Dynamic dns updates linux

Dynamic DNS

Dynamic DNS (DDNS or DynDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information. The term is used to describe two different concepts. The first is «dynamic DNS updating» which refers to systems that are used to update traditional DNS records without manual editing. These mechanisms are explained in RFC 2136, and use the TSIG mechanism to provide security. The second kind of dynamic DNS permits lightweight and immediate updates often using an update client, which do not use the RFC2136 standard for updating DNS records. These clients provide a persistent addressing method for devices that change their location, configuration or IP address frequently.

For RFC2136 there is nsupdate(1) from bind . For dynamic DNS services there are several packages available, see #Update clients.

Contents

Router

If the device needing DDNS sits behind a router, you should first check if the router itself can update any DDNS services. Although the selection of services may be limited, there are several advantages to using the router: it will probably be easier to set up, will require little to no maintenance, and will have no downtime (if the router is down you will not have Internet anyway).

Update clients

Note that some dynamic DNS providers do not require a dedicated client and can be updated with cURL.

Multi-service clients

• ddclient — Update dynamic DNS entries for accounts on many dynamic DNS services.

https://github.com/ddclient/ddclient || ddclient

• ddnsc — A simple & lightweight client written in python.

https://github.com/shyaminayesh/ddnsc || ddnscAUR

• inadyn-fork — Dynamic DNS client with SSL/TLS support.

https://troglobit.com/inadyn.html || inadyn-forkAUR , inadyn-fork-gitAUR

• inadyn-mt — A simple dynamic DNS client based on inadyn.

http://inadyn-mt.sourceforge.net/ || inadyn-mtAUR

• ndyndns — Supports DynDNS and Namecheap.

https://github.com/niklata/ndyndns || ndyndnsAUR

Single-service clients

• duckdns — Update your DuckDNS.org entries from your computer with systemd.

https://www.duckdns.org/ || duckdnsAUR , duckdns-ipv6AUR

• hetzner_ddns — Dynamic DNS daemon for Hetzner DNS

https://github.com/filiparag/hetzner_ddns || hetzner_ddnsAUR

• noip — Dynamic DNS Client Updater for no-ip.com services.

https://www.no-ip.com/downloads.php?page=linux || noipAUR

• petrified — Bash client to update dynamic DNS at freedns.afraid.org.

https://gitlab.com/troyengel/petrified || petrifiedAUR

ddclient

ddclient is compatible with many DDNS services and is the recommended tool for updating DDNS if your router is not an option. It includes systemd support.

After installing, edit the configuration file /etc/ddclient/ddclient.conf to set up your DDNS provider (it includes many examples). Then enable and start ddclient.service .

The configuration can be tested by running ddclient with the -noquiet and -debug options:

Some of the compatible services are listed below, but you can also check the examples and protocols for more.

ddclient compatible services

Service	Configuration notes
Now-DNS	example
ChangeIP	example
Duck DNS	example
FreeDNS	example
No-IP	Use protocol noip , server dynupdate.no-ip.com
nsupdate.info	Use protocol dyndns2
Dyn DNS	example
Namecheap	example
Dynu	example

Use an external website to determine IP address

If ddclient is unable to detect your IP address, you can configure ddclient to fetch your IP from an external webpage such as checkip.dyndns.org. This address is used by default when use=web is specified. It is also recommended to increase the check interval to avoid frequent requests to the IP check service:

An alternative IP check service can be specified with the web key:

Starting ddclient after networking is up

If you find that ddclient is unable to update your IP properly, it may be that the ddclient process is starting before networking is up. To fix it, you can edit the unit file to depend on network-online.target.

Other providers

Other DDNS providers are not compatible with ddclient so updating your IP with them may require a special tool or some custom scripting. Remember that if the service allows you to update your IP using the command line, you can automate the process using tools such as cron or systemd/Timers.

Источник

Установка и настройка DNS + DHCP с динамическим обновлением зон в Ubuntu 16.04

Apr 6, 2017 13:56 · 719 words · 4 minute read dns dhcp

Даже в небольших организациях для упрощения администрирования локальной сети необходимы один или несколько DNS (Domain Name System — система доменных имён) и DHCP (Dynamic Host Configuration Protocol — протокол динамической настройки узла) серверов.

Давайте рассмотрим процесс установки DNS и DHCP серверов, а также разберемся с настройкой динамического обновления DNS-зон в операционной системе Ubuntu 16.04!

Установка DNS-сервера выполняется командой:

DHCP-сервер устанавливаем следующим образом:

Редактируем конфигурационный файл /etc/bind/named.conf.options и приводим его к следующему виду:

Здесь важными являются директивы forwarders (вышестоящие DNS-сервера, на которые будет переадресован запрос при отсутствии информации о хосте на локальном сервере) и listen-on (с каких сетей или IP адресов локальный DNS-сервер будет обслуживать запросы).

