How to Create your own 'DynDNS' Service

2 minutes read
Infrastructure

First off: This is not DynDNS as you might know it from dyndns.org. You can’t use clients like ddclient. I’m using DNSSEC and ‘nsupdate’. You’ll need to be familiar with Bind and some shell scripting… Also I only got this working on nix and I don’t have any intention to try it on Windows.

Let’s start with what you have to do on your client: 

1

$ dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom host1.dyn.example.org

Now copy Khost1.dyn.example.org.+157+39064.key (your pubkey) to your server’s configdir (in case of Debian: /etc/bind) and define it as follows: 

1
2
3
4
5
6
7
8
9

key host1.dyn.example.org. {
        algorithm HMAC-MD5;
        secret "<put key from Khost1.dyn.example.org.+157+39064.private here>";
};
zone "dyn.example.org" {
        type master;
        file "master/dyn.example.org";
        allow-update { key host1.dyn.example.org.; };
};

This allows everyone with the Ktest.unixhosts.org.+157+39064.private key, to update zone ‘dyn.example.org’. Feel free to find out how to do privilege separation on your own Back to your client: Since we can’t use ddclient or similar clients, I wrote my own small script: 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

#!/bin/sh
dir=$(dirname $0)
old_ip=$(cat $dir/ip_cur.txt)
new_ip=$(ifconfig pppoe0 | grep -E 'inet.[0-9]' | 
       grep -v '127.0.0.1' | awk '{ print $2}')

if [ $old_ip != $new_ip ];
 then
  echo $new_ip >> $dir/ip_log.txt
  echo "server <yourserver>nzone dyn.example.org 
    nupdate delete host1.dyn.example.org. A
    nupdate add host1.dyn.example.org. 60 A $new_ip 
    nsend" > $dir/ip_nsupdate_instructions.txt
  nsupdate -k $dir/Kfhost1.dyn.example.org.+157+25504.private 
    $dir/ip_nsupdate_instructions.txt || exit 1
  echo $new_ip > $dir/ip_cur.txt
fi

My script get’s the current IP Address of pppoe0, compares it to the one from it’s previous run and executes ‘nsupdate’ if they mismatch. ‘nsupdate’ doesn’t accept it’s configuration from stdin, that’s why I needed to hack around with echo… If ‘nsupdate’ fails (due to connection issues or something like that) my script exits. If update was successful it writes the current ip into ip_cur.txt, so the script only executes ‘nsupdate’ on IP Address change and not every time your run it. Add my script to crontab to run it once a minute or so… 

1

     ip_update.sh

BIND DynDNS DNSSEC How-To