Blue Labs Software :: Bind9 Dynamic DNS HowTo
April 30th, 2002
First, a short list of things you need
Machine | |
---|---|
Server | Bind version 9, fully installed and operational as a DNS server |
Client (remote) | nsupdate from the Bind9 software suite |
Now, the list of steps needed to get this penguin dancing.
- On the server, create a key and ensure permissions are tight. Older
versions of BIND left a public readable file. I suggest more than 64 bits
as shown below. I'm using 64bits simply for shorter examples.
- cd /etc
- dnssec-keygen -a HMAC-MD5 -b 64 -n zone key-test
- chmod 600 Kkey-test.*
- ls -l Kkey-test.*
-rw------- 1 root root 40 Apr 30 12:14 Kkey-test.+157+05402.key
-rw------- 1 root root 69 Apr 30 12:14 Kkey-test.+157+05402.private
- Install this key in your named.conf file
- cat Kkey-test.+157+05402.key
key-test. IN KEY 256 3 157 kdhJT0+U5cA=
- Insert this hash value as the secret
key "key-test." { algorithm hmac-md5; secret "kdhJT0+U5cA="; }; - Add an allow-update statement for the zone this key is allowed to update
- Add the key to the zone file(s) you want to allow to be update with this key
zone "david.blue-labs.org" { type master; file "users/david/external-view/david.blue-labs.org"; allow-update { key "key-test."; }; }; - Build a script or program on the client to accomplish the update periodically
- copy the private half of the above generated key to the client side and reference the file in the update script.
No articles, software, or any item from Blue Labs Software,
http://blue-labs.org/, may be copied or reproduced by Newsforge.org or
Linux.com. These two sites may link only. All other sites may freely link
or copy. The upper staff of these two sites are a discredit to our
community. explained