Matt Pusateri wrote:
Words of wisdom... I'll see what I can do. :) Check out the slides from my December DNS presentation, which address doing remote updates with authenticated, signed TSIG keys. With a little bit of imagination, and some scripting, you're well on your way to running a dyndns.org-style server of your very own. The one lynch-pin in this scenario is of course the root name servers, updating those can be a little tricky, and will likely involve manual intervention.Triluger's
ok, if you manage your own domain and also dns. I would think it should not be too hard to roll your own dyndns.org type functionality, so that you could update your dynamic cable modem address to the dns server you run at work.
Any pointers in the right direction? With Mr. Joyner being the triangle's (trilug/ncsa) resident DNS guru, I would wager he might have some words of wisdom to impart or then again maybe not.
Matt Pusateri
Consider this scenario - you have root access to two computers, both of which have dynamic IP addresses that are relatively stable, but may change from time to time (changing less that once a week would be roughly the minimum requirement I'd think - certainly reasonable for DSL or Cable). You purchase a domain from your favorite registrar of choice, and then install BIND on each of the servers. Setup the domain on one server as a master, and the other server as a slave. Setup dynamic updates for this zone, and allow updates via TSIG keys. Write a short script that will examine the IP address of the current machine, compare it with the DNS record, and update the appropriate records if they are different. Optionally you may want it to fire off an email to you as well (more on why in a bit). You can then set this script to be run from cron, or from the if-up / if-down scripts for the interface, or by your dhcp-client if it's supported appropriately. You might even find a pre-canned version of this script w/ some googling, it's a relatively simple process, and I know others have done it before.
This setup will allow you to not only maintain DNS normal service for the entire zone, but you can then easily extend the service to other machines. You could have dozens, hundreds, even thousands of machines that update those servers, in order to keep your/their DNS zones updated with the proper addresses. Now I mentioned that there were a few problems, I'll cover them briefly. If your primary or secondary DNS server's IP address changes, you need to update not only the primary DNS server for your domain, but you also need to inform the registrars that the address has changed. You don't have to do this right away, necessarily, because the DNS entry for your secondary DNS will still be correct so queries will continue to work. Also, when a client's DNS server queries against your secondary they'll get an authoritative address for the primary from the secondary (as part of a glue record), so that'll also straighten itself out. But you will have to change it before the secondary changes, or things start to get messy. I don't know of any registrars that currently allow you to update the DNS in any naturally automated fashion, but I did once write a script for updating the joyner.ws domain with it's registrar via https, so I can attest to the fact that it's possible. It would be dramatically more convenient if they allowed updates via some more natural method (DNS TSIG updates would be ideal, SOAP wouldn't be terrible, etc), but perhaps that's a business model for some enterprising TriLUG member to take up. :)
Okay, I think I've given you the 10,000 foot view. You can google for the particulars, check the slides from my DNS class for the details on dynamic updates and TSIG keys if you like, and as always feel free to ask any questions that stump you here.
Happy DNS-ing! :)
Aaron S. Joyner apparently nominated "resident DNS guru" -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
