Own Dynamic DNS
Sometimes it is necessary to register the DNS for a computer with a dynamic IP address. A simple way for this is services like dyndns , described in a recent topic. We connect a domain and dynamic IP . Sometimes this approach works quite badly.
For example, in my situation, the provider sometimes changes my public IP address. This sometimes happens usually every few months. In addition, my home computer restarts extremely rarely. During this time, the dyndns service, which I used earlier, managed to send me a couple of times notifications about inactivity in order to disable the “unused” account. It also fails to switch to a manually prescribed DNS zone, because sometimes the address changes. And usually you will know about it when you need access to a home computer here and now.
To implement the described method, you will need a server on the Internet with a DNS server bind on it. As well as the domain zone, the subdomain of which we will allocate for our computer. Describes the option of connecting a Linux-based computer to a Linux-server. To use other operating systems, you will need to read the manuals and modify some steps.
')
So:
1. We have an installed server bind9 with the domain server.org
2. Create a client.server.org.zone zone:
here is the server ns1.server.net and ns2.server.net - the DNS server for our zone, client.server.net is the address of our home computer
3. Generate keys on the client:
4. Create a file with the key on the server:
In this case, a symmetric key is used, which is not safe: if someone has access to the file with the keys on your server, he can use your key to change the data for your zone. In this case, you can use an asymmetric key.
We expose the access rights to the file with the keys:
5. Add our zone to named.conf:
Here is a parameter that allows you to update the zone data. In general, after reading the manuals, you can find options for this parameter that allow you to update only one entry in the zone for a given key. Ie, you can have a zone with client1, client2, etc. subdomains specified in it. who will log in with keys key1, key2, etc.
6. Restart the DNS server:
7. Create a script on the client that will update the zone data:
At the beginning of the script the corresponding parameters are described: interface, server and zone names, location of the file with the key.
8. It remains only to configure the autorun / automatic address change when changing DNS.
We will do this with the help of the NetworkManager script:
create the /etc/NetworkManager/dispatcher.d/20-dyndns.sh file:
Let's make it executable and owned by the root user.
Run-check-use.
Upd: If it does not work, we check (install) on the server the named rights to write to the folder in which the client.server.org.zone file is located.
named will create a client.server.org.zone.jnl file there
The following materials were used:
http://www.freebsdwiki.net/index.php/BIND,_dynamic_DNS
http://blog.jasonantman.com/2010/04/bind9-dynamic-dns/
http://www.oceanwave.com/technical-resources/unix-admin/nsupdate.html
The key is taken from there.
For example, in my situation, the provider sometimes changes my public IP address. This sometimes happens usually every few months. In addition, my home computer restarts extremely rarely. During this time, the dyndns service, which I used earlier, managed to send me a couple of times notifications about inactivity in order to disable the “unused” account. It also fails to switch to a manually prescribed DNS zone, because sometimes the address changes. And usually you will know about it when you need access to a home computer here and now.
To implement the described method, you will need a server on the Internet with a DNS server bind on it. As well as the domain zone, the subdomain of which we will allocate for our computer. Describes the option of connecting a Linux-based computer to a Linux-server. To use other operating systems, you will need to read the manuals and modify some steps.
')
So:
1. We have an installed server bind9 with the domain server.org
2. Create a client.server.org.zone zone:
$ORIGIN .
$TTL 10 ; 10 seconds
client.server.net IN SOA ns1.server.net. hostmaster.server.net. (
18 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
10 ; minimum (10 seconds)
)
$TTL 3600 ; 1 hour
NS ns1.server.net.
NS ns2.server.net.
MX 10 client.server.net.here is the server ns1.server.net and ns2.server.net - the DNS server for our zone, client.server.net is the address of our home computer
3. Generate keys on the client:
client# cd /etc/namedb/keys
client# dnssec-keygen -b 512 -a HMAC-MD5 -v 2 -n HOST client.server.net.4. Create a file with the key on the server:
server# cd /var/named/chroot/etc
server# vim keys.conf :key client.server.net. {
algorithm "HMAC-MD5";
secret "omr5O5so/tZB5XeGuBBf42rrRJRQZB8I9f+uIIxxei8qm7AVgNBprxtcU+FQMzBvU/Y+nyM2xbs/C8kF3eJQUA==";
};In this case, a symmetric key is used, which is not safe: if someone has access to the file with the keys on your server, he can use your key to change the data for your zone. In this case, you can use an asymmetric key.
We expose the access rights to the file with the keys:
server# chmod 640 keys.conf
server# chown root:named keys.conf5. Add our zone to named.conf:
include "/etc/keys.conf"
zone "client.server.net" {
type master;
file "zones/client.server.net";
allow-update{
key client.server.net;
};
};Here is a parameter that allows you to update the zone data. In general, after reading the manuals, you can find options for this parameter that allow you to update only one entry in the zone for a given key. Ie, you can have a zone with client1, client2, etc. subdomains specified in it. who will log in with keys key1, key2, etc.
6. Restart the DNS server:
server# /etc/init.d/named reload7. Create a script on the client that will update the zone data:
#!/bin/bash
IFACE="wlan0"
TTL=3600
SERVER=ns1.example.com
HOSTNAME=foo.example.com
ZONE=example.com
KEYFILE=/root/ddns-keys/Kfoo.example.com.+157+12345.private
new_ip_address=`ifconfig $IFACE | grep "inet addr:" | awk '{print $2}' | awk -F ":" '{print $2}'`
new_ip_address=${new_ip_address/ /}
nsupdate -v -k $KEYFILE << EOF
server $SERVER
zone $ZONE
update delete $HOSTNAME A
update add $HOSTNAME $TTL A $new_ip_address
send
EOFAt the beginning of the script the corresponding parameters are described: interface, server and zone names, location of the file with the key.
8. It remains only to configure the autorun / automatic address change when changing DNS.
We will do this with the help of the NetworkManager script:
create the /etc/NetworkManager/dispatcher.d/20-dyndns.sh file:
#!/bin/sh
iface=$1
state=$2
if [ "x$state" == "xup" ] ; then
/etc/namedb/ddns-update
elif [ "x$state" == "xdown" ]; then
true
fiLet's make it executable and owned by the root user.
Run-check-use.
Upd: If it does not work, we check (install) on the server the named rights to write to the folder in which the client.server.org.zone file is located.
named will create a client.server.org.zone.jnl file there
The following materials were used:
http://www.freebsdwiki.net/index.php/BIND,_dynamic_DNS
http://blog.jasonantman.com/2010/04/bind9-dynamic-dns/
http://www.oceanwave.com/technical-resources/unix-admin/nsupdate.html
The key is taken from there.
Source: https://habr.com/ru/post/101380/
All Articles