Далее создадим файлы зон (прямого и обратного просмотра) и добавить их в конфигурацию DNS-сервера. По умолчанию предлагается создавать файлы зон в каталоге /etc/bind/zones/ , но в будущем это вызовет проблемы с их динамическим обновлением, поэтому мы будем создавать файлы зон в папке /var/lib/bind/ .

Исходные данные для создания зон:

• имя домена — lc ;
• имя DNS-сервера — ns.lc ;
• ip-адрес DNS-сервера — 192.168.0.218 .

Создаем файл зоны прямого просмотра:

Содержимое файла следующее:

Создаем файл зоны обратного просмотра:

Содержимое файла выглядит следующим образом:

Добавляем ссылки на только что созданные зоны в конфигурационный файл /etc/bind/named.conf.local :

Здесь именно благодаря строке allow-update < key rndc-key; >; будет возможно динамическое обновление зон.

Можно просмотреть содержимое файла rndc-key :

Теперь проверим правильность синтаксиса конфигурационных файлов DNS-сервера:

Если все выполнено правильно, то вывод этой команды должен быть пуст.

Перезапускаем DNS-сервер командой:

Далее приступаем к настройке DHCP-сервера, приводим конфигурационный файл /etc/dhcp/dhcpd.conf к следующему виду:

Для применения изменений перезапускаем службу DHCP:

Теперь, при появлении нового компьютера в локальной сети, DHCP-сервер выдаст ему свободный ip-адрес из определенного диапазона и обновит DNS-зоны (при этом в каталоге с зонами также будут созданы два файла с расширением .jnl ).

Если бы мы создавали файлы зон в каталоге по умолчанию ( /etc/bind/zones/ ), то столкнулись бы со следующими ошибками в логах:

На этом все, установка и настройка DNS и DHCP серверов с динамическим обновлением зон в Ubuntu 16.04 закончена.

Источник

Linux IP Updater for Dynamic Networks

Overview

This Knowledge Base article will show you how to set up an IP updater on Linux, in order to keep the dynamic IP address of your network up to date.

Linux IP updater

The ddclient is an open-source dynamic IP updater client written in Perl. If your Linux distribution does not have a recent version of ddclient, you can download the tar file here. You can also install it by executing sudo apt-get install ddclient in a terminal. Please keep in mind that this command works only on Debian-based distributions. For RPM-based distributions, please try sudo yum install ddclient .

To use ddclient with OpenDNS, after you install it on your machine, you have to set it up properly by modifying its configuration file which is located at /etc/ddclient.conf . Please use the following configuration outline, while supplementing the account login, password, and network label lines:

##
## OpenDNS.com account-configuration
##
protocol=dyndns2
use=web, web=myip.dnsomatic.com
ssl=yes
server=updates.opendns.com
login=opendns_username
password=’opendns_password’
opendns_network_label

Notes:

1. The login is your email address with OpenDNS.
2. If you have special characters in your password wrap the password in single-quotes ( ‘ ). If there are any single-quotes in your password, put backslash ( \ ) before the single-quote to escape the character.
3. ‘opendns_network_label’ is the label given to the network you’re updating in your account. You can find the network label in the Settings Tab of the OpenDNS Dashboard. If you’re an Umbrella customer, this is the name of the Network you’ve enabled Dynamic updates for in the Configuration. If you have spaces in your network label, replace them with an underscore ( _ )

In order to turn on the updater, please execute the command sudo service ddclient start in a terminal. You can check its status with sudo service ddclient status and you can stop it with the command sudo service ddclient stop . Please keep in mind that ddclient doesn’t automatically start when your system boots, but this can be scheduled using either cron or systemd.

Troubleshooting

Your IP address belongs to a different network

When this issue occurs, sudo service ddclient status returns the following error message:

This happens most often when using someone else’s network (e.g. public wireless hotspot, a friend’s wireless network etc.). Each OpenDNS user is uniquely identified by an IP address. If you use someone else’s connection which is already configured to use the OpenDNS service, we then detect that more than one OpenDNS account claims to use the same IP address.

If you’re temporarily using someone else’s network connection, you can ignore this error. If you believe this IP address really belongs to you, you can contact support.

ddclient is stuck

When this issue occurs, sudo service ddclient status returns the following warning message:

This happens most often when you’re trying to update your dynamic IP address many times in too short of a period by restarting the ddclient service. In this case, in order to instantly fix this issue, please delete the file /var/cache/ddclient/ddclient. cache. You can delete it by executing the command sudo rm /var/cache/ddclient/ddclient. cache in a terminal.

