DNS 1: Dynamic DNS
Categories: [ IT ]
Now that I have my own server, I can finally have my own DNS server and my own domain name for my home computer that has a (single) dynamic IP address.
The following notes assumes there is already a running instance of Bind 9 on a
Debian Jessie system for an imaginary domain example.com
, served by a name
server named ns.example.com
and you want to dynamically update the DNS
records for home.example.com
. This is largely based on the Debian
tutorial on the subject, solving the problem
that bind
cannot modify files in /etc/bind
.
On the server
Create a shared key that will allow to remotely update the dynamic zone:dnssec-keygen -a HMAC-MD5 -b 128 -r /dev/urandom -n USER DDNS_UPDATEThis creates a pair of files (
.key
and .private
) with names starting with
Kddns_update.+157+
. Look for the value of Key:
entry in the .private
file and put that value in a file named /etc/bind/ddns.key
with the
following content (surrounding it with double quotes):
key DDNS_UPDATE { algorithm HMAC-MD5.SIG-ALG.REG.INT; secret "THIS IS WHERE YOU PUT THE KEY"; };
You can then delete the two Kddns_update.+157+
files. Ensure that
/etc/bind/ddns.key
belongs to "root" and to the "bind" group, and is not
readable by other users.
Then in named.conf.local
, include the key file and declare a new zone:
include "/etc/bind/ddns.key"; zone "home.example.com" { type master; file "/var/cache/bind/db.home.example.com"; allow-update { key DDNS_UPDATE; }; journal "/var/cache/bind/db.home.example.com.jnl"; };
In /var/cache/bind
create the file db.home.example.com
by copying
/etc/bind/db.empty
and adapting it to your needs. For convinience, create a
db.home.example.com
symbolic link in /etc/bind
pointing to
/var/cache/bind/db.home.example.com
.
db.example.com
(that is, the parent zone), add a NS
entry to delegate
the name home.example.com
to the DNS server of the parent zone:
home.example.com NS ns.example.com
You can now reload the bind
service to apply the configuration changes.
nsupdate
.
On the home computer
I decided to use ddclient
3.8.3 because it supports dynamic dns updates
using the nsupdate
tool. I backported that version of ddclient
manually
from a Debian Testing package; it's written in Perl and the backporting is
trivial.
/etc/bind/ddns.key
from the server to /etc/ddns.key
on the home
computer (the one running ddclient), ensuring only root can read it. Then add
the following to /etc/ddclient.conf
(be careful with the commas, there is no
comma at the end of the second last line):
protocol=nsupdate, \ zone=home.example.com, \ ttl=600, \ server=THE_IP_ADDRESS_OF_THE_DNS_SERVER, \ password=/etc/ddns.key \ home.example.com
You can then try out the new setup.