Uncategorized

How to Configure your Free Personal Self Hosted Dynamic DNS

Free Personal Self Hosted Dynamic DNS with BIND and DNSSEC

Environment:

  • Server: static IP, running BIND
  • Home: dynamic IP, running Debian/*buntu

 

Key Generation

First step is to generate a key on the server.

/etc/bind $ sudo dnssec-keygen -a HMAC-MD5 -b 512 -n HOST home.dynamic.n0where.net

This creates two files, which will be named differently based on individual runs.

Khome.dynamic.n0where.net.+157+#####.key 
Khome.dynamic.n0where.net.+157+#####.private

 

File Content:

Khome.dynamic.n0where.net.+157+62567.key:

home.dynamic.n0where.net. IN KEY 512 3 157 <key>

Khome.dynamic.n0where.net.+157+62567.private:

Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: <key>
Bits: AAA=
Created: 20160126233343
Publish: 20160126233343
Activate: 20160126233343

 

Key File

Next create a key file at /etc/bind/key.dynamic.n0where.net.

key dynamic.n0where.net. {
        algorithm HMAC-MD5;
        secret "<secret>";
};

Then add the following line to /etc/bind/named.conf.local to include the new key.

include "/etc/bind/key.dynamic.n0where.net";

 

Dynamic Zone

Add a zone for BIND.

// Dynamic zone
zone "dynamic.n0where.net" IN {
  type master;
  allow-transfer {none;};
  file "/etc/bind/db.dynamic.n0where.net";
  update-policy {
    key "dynamic.n0where.net.";
  };
};

Define /etc/bind/db.dynamic.n0where.net file

$ORIGIN .
$TTL 14400      ; 4 hours
dynamic.n0where.net         IN SOA  ziost.n0where.net. admin.n0where.net. (
                                9          ; serial
                                604800     ; refresh (1 week)
                                86400      ; retry (1 day)
                                2419200    ; expire (4 weeks)
                                604800     ; minimum (1 week)
                                )
                        NS      korriban.n0where.net
.

Restart BIND.

 

Client

First transfer the .key and .private files down to the client system via your transport mechanism of choice. Once situated, chmod each file to 0400.

-r-------- 1 user user 128 Jan 26 17:58 Khome.dynamic.n0where.net.+157+62567.key
-r-------- 1 user user 229 Jan 26 17:58 Khome.dynamic.n0where.net.+157+62567.private

 

Update Script

The nsupdate tool in the dnsutils package will perform the update.

#!/bin/bash

EXT_IP=$(wget -qO- http://ifconfig.me/ip)
KEY="/path/to/Khome.dynamic.n0where.net.+157+62567.private"

cat <<EOF | nsupdate -k "$KEY"
server n0where.net
zone dynamic.n0where.net
update delete home.dynamic.n0where.net. A
update add home.dynamic.n0where.net. 86400 A $EXT_IP
show
send
EOF

 

Cron Schedule

A quick test with dig will show if the record updated.

$ dig @8.8.8.8 +short home.dynamic.n0where.net

The script can be scheduled to run automatically on the client with cron.

$ crontab -l
*/15 * * * * /path/to/<script>

Leave a Reply

Your email address will not be published. Required fields are marked *