Create your own dynamic DNS using Bind9

Dynamic DNS with BIND9 and your own Domain

If you are tired of using commercial (or free-like commercial) dynamic dns providers, having to use their funny domain names appended to your super- serious hostname and think that it’s time to roll up your own DNS server then follow..

I will explain the steps according to Ubuntu Linux but I think you can apply the same or slightly different on other distros and then please, just let people know how your steps differ. Let’s start..

1. Install Bind 9 Package

sudo apt install bind9 bind9utils bind9-doc dnsutils

2. Create your dnssec key
Run this command to create your dnssec key to be included in the configuration and to be used to update the dns record(s) remotely. We will later use a script to the update periodically.

1. Create your dnssec key
Run this command to create your dnssec key to be included in the configuration and to be used to update the dns record(s) remotely. We will later use a script to the update periodically.

Adding working directory:

mkdir /etc/dyndns/
cd /etc/dyndns/

Generating the authentication keys:

dnssec-keygen -a HMAC-MD5 -b 512 -n HOST youdomain.com

Code review...

sudo nano /etc/dyndns/youdomain.com

Example:

key "youdomain.com." {
  algorithm hmac-md5;
  secret "ddghfgh/fghfghgfhfghfgmnmmbnm/GJv+4/bnmbnmbn546456mbmbnmtztzert56z/R2m//2hA==";
};

Adding the keys:

sudo nano /etc/bind/key.youdomain.com

Example:

key "youdomain.com." {
  algorithm hmac-md5;
  secret "ddghfgh/fghfghgfhfghfgmnmmbnm/GJv+4/bnmbnmbn546456mbmbnmtztzert56z/R2m//2hA==";
};

2. Edit:

sudo nano /etc/bind/named.conf.local


Now we can edit bind configuration to point our key secret and zone file. We can just copy/paste the key definition (the block in orange color above) and create the zone definition. Be sure to add the “allow-update” section that ties the zone and the key. For this, you can copy/paste allow-update part as ddns-confgen tool says. (Above in green color)

# Key
include "/etc/bind/key.youdomain.com";

# Add this lines
zone "youdomain.com" {
  type master;
  file "/etc/bind/zones/youdomain.com.zone";
  allow-query { any; };
  allow-update { key "key.youdomain.com";};
};

3. Of course, you have a zone file
sudo nano /etc/bind/zones/youdomain.com.zone:

$ORIGIN .
$TTL 60 ; 1 minute
example.com   IN SOA  ns1.youdomain.com. admin.youdomain.com. (
        2015011651 ; serial
        604800     ; refresh (1 week)
        86400      ; retry (1 day)
        2419200    ; expire (4 weeks)
        604800     ; minimum (1 week)
        )
      NS  ns1.youdomain.com.
      NS  ns2.youdomain.com.
      A 192.168.1.100
      MX  0 mail.youdomain.com.
$ORIGIN youdomain.com.

4. Server configuration is done

Now we can restart the name server and continue with the client configuration.

sudo service bind9 restart

5. Client configuration
Create the key file with the content to contain the same key we created on the server earlier.

sudo nano /etc/dyndns/key.youdomain.com

Adding the keys:

key "youdomain.com." {
  algorithm hmac-md5;
  secret "ddghfgh/fghfghgfhfghfgmnmmbnm/GJv+4/bnmbnmbn546456mbmbnmtztzert56z/R2m//2hA==";
};

6. Update script
Create the update shell script.
sudo nano /etc/dyndns/update.youdomain.com.sh

#! /bin/sh

ns=server ip or domain
zone=youdomain.com
host=www

ipv4=$(wget -q -O -https://ipv4.info.tiekoetter.net/ip/)

cat << EOF | nsupdate -k /etc/dyndns/key.youdomain.com

server $ns

zone $zone.
update delete $zone.
update add $zone. 60 A $ipv4
send
EOF

Make it executable

chmod +x /etc/dyndns/update.youdomain.com.sh

7. Cron
Open the cron configuration to add schedule the upgrade script

crontab -e

Add the line to run the update script in every 5 minutes

*/5 * * * * /etc/dyndns/update.youdomain.com.sh

Fix eror named jnl: create: permission denied

sudo nano /etc/apparmor.d/local/usr.sbin.named

/etc/bind/zones/** rw,