commit 341738e850f1514a164ce37df9dabd855d34a4c8 Author: Alexandre CATTEAU Date: Fri Feb 11 20:24:15 2022 +0100 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c9242e7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +variables.conf +*.key diff --git a/README.md b/README.md new file mode 100644 index 0000000..c02edd0 --- /dev/null +++ b/README.md @@ -0,0 +1,25 @@ +# DNS update script + +Source: http://www.btteknik.net/?p=143 + +### DNSSEC key +* need to create a dnssec key, so that we can authenticate clients' updates +``` +# ddns-confgen -s myhost.example.com +``` +* this key must be: + * added to DNS server's `named.conf` and associated to required zones + * stored in a text file in the same directory as the script as `dns.key` + +### Install script +You may run `install.sh` (not as root, it includes `sudo`s) to: +* copy Systemd units templates to system directory +* enable timer for next reboot +* NOTE: if you move the script, you need to install again + +### Issues + +#### Cannot restrict PTR update +* We meet an issue when trying to use `tcp-self` in BIND9 zone config +* https://superuser.com/questions/977132/when-using-nsupdate-to-update-both-a-and-ptr-records-why-do-i-get-update-faile +* http://www.zytrax.com/books/dns/ch7/xfer.html#update-policy diff --git a/install.sh b/install.sh new file mode 100644 index 0000000..063bfaa --- /dev/null +++ b/install.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +echo "Copying Systemd units to system directory..." +sudo cp systemd-templates/dns-update.service /etc/systemd/system/ +sudo cp systemd-templates/dns-update.timer /etc/systemd/system/ +sudo sed -i -e "s/PH_USER/$(whoami)/g" /etc/systemd/system/dns-update.service +sudo sed -i -e "s/PH_DIRECTORY/$(pwd)/g" /etc/systemd/system/dns-update.service + +echo "Reloading Systemd..." +sudo systemctl daemon-reload +echo "Enabling timer (not starting it, either do it manually or reboot)" +sudo systemctl enable dns-update.timer + +echo "Finished install. Exiting..." +exit 0 diff --git a/main.sh b/main.sh new file mode 100755 index 0000000..89f173d --- /dev/null +++ b/main.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +source variables.conf + +KEY="$(pwd)/dns.key" +TTL=604800 + +FQDN=$(hostname) +MYIP=$(ip route get 8.8.8.8 | grep -oP 'src \K[^ ]+') +MYNUMBER=$(echo $MYIP | cut -d '.' -f 4) # last byte of IP +#MYIP=$(dig +short myip.opendns.com @resolver1.opendns.com) + +# if $MYIP is not a valid IP, exit +if [[ ! "$MYIP" =~ ^([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ ]]; then + echo "Invalid IP, aborting" + exit 1 +fi + +# fetch current record with dig, and choose what to do +current_ip_record=$(dig $FQDN +short) +if [[ "$current_ip_record" =~ ^([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ ]]; then + if [[ ! "$MYIP" = "$current_ip_record" ]]; then + echo "Updating record" + else + echo "Record is already up to date, exiting." + exit 0 + fi +else + echo "Server unreachable or no record for $FQDN, exiting." + exit 0 +fi + +nsupdate -k $KEY -v << EOF +server $NS +zone $MAINZONE +update delete $FQDN. A +update add $FQDN. $TTL A $MYIP +send +EOF + +nsupdate -k $KEY -v << EOF +server $NS +zone $REVERSEZONE +update delete $MYNUMBER.$REVERSEZONE PTR +update add $MYNUMBER.$REVERSEZONE $TTL PTR $FQDN. +send +EOF + +exit 0 diff --git a/systemd-templates/dns-update.service b/systemd-templates/dns-update.service new file mode 100644 index 0000000..2cbb707 --- /dev/null +++ b/systemd-templates/dns-update.service @@ -0,0 +1,6 @@ +[Unit] +Description=Update (if needed) name server with our IP + +[Service] +User=PH_USER +ExecStart=PH_DIRECTORY/main.sh diff --git a/systemd-templates/dns-update.timer b/systemd-templates/dns-update.timer new file mode 100644 index 0000000..d8eb1f2 --- /dev/null +++ b/systemd-templates/dns-update.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Run DNS update every 30 minutes + +[Timer] +OnBootSec=1min +OnUnitActiveSec=30min + +[Install] +WantedBy=timers.target diff --git a/variables.conf.template b/variables.conf.template new file mode 100644 index 0000000..d9c9d1f --- /dev/null +++ b/variables.conf.template @@ -0,0 +1,7 @@ +#!/bin/bash + +# Copy this file as variables.conf, with the correct values + +NS=dns1.example.com +MAINZONE=example.com. +REVERSEZONE=1.168.192.in-addr.arpa.