d=/etc/bind/mykeys; mkdir -p $d; cd $d
dnssec-keygen -a hmac-md5 -b 128 -n HOST sub.mydomain.com
cat K*.private | awk '$1 ~ /^ *Key/' | cut -d ' ' -f2-
Copy key (it's base64 encoded 128bit hmac-md5) so should end with an "="
nano /etc/bind/named.conf.options
Add this:
key sub.mydomain.com {
algorithm hmac-md5;
secret "copied-key";
};
nano /etc/bind/named.conf.local
Add allow-update { key sub.mydomain.com; }; into your zone definition.
zone "mydomain.com" {
type master;
file ....
allow-transfer ....
allow-update { key sub.mydomain.com; };
};
Update & install ipupdate
opkg update; opkg install ipupdate
nano /etc/ipupdate.conf
Add your zone information with update key.
server "mydomain.com"
{
zone "mydomain.com"
{
hosts "sub"
keyname "mydomain.com"
keydata "copied-key"
}
}
Start ipupdate on your router.
ipupdate start
Tested on OpenWrt Barrier Breaker 14.07 & BIND 9.8.1-P1