Difference between revisions of "Bind"
Jump to navigation
Jump to search
m (→Setup) |
|||
| (22 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
Some notes how to setup a dynamic DNS... |
Some notes how to setup a dynamic DNS... |
||
<br>Setup is based on Askarel's [https://github.com/askarel/dynaname dynaname] |
<br>Setup is based on Askarel's [https://github.com/askarel/dynaname dynaname] |
||
| + | <br>Thank you Fred for the help! |
||
| + | |||
==Requirements== |
==Requirements== |
||
| − | === |
+ | ===Your DNS server=== |
apt-get install bind9 |
apt-get install bind9 |
||
This will be the nameserver '''ns0.foo.org''' for our dynamic subdomain '''dyn.bar.org''' so this has to be announced in the primary DNS of your bar.org domain: |
This will be the nameserver '''ns0.foo.org''' for our dynamic subdomain '''dyn.bar.org''' so this has to be announced in the primary DNS of your bar.org domain: |
||
| Line 12: | Line 14: | ||
dyn.bar.org. 10800 IN NS ns0.foo.org. |
dyn.bar.org. 10800 IN NS ns0.foo.org. |
||
| − | === |
+ | ===Your dynamic IP client=== |
| + | Old notes: |
||
apt-get install dnsutils bind9utils |
apt-get install dnsutils bind9utils |
||
git clone https://github.com/askarel/dynaname.git |
git clone https://github.com/askarel/dynaname.git |
||
| + | |||
| − | ==Setup== |
||
| + | On Debian Trixie: |
||
| + | |||
| + | If not yet merged, use my branch with tsig-keygen: [https://github.com/doegox/dynaname/tree/phil doegox/dynaname:phil] |
||
| + | apt-get install bind9-dnsutils bind9 |
||
| + | git clone https://github.com/doegox/dynaname |
||
| + | cd dynaname |
||
| + | git checkout phil |
||
| + | |||
| + | After key generation (cf below), one can remove bind9 and its dependencies |
||
| + | apt remove bind9 bind9-utils dns-root-data |
||
| + | |||
| + | And we keep bind9-dnsutils for nsupdate |
||
| + | |||
| + | ==Setup on client== |
||
To create e.g. home.dyn.bar.org: |
To create e.g. home.dyn.bar.org: |
||
cd dynaname |
cd dynaname |
||
./dynaname -G -H home.dyn.bar.org -S ns0.foo.org |
./dynaname -G -H home.dyn.bar.org -S ns0.foo.org |
||
| + | ==Setup on server== |
||
| − | Then copy ns0.foo.org/etc/bind/dynaname.conf to ns0.foo.org:/etc/bind/ |
||
| + | Copy client ns0.foo.org/etc/bind/dynaname.conf to ns0.foo.org:/etc/bind/ |
||
<br>and add a hook into ns0.foo.org:/etc/bind/named.conf: |
<br>and add a hook into ns0.foo.org:/etc/bind/named.conf: |
||
include "/etc/bind/dynaname.conf" |
include "/etc/bind/dynaname.conf" |
||
| − | I needed to set an absolute path to the file, so in dynaname.conf change |
||
| − | file "dyn/dyn.bar.org"; |
||
| − | to |
||
| − | file "/var/lib/bind/dyn/dyn.bar.org"; |
||
| − | For info dynaname.conf should look like: |
+ | For info dynaname.conf should now look like: |
<pre> |
<pre> |
||
key home.dyn.bar.org { |
key home.dyn.bar.org { |
||
| − | algorithm HMAC- |
+ | algorithm HMAC-SHA512; |
secret "some secret..."; |
secret "some secret..."; |
||
}; |
}; |
||
| Line 36: | Line 50: | ||
zone "dyn.bar.org" in { |
zone "dyn.bar.org" in { |
||
type master; |
type master; |
||
| − | file " |
+ | file "dyn/dyn.bar.org"; |
update-policy { |
update-policy { |
||
grant home.dyn.bar.org name home.dyn.bar.org A AAAA TXT; |
grant home.dyn.bar.org name home.dyn.bar.org A AAAA TXT; |
||
| Line 42: | Line 56: | ||
}; |
}; |
||
</pre> |
</pre> |
||
| − | Create ns0.foo.org:/var/lib/bind/dyn |
||
| − | |||
| − | Create ns0.foo.org:/var/lib/bind/dyn/dyn.bar.org |
||
| − | + | Create ns0.foo.org:/var/cache/bind/dyn/dyn.bar.org with the following content: |
|
<pre> |
<pre> |
||
$ORIGIN . |
$ORIGIN . |
||
$TTL 3600 ; 1 hour |
$TTL 3600 ; 1 hour |
||
dyn.bar.org. IN SOA ns0.foo.org. me.bar.org. ( |
dyn.bar.org. IN SOA ns0.foo.org. me.bar.org. ( |
||
| − | + | 2014060301 ; serial, increment it every time you edit file |
|
600 ; refresh (10 minutes) |
600 ; refresh (10 minutes) |
||
300 ; retry (5 minutes) |
300 ; retry (5 minutes) |
||
| Line 62: | Line 73: | ||
Make sure bind has RW access: |
Make sure bind has RW access: |
||
| − | root@ns0:/var/ |
+ | root@ns0:/var/cache/bind/dyn# ls -al |
total 16 |
total 16 |
||
drwxrwxr-x 2 root bind 4096 Jun 3 23:44 . |
drwxrwxr-x 2 root bind 4096 Jun 3 23:44 . |
||
drwxrwxr-x 3 root bind 4096 Jun 3 23:15 .. |
drwxrwxr-x 3 root bind 4096 Jun 3 23:15 .. |
||
-rw-r--r-- 1 bind bind 389 Jun 3 23:44 dyn.bar.org |
-rw-r--r-- 1 bind bind 389 Jun 3 23:44 dyn.bar.org |
||
| + | |||
| + | Reload bind |
||
| + | service reload bind9 |
||
| + | |||
| + | Check messages |
||
| + | tail /var/log/syslog |
||
| + | |||
| + | ==Setup on server with multiple clients== |
||
| + | For several clients under the same zone dyn.bar.org, e.g. adding work.dyn.bar.org, add to dynaname.conf: |
||
| + | <source lang=diff> |
||
| + | + key work.dyn.bar.org { |
||
| + | + algorithm HMAC-SHA512; |
||
| + | + secret "some other secret..."; |
||
| + | + }; |
||
| + | |||
| + | zone "dyn.bar.org" in { |
||
| + | type master; |
||
| + | file "dyn/dyn.bar.org"; |
||
| + | update-policy { |
||
| + | grant home.dyn.bar.org name home.dyn.bar.org A AAAA TXT; |
||
| + | + grant work.dyn.bar.org name work.dyn.bar.org A AAAA TXT; |
||
| + | }; |
||
| + | }; |
||
| + | </source> |
||
| + | And reload bind |
||
| + | /etc/init.d/bind9 reload |
||
| + | |||
| + | ==Update from client== |
||
| + | ./dynaname -H home.dyn.bar.org -S ns0.foo.org -A 1.2.3.4 |
||
| + | |||
| + | To test it: |
||
| + | dig @ns0.foo.org home.dyn.bar.org |
||
| + | ;; QUESTION SECTION: |
||
| + | ;home.dyn.bar.org. IN A |
||
| + | ;; ANSWER SECTION: |
||
| + | home.dyn.bar.org. 300 IN A 1.2.3.4 |
||
| + | ;; AUTHORITY SECTION: |
||
| + | dyn.bar.org. 3600 IN NS ns0.foo.org. |
||
| + | ==Update from client automatically== |
||
| + | Using [https://github.com/twalrant/yadynip yadynip]: |
||
| + | git clone https://github.com/twalrant/yadynip |
||
| + | cd yadynip |
||
| + | patch -p0 << 'EOF' |
||
| + | --- bin/yadynip 2024-11-11 17:20:40.005543486 +0100 |
||
| + | +++ bin/yadynip 2024-11-11 17:20:59.274511702 +0100 |
||
| + | @@ -148,6 +148,7 @@ |
||
| + | |||
| + | ## Perform actions with detected IP address |
||
| + | for part in $(runparts $etcdir/actions.d); do |
||
| + | + [ -d "$part" ] && continue |
||
| + | # Get and check last known IP address for this action |
||
| + | lastip=$(lastip $(basename $part)) |
||
| + | EOF |
||
| + | ./install.sh |
||
| + | rm /usr/local/etc/yadynip/checkip.d/00dir600* |
||
| + | rm /usr/local/etc/yadynip/checkip.d/10all-nettools |
||
| + | rm /usr/local/etc/yadynip/checkip.d/12showmyip |
||
| + | rm /usr/local/etc/yadynip/checkip.d/13whatismyip |
||
| + | rm /usr/local/etc/yadynip/checkip.d/20voo-netgear* |
||
| + | rm /usr/local/etc/yadynip/actions.d/00ipUpdate* |
||
| + | rm /usr/local/etc/yadynip/actions.d/00zeupdate* |
||
| + | rm /usr/local/etc/yadynip/actions.d/10sendmail* |
||
| + | mkdir -p /var/cache/yadynip/ipcaches/ |
||
| + | ln -s /root/dynaname /usr/local/etc/yadynip/actions.d |
||
| + | /usr/local/etc/yadynip.conf: |
||
| + | verbose=none |
||
| + | logfile=/var/log/yadynip.log |
||
| + | sharedir=/var/cache/yadynip |
||
| + | /usr/local/etc/yadynip/actions.d/conf/d00ynaname.conf: |
||
| + | host=home.dyn.bar.org |
||
| + | ns=ns0.foo.org |
||
| + | |||
| + | |||
| + | /usr/local/etc/yadynip/actions.d/dynaname/: the original dynaname with key files |
||
| + | dynaname |
||
| + | home.dyn.bar.org.private |
||
| + | Now we can call yadynip from cron |
||
| + | crontab -e |
||
| + | */10 * * * * /usr/local/bin/yadynip |
||
Latest revision as of 17:25, 11 November 2024
Intro
Some notes how to setup a dynamic DNS...
Setup is based on Askarel's dynaname
Thank you Fred for the help!
Requirements
Your DNS server
apt-get install bind9
This will be the nameserver ns0.foo.org for our dynamic subdomain dyn.bar.org so this has to be announced in the primary DNS of your bar.org domain:
dyn NS ns0.foo.org.
To test it:
dig @your.primary.dns.for.bar.org dyn.bar.org ;; AUTHORITY SECTION: dyn.bar.org. 10800 IN NS ns0.foo.org.
Your dynamic IP client
Old notes:
apt-get install dnsutils bind9utils git clone https://github.com/askarel/dynaname.git
On Debian Trixie:
If not yet merged, use my branch with tsig-keygen: doegox/dynaname:phil
apt-get install bind9-dnsutils bind9 git clone https://github.com/doegox/dynaname cd dynaname git checkout phil
After key generation (cf below), one can remove bind9 and its dependencies
apt remove bind9 bind9-utils dns-root-data
And we keep bind9-dnsutils for nsupdate
Setup on client
To create e.g. home.dyn.bar.org:
cd dynaname ./dynaname -G -H home.dyn.bar.org -S ns0.foo.org
Setup on server
Copy client ns0.foo.org/etc/bind/dynaname.conf to ns0.foo.org:/etc/bind/
and add a hook into ns0.foo.org:/etc/bind/named.conf:
include "/etc/bind/dynaname.conf"
For info dynaname.conf should now look like:
key home.dyn.bar.org {
algorithm HMAC-SHA512;
secret "some secret...";
};
zone "dyn.bar.org" in {
type master;
file "dyn/dyn.bar.org";
update-policy {
grant home.dyn.bar.org name home.dyn.bar.org A AAAA TXT;
};
};
Create ns0.foo.org:/var/cache/bind/dyn/dyn.bar.org with the following content:
$ORIGIN .
