Difference between revisions of "Bind"
Jump to navigation
Jump to search
m |
|||
| (7 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
<br>Setup is based on Askarel's [https://github.com/askarel/dynaname dynaname] |
<br>Setup is based on Askarel's [https://github.com/askarel/dynaname dynaname] |
||
<br>Thank you Fred for the help! |
<br>Thank you Fred for the help! |
||
| + | <br>Note: if not yet merged, have a look at my branch for getting SHA-512 and error codes needed for yadynip: [https://github.com/doegox/dynaname/tree/phil doegox/dynaname:phil] |
||
==Requirements== |
==Requirements== |
||
| Line 69: | Line 70: | ||
Check messages |
Check messages |
||
tail /var/log/syslog |
tail /var/log/syslog |
||
| + | ==Setup on server with multiple clients== |
||
| + | For several clients under the same zone dyn.bar.org, e.g. adding work.dyn.bar.org, add to dynaname.conf: |
||
| + | <source lang=diff> |
||
| + | + key work.dyn.bar.org { |
||
| + | + algorithm HMAC-SHA512; |
||
| + | + secret "some other secret..."; |
||
| + | + }; |
||
| + | |||
| + | zone "dyn.bar.org" in { |
||
| + | type master; |
||
| + | file "dyn/dyn.bar.org"; |
||
| + | update-policy { |
||
| + | grant home.dyn.bar.org name home.dyn.bar.org A AAAA TXT; |
||
| + | + grant work.dyn.bar.org name work.dyn.bar.org A AAAA TXT; |
||
| + | }; |
||
| + | }; |
||
| + | </source> |
||
| + | And reload bind |
||
| + | /etc/init.d/bind9 reload |
||
==Update from client== |
==Update from client== |
||
| Line 81: | Line 101: | ||
;; AUTHORITY SECTION: |
;; AUTHORITY SECTION: |
||
dyn.bar.org. 3600 IN NS ns0.foo.org. |
dyn.bar.org. 3600 IN NS ns0.foo.org. |
||
| + | ==Update from client automatically== |
||
| + | Using [https://github.com/twalrant/yadynip yadynip]: |
||
| + | git clone https://github.com/twalrant/yadynip |
||
| + | cd yadynip |
||
| + | ./install.sh |
||
| + | rm /usr/local/etc/yadynip/checkip.d/00dir600 |
||
| + | rm /usr/local/etc/yadynip/actions.d/00zeupdate |
||
| + | rm /usr/local/etc/yadynip/actions.d/10sendmail |
||
| + | mkdir -p /var/cache/yadynip/ipcaches/ |
||
| + | /usr/local/etc/yadynip.conf: |
||
| + | quiet=on |
||
| + | logfile=/var/log/yadynip.log |
||
| + | sharedir=/var/cache/yadynip |
||
| + | /usr/local/etc/yadynip/actions.d/conf/dynaname: |
||
| + | host=home.dyn.bar.org |
||
| + | ns=ns0.foo.org |
||
| + | |||
| + | /usr/local/etc/yadynip/actions.d/00dynaname: |
||
| + | <source lang=bash> |
||
| + | #!/bin/bash |
||
| + | |||
| + | host= |
||
| + | ns= |
||
| + | ## Config file. |
||
| + | configfile=$(basename $0) |
||
| + | configfile=$(dirname $0)/conf/${configfile:2} |
||
| + | if [ -n "$configfile" ] && [ -f $configfile ]; then |
||
| + | . $configfile |
||
| + | fi |
||
| + | |||
| + | # Quit silently if not configured |
||
| + | [ "$host" == "" ] || [ "$ns" == "" ] && exit 1 |
||
| + | |||
| + | tooldir=$(basename $0) |
||
| + | tooldir=$(dirname $0)/${tooldir:2} |
||
| + | cd $tooldir |
||
| + | ./dynaname -H $host -S $ns -A $1 || exit $? |
||
| + | [ -z "$2" ] && exit 0; |
||
| + | echo $(date -R) "Dynaname update zone $host with $1" >> $2 |
||
| + | |||
| + | # Successfull action exit with 0 |
||
| + | exit 0; |
||
| + | </source> |
||
| + | /usr/local/etc/yadynip/actions.d/dynaname/: the original dynaname with key files |
||
| + | dynaname |
||
| + | home.dyn.bar.org.key |
||
| + | home.dyn.bar.org.private |
||
| + | Khome.dyn.bar.org.+165+04905.key |
||
| + | Khome.dyn.bar.org.+165+04905.private |
||
| + | Now we can call yadynip from cron |
||
Latest revision as of 23:36, 5 June 2014
Intro
Some notes how to setup a dynamic DNS...
Setup is based on Askarel's dynaname
Thank you Fred for the help!
