Update DNS records by simply SSH'ing into a server.
The idea is to create a separate "dyndns" user on the DNS server.
It gets the ssh-dyndns script as login shell, so that no other programs
may be executed.
SSH provides secure, password-less key-based authentication.
Upon login, the remote IP is used to create/update a tinydns file with the DNS record for a hostname given by the SSH client. In addition to the IP record, a TXT record with the update time will be added.
tinydns is part of the dbjdns/dbndns package.
Clone ssh-dyndns into a sensible location, e.g.
/usr/local/src/ssh-dyndns:$ cd /usr/local/src/ && git clone git://git.cweiske.de/ssh-dyndns.git
Create a user with
ssh-dyndnsas login shell:$ useradd -g nogroup -m -N -s /usr/local/src/ssh-dyndns/ssh-dyndns dyndns
Prepare password-less ssh keys for the dyndns user:
$ su - dyndns -s /bin/bash $ mkdir ~/.ssh
Prevent showing login messages:
$ su - dyndns -s /bin/bash $ touch ~/.hushlogin
Alternatively, you may commend out the "motd" lines in
/etc/pam.d/sshdConfigure ssh-dyndns as root:
$ cp /usr/local/src/ssh-dyndns/ssh-dyndns.sh.config-dist /etc/ssh-dyndns.sh $ nano /etc/ssh-dyndns.sh
Allow ssh-dyndns to run "sudo make" without password:
$ visudo dyndns ALL= NOPASSWD: /usr/bin/make
On a machine at home, or which other IP you want to dyndns, setup a new ssh key as one of your users:
$ mkdir ~ssh-dyndns $ cd ~/ssh-dyndns $ ssh-keygen -N "" -C "[email protected]" -f ~/ssh-dyndns/ssh-dyndns_rsa
Copy the contents of the public key (ssh-dyndns_rsa.pub) into
/home/dyndns/.ssh/authorized_keys on your server.
Run the next command manually to confirm the new ssh key:
$ cd ~/ssh-dyndns/ && ssh -i ssh-dyndns_rsa [email protected] home.example.org
If that worked, and you DNS entry worked, add the command to cron:
$ crontab -e # update dns entry home.example.org every 5 minutes */5 * * * * cd /home/$user/ssh-dyndns/ && ssh -i ssh-dyndns_rsa [email protected] home.example.org
The configuration file template ssh-dyndns.sh.config-dist may be copied
to either /etc/ssh-dyndns.sh or ~/.config/ssh-dyndns.sh.
The system-wide config file is loaded first, the user-specific one after that.
The configuration file may define the following variables:
data_dir- Path to the tinydns zone files, e.g.
/etc/tinydns/root/ file_patternFile name template.
%DOMAIN%will be replaced with the actual domain name.Default:
data-dyndns-%DOMAIN%timeoutDNS entry TTL (time to live) in seconds
Default: 300
domain_patternsDefines patterns for domains that may be dynamically changed. If the domain name does not match the pattern, the script aborts.
You may use several patterns by separating them with a space. Shell wildcards are supported (
*and?).Default:
home.example.org *.home.example.org
Simply ssh into the server and pass the hostname as parameter:
$ ssh [email protected] home.example.org
This will start the ssh-dyndns script on the remote server, generate
the tinydns zone file and run make in the data_dir directory to
compile the data.cdb file.
tinydns will automatically pick up the change.
$ dig +short home.example.org ANY "Last update 2013-08-21 21.21.28+02.00." 123.45.67.89
You can test it locally:
Create config file:
$ cp ssh-dyndns.sh.config-dist ~/.config/ssh-dyndns.sh
Create dummy makefile:
$ touch /tmp/Makefile
Run it:
$ SSH_CLIENT=192.168.1.4 SSH_CONNECTION=1 ./ssh-dyndns foo home.example.org
See generated file:
$ cat /tmp/data-dyndns-home.example.org
- IPv6 is not supported yet
ssh-dyndns is licensed under the AGPL v3 or later.
Written by Christian Weiske, [email protected]
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent