[Dnsmasq-discuss] dyndns-style addition of names
Aaron D. Brooks
aaron.brooks at sicortex.com
Mon Apr 2 03:15:38 BST 2007
On Sun, Apr 01, 2007 at 04:32:02PM -0400, Stefan Monnier wrote:
> I have a remote machine whose IP address is not static. I could use
> a dyndns.org service, but I'd much rather keep this less public.
>
> That machine can and does connect via SSH to my dnsmasq home server
> fairly regularly. What would you recommend I do to add an entry in my local
> home domain?
>
> Let's say I want to call my remote machine "remote.home" in my home network.
> Currently I add/update a "<ipaddresse> remote.home" line in my /etc/hosts
> file and then kill -HUP the "dnsmasq" ?
>
> The problem with that option is that the remote host does not ssh-in as
> root, so it can't change /etc/hosts nor kill-hup the dnsmasq daemon. So I
> have to use a cron daemon to poll some other file and do that.
>
> Does anyone have a better idea? Ideally I'd want dnsmasq to poll an
> etc/hosts-like file directly.
Stefan,
dnsmasq can read additional hosts files with the (--)addn-hosts
option. It seems reasonable that you could specify a file which is
writable by the SSH capable user and stick only the hostname of the
remote system in there. This setup makes a great ssh pushbutton, i.e.
a passwordless private key with a hard coded command in the authorized
keys file:
command="/home/my_user/bin/ddns-host.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <... public key ...>
Where ddns-host.sh could be:
#!/bin/bash
myhostname=mobile.foo.tld
# May yield IPv6 form of IPv4 address
myip=${SSH_CLIENT%% *}
# dnsmasq serves IPv6 addresses so you shouldn't actually need to
# do this.
myip=${myip##::ffff:}
echo "$myip $myhostname" > /path/to/addn-host.file
###
# HUP or dbus here...
###
Now, to get dnsmasq to reload you could use one of several mechanisms:
- Another SSH pushbutton key for my_user to run which is in root's
authorized_keys file and only can do a "killall -HUP dnsmasq"
- A sudo entry which allows my_user to do a "killall -HUP dnsmasq"
- You could make a hupdnsmasq set-uid executable (ew...)
- dbus may be able to allow a different user to send
a "ClearCache" method call to dnsmasq.
Someone no doubt has a better idea than the above but they're what
I could think of at the moment.
-Aaron
--
Aaron Brooks, Senior Software Engineer
SiCortex, Inc. [ http://sicortex.com ]
Teraflops from Milliwatts
More information about the Dnsmasq-discuss
mailing list