Powered by coANDco UK

Howto use Dynamic DNS updates

From How2s

When using DHCP (or other dynamic address assignments methods) you cannot always rely on getting the same IP address every time even if you always attach to the same network. This may constitute a problem if you, e.g., run a server on your machine that people should reach via a domain name such www.yourdomain.com. One solution to this problem would be to inform your DNS server about your new address, so that it could update the address record for www.yourdomain.com to point to your new address instead. This dynamic DNS update must of course be done securely and a DNS server will not accept such a request unless the message is properly authenticated. Below a brief description of how this could be done using BIND (version 9) software is given:

1. Creating shared authentication key: If we want to create the key to authenticate our DNS dynamic update messages for the domain www.yourdomain.com the dnssec-keygen program can be used.

#> dnssec-keygen -a HMAC-MD5 -b 128 -n HOST www.yourdomain.com. Kwww.yourdomain.com.+157+64284

This creates two files: Kwww.yourdomain.com.+157+64284.key and Kwww.yourdomain.com.+157+64284.private. The content of Kwww.yourdomain.com.+157+64284.private is

Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: fqcNlls/jYEUMoMcLmw6A==;

2. Add update key information to /etc/named.conf: Copy the key (securely) to your DNS server and create an entry in /etc/named.conf as shown below:

key www.yourdomain.com {
   algorithm hmac-md5;
   secret fqcNlls/jYEUMoMcLmw6A==;

You would also have to add information to named.conf about what records taht you were allowed to update within the zone yourdomain.com with the update-policy statement. Below an example appropriate for our case is shown:

zone yourdomain.com {
   type master;
   file master/db.yourdomain.com;
   update-policy { grant www.yourdomain.com. self www.yourdomain.com. ; };

3. Send DNS dynamic updates from host to DNS server: To inform your DNS server about your current address you could use the nsupdate program. For BIND9 this would look like:

#> nsupdate -k Kwww.yourdomain.com.+157+64284.key

Look in the manual page for nsupdate(8) for hints about how to proceed to update the A-record for www.yourdomain.com.

Please check out our sponsor, thanks to whom How2s.org is FREE: