dynamic-dns

Creating a dynamic DNS entry in your DNS

This page details how to create a dynamic dns host entry for a system that is behind a fire-walled cable modem or other such network connection that has a public IP address that changes from time to time (more than hourly). This example has been implemented on a Solaris system behind the firewall, and a BIND 9 system running on a name server on the Internet.

References have been generalized for host.domain.ca. If you use this example, replace these examples with your hostname.

TSIG Transaction Signatures

You need to have bind and the bind utilities installed (greater than Bind 8).

On the client side:

 #> mkdir /etc/ddns
 #> cd /etc/ddns
 #> /opt/csw/sbin/dnssec-keygen -a HMAC-MD5 -b 128 -n HOST  host.domain.ca.

Transfer the public key to the public DNS server

On the server side

• Add keys to directory

 #> mkdir /var/named/keys
 #> $EDITOR /etc/named.conf

Add the following to named.conf on the bind server:

 // - Include keys.conf for dynamic dns
 include "keys.conf";

and to the domain entry:

  allow-update { key host.domain.ca.; };

• create the keys.conf config file on the bind server (master).

 #> vi /var/named/keys.conf

 key host.domain.ca. {
   algorithm hmac-md5;
   secret "blahblahblah";
 };

HUP named

On the client side:

  Run the nsupdate command from the client
  client-root-#nsupdate -k /etc/ddns/Khost.domain.ca.+157+55549.private
  > update delete host.domain.ca IN A
  > update add host.domain.ca. 600 IN A nnn.nnn.nnn.nnn
  > send
  > quit

Alternative one line command

 /opt/csw/bin/nsupdate -k /etc/ddns/Khost.domain.ca.+157+55549.private -d /etc/nsupdate

 /etc/nsupdate contains the update commands to be sent with the new public address.

Automating for hosts behind a firewall with a public address

Update Script

#!/bin/sh

TEMPFILE=/tmp/dyndns.cmd
OLDIP_FILE=/var/tmp/dyndns.myip
KEYFILE=/etc/ddns/Khost.domain.ca.+123+45678.private

OLDIP=`/bin/cat ${OLDIP_FILE}`

NEWIP=`/opt/csw/bin/wget -q -O- http://whatismyip.org/`

echo old is $OLDIP, new is $NEWIP

if [ "$OLDIP" = "$NEWIP" ] ; then
echo IP is the same
exit 0
fi

# else - update it

echo update delete host.domain.ca IN A > $TEMPFILE
echo update add host.domain.ca 600 IN A $NEWIP >> $TEMPFILE
echo  >> $TEMPFILE

/opt/csw/bin/nsupdate \
        -k ${KEYFILE} \
        -d $TEMPFILE

# hopefully that gives us a good exit status

if [ $? = 0 ] ; then
echo $NEWIP > $OLDIP_FILE
exit 0
fi

References

• http://caunter.ca/nsupdate.txt
• http://www.oceanwave.com/technical-resources/unix-admin/nsupdate.html
• http://fengnet.com/book/DNS.and.BIND.5th.Edition/dns5-CHP-11-SECT-1.html
• http://linux.yyz.us/nsupdate/
• http://linux.yyz.us/dns/ddns-server.html