[Dnsmasq-discuss] Dynamic DNS
clemens fischer
ino-news at spotteswoode.dnsalias.org
Fri Jun 25 22:45:08 BST 2010
/dev/rob0 wrote:
> FWIW, Alberto, Windows clients do speak 2136. I think they do it by
> default, regardless of the type of nameserver they're contacting.
>
> A confusing thing about Alberto's description is the apparent idea
> that dnsmasq does not support dynamic DNS. On the contrary, that's
> what it does, exceptionally well, by combining the DHCPd with the
> nameserver. Dynamic DNS for DHCP clients is a strong point for
> dnsmasq.
This might be a good idea! Dnsmasq allows to include files and reread
them when they are modified.
Option "addn-hosts" comes to mind: an update script might append/replace
records like "<some-IP> <some-Host>" in a file.
>> What good is such a drastic DNS operation when no authentication is
>> defined? Other than that the RFC reads like a stripped down version
>> of
>
> Hmm? You can use dnssec-keygen(8) keys for authentication. I admit,
> I don't know as practical a way to do it in the real world; DynDNS's
> protocol and my HTTP+nsupdate hack are handy for associating one
> user's records with one authentication credential.
DNSSEC is an entirely different beast. It is to generate key-signing-
and zone-signing keys for verifying DNS responses.
You propably meant ddns-confgen(8), which is used to TSIG authenticate
within a DNS operation. But the problem is not how to make a secure
key, /dev/random would be enough for that, but how to send it to some
agent.
> That's why I think my HTTP+nsupdate hack was better than DynDNS's
> protocol. No special client needed, just a web browser (or a
> scriptable HTTP client like wget(1).)
Right.
I'm using a script whenever I get a new IP (${newip} in the script) from
the provider by DHCP:
#!/bin/sh
# bin/dyndns-update.sh
# _date: 20100222-1628_
#
# /l/etc/named.conf
# /etc/dhcpcd.exit-hook
# <url:man:1 nsupdate>
iam="${0##*/}"
ex=0
usage="${iam}: use ${iam} <zone> <ip>"
nsupdate="/usr/local/bin/nsupdate"
nsupdate_opts=""
nsupdate_opts="${nsupdate_opts} -l"
nsupdate_opts="${nsupdate_opts} -k /usr/local/etc/bind9/tsig-update.key"
zone="${1:?${usage}}"
newip="${2:?${usage}}"
spf1="v=spf1 ip4:${newip} a XXX XXX ~all"
update_rr="
zone ${zone}
prereq yxdomain ${zone}
update delete ${zone} 300 IN A
update add ${zone} 300 IN A ${newip}
update delete ${zone} 3600 IN TXT
update add ${zone} 3600 IN TXT \"${spf1}\"
send
answer
"
echo "${update_rr}" | ${nsupdate} ${nsupdate_opts}
ex=$?
exit ${ex}
and the key is made like this:
# ddns-confgen -k /l/etc/bind9/tsig-update.key -s XXX.eu.org
clemens
More information about the Dnsmasq-discuss
mailing list