Rev 76 | Blame | Compare with Previous | Last modification | View Log | Download | RSS feed
See https://dnns.no/dynamic-dns-with-bind-and-nsupdate.html
Install the bin directory someplace (ie, /opt/bin) and definitely most
definitely, set ownership and permissions very, very strict.
Now, in ~root/.ssh/authorized_keys, create an entry similar to this:
command="/opt/bin/updatedns", ssh-rsa AAAAB3NzaC.... root@servername
where everything after the comma+space (you MUST have the space) is a key
from the machine allowed to do updates. That ssh key must be able to connect
with no password.
bin/keys/ must contain the rndc keys that allow us to talk to the BIND
server.
Following must be in /etc/bind/named.conf.local. Teh slave_server_1 & 2 are
the IP's of the slaves to be updated when an IP changes. The zone file will
be kept in /etc/bind/DYN/domain.name.dns (replace with your real domain
name)
======================================================
include "/etc/bind/keys.conf";
zone "dyndd.net" {
   type master;
   file "DYN/domain.name.dns";
   allow-update {
      key dyndd.net. ;
   };
   allow-transfer { slave_server_1; slave_server_2;  };
   also-notify { slave_server_2;  };
};
=======================================================
/etc/bind/keys.conf contains
=======================================================
key dyndd.net. {
   algorithm HMAC-MD5;
   secret "a key that was generated==";
};
=======================================================