Create your own dynamic DNS using Bind9
Dynamic DNS with BIND9 and your own Domain
If you are tired of using commercial (or free-like commercial) dynamic dns providers, having to use their funny(!) domain names appended to your super- serious hostname and think that it’s time to roll up your own DNS server then follow..
I will explain the steps according to Ubuntu Linux but I think you can apply the same or slightly different on other distros and then please, just let people know how your steps differ. Let’s start..
1. Install Bind 9 Package
sudo apt install bind9 bind9utils bind9-doc dnsutils2. Create your dnssec key
Run this command to create your dnssec key to be included in the configuration and to be used to update the dns record(s) remotely. We will later use a script to the update periodically.
1. Create your dnssec key
Run this command to create your dnssec key to be included in the configuration and to be used to update the dns record(s) remotely. We will later use a script to the update periodically.
Adding working directory:
mkdir /etc/dyndns/
cd /etc/dyndns/Generating the authentication keys:
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST youdomain.comCode review...
sudo nano /etc/dyndns/youdomain.comExample:
key "youdomain.com." {
algorithm hmac-md5;
secret "ddghfgh/fghfghgfhfghfgmnmmbnm/GJv+4/bnmbnmbn546456mbmbnmtztzert56z/R2m//2hA==";
};Adding the keys:
sudo nano /etc/bind/key.youdomain.comExample:
key "youdomain.com." {
algorithm hmac-md5;
secret "ddghfgh/fghfghgfhfghfgmnmmbnm/GJv+4/bnmbnmbn546456mbmbnmtztzert56z/R2m//2hA==";
};2. Edit:
sudo nano /etc/bind/named.conf.local
Now we can edit bind configuration to point our key secret and zone file. We can just copy/paste the key definition (the block in orange color above) and create the zone definition. Be sure to add the “allow-update” section that ties the zone and the key. For this, you can copy/paste allow-update part as ddns-confgen tool says. (Above in green color)
# Key
include "/etc/bind/key.youdomain.com";
# Add this lines
zone "youdomain.com" {
type master;
file "/etc/bind/zones/youdomain.com.zone";
allow-query { any; };
allow-update { key "key.youdomain.com";};
};3. Of course, you have a zone file
sudo nano /etc/bind/zones/youdomain.com.zone:
$ORIGIN .
$TTL 60 ; 1 minute
example.com IN SOA ns1.youdomain.com. admin.youdomain.com. (
2015011651 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS ns1.youdomain.com.
NS ns2.youdomain.com.
A 192.168.1.100
MX 0 mail.youdomain.com.
$ORIGIN youdomain.com.4. Server configuration is done
Now we can restart the name server and continue with the client configuration.
sudo service bind9 restart
5. Client configuration
Create the key file with the content to contain the same key we created on the server earlier.
sudo nano /etc/dyndns/key.youdomain.comAdding the keys:
key "youdomain.com." {
algorithm hmac-md5;
secret "ddghfgh/fghfghgfhfghfgmnmmbnm/GJv+4/bnmbnmbn546456mbmbnmtztzert56z/R2m//2hA==";
};6. Update script
Create the update shell script.
sudo nano /etc/dyndns/update.youdomain.com.sh
#! /bin/sh
ns=server ip or domain
zone=youdomain.com
host=www
ipv4=$(wget -q -O -https://ipv4.info.tiekoetter.net/ip/)
cat << EOF | nsupdate -k /etc/dyndns/key.youdomain.com
server $ns
zone $zone.
update delete $zone.
update add $zone. 60 A $ipv4
send
EOFMake it executable
chmod +x /etc/dyndns/update.youdomain.com.sh7. Cron
Open the cron configuration to add schedule the upgrade script
crontab -eAdd the line to run the update script in every 5 minutes
*/5 * * * * /etc/dyndns/update.youdomain.com.shFix eror named jnl: create: permission denied
sudo nano /etc/apparmor.d/local/usr.sbin.named
/etc/bind/zones/** rw,