Wiki source for DynamicDNSSetup


Show raw source

======Setup of dynamic DNS (using a remote server that is owned)======

I had to do some more setup to delegate a domain to dibbley (I normally do all my DNS on FreeParking), but I presume you will be creating a dynamic sub-domain of a domain which dibbley is already authoritative for. I have mydom.org managed on freeparking, so I delegated sub.mydom.org to dibbley, and I do dyn-dns updates of lem.sub.mydom.org (which is my home server). I also happen to have a CNAME for lem.mydom.org pointing to lem.sub.mydom.org, just to make things pretty.

So, assuming box.co.nz is managed by dibbley, these docs let you setup a sub-domain like home.box.co.nz to resolve to your home IP. My examples will show the setup for lem.sub.mydom.org


On dibbley, I have already edited /etc/bind/named.conf to include a file for dyndns records, so you don't need to edit named.conf (the line I added was to include "/etc/bind/named.conf.dynamic")

I've also created "/etc/bind/keys" on dibbley to hold the TSIG keys. Create keys like this:

$ cd /etc/bind/keys
$ sudo dnssec-keygen -a hmac-sha512 -b 512 -n HOST lem.sub.mydom.org
Klem.sub.mydom.org.+165+55161

Observe the keys if so inclined (I have redacted bits of mine, for security):

$ ls /etc/bind/keys
Klem.sub.mydom.org.+165+55161.key
Klem.sub.mydom.org.+165+55161.private

$ sudo cat /etc/bind/keys/Klem.sub.mydom.org.+165+55161.private
%%Private-key-format: v1.3
Algorithm: 165 (HMAC_SHA512)
Key: 1ThRt61khEE86Wejik8ayssW...SNIP...nm1Oa73qm9i6g4JK89WxyzzyForNiCate663hwtaiusjhOUWeefF==
Bits: AAA=
Created: 20170613073736
Publish: 20170613073736
Activate: 20170613073736%%

$ sudo cat /etc/bind/keys/Klem.sub.mydom.org.+165+55161.key
%% lem.sub.mydom.org. IN KEY 512 3 165 1ThRt61khEE86Wejik8ayssW...SNIP...nm1Oa73qm9i6g4JK89Wxyz zyForNiCate663hwtaiusjhOUWeefF==%%

Edit "/etc/bind/named.conf.dynamic" to add "key" and "zone" entries like mine. You'll need to include the contents of the ".key" file in your "secret" line.

Note that the "zone" section needs to specify a file in "/var/lib/bind" - bind has no write access to "/etc/bind" so can't update a zone file there. Mine is:
file "/var/lib/bind/lem.sub.mydom.org.zone";

Create your zone file in /var/lib/bind, and make it somewhat like mine. For the "serial", set it to the current date with an extra 2 zeroes on the end, like "YYYYMMDD00". Or something else which pleases you. Ideally set the IP to something wrong so that you can see it change when you dynamically update it.


On your home machine, setup the attached script as a cron job (I run it every 15 min, as myself - not root) and edit it to suit. Install "dnsutils" if you haven't already, to get nsupdate.
You'll need to create a data dir like "~/.local/share/mydom_dyndns_dibbley.sh.data/" and put your ".key" and ".private" files there (might not require both of them - dunno). The cache and log files will be auto-created eg.
user@lem:~$ ls ~/.local/share/mydom_dyndns_dibbley.sh.data/
Klem.sub.mydom.org.+165+55161.key
Klem.sub.mydom.org.+165+55161.private
lem.sub.mydom.org.IP_cache.txt
lem.sub.mydom.org.log

Hopefully it will all work when the cron job runs (or if you manually run the update script).


NOTES:
- security/permissions of the bind files may be suboptimal, but I've not got around to fixing.
- most of these docs came from http://dag.wiee.rs/howto/bits/bind-ddns.php and http://linux.yyz.us/dns/ddns-server.html
- there is still something missing in my setup, but it's working. I think it was something about my domain delegation.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki