Setting up dynamic DNS on Linux

So now you've got that crazy fast broadband from insert_isp_name_here and you've got your server or workstation at home that has a domain name. But your IP keeps changing! Grr. What now? Dynamic DNS of course! Fortunately, Linux has everything you need to make this go.

First, you're gonna need a Unix/Linux server with Bind running your domain on it, let's say, yourdomain.com. If you don't have this, sorry, I can't help you out on that, yet.

From your DNS server, as root, run this:

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST dnsserver.yourdomain.com

This will output 2 keyfiles into the current directory. The filenames will start with Kdnsserver.yourdomain.com. Copy these files to your bind configuration directory for safe keeping:

mv Kdnsserver.yourdomain.com* /var/named/

Then open your named.conf file (vi /etc/named.conf) and add this to the top of the file:

include "/etc/dns.keys.conf";

Look at the contents of your /var/named/Kdnsserver.yourdomain.com.*.private file and find the key. Copy it to the clipboard or write it down. We'll use in next.

Then edit a new file called /etc/dns.keys.conf (vi /etc/dns.keys.conf) and add these lines:

key dnsserver.yourdomain.com. {
algorithm hmac-md5;
secret "WiAwikg4O6nQisUzP6isfX==";
};

Use the key from above in the "secret" field. It should look similar to the one above, but definitely not the same.

Now restart your nameservice (/etc/init.d/named restart).

Linux Client
Copy the /var/named/Kdnsserver.yourdomain.com.* files to your dynamic IP machine.

Now, from your dynamic IP machine, as root, copy the keyfiles to /etc/.

Download my updatedns.pl script into your root directory.

Edit the variables at the start of the file to reflect your domains and keyfile.

Run ./updatedns.pl to test that it operates correctly. If you get an error like "TSIG error with server: clocks are unsynchronized", your clock needs to be updated either on your server, dns server, or both.

After you have determined that updatedns.pl is updating your DNS properly, add it into the crontab (crontab -e):

* * * * * /root/updatedns.pl

Windows Client
Go get DirectUpdate (local copy) and install it.

Go to the status tab in the DirectUpdate admin and create an account.

Set the account type to BIND/Win2K DNS Server.

Set the domain you wish to update, set the TISG key name to dnsserver.yourdomain.com

Copy and paste in the key you generated above (WiAwikg4O6nQisUzP6isfX==) into TSIG key.

On the advanced settings tab, select Perform updates using secure protocol.

Click ok and close the admin program.

And that's it!