Dynamic DNS in bind9
If you run your own bind server for your domain you can easily support dynamic updates from your machines that have transient IP addresses. bind is capable of many things, but I’ll just show the bits you need…
First, use bind 9.3 or better.
On the server, go edit the file that contains your zone… perhaps it looks like this… zone “studt.net” { type master; file “/etc/bind/studt.net”; };
… you are going to need to generate a key for each host that has a transient address, add it to this file, and then tell the zone that machines are allowed to update their own addresses.
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST jimshouse.studt.net
… will generate two files with long names. Keep them, you will need them on the client machines. But look inside the K*.private file and copy out the value of the “Key: “ line. You are about to paste it into your zone file.
Add a key for each host that will update its name, and an update-policy to the zone, you may end up looking like this…
key jimshouse.studt.net { algorithm HMAC-MD5; secret
“eQGH–lots-of-more-key-i-left-out==”; };
zone “studt.net” { type master; notify yes;
forwarders { }; file “/etc/bind/studt.net”;
update-policy { grant * self * A TXT; }; };
Restart your bind server and your server is ready to go. (Yes, you could reload but there was a bug in 1999 or so and I have never gotten over it.)
Possible Bug: Your bind process has to be able to write “.jnl” files. Debian etch is configured to put them in /etc/bind but the bind user can’t write there. I chmodded /etc/bind to 775 to deal with that. You’ll know you have this problem when your client update fails with a SERVFAIL and you tail your syslog on the server and read the error messages.
Dangerous Note: Before you edit the zone file you have to first stop
the dynamic updates so the .jnl file gets merged with the zone file…
rndc freeze studt.net edit the studt.net zone file rndc unfreeze
studt.net
Now for the client side. You could set dhclient.conf to do this
automatically, but for primitive cave programmers like me you can just
execute a command. First… copy your K*.private key file for the
client to the client machine, you’re going to need it. Second… use the
nsupdate command to set the name’s value. I do it in a script sort of
like this…
#!/bin/sh TTL=600
SERVER=ns.studt.net. ZONE=studt.net HOSTNAME=jimshouse.studt.net.
KEYFILE=/path/to/where/you/keep/**Kjimshouse.studt.net.+157+26806.private
IP=99.153.198.165
nsupdate -v -k \$KEYFILE > /dev/null << EOF server \$SERVER zone
\$ZONE update delete \$HOSTNAME A update add \$HOSTNAME \$TTL A \$IP
send EOF
See that TTL? That says 10 minutes, so a computer on the internet might
keep using your old address for up to 10 minutes after your address
changes. You can adjust that number for your situation. Clients won’t
like you if you get too short.