![]() The first script took an IP address or a dash to indicate my ssh IP address, a zone name and that was it. The arguments were simple, although I’d later have to add a bit more. I took a few shortcuts since I didn’t expect to call this script manually except during testing. This, of course, assumes we are logged in via ssh. Here’s some code: echo "$SSH_CLIENT" | cut -d ' ' -f 1 First, we need to learn the remote address of the computer calling the script. But before we fix that, let’s look at some of the problems. The biggest problem with this scheme is that there is only one dynamic IP address allowed. The script would plug in new values and reload the DNS server using a control program known as rndc, more in a minute. I made a copy of the zone file, replace the serial number with $SERIAL and the dynamic IP address with $IP. My original template file format was simple. The script, of course, is a Bash script but it makes good use of Awk. A way to trigger the script from your local machine.A template that defines your DNS zone file (but isn’t your DNS zone file).Once you have your DNS server set up and an ssh session, there are only a few things to setup. If you need a primer on setting up Bind, you can read this article, as long as you remember to use your package manager in place of yum - unless your package manager is yum! Or you might prefer this one. Setting up ssh to not require a password is easy and highly recommended. You probably need root access, too, although I’ll show you how you won’t need it after setup, if you don’t mind allowing anyone logged into your account to update your IP address. ![]() In addition to the DNS server for a domain you control, you’ll also need ssh access to your server set up to use a certificate and not a password. I’ll show you how I dealt with that, but first, let’s talk about what you need to do this yourself. This worked until I wanted to handle more than one dynamic host at a time. I started out with a very simple script on the DNS server that would find the IP address of the caller and modify a template to create a DNS zone file and then reload the zone. Somehow, we need a way to make more records in this zone file that will point other hosts - maybe - to a different IP address. So the last line defines a host “and could have been written with “instead of “www” - that last period makes all the difference. ![]() For this file, is a shorthand for and anything without a period at the end will have appended to it. Finally, there are IN records that tell us different IP addresses. ![]() You can use a sequence counter or permute the date. There’s no real format to the number as long as every change results in a larger number. There’s also a serial number that servers use to tell that the record changed. That might be a bit long to wait if your IP address changes a lot. The value is in seconds, so this is an hour. The parts of interest here are the $TTL or time to live. Here’s a typical zone file ( RFC 1035 controls the format): zone file for In general, though, you will have a single file for each domain - zone in DNS speak - you control. I’m going to assume you already have Bind setup and you have a working knowledge of what DNS does. All the infrastructure remains on the DNS server. I wanted a system where the only thing needed on the client side was ssh. The problem is, I have a lot of client computers and many are set up differently. Most of these depend on setting up a secret key to allow for DNS updates and some sort of script that calls nsupdate or having the DHCP server do it. There are many ways to set up dynamic DNS if you are willing to have a great deal of structure on both sides. This is a common setup, but if you have a different system you might have to adapt a bit. I’m going to show you how I do it with an accessible Linux server running Bind. However, if you have a single public accessible computer, for example a Web server or even a cloud instance, and you are running your own DNS server, you really don’t need one of those services. OpenWRT supports many such services and there are many lists of common services. If your router vendor supplies one, that might be a good choice, until you change routers, of course. That used to be great, but now it seems like many of them hound you to upgrade or constantly renew so you can see their ads. There are many ways to solve this problem and some of them are better than others.Ī lot of routers can report their IP address to a dynamic DNS server. Or maybe it is your laptop and it winds up in different locations with, again, different IP addresses. You want to access your computer remotely, but it is behind a router that randomly gets different IP addresses.
0 Comments
Leave a Reply. |