Results 1 to 2 of 2
  1. 01-17-2010, 07:23 PM #1
    agentc0re
    agentc0re is offline
    Untangler agentc0re's Avatar
    Join Date
    Jan 2008
    Posts
    63

    Lightbulb DDNS using your own DNS server

    This assumes you already have a DNS server setup that has a static IP, IE: a webserver that is also doing DNS(like mine). If you have a webserver but currently don't host your own DNS, you can do a bit of research and set it up with in an hour or so. Anyways, that's not what this how to is for.

    Get on your webserver
    SSH into your webserver and su into root.
    Code:
    grep directory /etc/named.conf
    cd into the directory displayed.

    Create a dnssec key
    Code:
    dnssec-keygen -a hmac-md5 -b 512 -n HOST -r /dev/urandom subdomain.domain.com.
    Make sure that you put the period at the end of your domain. The subdomain should be the name of your untangle box or whatever machine you're trying to setup for ddns.
    Code:
    cat Ksubdomain.domain.com.+005+RANDOM#.key
    replace RANDOM with whaterver the .key file has.
    You should see something like this
    Code:
    subdomain.domain.com. IN KEY 512 3 157 UR4Bu3vzaTYUtmzQA4hJl6GzRwRhY9CoWS2V1ukF6nUfSt0vxKCsEoq6 WAuDCySzmPINAtSD/OjWJfgB5eAVsA==
    We want the very long string. Make note of this for the next step. If it has a space in the string, you still want every bit after it. It threw me off when i had a space in it and i wasn't sure what i needed until i tried the different combinations and fount that it was the whole string.

    Edit the named.conf
    We need to add a couple of things.
    Code:
    key "subdomain.domain.com." {
  algorithm hmac-md5;
  secret "UR4Bu3vzaTYUtmzQA4hJl6GzRwRhY9CoWS2V1ukF6nUfSt0vxKCsEoq6 WAuDCySzmPINAtSD/OjWJfgB5eAVsA==";
};
    Now, under your zone (domain.com.) add the following
    Code:
    allow-update { key "subdomain.domain.com."; };
    All done, now
    Code:
    /etc/init.d/bind9 reload
    Now, SSH into your Untangle server
    Copy the key's from your webserver
    Code:
    scp -P 22 root@webserver.com:/var/named/Ksubdomain.domain.com.* .
    /var/named = directory that we found out from your named.conf on your webserver

    Create a file named ddupate
    Code:
    #!/bin/bash
# Script to update DNS zones on a remote server
# Copyright © 2005-2007 - Julien Valroff <julien@kirya.net>
# Parts of the script Copyright © 2001-2002 - Dag Wieers <dag@wieers.com>
 
KEY="/root/Kkeyname.+157+29630.private"
SERVER="ns.domain.com"
LOGFILE="/var/log/syslog"
PPP_IFACE="ppp0"
DOMAIN="domain.com."
HOST="subdomain.domain.com."
EMAIL="you@domain.com"

if [ "$PPP_LOCAL" != '' ]; then
   if [ "$PPP_IFACE" != "$PPP_IFACE" ]; then
      echo "$(LANG=C date +'%b %e %X') $(hostname) ddupdate[$$]: ABORTED: Not updating dynamic IP \
        address $PPP_LOCAL (already done for $(ip addr show $PPP_IFACE | awk '/inet/ { print $2 }'))" >>$LOGFILE 2>&1
      exit 0
   fi
   IPADDR=$PPP_LOCAL
   sleep 3
else
   IPADDR=$(ip addr show $PPP_IFACE | awk '/inet/ { print $2 }')
fi
 
(
cat <<EOF | nsupdate -k "$KEY"
server $SERVER
zone $DOMAIN
update delete $HOST A
update add $HOST 60 A $IPADDR
send
EOF
 
  RC=$?
 
  if [ $RC != 0 ]; then
    echo "$(LANG=C date +'%b %e %X') $(hostname) ddupdate[$$]: FAILURE: Updating dynamic IP $IPADDR on $SERVER failed (RC=$RC)"
    (
        echo "Subject: DDNS update failed"
        echo
        echo "Updating dynamic IP $IPADDR on $SERVER failed (RC=$RC)"
    ) | /usr/sbin/sendmail $EMAIL
  else
    echo "$(LANG=C date +'%b %e %X') $(hostname) ddupdate[$$]: SUCCESS: Updating dynamic IP $IPADDR on $SERVER succeeded"
  fi
) >>$LOGFILE 2>&1
 
exit $RC
    You will want to change the variables at the top to fit your needs.

    Make this file executable
    Code:
    chmod +x ddupate
    Place this file in
    Code:
    /etc/ppp/ip-up.d
    Now execute it
    Code:
    /etc/ppp/ip-up.d/ddupdate
    Check your syslogs for both servers. if you don't have any errors that look like
    Code:
    ; TSIG error with server: tsig indicates error
update failed: NOTAUTH(BADSIG)
    You have successfully setup a ddns server Check your webservers DNS and make sure that the entry has been entered.

    Everytime your IP changes (release and renew), this script should get ran. You could also run this in a cronjob.

    **EDIT**
    I also added the 3 new files I added to my Untangle server in the override section to protect them from being deleted during an update.

    Trouble shooting
    In the ddupdate file you made you will see the commands executed in order to make the update possible. Preform these manually but add the -d option in nsupdate. This will add some extra information on what might be going on. In most cases it will either be a typo of the secret, both keys don live on the HOST machine or a permissions issue. I "chmod 664" the dnssec key files on both servers.

    resources and thanks go to:
    http://www.kirya.net/articles/runnin...ice-with-bind/
    http://www.semicomplete.com/articles...dns-with-dhcp/
    Last edited by agentc0re; 01-17-2010 at 07:37 PM.
  2. 02-17-2010, 06:20 PM #2
    wharfratjoe
    wharfratjoe is offline
    Master Untangler wharfratjoe's Avatar
    Join Date
    Dec 2008
    Location
    Southern California
    Posts
    412

    Default

    thank you for the howto! i inquired about this awhile ago.
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


SEO by vBSEO 3.6.0 PL2