[Dnsmasq-discuss] dyndns-style addition of names

Aaron D. Brooks aaron.brooks at sicortex.com
Mon Apr 2 03:15:38 BST 2007 

On Sun, Apr 01, 2007 at 04:32:02PM -0400, Stefan Monnier wrote:
> I have a remote machine whose IP address is not static.  I could use
> a dyndns.org service, but I'd much rather keep this less public.
> 
> That machine can and does connect via SSH to my dnsmasq home server
> fairly regularly.  What would you recommend I do to add an entry in my local
> home domain?
> 
> Let's say I want to call my remote machine "remote.home" in my home network.
> Currently I add/update a "<ipaddresse> remote.home" line in my /etc/hosts
> file and then kill -HUP the "dnsmasq" ?
> 
> The problem with that option is that the remote host does not ssh-in as
> root, so it can't change /etc/hosts nor kill-hup the dnsmasq daemon.  So I
> have to use a cron daemon to poll some other file and do that.
> 
> Does anyone have a better idea?  Ideally I'd want dnsmasq to poll an
> etc/hosts-like file directly.

Stefan,

    dnsmasq can read additional hosts files with the (--)addn-hosts
option. It seems reasonable that you could specify a file which is
writable by the SSH capable user and stick only the hostname of the
remote system in there. This setup makes a great ssh pushbutton, i.e.
a passwordless private key with a hard coded command in the authorized
keys file:

command="/home/my_user/bin/ddns-host.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <... public key ...>

Where ddns-host.sh could be:

    #!/bin/bash

    myhostname=mobile.foo.tld

    # May yield IPv6 form of IPv4 address
    myip=${SSH_CLIENT%% *}

    # dnsmasq serves IPv6 addresses so you shouldn't actually need to
    # do this.
    myip=${myip##::ffff:}

    echo "$myip $myhostname" > /path/to/addn-host.file

    ###
    # HUP or dbus here...
    ###

Now, to get dnsmasq to reload you could use one of several mechanisms:

    - Another SSH pushbutton key for my_user to run which is in root's
      authorized_keys file and only can do a "killall -HUP dnsmasq"

    - A sudo entry which allows my_user to do a "killall -HUP dnsmasq"

    - You could make a hupdnsmasq set-uid executable (ew...)

    - dbus may be able to allow a different user to send
      a "ClearCache"  method call to dnsmasq.

Someone no doubt has a better idea than the above but they're what
I could think of at the moment.

-Aaron

--
Aaron Brooks, Senior Software Engineer
SiCortex, Inc. [ http://sicortex.com ]
Teraflops from Milliwatts

More information about the Dnsmasq-discuss mailing list