Bind9 DDNS

At Server Side:

apt install bind9

Generate an account named username1

# dnssec-keygen -a HMAC-SHA512 -b 512 -n USER username1

You will have such as new files Kusername1.+165+42799.key in currently folder

Show the key in the file

# cat Kusername1.+165+42799.key
calvincarol. IN KEY 0 3 165 Um1GdfXXYTUIBSvsl+rFErq+XhqUMB0JffM4qdmNq3XHiF9Rq9Uirvnu ZvsrSU836Xn8rJTmbpIYMe6WrGuznA==

At the key & domain config to bind, also-notify is the second DNS Server IP

# vi /etc/bind/vi named.conf.default-zones

key "username1" {
algorithm hmac-sha512;
secret "Um1GdfXXYTUIBSvsl+rFErq+XhqUMB0JffM4qdmNq3XHiF9Rq9Uirvnu ZvsrSU836Xn8rJTmbpIYMe6WrGuznA==";
};

zone "yourddnsdomain.com" IN {
type master;
file "/var/cache/bind/named.yourddnsdomain.com";
also-notify { xxx.xxx.xxx.xxx; };
update-policy { grant username1 name subdomain.yourddnsdomain.com. A; };
};

At Client Side:

apt install bind9

Copy the key file to client side

vi /root/do-nsupdate
#!/bin/bash

updateServer=ns1.masterdns.com
updateDomain=subdomain.yourddnsdomain.com
encryptKeyPath="/root/Kusername1.+165+42799.key"
checkIPWeb="http://checkip.amazonaws.com/"

CURRENT_IP=$(nslookup $updateDomain $updateServer| grep Address | grep -v "#53")
CURRENT_IP=$(echo ${CURRENT_IP:9})

EXT_IP=$(wget -qO- $checkIPWeb)

if [ $CURRENT_IP != $EXT_IP ]; then
KEY=$encryptKeyPath

cat <<EOF | nsupdate -k "$KEY"
server $updateServer
update delete $updateDomain. A
update add $updateDomain. 3600 A $EXT_IP
send
EOF
fi

chmod 755 /root/do-nsupdate

vi /etc/crontab
0 * * * * root /root/do-nsupdate

發佈留言

*