I have two servers, one has static IP addresses (the gateway), the other doesn't (the frontend).
Tunneled directly │ Over the public network
[FRONTEND]────[GATEWAY]╝ → [GATEWAY]╕
│ → [INTRANET]────[FRONTEND]┘
[INTRANET] →
In order for the gateway to always know how to route connections to the dynamically-addressed frontend, the gateway also acts as a OpenVPN server thus the frontend from the POV of the gateway has a static RFC1918 address. The VPN link is a site-to-site connection as well as a WAN-type connection and OSPF is used to route the traffic so there's no NAT between the sites. It works well, except perhaps you noticed I use plural when I referred to the addresses…
I have been trying to perform some sort of load-balancing and/or failover but no matter how hard I've tried and despite OSPF active on every single interface (passive+active) of all routers, some routing loop is detected and the whole thing falls down or is a lossy link. I'd like to change my approach and just route over the open Internet but I need the if for some reason the IP address changes, which is a rare occurrence but a possibility nevertheless for updates to be instant. So I don't want to set up BIND either. The high frequency would probably mean I would need to flush caches non-stop.
I have a Cloudflare STUN-like serverless worker or function or whatever that you can curl and it gives only your IP address as the response, I was thinking maybe setting a cron job to do just that endlessly and transform its output as a hostname in the hosts file which would be next rsynced to the remote server gateway. Sound almost too easy, but to be honest, I'm a little apprehensive modifying a system file with my poor sed/awk skills and I don't know any programming or scripting language, unless Bash were one (it's an interpreter, right?). Furthermore, the Cloudflare worker starts raking up a bill after a given amount of CPU time with an billing scheme more convoluted than Cloudflare's own API for updating DNS records. It's in the hundreds of thousands of invocations, I think, but I rather explore other Cloudflareless options first.
All of these systems belong to one or more domains, so they all have their own FQDNs, it's just I can't wait for DNS to propagate just for this link. The reason for using the hosts file was simple because DNS would be a variable I could use and the hosts file because it acts immediately and overrules anything else*. It doesn't need to be DNS though, as long as result of the frontend <pinging/notifying/marcopoloing/whatever> the gateway I get an IP address in a variable or file that's usable to make routes. Can a system-wide variable be updated over SSH? I just thought about authentication of the source, it seems like SSH is the easiest way of doing it, off the top of my head.
The gateway runs Linux (RHEL9.2 specifically), and on the frontend I have all kinds of OSes to choose from. It occurred to me that there must be already a tool for this; maybe designed as a component of a DDNS client/server solution that does exactly this so I don't have to reinvent the wheel. :)
Any suggestions?
*: unless you're on Windows; I believe it was telemetry and other Microsoft assets some of the addresses that are hardcoded in the system — search for some Microsoft presentation with speaker Paula Januszkewicz (CQURE) if curious.
