Feature Requests Publish the list of the monitoring nodes via multiple DNS records
Completed
When our firewall (PFSense) is given a DNS record (such as monitors.updown.io), it will regularly query this record and turn it into a list of IP addresses - which are allowed to enter our internal network via NAT to query servers.
So if you can setup and update something like monitors.updown.io with the 8 A records to Canada, Los Angeles, Frankfurt... we would have nothing to configure or update on our multiple firewalls ๐
Cilex
Created on December 29, 2021 ยท Last update on July 16, 2024
6 Comments
Yes, PFSense accepts when a DNS query returns multiple AAAA records (https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html). I have no clue about other firewalls, however...
I'm running my systems on OpenBSD and have automated this using a shell script which populates my firewall ruleset with allow rules from those ranges. As you're publishing the IPs in JSON, they require parsing which I'm using jq for
Some firewall products come with plugins for that, others' rulesets can be populated using scripting
Ok I have created
ips.updown.iowhich will hold all IPv4 and IPv6 for all daemons.Documentation: https://updown.io/api#dns
Thanks @Stefan for this comment, I'm sure it'll be helpful to others !
ips.updown.io works perfect !
Thank you !
Update : it didn't work immediately, I had to change the FQDN to something dummy and change back to the correct value...
Ok thanks for the confirmation :)
Sign in to comment