Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
diy_rfc2136_dyndns_with_bind [25.06.2021 09:10] – Pascal Suter | diy_rfc2136_dyndns_with_bind [25.06.2021 12:39] (current) – Pascal Suter | ||
---|---|---|---|
Line 2: | Line 2: | ||
ever since dyndns stopped to be completely free (including hassle-free) i was looking for alternatives. i recently stumbled across RFC2136 which can be used to provide dynamic dns services. since i have access to two nameservers running bind i decided to try it out.. it works pretty nicely :) | ever since dyndns stopped to be completely free (including hassle-free) i was looking for alternatives. i recently stumbled across RFC2136 which can be used to provide dynamic dns services. since i have access to two nameservers running bind i decided to try it out.. it works pretty nicely :) | ||
- | there is a [[https:// | + | this is an improved version, now that i know more about bind, over my [[diy_rfc2136_dyndns_with_bind& |
this following howto will explain how i did my setup so that i could have a little bash script that would allow me to add new hosts to my dyndns with a single command. all my hosts will end with .dyn.mydomain.ch. | this following howto will explain how i did my setup so that i could have a little bash script that would allow me to add new hosts to my dyndns with a single command. all my hosts will end with .dyn.mydomain.ch. | ||
Line 34: | Line 34: | ||
type master; | type master; | ||
file "/ | file "/ | ||
- | allow-update { | + | update-policy |
- | // | + | grant *.dyn.mydomain.ch. self *.dyn.mydomain.ch. A; |
+ | grant local-ddns zonesub any; | ||
}; | }; | ||
allow-query { | allow-query { | ||
Line 41: | Line 42: | ||
}; | }; | ||
}; | }; | ||
- | </ | + | </ |
- | * edit your main named.conf file, usually in / | + | * here are the contents |
- | * create | + | |
- | **Note**: this script works with older versions of bind9, i.e. versions 9.14 and older i think. in version 9.16 the '' | + | |
- | + | ||
- | here are the contents of the script: <code bash add_new_host.sh> | + | |
#!/bin/bash | #!/bin/bash | ||
if [ -z " | if [ -z " | ||
Line 54: | Line 51: | ||
fi | fi | ||
cd / | cd / | ||
- | mkdir tmp | ||
- | cd tmp | ||
hostname=${1}.dyn.mydomain.ch. | hostname=${1}.dyn.mydomain.ch. | ||
echo " | echo " | ||
- | keyfile=`dnssec-keygen -a HMAC-MD5 -b 128 -n HOST ${hostname}` | + | key=$(tsig-keygen -a hmac-md5 ${hostname}) |
- | key=`grep " | + | echo "here is the HMAC-MD5 |
- | echo "here is the key i have generated, use this to configure your client: | + | echo "-----------------8< |
- | cd .. | + | echo "${key}" | grep " |
- | rm -rf tmp | + | echo " |
- | echo "adding | + | echo "add key to bind config" |
- | cat named.conf | + | echo $(echo "$key" | tr -d "\r\n") >> keys.conf |
- | echo "key ${hostname} { algorithm hmac-md5; secret \"${key}\"; };" | + | |
- | echo " | + | |
echo " | echo " | ||
- | /etc/init.d/bind9 reload | + | /usr/sbin/rndc reload |
echo " | echo " | ||
- | grep "key " | + | grep "key " |
- | </ | + | |
* now set the permissions so that especially the keys.conf file is only readable by bind and editable by root. also the dyn directory must be writeable by bind or if you don't want that, touch a file called dyn.mydomain.ch.jnl and make it writeable for bind, as well as making the dyn.mydomain.ch file writeable for bind. here is how i've set the permissions on my server: < | * now set the permissions so that especially the keys.conf file is only readable by bind and editable by root. also the dyn directory must be writeable by bind or if you don't want that, touch a file called dyn.mydomain.ch.jnl and make it writeable for bind, as well as making the dyn.mydomain.ch file writeable for bind. here is how i've set the permissions on my server: < | ||
drwxrwxr-- 2 root bind 4096 Oct 29 13:45 ./ | drwxrwxr-- 2 root bind 4096 Oct 29 13:45 ./ | ||
Line 93: | Line 85: | ||
hostname=${1}.dyn.mydomain.ch. | hostname=${1}.dyn.mydomain.ch. | ||
echo "old keys.conf entry: " | echo "old keys.conf entry: " | ||
- | grep ${hostname} keys.conf | + | grep -E '[ " |
echo " | echo " | ||
- | cat named.conf | sed -e "/ | + | sed -i '/[ " |
- | cat keys.conf | sed -e "/^key ${hostname}.*$/d" | tee keys.conf | + | |
echo " | echo " | ||
- | /etc/init.d/bind9 reload | + | /usr/sbin/rndc reload |
- | echo " | + | echo " |
- | grep "key " | + | echo -e " |
+ | / | ||
+ | echo " | ||
+ | grep "key " | ||
</ | </ | ||
make it executable and run it to remove hotsts. **warning** make a backup of your keys.conf and your named.conf file before testing this :) | make it executable and run it to remove hotsts. **warning** make a backup of your keys.conf and your named.conf file before testing this :) | ||
./ | ./ | ||