$TTL 3600 ; 1 hour
dyn.bar.org. IN SOA ns0.foo.org. me.bar.org. (
2014060301 ; serial, increment it every time you edit file
600 ; refresh (10 minutes)
300 ; retry (5 minutes)
86400 ; expire (1 day)
300 ; minimum (5 minutes)
)
dyn.bar.org. IN NS ns0.foo.org.
$ORIGIN dyn.bar.org.
Make sure bind has RW access:
root@ns0:/var/cache/bind/dyn# ls -al total 16 drwxrwxr-x 2 root bind 4096 Jun 3 23:44 . drwxrwxr-x 3 root bind 4096 Jun 3 23:15 .. -rw-r--r-- 1 bind bind 389 Jun 3 23:44 dyn.bar.org
Reload bind
service reload bind9
Check messages
tail /var/log/syslog
Setup on server with multiple clients
For several clients under the same zone dyn.bar.org, e.g. adding work.dyn.bar.org, add to dynaname.conf:
+ key work.dyn.bar.org {
+ algorithm HMAC-SHA512;
+ secret "some other secret...";
+ };
zone "dyn.bar.org" in {
type master;
file "dyn/dyn.bar.org";
update-policy {
grant home.dyn.bar.org name home.dyn.bar.org A AAAA TXT;
+ grant work.dyn.bar.org name work.dyn.bar.org A AAAA TXT;
};
};
And reload bind
/etc/init.d/bind9 reload
Update from client
./dynaname -H home.dyn.bar.org -S ns0.foo.org -A 1.2.3.4
To test it:
dig @ns0.foo.org home.dyn.bar.org ;; QUESTION SECTION: ;home.dyn.bar.org. IN A ;; ANSWER SECTION: home.dyn.bar.org. 300 IN A 1.2.3.4 ;; AUTHORITY SECTION: dyn.bar.org. 3600 IN NS ns0.foo.org.
Update from client automatically
Using yadynip:
git clone https://github.com/twalrant/yadynip cd yadynip patch -p0 << 'EOF' --- bin/yadynip 2024-11-11 17:20:40.005543486 +0100 +++ bin/yadynip 2024-11-11 17:20:59.274511702 +0100 @@ -148,6 +148,7 @@ ## Perform actions with detected IP address for part in $(runparts $etcdir/actions.d); do + [ -d "$part" ] && continue # Get and check last known IP address for this action lastip=$(lastip $(basename $part)) EOF ./install.sh rm /usr/local/etc/yadynip/checkip.d/00dir600* rm /usr/local/etc/yadynip/checkip.d/10all-nettools rm /usr/local/etc/yadynip/checkip.d/12showmyip rm /usr/local/etc/yadynip/checkip.d/13whatismyip rm /usr/local/etc/yadynip/checkip.d/20voo-netgear* rm /usr/local/etc/yadynip/actions.d/00ipUpdate* rm /usr/local/etc/yadynip/actions.d/00zeupdate* rm /usr/local/etc/yadynip/actions.d/10sendmail* mkdir -p /var/cache/yadynip/ipcaches/ ln -s /root/dynaname /usr/local/etc/yadynip/actions.d
/usr/local/etc/yadynip.conf:
verbose=none logfile=/var/log/yadynip.log sharedir=/var/cache/yadynip
/usr/local/etc/yadynip/actions.d/conf/d00ynaname.conf:
host=home.dyn.bar.org ns=ns0.foo.org
/usr/local/etc/yadynip/actions.d/dynaname/: the original dynaname with key files
dynaname home.dyn.bar.org.private
Now we can call yadynip from cron
crontab -e */10 * * * * /usr/local/bin/yadynip