster/firewall/ipset/$IPSET_NAME/$DOMAIN
pvesh create /cluster/firewall/ipset/$IPSET_NAME -cidr "$NEW_IP/32" -name "$DOMAIN"
echo "$(date) - Updated $DOMAIN: $CURRENT_IP -> $NEW_IP" >> $LOG
fi