At Server Side:
apt install bind9
Generate an account named username1
# dnssec-keygen -a HMAC-SHA512 -b 512 -n USER username1
You will have such as new files Kusername1.+165+42799.key in currently folder
Show the key in the file
# cat Kusername1.+165+42799.key
calvincarol. IN KEY 0 3 165 Um1GdfXXYTUIBSvsl+rFErq+XhqUMB0JffM4qdmNq3XHiF9Rq9Uirvnu ZvsrSU836Xn8rJTmbpIYMe6WrGuznA==
At the key & domain config to bind, also-notify is the second DNS Server IP
# vi /etc/bind/vi named.conf.default-zones
key "username1" {
algorithm hmac-sha512;
secret "Um1GdfXXYTUIBSvsl+rFErq+XhqUMB0JffM4qdmNq3XHiF9Rq9Uirvnu ZvsrSU836Xn8rJTmbpIYMe6WrGuznA==";
};
zone "yourddnsdomain.com" IN {
type master;
file "/var/cache/bind/named.yourddnsdomain.com";
also-notify { xxx.xxx.xxx.xxx; };
update-policy { grant username1 name subdomain.yourddnsdomain.com. A; };
};
At Client Side:
apt install bind9
Copy the key file to client side
vi /root/do-nsupdate
#!/bin/bash
updateServer=ns1.masterdns.com
updateDomain=subdomain.yourddnsdomain.com
encryptKeyPath="/root/Kusername1.+165+42799.key"
checkIPWeb="http://checkip.amazonaws.com/"
CURRENT_IP=$(nslookup $updateDomain $updateServer| grep Address | grep -v "#53")
CURRENT_IP=$(echo ${CURRENT_IP:9})
EXT_IP=$(wget -qO- $checkIPWeb)
if [ $CURRENT_IP != $EXT_IP ]; then
KEY=$encryptKeyPath
cat <<EOF | nsupdate -k "$KEY"
server $updateServer
update delete $updateDomain. A
update add $updateDomain. 3600 A $EXT_IP
send
EOF
fi
chmod 755 /root/do-nsupdate
vi /etc/crontab
0 * * * * root /root/do-nsupdate
