Native Dynamic DNS

    Sometimes it is necessary to register the DNS for a computer with a dynamic IP address. A simple way to do this is with services of the dyndns type described in a recent topic. We bind a domain and a dynamic IP . Sometimes this approach works quite poorly.

    For example, in my situation, the provider sometimeschanges my public IP address. This sometimes happens usually every few months. In addition, my home computer reboots extremely rarely. During this time, the dyndns service that I used earlier managed to send me inactive notifications a couple of times in order to disable the "unused" account. Switching to a manually assigned DNS zone also fails, because sometimes the address does change. And usually you will find out about it when you need access to your home computer here and now.

    To implement the described method, you will need a server on the Internet with a DNS bind server on it. And also the domain zone, the subdomain of which we will allocate for our computer. The option of connecting a Linux computer to a Linux server is described. To use other operating systems, you will need to read the manuals and modify some steps.


    So:
    1. We have installed bind9 server with the server.org domain
    2. Create a zone client.server.org.zone: here the servers ns1.server.net and ns2.server.net are the DNS servers for our zone, client.server.net - the address of our home computer 3. generate keys on the client: 4. Create a file with a key on the server: In this case, a symmetric key is used, which is unsafe: if someone has access to the file with keys on your server, he can use your key to change the data for your zone. In this case, you can use an asymmetric key. We set permissions to the file with the keys: 5. add our zone to named.conf:

    $ORIGIN .
    $TTL 10 ; 10 seconds
    client.server.net IN SOA ns1.server.net. hostmaster.server.net. (
    18 ; serial
    10800 ; refresh (3 hours)
    3600 ; retry (1 hour)
    604800 ; expire (1 week)
    10 ; minimum (10 seconds)
    )
    $TTL 3600 ; 1 hour
    NS ns1.server.net.
    NS ns2.server.net.
    MX 10 client.server.net.





    client# cd /etc/namedb/keys
    client# dnssec-keygen -b 512 -a HMAC-MD5 -v 2 -n HOST client.server.net.



    server# cd /var/named/chroot/etc
    server# vim keys.conf :


    key client.server.net. {
    algorithm "HMAC-MD5";
    secret "omr5O5so/tZB5XeGuBBf42rrRJRQZB8I9f+uIIxxei8qm7AVgNBprxtcU+FQMzBvU/Y+nyM2xbs/C8kF3eJQUA==";
    };





    server# chmod 640 keys.conf
    server# chown root:named keys.conf



    include "/etc/keys.conf"
    zone "client.server.net" {
    type master;
    file "zones/client.server.net";
    allow-update{
    key client.server.net;
    };
    };


    A parameter is specified here that allows updating zone data. In general, after reading the manuals, you can find the options for this parameter that allow updating only one record in the zone for a given key. That is, you can have a zone with client1, client2, etc. subdomains registered in it which will be authorized with keys key1, key2, etc.

    6. Restart the DNS server:
    server# /etc/init.d/named reload

    7. Create a script on the client that will update the zone data: At the beginning of the script, the corresponding parameters are described: interface, server and zone names, file location with the key. 8. It remains only to configure autorun / automatic change of address when changing DNS. We will do this using a script for NetworkManager: create the file /etc/NetworkManager/dispatcher.d/20-dyndns.sh:
    #!/bin/bash
    IFACE="wlan0"
    TTL=3600
    SERVER=ns1.example.com
    HOSTNAME=foo.example.com
    ZONE=example.com
    KEYFILE=/root/ddns-keys/Kfoo.example.com.+157+12345.private

    new_ip_address=`ifconfig $IFACE | grep "inet addr:" | awk '{print $2}' | awk -F ":" '{print $2}'`
    new_ip_address=${new_ip_address/ /}

    nsupdate -v -k $KEYFILE << EOF
    server $SERVER
    zone $ZONE
    update delete $HOSTNAME A
    update add $HOSTNAME $TTL A $new_ip_address
    send
    EOF







    #!/bin/sh

    iface=$1
    state=$2

    if [ "x$state" == "xup" ] ; then
    /etc/namedb/ddns-update
    elif [ "x$state" == "xdown" ]; then
    true
    fi


    Make it executable and owned by the root user.

    Run-check-use.

    Upd: If it doesn’t work, we check (install) the named permissions on the server to write to the folder in which the client.server.org.zone
    named file will create the client.server.org.zone.jnl file

    The following materials are used:
    http: / /www.freebsdwiki.net/index.php/BIND,_dynamic_DNS
    http://blog.jasonantman.com/2010/04/bind9-dynamic-dns/
    http://www.oceanwave.com/technical-resources/unix- admin / nsupdate.html
    The above key is taken from the same place.

    Also popular now: