Bind: Difference between revisions

From YobiWiki
Jump to navigation Jump to search
← Older edit
Content deleted Content added
 
(22 intermediate revisions by the same user not shown)
Line 2: Line 2:
Some notes how to setup a dynamic DNS...
Some notes how to setup a dynamic DNS...
<br>Setup is based on Askarel's [https://github.com/askarel/dynaname dynaname]
<br>Setup is based on Askarel's [https://github.com/askarel/dynaname dynaname]
<br>Thank you Fred for the help!

==Requirements==
==Requirements==
===Server===
===Your DNS server===
apt-get install bind9
apt-get install bind9
This will be the nameserver '''ns0.foo.org''' for our dynamic subdomain '''dyn.bar.org''' so this has to be announced in the primary DNS of your bar.org domain:
This will be the nameserver '''ns0.foo.org''' for our dynamic subdomain '''dyn.bar.org''' so this has to be announced in the primary DNS of your bar.org domain:
Line 12: Line 14:
dyn.bar.org. 10800 IN NS ns0.foo.org.
dyn.bar.org. 10800 IN NS ns0.foo.org.


===Client===
===Your dynamic IP client===
Old notes:
apt-get install dnsutils bind9utils
apt-get install dnsutils bind9utils
git clone https://github.com/askarel/dynaname.git
git clone https://github.com/askarel/dynaname.git

==Setup==
On Debian Trixie:

If not yet merged, use my branch with tsig-keygen: [https://github.com/doegox/dynaname/tree/phil doegox/dynaname:phil]
apt-get install bind9-dnsutils bind9
git clone https://github.com/doegox/dynaname
cd dynaname
git checkout phil

After key generation (cf below), one can remove bind9 and its dependencies
apt remove bind9 bind9-utils dns-root-data

And we keep bind9-dnsutils for nsupdate

==Setup on client==
To create e.g. home.dyn.bar.org:
To create e.g. home.dyn.bar.org:
cd dynaname
cd dynaname
./dynaname -G -H home.dyn.bar.org -S ns0.foo.org
./dynaname -G -H home.dyn.bar.org -S ns0.foo.org
==Setup on server==
Then copy ns0.foo.org/etc/bind/dynaname.conf to ns0.foo.org:/etc/bind/
Copy client ns0.foo.org/etc/bind/dynaname.conf to ns0.foo.org:/etc/bind/
<br>and add a hook into ns0.foo.org:/etc/bind/named.conf:
<br>and add a hook into ns0.foo.org:/etc/bind/named.conf:
include "/etc/bind/dynaname.conf"
include "/etc/bind/dynaname.conf"
I needed to set an absolute path to the file, so in dynaname.conf change
file "dyn/dyn.bar.org";
to
file "/var/lib/bind/dyn/dyn.bar.org";


For info dynaname.conf should look like:
For info dynaname.conf should now look like:
<pre>
<pre>
key home.dyn.bar.org {
key home.dyn.bar.org {
algorithm HMAC-MD5;
algorithm HMAC-SHA512;
secret "some secret...";
secret "some secret...";
};
};
Line 36: Line 50:
zone "dyn.bar.org" in {
zone "dyn.bar.org" in {
type master;
type master;
file "/var/lib/bind/dyn/dyn.bar.org";
file "dyn/dyn.bar.org";
update-policy {
update-policy {
grant home.dyn.bar.org name home.dyn.bar.org A AAAA TXT;
grant home.dyn.bar.org name home.dyn.bar.org A AAAA TXT;
Line 42: Line 56:
};
};
</pre>
</pre>
Create ns0.foo.org:/var/lib/bind/dyn


Create ns0.foo.org:/var/lib/bind/dyn/dyn.bar.org
Create ns0.foo.org:/var/cache/bind/dyn/dyn.bar.org with the following content:

Content of ns0.foo.org:/var/lib/bind/dyn/dyn.bar.org
<pre>
<pre>
$ORIGIN .
$ORIGIN .
Line 62: Line 73:


Make sure bind has RW access:
Make sure bind has RW access:
root@ns0:/var/lib/bind/dyn# ls -al
root@ns0:/var/cache/bind/dyn# ls -al
total 16
total 16
drwxrwxr-x 2 root bind 4096 Jun 3 23:44 .
drwxrwxr-x 2 root bind 4096 Jun 3 23:44 .
Line 69: Line 80:


Reload bind
Reload bind
service bind9 reload

Check messages
tail /var/log/syslog

==Setup on server with multiple clients==
For several clients under the same zone dyn.bar.org, e.g. adding work.dyn.bar.org, add to dynaname.conf:
<source lang=diff>
+ key work.dyn.bar.org {
+ algorithm HMAC-SHA512;
+ secret "some other secret...";
+ };
zone "dyn.bar.org" in {
type master;
file "dyn/dyn.bar.org";
update-policy {
grant home.dyn.bar.org name home.dyn.bar.org A AAAA TXT;
+ grant work.dyn.bar.org name work.dyn.bar.org A AAAA TXT;
};
};
</source>
And reload bind
/etc/init.d/bind9 reload
/etc/init.d/bind9 reload

==Update==
==Update from client==
./dynaname -H home.dyn.bar.org -S ns0.foo.org -A 1.2.3.4
./dynaname -H home.dyn.bar.org -S ns0.foo.org -A 1.2.3.4

To test it:
dig @ns0.foo.org home.dyn.bar.org
;; QUESTION SECTION:
;home.dyn.bar.org. IN A
;; ANSWER SECTION:
home.dyn.bar.org. 300 IN A 1.2.3.4
;; AUTHORITY SECTION:
dyn.bar.org. 3600 IN NS ns0.foo.org.
==Update from client automatically==
Using [https://github.com/twalrant/yadynip yadynip]:
git clone https://github.com/twalrant/yadynip
cd yadynip
patch -p0 << 'EOF'
--- bin/yadynip 2024-11-11 17:20:40.005543486 +0100
+++ bin/yadynip 2024-11-11 17:20:59.274511702 +0100
@@ -148,6 +148,7 @@
## Perform actions with detected IP address
for part in $(runparts $etcdir/actions.d); do
+ [ -d "$part" ] && continue
# Get and check last known IP address for this action
lastip=$(lastip $(basename $part))
EOF
./install.sh
rm /usr/local/etc/yadynip/checkip.d/00dir600*
rm /usr/local/etc/yadynip/checkip.d/10all-nettools
rm /usr/local/etc/yadynip/checkip.d/12showmyip
rm /usr/local/etc/yadynip/checkip.d/13whatismyip
rm /usr/local/etc/yadynip/checkip.d/20voo-netgear*
rm /usr/local/etc/yadynip/actions.d/00ipUpdate*
rm /usr/local/etc/yadynip/actions.d/00zeupdate*
rm /usr/local/etc/yadynip/actions.d/10sendmail*
mkdir -p /var/cache/yadynip/ipcaches/
ln -s /root/dynaname /usr/local/etc/yadynip/actions.d
/usr/local/etc/yadynip.conf:
verbose=none
logfile=/var/log/yadynip.log
sharedir=/var/cache/yadynip
/usr/local/etc/yadynip/actions.d/conf/d00ynaname.conf:
host=home.dyn.bar.org
ns=ns0.foo.org


/usr/local/etc/yadynip/actions.d/dynaname/: the original dynaname with key files
dynaname
home.dyn.bar.org.private
Now we can call yadynip from cron
crontab -e
*/10 * * * * /usr/local/bin/yadynip

Latest revision as of 21:47, 27 January 2026

Intro

Some notes how to setup a dynamic DNS...
Setup is based on Askarel's dynaname
Thank you Fred for the help!

Requirements

Your DNS server

apt-get install bind9

This will be the nameserver ns0.foo.org for our dynamic subdomain dyn.bar.org so this has to be announced in the primary DNS of your bar.org domain: 

dyn    NS    ns0.foo.org.

To test it: 

dig @your.primary.dns.for.bar.org dyn.bar.org
;; AUTHORITY SECTION:
dyn.bar.org.        10800    IN    NS    ns0.foo.org.

Your dynamic IP client

Old notes: 

apt-get install dnsutils bind9utils
git clone https://github.com/askarel/dynaname.git

On Debian Trixie:

If not yet merged, use my branch with tsig-keygen: doegox/dynaname:phil 

 apt-get install bind9-dnsutils bind9
 git clone https://github.com/doegox/dynaname
 cd dynaname
 git checkout phil

After key generation (cf below), one can remove bind9 and its dependencies 

 apt remove bind9 bind9-utils dns-root-data

And we keep bind9-dnsutils for nsupdate

Setup on client

To create e.g. home.dyn.bar.org: 

cd dynaname
./dynaname -G -H home.dyn.bar.org -S ns0.foo.org

Setup on server

Copy client ns0.foo.org/etc/bind/dynaname.conf to ns0.foo.org:/etc/bind/
and add a hook into ns0.foo.org:/etc/bind/named.conf: 

include "/etc/bind/dynaname.conf"

For info dynaname.conf should now look like: 

key home.dyn.bar.org {
        algorithm HMAC-SHA512;
        secret "some secret...";
};

zone "dyn.bar.org" in {
        type master;
        file "dyn/dyn.bar.org";
        update-policy {
                grant home.dyn.bar.org name home.dyn.bar.org A AAAA TXT;
        };
};

Create ns0.foo.org:/var/cache/bind/dyn/dyn.bar.org with the following content: 

$ORIGIN .
$TTL 3600    ; 1 hour
dyn.bar.org.      IN SOA    ns0.foo.org. me.bar.org. (
                  2014060301 ; serial, increment it every time you edit file
                  600        ; refresh (10 minutes)
                  300        ; retry (5 minutes)
                  86400      ; expire (1 day)
                  300        ; minimum (5 minutes)
                  )
dyn.bar.org.      IN NS     ns0.foo.org.
$ORIGIN dyn.bar.org.

Make sure bind has RW access: 

root@ns0:/var/cache/bind/dyn# ls -al
total 16
drwxrwxr-x 2 root bind 4096 Jun  3 23:44 .
drwxrwxr-x 3 root bind 4096 Jun  3 23:15 ..
-rw-r--r-- 1 bind bind  389 Jun  3 23:44 dyn.bar.org

Reload bind 

service bind9 reload

Check messages 

tail /var/log/syslog

Setup on server with multiple clients

For several clients under the same zone dyn.bar.org, e.g. adding work.dyn.bar.org, add to dynaname.conf: 

+ key work.dyn.bar.org {
+         algorithm HMAC-SHA512;
+         secret "some other secret...";
+ };
  
  zone "dyn.bar.org" in {
          type master;
          file "dyn/dyn.bar.org";
          update-policy {
                  grant home.dyn.bar.org name home.dyn.bar.org A AAAA TXT;
+                 grant work.dyn.bar.org name work.dyn.bar.org A AAAA TXT;
          };
  };

And reload bind 

/etc/init.d/bind9 reload

Update from client

./dynaname -H home.dyn.bar.org -S ns0.foo.org -A 1.2.3.4

To test it: 

dig @ns0.foo.org home.dyn.bar.org
;; QUESTION SECTION:
;home.dyn.bar.org.		IN	A
;; ANSWER SECTION:
home.dyn.bar.org.	300	IN	A	1.2.3.4
;; AUTHORITY SECTION:
dyn.bar.org.	3600	IN	NS	ns0.foo.org.

Update from client automatically

Using yadynip: 

git clone https://github.com/twalrant/yadynip
cd yadynip
patch -p0 << 'EOF'
--- bin/yadynip     2024-11-11 17:20:40.005543486 +0100
+++ bin/yadynip     2024-11-11 17:20:59.274511702 +0100
@@ -148,6 +148,7 @@
 
 ## Perform actions with detected IP address
 for part in $(runparts $etcdir/actions.d); do
+    [ -d "$part" ] && continue
     # Get and check last known IP address for this action
     lastip=$(lastip $(basename $part))
EOF
./install.sh
rm /usr/local/etc/yadynip/checkip.d/00dir600*
rm /usr/local/etc/yadynip/checkip.d/10all-nettools
rm /usr/local/etc/yadynip/checkip.d/12showmyip
rm /usr/local/etc/yadynip/checkip.d/13whatismyip
rm /usr/local/etc/yadynip/checkip.d/20voo-netgear*
rm /usr/local/etc/yadynip/actions.d/00ipUpdate*
rm /usr/local/etc/yadynip/actions.d/00zeupdate*
rm /usr/local/etc/yadynip/actions.d/10sendmail*
mkdir -p /var/cache/yadynip/ipcaches/
ln -s /root/dynaname /usr/local/etc/yadynip/actions.d

/usr/local/etc/yadynip.conf: 

verbose=none
logfile=/var/log/yadynip.log
sharedir=/var/cache/yadynip

/usr/local/etc/yadynip/actions.d/conf/d00ynaname.conf: 

host=home.dyn.bar.org
ns=ns0.foo.org


/usr/local/etc/yadynip/actions.d/dynaname/: the original dynaname with key files 

dynaname
home.dyn.bar.org.private

Now we can call yadynip from cron 

crontab -e
*/10 * * * * /usr/local/bin/yadynip
Retrieved from "https://wiki.yobi.be/index.php?title=Bind&oldid=10567"