Skip to content

Instantly share code, notes, and snippets.

@risyasin

risyasin/BIND9-dynamic-update-rfc-2316.md

Last active March 2, 2016 15:16
Show Gist options
  • Save risyasin/65bb2bdec7a6bdbf944f to your computer and use it in GitHub Desktop.
Save risyasin/65bb2bdec7a6bdbf944f to your computer and use it in GitHub Desktop.
Download ZIP
BIND9 Dynamic update via key with remote ipupdate (RFC 2316)
Raw
BIND9-dynamic-update-rfc-2316.md

BIND9

d=/etc/bind/mykeys; mkdir -p $d; cd $d

dnssec-keygen -a hmac-md5 -b 128 -n HOST sub.mydomain.com

cat K*.private | awk '$1 ~ /^ *Key/' | cut -d ' ' -f2-

Copy key (it's base64 encoded 128bit hmac-md5) so should end with an "="

nano /etc/bind/named.conf.options

Add this:

key sub.mydomain.com {
  algorithm hmac-md5;
  secret "copied-key";
};

nano /etc/bind/named.conf.local

Add allow-update { key sub.mydomain.com; }; into your zone definition.

zone "mydomain.com" {
	type master;
	file ....
	allow-transfer ....
	allow-update { key sub.mydomain.com; };
	};

Openwrt - ipupdate

Update & install ipupdate opkg update; opkg install ipupdate

nano /etc/ipupdate.conf Add your zone information with update key.

server "mydomain.com"
{
       zone "mydomain.com"
       {
               hosts "sub"
               keyname "mydomain.com"
               keydata "copied-key"
       }
}

Start ipupdate on your router. ipupdate start

Tested on OpenWrt Barrier Breaker 14.07 & BIND 9.8.1-P1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment