Native Dynamic DNS
Sometimes it is necessary to register the DNS for a computer with a dynamic IP address. A simple way to do this is with services of the dyndns type described in a recent topic. We bind a domain and a dynamic IP . Sometimes this approach works quite poorly.
For example, in my situation, the provider sometimeschanges my public IP address. This sometimes happens usually every few months. In addition, my home computer reboots extremely rarely. During this time, the dyndns service that I used earlier managed to send me inactive notifications a couple of times in order to disable the "unused" account. Switching to a manually assigned DNS zone also fails, because sometimes the address does change. And usually you will find out about it when you need access to your home computer here and now.
To implement the described method, you will need a server on the Internet with a DNS bind server on it. And also the domain zone, the subdomain of which we will allocate for our computer. The option of connecting a Linux computer to a Linux server is described. To use other operating systems, you will need to read the manuals and modify some steps.
So:
1. We have installed bind9 server with the server.org domain
2. Create a zone client.server.org.zone: here the servers ns1.server.net and ns2.server.net are the DNS servers for our zone, client.server.net - the address of our home computer 3. generate keys on the client: 4. Create a file with a key on the server: In this case, a symmetric key is used, which is unsafe: if someone has access to the file with keys on your server, he can use your key to change the data for your zone. In this case, you can use an asymmetric key. We set permissions to the file with the keys: 5. add our zone to named.conf:
A parameter is specified here that allows updating zone data. In general, after reading the manuals, you can find the options for this parameter that allow updating only one record in the zone for a given key. That is, you can have a zone with client1, client2, etc. subdomains registered in it which will be authorized with keys key1, key2, etc.
6. Restart the DNS server:
7. Create a script on the client that will update the zone data: At the beginning of the script, the corresponding parameters are described: interface, server and zone names, file location with the key. 8. It remains only to configure autorun / automatic change of address when changing DNS. We will do this using a script for NetworkManager: create the file /etc/NetworkManager/dispatcher.d/20-dyndns.sh:
Make it executable and owned by the root user.
Run-check-use.
Upd: If it doesn’t work, we check (install) the named permissions on the server to write to the folder in which the client.server.org.zone
named file will create the client.server.org.zone.jnl file
The following materials are used:
http: / /www.freebsdwiki.net/index.php/BIND,_dynamic_DNS
http://blog.jasonantman.com/2010/04/bind9-dynamic-dns/
http://www.oceanwave.com/technical-resources/unix- admin / nsupdate.html
The above key is taken from the same place.
For example, in my situation, the provider sometimeschanges my public IP address. This sometimes happens usually every few months. In addition, my home computer reboots extremely rarely. During this time, the dyndns service that I used earlier managed to send me inactive notifications a couple of times in order to disable the "unused" account. Switching to a manually assigned DNS zone also fails, because sometimes the address does change. And usually you will find out about it when you need access to your home computer here and now.
To implement the described method, you will need a server on the Internet with a DNS bind server on it. And also the domain zone, the subdomain of which we will allocate for our computer. The option of connecting a Linux computer to a Linux server is described. To use other operating systems, you will need to read the manuals and modify some steps.
So:
1. We have installed bind9 server with the server.org domain
2. Create a zone client.server.org.zone: here the servers ns1.server.net and ns2.server.net are the DNS servers for our zone, client.server.net - the address of our home computer 3. generate keys on the client: 4. Create a file with a key on the server: In this case, a symmetric key is used, which is unsafe: if someone has access to the file with keys on your server, he can use your key to change the data for your zone. In this case, you can use an asymmetric key. We set permissions to the file with the keys: 5. add our zone to named.conf:
$ORIGIN .
$TTL 10 ; 10 seconds
client.server.net IN SOA ns1.server.net. hostmaster.server.net. (
18 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10 ; minimum (10 seconds)
)
$TTL 3600 ; 1 hour
NS ns1.server.net.
NS ns2.server.net.
MX 10 client.server.net.
client# cd /etc/namedb/keys
client# dnssec-keygen -b 512 -a HMAC-MD5 -v 2 -n HOST client.server.net.
server# cd /var/named/chroot/etc
server# vim keys.conf :
key client.server.net. {
algorithm "HMAC-MD5";
secret "omr5O5so/tZB5XeGuBBf42rrRJRQZB8I9f+uIIxxei8qm7AVgNBprxtcU+FQMzBvU/Y+nyM2xbs/C8kF3eJQUA==";
};
server# chmod 640 keys.conf
server# chown root:named keys.conf
include "/etc/keys.conf"
zone "client.server.net" {
type master;
file "zones/client.server.net";
allow-update{
key client.server.net;
};
};
A parameter is specified here that allows updating zone data. In general, after reading the manuals, you can find the options for this parameter that allow updating only one record in the zone for a given key. That is, you can have a zone with client1, client2, etc. subdomains registered in it which will be authorized with keys key1, key2, etc.
6. Restart the DNS server:
server# /etc/init.d/named reload
7. Create a script on the client that will update the zone data: At the beginning of the script, the corresponding parameters are described: interface, server and zone names, file location with the key. 8. It remains only to configure autorun / automatic change of address when changing DNS. We will do this using a script for NetworkManager: create the file /etc/NetworkManager/dispatcher.d/20-dyndns.sh:
#!/bin/bash
IFACE="wlan0"
TTL=3600
SERVER=ns1.example.com
HOSTNAME=foo.example.com
ZONE=example.com
KEYFILE=/root/ddns-keys/Kfoo.example.com.+157+12345.private
new_ip_address=`ifconfig $IFACE | grep "inet addr:" | awk '{print $2}' | awk -F ":" '{print $2}'`
new_ip_address=${new_ip_address/ /}
nsupdate -v -k $KEYFILE << EOF
server $SERVER
zone $ZONE
update delete $HOSTNAME A
update add $HOSTNAME $TTL A $new_ip_address
send
EOF
#!/bin/sh
iface=$1
state=$2
if [ "x$state" == "xup" ] ; then
/etc/namedb/ddns-update
elif [ "x$state" == "xdown" ]; then
true
fi
Make it executable and owned by the root user.
Run-check-use.
Upd: If it doesn’t work, we check (install) the named permissions on the server to write to the folder in which the client.server.org.zone
named file will create the client.server.org.zone.jnl file
The following materials are used:
http: / /www.freebsdwiki.net/index.php/BIND,_dynamic_DNS
http://blog.jasonantman.com/2010/04/bind9-dynamic-dns/
http://www.oceanwave.com/technical-resources/unix- admin / nsupdate.html
The above key is taken from the same place.