Note: if not yet merged, have a look at my branch for getting SHA-512 and error codes needed for yadynip: doegox/dynaname:phil
Requirements
Your DNS server
apt-get install bind9
This will be the nameserver ns0.foo.org for our dynamic subdomain dyn.bar.org so this has to be announced in the primary DNS of your bar.org domain:
dyn NS ns0.foo.org.
To test it:
dig @your.primary.dns.for.bar.org dyn.bar.org ;; AUTHORITY SECTION: dyn.bar.org. 10800 IN NS ns0.foo.org.
Your dynamic IP client
apt-get install dnsutils bind9utils git clone https://github.com/askarel/dynaname.git
Setup on client
To create e.g. home.dyn.bar.org:
cd dynaname ./dynaname -G -H home.dyn.bar.org -S ns0.foo.org
Setup on server
Copy client ns0.foo.org/etc/bind/dynaname.conf to ns0.foo.org:/etc/bind/
and add a hook into ns0.foo.org:/etc/bind/named.conf:
include "/etc/bind/dynaname.conf"
For info dynaname.conf should now look like:
key home.dyn.bar.org {
algorithm HMAC-SHA512;
secret "some secret...";
};
zone "dyn.bar.org" in {
type master;
file "dyn/dyn.bar.org";
update-policy {
grant home.dyn.bar.org name home.dyn.bar.org A AAAA TXT;
};
};
Create ns0.foo.org:/var/cache/bind/dyn/dyn.bar.org with the following content:
$ORIGIN .
$TTL 3600 ; 1 hour
dyn.bar.org. IN SOA ns0.foo.org. me.bar.org. (
2014060301 ; serial, increment it every time you edit file
600 ; refresh (10 minutes)
300 ; retry (5 minutes)
86400 ; expire (1 day)
300 ; minimum (5 minutes)
)
dyn.bar.org. IN NS ns0.foo.org.
$ORIGIN dyn.bar.org.
Make sure bind has RW access:
root@ns0:/var/cache/bind/dyn# ls -al total 16 drwxrwxr-x 2 root bind 4096 Jun 3 23:44 . drwxrwxr-x 3 root bind 4096 Jun 3 23:15 .. -rw-r--r-- 1 bind bind 389 Jun 3 23:44 dyn.bar.org
Reload bind
/etc/init.d/bind9 reload
Check messages
tail /var/log/syslog
Setup on server with multiple clients
For several clients under the same zone dyn.bar.org, e.g. adding work.dyn.bar.org, add to dynaname.conf:
+ key work.dyn.bar.org {
+ algorithm HMAC-SHA512;
+ secret "some other secret...";
+ };
zone "dyn.bar.org" in {
type master;
file "dyn/dyn.bar.org";
update-policy {
grant home.dyn.bar.org name home.dyn.bar.org A AAAA TXT;
+ grant work.dyn.bar.org name work.dyn.bar.org A AAAA TXT;
};
};
And reload bind
/etc/init.d/bind9 reload
Update from client
./dynaname -H home.dyn.bar.org -S ns0.foo.org -A 1.2.3.4
To test it:
dig @ns0.foo.org home.dyn.bar.org ;; QUESTION SECTION: ;home.dyn.bar.org. IN A ;; ANSWER SECTION: home.dyn.bar.org. 300 IN A 1.2.3.4 ;; AUTHORITY SECTION: dyn.bar.org. 3600 IN NS ns0.foo.org.
Update from client automatically
Using yadynip:
git clone https://github.com/twalrant/yadynip cd yadynip ./install.sh rm /usr/local/etc/yadynip/checkip.d/00dir600 rm /usr/local/etc/yadynip/actions.d/00zeupdate rm /usr/local/etc/yadynip/actions.d/10sendmail mkdir -p /var/cache/yadynip/ipcaches/
/usr/local/etc/yadynip.conf:
quiet=on logfile=/var/log/yadynip.log sharedir=/var/cache/yadynip
/usr/local/etc/yadynip/actions.d/conf/dynaname:
host=home.dyn.bar.org ns=ns0.foo.org
/usr/local/etc/yadynip/actions.d/00dynaname:
#!/bin/bash
host=
ns=
## Config file.
configfile=$(basename $0)
configfile=$(dirname $0)/conf/${configfile:2}
if [ -n "$configfile" ] && [ -f $configfile ]; then
. $configfile
fi
# Quit silently if not configured
[ "$host" == "" ] || [ "$ns" == "" ] && exit 1
tooldir=$(basename $0)
tooldir=$(dirname $0)/${tooldir:2}
cd $tooldir
./dynaname -H $host -S $ns -A $1 || exit $?
[ -z "$2" ] && exit 0;
echo $(date -R) "Dynaname update zone $host with $1" >> $2
# Successfull action exit with 0
exit 0;
/usr/local/etc/yadynip/actions.d/dynaname/: the original dynaname with key files
dynaname home.dyn.bar.org.key home.dyn.bar.org.private Khome.dyn.bar.org.+165+04905.key Khome.dyn.bar.org.+165+04905.private
Now we can call yadynip from cron