[ale] Dynamic DNS

Stephen J. Pellicer spellicer at itillious.com
Wed Nov 14 17:07:44 EST 2001 

You can do this with standard bind. I had a setup where my home box with
cable modem updated a bind dns server on linux that I owned. I used the
DNSSec stuff to sign requests to change from the cable modem box. You don't
have to go that far, but it's not too hard and it is recommended.

On the DNS server add something like:
key host.domain.com. {
	algorithm "hmac-md5";
	secret "base64KeyString";
};

zone "domain.com" {
	type master;
	file "domain.dom.dns";
	update-policy {grant host.domain.com. name host.domain.com A;};
};

You have to use dnssec-keygen to setup a host key that matches with the key
from the name server:

dnssec-keygen -a HMAC-MD5 -b 512 -n HOST host.domain.com

Then on the home box, I set up my post-pump script to run every time I got a
new DHCP lease:

if [ $2 == 'eth1' ] && ( [ $1 == 'renewal' ] || [ $1 == 'lease' ] ); then
        echo "server ns1.domain.com.
update delete host.domain.com. A
update add host.domain.com. 3600 A $3

" | nsupdate -k /etc/sysconfig/Khost.domain.com.+157+58713.key > /dev/null
fi

I think that should do it. There are easier ways to do this, I'm sure, but
this is what I came up with as a balance between security and ease of setup.
I had a hard time finding good resources for all of it. It was mostly
digging through the bind docs. Don't quote me on the dnssec-keygen command
line. I was doing that from the man page, I forget how I specifically did it
before.

Stephen

> -----Original Message-----
> From: Leonard Thornton [mailto:Leonard at Intelis-inc.net]
> Sent: Wednesday, November 14, 2001 11:46 AM
> To: ale at ale.org
> Subject: [ale] Dynamic DNS
>
>
> Here's the scenario.....I have dedicated internet connectivity at
> my office
> (T1 and DSL) with my own DNS servers, web servers, domain names, etc.  At
> home, I have a cable modem with the usual DHCP that changes my IP
> occassionally as well as my own personal domain name.  The OS environment
> is Linux (RH) top to bottom......
>
> I would like to be able to implement dynamic DNS between my home
> setup and
> my DNS servers in the office to handle my personal domain from
> home rather
> than co-locating it at my office (Basically, become my own DynDNS.org, so
> to speak).  Has anyone done this who would be willing to share the gory
> details?
>
> The difficult while you wait.....the impossible overnight.
>
> Leonard Thornton
> Intelis, Inc.
> 5960 Crooked Creek Rd
> Suite 30
> Norcross, GA  30092
>
> Office: 770.825.0032
> Fax:            770.825.0028
> Cellular:       404.583.5402
> Pager:          888.785.9188
> Email:          Leonard at Intelis-Inc.net
> http://www.intelis-inc.com
> http://www.intelis-inc.net
>
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info.
> Problems should be
> sent to listmaster at ale dot org.
>


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list