Dynamic DNS with BIND9 and your own Domain
What you will need:
- A Domain you have full access to.
- A Server with a public IP Address where you can install BIND9 [Nameserver]
- A Server at the location of the desired IP Address behind the Dynamic DNS Name (e.g. a Raspberry Pi) [DynDNS Server]
- Python
- Cron
I will use “craftsmany.net” as a placeholder which you will need to replace with your domain.
“nameserver.craftsmany.net” will be the FQDN of your Nameserver you will also need to replace this. You will also need to add a NS record for “dyndns.craftsmany.net” on your main Nameservers. You can do this at you Domain registrar (e.g. Namecheap, GoDaddy, Google Domains, etc.)
“home.dyndns.craftsmany.net” will be the FQDN for your Dynamic Hostname. You can replace “home”
with whatever you want.
Nameserver
Installing necessary packages:
apt update apt install bind9
Configuring the Dynamic DNS Zone:
vim /etc/bind/named.conf.local
Adding the Zone:
zone "dyndns.craftsmany.net." in {
type master;
file "/var/cache/bind/dyndns.craftsmany.net";
allow-transfer {"none";};
allow-update {
key "dyndns.craftsmany.net.";
};
};
Adding the Zone file:
vim /var/cache/bind/dyndns.craftsmany.net
$ORIGIN . $TTL 60 ; 1 minute dyndns.craftsmany.net IN SOA nameserver.craftsmany.net. dns.craftsmany.net. ( 2020060209 ; serial 21600 ; refresh (6 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) NS nameserver.craftsmany.net. $ORIGIN dyndns.craftsmany.net.
DynDNS Server
Installing necessary packages:
apt update apt install bind9-utils
Adding working directory:
mkdir /etc/dyndns/ cd /etc/dyndns/
Generating the authentication keys:
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST dyndns.craftsmany.net
You will get a key and private file like:
Kdyndns.craftsmany.net.+157+00792.key Kdyndns.craftsmany.net.+157+00792.private
In “Kdyndns.craftsmany.net.+157+00792.private” you will find the Key which needs to be added to the Nameserver Zone:
cat /etc/dyndns/Kdyndns.craftsmany.net.+157+00792.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: dMUhRv/ha86LqY7kS3k3EQjGfPDF0v3B08M0j1LPJW1l/GJv+4/Jl7G8xsDCzrq4ggq84JpCK5KFd/R2m//2hA==
Bits: AAA=
Created: 20200617134654
Publish: 20200617134654
Activate: 20200617134654
Nameserver
Adding the keys:
vim /etc/bind/named.conf.local
key "dyndns.craftsmany.net." {
algorithm hmac-md5;
secret "dMUhRv/ha86LqY7kS3k3EQjGfPDF0v3B08M0j1LPJW1l/GJv+4/Jl7G8xsDCzrq4ggq84JpCK5KFd/R2m//2hA==";
};
DynDNS Server
Creating the update script (If you do not have IPv6 comment out the lines with “ipv6”):
cd /etc/dyndns/
vim /etc/dyndns/update.sh
#! /bin/sh server=nameserver.craftsmany.net zone=dyndns.craftsmany.net host=home ipv4=$(wget -q -O - https://ipv4.info.tiekoetter.net/ip/) ipv6=$(wget -q -O - https://ipv6.info.tiekoetter.net/ip/) cat << EOF | nsupdate -k /etc/dyndns/Kdyndns.craftsmany.net.+157+00792.private server $server zone $zone. update delete $host.$zone. update add $host.$zone. 60 A $ipv4 update add $host.$zone. 60 AAAA $ipv6 send EOF
Making the script executable:
chmod +x /etc/dyndns/update.sh
Adding update.sh to cron:
crontab -e
*/5 * * * * /etc/dyndns/update.sh
Verifying that everything worked:
nslookup home.dyndns.craftsmany.net
Server: 1.1.1.1
Address: 1.1.1.1#53
Non-authoritative answer:
Name: home.dyndns.craftsmany.net
Address: 94.114.209.██
If you see the correct Address everything is working correctly.
