[SOLVED] Way to update home IP in DNS automatically
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Rep:
Way to update home IP in DNS automatically
I have a leased server that also runs DNS, and there is a record (subdomain) for my home IP. It is used for certain purposes such as to VPN into my house. Problem is my ISP has a DHCP lease time of like 10 minutes, so any slight internet blip and I end up with a new IP, and if I'm not home to find out what my IP is then I lose connectivity. I also host a game server which also then is "down" till I can manually change the DNS record once I go home and find out what my IP is.
I want to setup some kind of script that connects to my leased server and updates the IP. What would be the best way of doing this? I'm thinking a special SSH account with key pair setup and it simply SSHes in and runs a script that updates a file with the originating IP (would run script from home). How would I go about programatically finding out my IP when connecting to a server from SSH. I'm thinking the w command and parsing out the username of the account. Is there an easier way?
Also, is there a way in bind I can setup a record entry to look in a text file for the IP? Idealy, is there a way to do this without having to restart bind to update the info? I don't really want to regenerate the whole record each time, that's kind of dirty, and if I want to make other changes to that record then I need to modify the script that generates it. Is there actually a way to modify a DNS entry live through command line? Basically what I'm thinking is have a script that runs as root, or the DNS user and it would read the IP address that the updater script wrote and then update DNS.
I'm open to any suggestions on a secure way of doing this.
There's also a couple places on the server where my home IP is hard coded such as the postfix mynetworks file so I can relay mail. So I'd probably want this updater script to update that too.
I bought a domain from dyn.com and run ddclient to update the record whenever it changes. I can log in to my home via domain name. It also updates the MX record so my mail works.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
I don't want to use one of those services as they come and go been through that already. I'm looking at a more DIY way as I want a sub domain to update only.
I already have an idea how I want to do it, it's just that it involves having to reload the dns service to change the IP and that seems dirty to me, I'm just wondering if there's a way to update a record on the fly without reloading. Issue with reloading named is you absolutely HAVE to be present as every now and then it might fail and that causes lot of chaos. A single syntax error and it fails to start so if for whatever reason the script did not run right I risk downtime. Also for whatever reason on that specific centos install if named fails to start, all the zones get deleted and I have to restore from backup. So it's a real pain in the ass if it happens and I'm not there to deal with it.
See chapter 10.2. "DNS Dynamic Update" of O'Reilly DNS and BIND or this or this?
Way not enough nfo. Somehow clairvoyance doesn't work today and it seems I've misplaced my Crystal Ball too. Bummer.
not looking for a solution to that issue (posted about it before with more details but never figured out the cause, I think it has to do with OVH using a custom kernel, lot of stuff does not work the same) just wanted to mention it and specify I did not want a solution that involves having it to restart due to that risk.
That info on dynamic DNS and nsupdate might be useful though I will read about that.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Original Poster
Rep:
Ok so nsupdate and the required config changes for the zone was useful info. Thanks for that, did not know about that feature of named. I think I got it working now. I am updating a test sub domain for now and when I feel that it's executing properly I will make it update the main one.
My only concern though is that now nsupdate works from anywhere in the world and anyone who guesses my key can update that zone to put whatever they want in it. This could be very bad. Is there a way to make it so it has to be from localhost only? I googled this real quick and it seems you can either make it work by IP OR key, but not both. I want to still use a key. Even if I have to use a global setting, that will be fine with me.
That said, this is how I'm going about doing this: I wrote a script on the online/DNS server that checks $SSH_CLIENT (I parse it as so: CURIP=`echo $SSH_CLIENT | awk -F ' ' '{print $1}'` and then checks it against a text file with the last IP that was updated. If it's different it then proceeds to generate a file which is then ran with nsupdate and the IP file is updated. On one of my home servers I have a cron job that SSHes into my server and runs the script. Brilliant if I say so myself. Elegant and secure. (once I figure out how to prevent nsupdates from outside the server that is)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.