How to Configure your Free Personal Self Hosted Dynamic DNS

Free Personal Self Hosted Dynamic DNS with BIND and DNSSEC


  • Server: static IP, running BIND
  • Home: dynamic IP, running Debian/*buntu


Key Generation

First step is to generate a key on the server.

/etc/bind $ sudo dnssec-keygen -a HMAC-MD5 -b 512 -n HOST home.dynamic.n0where.net

This creates two files, which will be named differently based on individual runs.



File Content:


home.dynamic.n0where.net. IN KEY 512 3 157 <key>


Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: <key>
Bits: AAA=
Created: 20160126233343
Publish: 20160126233343
Activate: 20160126233343


Key File

Next create a key file at /etc/bind/key.dynamic.n0where.net.

key dynamic.n0where.net. {
        algorithm HMAC-MD5;
        secret "<secret>";

Then add the following line to /etc/bind/named.conf.local to include the new key.

include "/etc/bind/key.dynamic.n0where.net";


Dynamic Zone

Add a zone for BIND.

// Dynamic zone
zone "dynamic.n0where.net" IN {
  type master;
  allow-transfer {none;};
  file "/etc/bind/db.dynamic.n0where.net";
  update-policy {
    key "dynamic.n0where.net.";

Define /etc/bind/db.dynamic.n0where.net file

$TTL 14400      ; 4 hours
dynamic.n0where.net         IN SOA  ziost.n0where.net. admin.n0where.net. (
                                9          ; serial
                                604800     ; refresh (1 week)
                                86400      ; retry (1 day)
                                2419200    ; expire (4 weeks)
                                604800     ; minimum (1 week)
                        NS      korriban.n0where.net

Restart BIND.



First transfer the .key and .private files down to the client system via your transport mechanism of choice. Once situated, chmod each file to 0400.

-r-------- 1 user user 128 Jan 26 17:58 Khome.dynamic.n0where.net.+157+62567.key
-r-------- 1 user user 229 Jan 26 17:58 Khome.dynamic.n0where.net.+157+62567.private


Update Script

The nsupdate tool in the dnsutils package will perform the update.


EXT_IP=$(wget -qO- http://ifconfig.me/ip)

cat <<EOF | nsupdate -k "$KEY"
server n0where.net
zone dynamic.n0where.net
update delete home.dynamic.n0where.net. A
update add home.dynamic.n0where.net. 86400 A $EXT_IP


Cron Schedule

A quick test with dig will show if the record updated.

$ dig @ +short home.dynamic.n0where.net

The script can be scheduled to run automatically on the client with cron.

$ crontab -l
*/15 * * * * /path/to/<script>

Leave a Reply

Your email address will not be published. Required fields are marked *