Источник

nsupdate(8) — Linux man page

Synopsis

Description

nsupdate is used to submit Dynamic DNS Update requests as defined in RFC2136 to a name server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record.

Zones that are under dynamic control via nsupdate or a DHCP server should not be edited by hand. Manual edits could conflict with dynamic updates and cause data to be lost.

The resource records that are dynamically added or removed with nsupdate have to be in the same zone. Requests are sent to the zone’s master server. This is identified by the MNAME field of the zone’s SOA record.

The -d option makes nsupdate operate in debug mode. This provides tracing information about the update requests that are made and the replies received from the name server.

Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC2845. The signatures rely on a shared secret that should only be known to nsupdate and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance suitable key and server statements would be added to /etc/named.conf so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that will be using TSIG authentication. nsupdate does not read /etc/named.conf.

nsupdate uses the -y or -k option to provide the shared secret needed to generate a TSIG record for authenticating Dynamic DNS update requests. These options are mutually exclusive. With the -k option, nsupdate reads the shared secret from the file keyfile, whose name is of the form K.+157.+.private. For historical reasons, the file K.+157.+.key must also be present. When the -y option is used, a signature is generated from keyname:secret. keyname is the name of the key, and secret is the base64 encoded shared secret. Use of the -y option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from ps(1) or in a history file maintained by the user’s shell.

By default nsupdate uses UDP to send update requests to the name server. The -v option makes nsupdate use a TCP connection. This may be preferable when a batch of update requests is made.

Input Format

nsupdate reads input from filename or standard input. Each command is supplied on exactly one line of input. Some commands are for administrative purposes. The others are either update instructions or prerequisite checks on the contents of the zone. These checks set conditions that some name or set of resource records (RRset) either exists or is absent from the zone. These conditions must be met if the entire update request is to succeed. Updates will be rejected if the tests for the prerequisite conditions fail.

Every update request consists of zero or more prerequisites and zero or more updates. This allows a suitably authenticated update request to proceed if some specified resource records are present or missing from the zone. A blank input line (or the send command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server.

The command formats and their meaning are as follows: server servername [ port ] Sends all dynamic update requests to the name server servername. When no server statement is provided, nsupdate will send updates to the master server of the correct zone. The MNAME field of that zone’s SOA record will identify the master server for that zone. port is the port number on servername where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used. local address [ port ] Sends all dynamic update requests using the local address. When no local statement is provided, nsupdate will send updates using an address and port chosen by the system. port can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one. zone zonename Specifies that all updates are to be made to the zone zonename. If no zone statement is provided, nsupdate will attempt determine the correct zone to update based on the rest of the input. class classname Specify the default class. If no class is specified the default class is IN. key name secret Specifies that all updates are to be TSIG signed using the keyname keysecret pair. The key command overrides any key specified on the command line via -y or -k. prereq nxdomain domain-name Requires that no resource record of any type exists with name domain-name. prereq yxdomain domain-name Requires that domain-name exists (has as at least one resource record, of any type). prereq nxrrset domain-name [ class ] type Requires that no resource record exists of the specified type, class and domain-name. If class is omitted, IN (internet) is assumed. prereq yxrrset domain-name [ class ] type This requires that a resource record of the specified type, class and domain-name must exist. If class is omitted, IN (internet) is assumed. prereq yxrrset domain-name [ class ] type data. The data from each set of prerequisites of this form sharing a common type, class, and domain-name are combined to form a set of RRs. This set of RRs must exactly match the set of RRs existing in the zone at the given type, class, and domain-name. The data are written in the standard text representation of the resource record’s RDATA. update delete domain-name [ ttl ] [ class ] [ type [ data. ] ] Deletes any resource records named domain-name. If type and data is provided, only matching resource records will be removed. The internet class is assumed if class is not supplied. The ttl is ignored, and is only allowed for compatibility. update add domain-name ttl [ class ] type data. Adds a new resource record with the specified ttl, class and data. show Displays the current message, containing all of the prerequisites and updates specified since the last send. send Sends the current message. This is equivalent to entering a blank line.

Lines beginning with a semicolon are comments and are ignored.

Examples

The examples below show how nsupdate could be used to insert and delete resource records from the example.com zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for example.com. Any A records for oldhost.example.com are deleted. and an A record for newhost.example.com it IP address 172.16.1.1 is added. The newly-added record has a 1 day TTL (86400 seconds) The prerequisite condition gets the name server to check that there are no resource records of any type for nickname.example.com. If there are, the update request fails. If this name does not exist, a CNAME for it is added. This ensures that when the CNAME is added, it cannot conflict with the long-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have SIG, KEY and NXT records.)

Files

See Also

The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases.

Источник