repak shawahb

a.k.a. gorgeous gergis

200812 ( 1)
200811 ( 2)
200809 ( 1)
200808 ( 1)
200806 ( 2)
200805 ( 2)
200804 ( 2)
200803 ( 5)
200802 ( 4)
200801 ( 1)
200712 ( 5)
200711 ( 3)
200709 ( 1)
200706 ( 1)
200704 ( 4)
200703 ( 1)
200702 ( 3)
200701 ( 5)
200612 ( 3)
200610 ( 2)
200609 ( 2)
200608 ( 3)
200607 (10)
200606 (10)
200605 ( 9)
200604 ( 7)
200603 ( 9)
200602 (11)
200601 (26)
200512 (20)
200511 (22)
200510 (19)
200509 (13)
200508 ( 2)
200507 ( 3)
200506 ( 7)
200505 (26)
200504 ( 9)
200503 (15)
200502 (20)
200501 (28)
200412 (16)
200411 ( 5)
200410 (18)
200409 ( 7)
all

blogroll

Thu, 26 May 2005

Now that I'm not going to have a static IP at home, I'm probably going to use dynamic DNS so that positron.jfet.org still points to my home address. It turns out that this is pretty easy with bind9.

The first thing to do is generate yourself a new dnssec key:

[kwantam@positron ~]$ dnssec-keygen -a HMAC-MD5 -b 512 -n HOST positron

This generates two files, one called foo.private and one called foo.key. Take the key (a base64-encoded mess) from the foo.private file and put it in /etc/named.conf on the static machine:

key positron {
        algorithm "hmac-md5";
        secret "<your key here>";
};

Now, in the zone entry for the domain you want to dynamically update, add an appropriate allow-update clause:

zone "jfet.org" {
        type master;
        file "named.jfet.org";

        allow-update {
                key positron;
        };
};

Now you're all set. You can use nsupdate to perform the updates from any client machine on which you have the foo.private and foo.key files:

[kwantam@positron ~]$ nsupdate -k /etc/bind/tsig/foo.private
> update delete positron.jfet.org A
> update add positron.jfet.org 1200 IN A 18.243.0.246
> ^D

For more info, see the dnssec-keygen, nsupdate, and named.conf manpages.

[ permalink | 0 comments (add one you lazy bastard!) ]

writebacks (add one you lazy bastard!)

post a comment: