Create your own dynamic subdomain

I run my own dns servers and I use a subdomain as a dynamic dns service. This tutorial shows how to create such a service.

1. Create DNS entries

A record for dnsdynamic.domain.com (ip of dns server)

NS record for dynamic.domain.com refering to dnsdynamic.domain.com

2. Install bind9: "apt-get install bind9"

3. Create settings for bind9

Add vars: "zone=dynamic.domain.com"

You can test the config call with: "ddns-confgen -r /dev/urandom -s $zone."

Complete command is: "ddns-confgen -r /dev/urandom -q -a hmac-md5 -k key$zone -s $zone. | cat /etc/bind/$zone.keys"

The output is


key "keydynamic.domain.com" {
algorithm hmac-md5;
secret "DONTPUBLISHTHIS";
};

Limit access to the zone key file: "chown root:bind $etcdir/$zone.keys && chmod u=rw,g=r,o= $etcdir/$zone.keys"

Create configuration: "nano /var/cache/bind/$zone"


$ORIGIN .
$TTL 3600 ; 1 hour

dynamic.domain.com IN SOA dnsdynamic.domain.com. hostmaster.dnssynamic.domain.com. (
1 ; serial (start at 1 for a dynamic zone)
3600 ; refresh by secondaries
600 ; retry (every 10 minutes if refresh fails)
604800 ; expire (slaves remove the record after 1 week if they could not refresh it)
300 ; minimum ttl for negative answers (5 minutes)
)

dynamic.domain.com. IN NS dnsdynamic.domain.com
$ORIGIN dynamic.domain.com

Edit configuration: "nano /etc/bind/named.conf.local"


// key
include "/etc/bind/dynamic.domain.com.keys";

// zone
zone "dynamic.domain.com" {
type master;
file "/var/cache/bind/dynamic.domain.com";
update-policy {
grant keydynamic.domain.com subdomain dynamic.domain.com.;
};
};

Reload configuration: "rndc reload && sleep 5 && tail -n 50 /var/log/daemon.log | grep named"

4. Create update script: "nano ~/updatetest.sh"


cat <<EOF | nsupdate -v -k /etc/bind/dynamic.domain.com.keys
server dnsdynamic.domain.com
zone dynamic.domain.com.
update delete test.dynamic.domain.com.
update add test.dynamic.domain.com. 600 A $1
update add test.dynamic.domain.com. 600 TXT "Updated subdomain $(date)"
send
EOF

5. Call update script: "sh ~/updatetest.sh 127.0.0.1"

6. Check configuration: "dig @127.0.0.1 test.dynamic.domain.com ANY"

Output is


; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @127.0.0.1 test.dynamic.domain.com ANY
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30659
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;test.dynamic.domain.com. IN ANY

;; ANSWER SECTION:
test.dynamic.domain.com. 600 IN TXT "Updated subdomain Tue Apr 8 04:38:29 EDT 2014"
test.dynamic.domain.com. 600 IN A 127.0.0.1

;; AUTHORITY SECTION:
dynamic.domain.com. 60 IN NS dnsdynamic.domain.com.

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 8 04:40:34 2014
;; MSG SIZE rcvd: 141

7. Update script for all subdomains: "nano ~/ddns.sh"


cat <<EOF | nsupdate -v -k /etc/bind/dynamic.domain.com.keys
server dnsdynamic.domain.com
zone dynamic.domain.com.
update delete $1.dynamic.domain.com.
update add $1.dynamic.domain.com. 600 A $2
update add $1.dynamic.domain.com. 600 TXT "Updated subdomain $(date)"
send
EOF

Call: "sh ~/ddns.sh test2 127.0.0.1" to update test2.dynamic.domain.com.

Nice guide, good content! But bind is the devil!

Good tutorial, especially in light of the recent announcement from Dyn that they're shutting down their free dynamic DNS service.

I noticed that your tutorials are getting better and better.

• You use vars to simplify commads (I will adopt this)
• You format file contents and add outputs
• You use bash for scripting

One point to add:

If you would create keys for each subdomain and change the update-policy to:


zone "dynamic.domain.com" {
type master;
file "/var/cache/bind/dynamic.domain.com";
update-policy {
grant *.dynamic.domain.com self dynamic.domain.com.;
};
};

You would be able to forward the keys to someone else to update his subdomain.

Thanks for the Guide, it really works for me.

Nice tutorial.