"Mauiwagen. Das Server." – pub 4096R/712DAA69

Dynamic DNS with nsupdate (bind)

Let’s get started!..

1. Create a dnssec key in client server, example USER =

# dnssec-keygen -a HMAC-MD5 -b 512 -n USER
# more
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: HJd+RVWNsPB4obNtOlSF6C/QWK5+1EWMI6h/YHrYVQZ10KRmfISGXLioA+3kCLjoje0HmkjtkqxVNeSEKZKjhw==
Bits: AAA=

2. Save the Key, we need to put the key inside the DNS server that handle your domain, or give it to your DNS admin.

3. Go to the DNS server, and create keys.conf in /etc/namedb (or anywhere), put in your private Key in “secret” line.

* Sample of keys.conf:

key {
algorithm HMAC-MD5;
secret “HJd+RVWNsPB4obNtOlSF6C/QWK5+1EWMI6h/YHrYVQZ10KRmfISGXLioA+3kCLjoje0HmkjtkqxVNeSEKZKjhw==”;

** The keys.conf file need to be own by bind:wheel, so,

# chown bind:wheel keys.conf

*** you can chmod 600 this files for more security.

4. Edit or create zone file for you domain and put it in /etc/namedb/dynamic/

* Sample of zone file:

@    1H    IN   SOA (
2011122801 ; Serial
30M        ; Refresh
15M        ; Retry
1W         ; Expire
30M )      ; MIN TTL
@           IN   MX  20
@           IN   A
ns1         IN   A
ns2         IN   A
www         IN   A
mx          IN   A
pop3        IN   A
smtp        IN   A

4. Edit your /etc/namedb/named.conf, and add these:

include “keys.conf”;

zone “” {
type master;
file “/etc/namedb/dynamic/”;
allow-update { key; };

* Below is a example config for a fine control/security if you have multiple user updating their own subdomain.

zone “” {
type master;
file “/etc/namedb/dynamic/”;
update-policy {
grant name A TXT;
grant name A TXT;
grant subdomain ANY;

**  example above, key only can update his subdomain which is, so is with the key, and key can update all of the A records un the domain zone.

5. Restart your named services:

# sh /etc/rc.d/named restart

6. Now, go back to the client server, create one file for dynamic dns update.

* Example, content of update.domain file

update delete A
update delete * A
update add 300 A
update add * 300 A

7. Run nsupdate to update your A record to your DNS server:

# nsupdate -k /path/to/ -v update.domain

8. Successful output should look like this:

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags: ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;                    IN      SOA

*           0       ANY     A
*           300 IN   A

9. nslookup your domain to check the latest A record, if your domain still not updated, wait until the ttl value expired (to check the value, run dig

10. I have make an auto update script for a host/client that use pppoe connection (streamyx/unifi), just chmod 775 and link the script with your ip-up files, support both freebsd userland ppp and mpd5:
* Millions thanks to Najwa Latiff, for creating an amazing songs to listen while working with the stuff above, and I already bought your original album!!

** Also millions thanks to benzy (freenode #mybsd) for testing out the script and report some bugs.

# Any comment, medals, threat letter, pizza (domino pizza thin crust), maggi (chicken flavor), F1 cars, sport rim, iphone 4S (ohh prestige.. prestige…), Skylanders (to those who know what it is) or you want to give me your money (prefered RM1 million), can contact me at:

– maui[at] ; azmawee[at]

, , , , , , , , , , , ,

Leave a Reply

1 Comment on "Dynamic DNS with nsupdate (bind)"

Notify of
Sort by:   newest | oldest | most voted



MaUi^ - pub 4096R/712DAA69
Fingerprint 8BF7 D0AF CA45 5313 A3BF ACFB B90B 66C7 712D AA69