| 76 |
rodolico |
1 |
See https://dnns.no/dynamic-dns-with-bind-and-nsupdate.html
|
|
|
2 |
|
|
|
3 |
Install the bin directory someplace (ie, /opt/bin) and definitely most
|
|
|
4 |
definitely, set ownership and permissions very, very strict.
|
|
|
5 |
|
|
|
6 |
Now, in ~root/.ssh/authorized_keys, create an entry similar to this:
|
|
|
7 |
|
|
|
8 |
command="/opt/bin/updatedns", ssh-rsa AAAAB3NzaC.... root@servername
|
|
|
9 |
|
|
|
10 |
where everything after the comma+space (you MUST have the space) is a key
|
|
|
11 |
from the machine allowed to do updates. That ssh key must be able to connect
|
|
|
12 |
with no password.
|
|
|
13 |
|
|
|
14 |
bin/keys/ must contain the rndc keys that allow us to talk to the BIND
|
|
|
15 |
server.
|
|
|
16 |
|
|
|
17 |
Following must be in /etc/bind/named.conf.local. Teh slave_server_1 & 2 are
|
|
|
18 |
the IP's of the slaves to be updated when an IP changes. The zone file will
|
|
|
19 |
be kept in /etc/bind/DYN/domain.name.dns (replace with your real domain
|
|
|
20 |
name)
|
|
|
21 |
======================================================
|
|
|
22 |
include "/etc/bind/keys.conf";
|
|
|
23 |
|
|
|
24 |
zone "dyndd.net" {
|
|
|
25 |
type master;
|
|
|
26 |
file "DYN/domain.name.dns";
|
|
|
27 |
allow-update {
|
|
|
28 |
key dyndd.net. ;
|
|
|
29 |
};
|
|
|
30 |
allow-transfer { slave_server_1; slave_server_2; };
|
|
|
31 |
also-notify { slave_server_2; };
|
|
|
32 |
};
|
|
|
33 |
=======================================================
|
|
|
34 |
|
|
|
35 |
/etc/bind/keys.conf contains
|
|
|
36 |
=======================================================
|
|
|
37 |
key dyndd.net. {
|
|
|
38 |
algorithm HMAC-MD5;
|
|
|
39 |
secret "a key that was generated==";
|
|
|
40 |
};
|
|
|
41 |
=======================================================
|
|
|
42 |
|