Dynamic DNS Setup

July 2, 2006

Notes on setting up a dynamic dns for home with bind-9.x

  1. Generating Secure DNS Keys
  2. On the home/client machine:

    # mkdir /etc/bind/tsig
    # cd /etc/bind/tsig
    # dnssec-keygen -a HMAC-MD5 -b 128 -n HOST host.domain.tld.

    Note the “.” after the tld. This generates the public and the private keys.

  3. named.conf
  4. On the remote server:

    Edit “/etc/named.conf” and add the generated key to the conf. (Note the trailing dot):

    key host.domain.tld. {
    algorithm hmac-md5;
    secret "qUSfVtkYf7WLxiZaOTN3Ua==";

  5. Grant Authority
  6. Still on the remote server:

    Edit the “/etc/bind/zone.domain.tld” file, and modify the current allow-update line to include the key.

    allow-update   { key "default_key."; key "host.domain.tld."; };

    This allows full authority to modify any record within the domain (Be Warned).

    Restart named and make sure nothing is broken.

  7. nsupdate
  8. Back to the client machine:

    Run nsupdate to test that the client can now make updates.

    # nsupdate -k /etc/bind/tsig/Khost.domain.tld.*.key
    > update delete host.domain.tld A
    > update add host.domain.tld. 600 A
    > send
    > quit

    It first deletes host.domain.tld if it already exists, then recreates it with the given TTL, type, and IP address. The TTL is the time-to-live, which is a value used by other DNS servers to determine how often they refresh the entry for this host. A smaller values means they’ll refresh more often, which is what you want for a dynamic entry. “send” tells nsupdate to send the updates to the server.

  9. Automate
  10. Create a script and put it in a 10 minute cron to check for changes in the wan ip address and run nsupdate automagically.

    # cat /etc/cron.d/ddns
    */10 * * * * root /etc/bind/ddns

    Below is an example script that gets the info from a Belkin wireless router within the home lan.

    # ddnsHOSTNAME="host.domain.tld"
    NEW_IP=`wget -q -O - | grep "Up.*dw" | tr "\n" " " | awk -F "'" '{print $12}'`
    function do_nsupdate {
    echo "New IP address (${NEW_IP}) found. Updating..." >> $LOG
    echo $NEW_IP > $IP_FILE
    nsupdate -k $KEYFILE >> $LOG << EOF
    update delete $HOSTNAME A
    update add $HOSTNAME $TTL A $NEW_IP
    if [ ! -f $IP_FILE ]; then
    echo "Creating $IP_FILE..." >> $LOG
    OLD_IP=`cat $IP_FILE`
    if [ "$NEW_IP" = "$OLD_IP" ]; then
    echo "new and old IPs (${OLD_IP}) are same. Exiting..." >> $LOG
    exit 0
    exit 0

One comment

  1. it is very good

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: