Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| diy_rfc2136_dyndns_with_bind [29.10.2013 13:44] – Pascal Suter | diy_rfc2136_dyndns_with_bind [25.06.2021 12:39] (current) – Pascal Suter | ||
|---|---|---|---|
| Line 2: | Line 2: | ||
| ever since dyndns stopped to be completely free (including hassle-free) i was looking for alternatives. i recently stumbled across RFC2136 which can be used to provide dynamic dns services. since i have access to two nameservers running bind i decided to try it out.. it works pretty nicely :) | ever since dyndns stopped to be completely free (including hassle-free) i was looking for alternatives. i recently stumbled across RFC2136 which can be used to provide dynamic dns services. since i have access to two nameservers running bind i decided to try it out.. it works pretty nicely :) | ||
| - | there is a [[https:// | + | this is an improved version, now that i know more about bind, over my [[diy_rfc2136_dyndns_with_bind& | 
| + | |||
| + | this following howto will explain how i did my setup so that i could have a little bash script that would allow me to add new hosts to my dyndns with a single command. all my hosts will end with .dyn.mydomain.ch. | ||
| + | |||
| + | i can run | ||
| + | / | ||
| + | and it will add a new host called myhost.dyn.mydomain.ch | ||
| so here is how i did it: | so here is how i did it: | ||
| + | |||
| first of all i wanted to be able to have a simple script that would allow me to add new hosts with a minimum amount of work. so i split my config into different files, so i could later edit them automatically. also, you want to make sure the file where the keys are stored is not world readable.. | first of all i wanted to be able to have a simple script that would allow me to add new hosts with a minimum amount of work. so i split my config into different files, so i could later edit them automatically. also, you want to make sure the file where the keys are stored is not world readable.. | ||
| * create a directory that holds all the dynamic dns stuff: < | * create a directory that holds all the dynamic dns stuff: < | ||
| Line 11: | Line 18: | ||
| $ORIGIN . | $ORIGIN . | ||
| $TTL 30 ; 30 seconds | $TTL 30 ; 30 seconds | ||
| - | dyn.mydomain.ch IN SOA ns1.mydomain.ch. hostmaster.mydomain.ch. ( | + | dyn.mydomain.ch IN SOA ns1.mydomain.ch. hostmaster.mydomain.ch. ( | 
| 2013102704 ; serial | 2013102704 ; serial | ||
| 900 | 900 | ||
| 600 | 600 | ||
| - | 2600 ; expire (43 minutes 20 seconds) | + | 604800 | 
| 30 | 30 | ||
| ) | ) | ||
| NS ns1.mydomain.ch. | NS ns1.mydomain.ch. | ||
| - | NS ns2.mydomain.ch. | + | NS ns3.mydomain.ch. | 
| </ | </ | ||
| * create an empty keys.conf file < | * create an empty keys.conf file < | ||
| Line 28: | Line 34: | ||
| type master; | type master; | ||
| file "/ | file "/ | ||
| - | allow-update { | + | update-policy | 
| - | // | + | grant *.dyn.mydomain.ch. self *.dyn.mydomain.ch. A; | 
| + | grant local-ddns zonesub any; | ||
| }; | }; | ||
| allow-query { | allow-query { | ||
| Line 35: | Line 42: | ||
| }; | }; | ||
| }; | }; | ||
| - | </ | + | </ | 
| - | * edit your main named.conf file, usually in / | + |  | 
| - | * create the "add_new_host.sh" script that will add new hosts to our setup. here are the contents of the script: <code> | + | |
| #!/bin/bash | #!/bin/bash | ||
| if [ -z " | if [ -z " | ||
| Line 45: | Line 51: | ||
| fi | fi | ||
| cd / | cd / | ||
| - | mkdir tmp | ||
| - | cd tmp | ||
| hostname=${1}.dyn.mydomain.ch. | hostname=${1}.dyn.mydomain.ch. | ||
| echo " | echo " | ||
| - | keyfile=`dnssec-keygen -a HMAC-MD5 -b 128 -n HOST ${hostname}` | + | key=$(tsig-keygen -a hmac-md5 ${hostname}) | 
| - | key=`grep " | + | echo "here is the HMAC-MD5 | 
| - | echo "here is the key i have generated, use this to configure your client: | + | echo "-----------------8< | 
| - | cd .. | + | echo "${key}" | grep " | 
| - | rm -rf tmp | + | echo " | 
| - | echo "adding | + | echo "add key to bind config" | 
| - | cat named.conf | + | echo $(echo "$key" | tr -d "\r\n") >> keys.conf | 
| - | echo "key ${hostname} { algorithm hmac-md5; secret \"${key}\"; };" | + | |
| - | echo " | + | |
| echo " | echo " | ||
| - | /etc/init.d/bind9 reload | + | /usr/sbin/rndc reload | 
| echo " | echo " | ||
| - | grep "key " named.conf | awk '{ print $2; }' | tr -d ";" | + | grep "key " | 
| + | * now set the permissions so that especially the keys.conf file is only readable by bind and editable by root. also the dyn directory must be writeable by bind or if you don't want that, touch a file called dyn.mydomain.ch.jnl and make it writeable for bind, as well as making the dyn.mydomain.ch file writeable for bind. here is how i've set the permissions on my server: < | ||
| + | drwxrwxr-- 2 root bind 4096 Oct 29 13:45 ./ | ||
| + | drwxr-sr-x 3 root bind 4096 Oct 29 11:47 ../ | ||
| + | -rwx------ 1 root root 904 Oct 29 13:45 add_new_host.sh* | ||
| + | -rw-r--r-- 1 bind bind 434 Oct 29 13:20 dyn.mydomain.ch | ||
| + | -rw-r--r-- 1 bind bind 1230 Oct 29 13:15 dyn.mydomain.ch.jnl | ||
| + | -rw-r----- 1 root bind 356 Oct 29 13:45 keys.conf | ||
| + | -rw-r--r-- 1 root bind 322 Oct 29 13:45 named.conf | ||
| + | </ | ||
| + | * now use the script to add your first hostname. < | ||
| + | ===== script to remove hosts ===== | ||
| + | optionally you can also create a little script to remove hosts just as easily. create a file called remove_hosts.sh with the following contents< | ||
| + | # | ||
| + | if [ -z " | ||
| + | echo " | ||
| + | echo " | ||
| + | exit 1 | ||
| + | fi | ||
| + | cd / | ||
| + | hostname=${1}.dyn.mydomain.ch. | ||
| + | echo "old keys.conf entry: " | ||
| + | grep -E '[ " | ||
| + | echo " | ||
| + | sed -i '/[ " | ||
| + | echo " | ||
| + | / | ||
| + | echo " | ||
| + | echo -e " | ||
| + | / | ||
| + | echo " | ||
| + | grep "key " keys.conf | awk '{ print $2; }' | tr -d ";" | ||
| </ | </ | ||
| + | make it executable and run it to remove hotsts. **warning** make a backup of your keys.conf and your named.conf file before testing this :) | ||
| + | ./ | ||