Compare commits
16 Commits
341738e850
...
master
Author | SHA1 | Date | |
---|---|---|---|
1c30d1c4cc | |||
3d8c091ee4 | |||
d119bd485a | |||
d7af204e87 | |||
ec333aabaa | |||
358b934206 | |||
bf2122e08f | |||
f83b53baab | |||
1fe1499a35 | |||
5860ea25a9 | |||
04f515f995 | |||
edc32f9ca2 | |||
7dfb984d27 | |||
0d07ea1d86 | |||
bc6e8ead0e | |||
59aa52ba6c |
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,2 +1,3 @@
|
|||||||
variables.conf
|
variables.conf
|
||||||
*.key
|
*.key
|
||||||
|
.disabled
|
||||||
|
13
README.md
13
README.md
@ -2,6 +2,9 @@
|
|||||||
|
|
||||||
Source: http://www.btteknik.net/?p=143
|
Source: http://www.btteknik.net/?p=143
|
||||||
|
|
||||||
|
### Requirements
|
||||||
|
* DiG
|
||||||
|
|
||||||
### DNSSEC key
|
### DNSSEC key
|
||||||
* need to create a dnssec key, so that we can authenticate clients' updates
|
* need to create a dnssec key, so that we can authenticate clients' updates
|
||||||
```
|
```
|
||||||
@ -17,9 +20,19 @@ You may run `install.sh` (not as root, it includes `sudo`s) to:
|
|||||||
* enable timer for next reboot
|
* enable timer for next reboot
|
||||||
* NOTE: if you move the script, you need to install again
|
* NOTE: if you move the script, you need to install again
|
||||||
|
|
||||||
|
### TODO
|
||||||
|
* review this README
|
||||||
|
|
||||||
### Issues
|
### Issues
|
||||||
|
|
||||||
#### Cannot restrict PTR update
|
#### Cannot restrict PTR update
|
||||||
* We meet an issue when trying to use `tcp-self` in BIND9 zone config
|
* We meet an issue when trying to use `tcp-self` in BIND9 zone config
|
||||||
* https://superuser.com/questions/977132/when-using-nsupdate-to-update-both-a-and-ptr-records-why-do-i-get-update-faile
|
* https://superuser.com/questions/977132/when-using-nsupdate-to-update-both-a-and-ptr-records-why-do-i-get-update-faile
|
||||||
* http://www.zytrax.com/books/dns/ch7/xfer.html#update-policy
|
* http://www.zytrax.com/books/dns/ch7/xfer.html#update-policy
|
||||||
|
|
||||||
|
### Discussions
|
||||||
|
#### Dynamic DNS update with ISC DHCP server
|
||||||
|
* Use case: DHCP server without fixed addresses
|
||||||
|
* `ddns_update` (or something like that) in ISC DHCP Server is something to look into
|
||||||
|
* https://flylib.com/books/en/2.684.1/configuring_a_dhcp_server_to_update_a_bind_name_server.html
|
||||||
|
* is it required? see 8.10.3
|
||||||
|
15
install.sh
Normal file → Executable file
15
install.sh
Normal file → Executable file
@ -1,10 +1,17 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
run_directory=$(dirname $(readlink -f "$0"))
|
||||||
|
|
||||||
|
if [ -f $run_directory/.disabled ]; then
|
||||||
|
echo "Installation is disabled. Exiting..."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Copying Systemd units to system directory..."
|
echo "Copying Systemd units to system directory..."
|
||||||
sudo cp systemd-templates/dns-update.service /etc/systemd/system/
|
sudo cp $run_directory/systemd-templates/dns-update.service /etc/systemd/system/
|
||||||
sudo cp systemd-templates/dns-update.timer /etc/systemd/system/
|
sudo cp $run_directory/systemd-templates/dns-update.timer /etc/systemd/system/
|
||||||
sudo sed -i -e "s/PH_USER/$(whoami)/g" /etc/systemd/system/dns-update.service
|
sudo sed -i -e "s/PH_USER/$(whoami)/g" /etc/systemd/system/dns-update.service
|
||||||
sudo sed -i -e "s/PH_DIRECTORY/$(pwd)/g" /etc/systemd/system/dns-update.service
|
sudo sed -i -e "s:PH_DIRECTORY:$run_directory:g" /etc/systemd/system/dns-update.service
|
||||||
|
|
||||||
echo "Reloading Systemd..."
|
echo "Reloading Systemd..."
|
||||||
sudo systemctl daemon-reload
|
sudo systemctl daemon-reload
|
||||||
|
13
main.sh
13
main.sh
@ -1,8 +1,9 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
source variables.conf
|
run_directory=$(dirname $(readlink -f "$0"))
|
||||||
|
source "$run_directory/variables.conf"
|
||||||
|
|
||||||
KEY="$(pwd)/dns.key"
|
KEY="$run_directory/dns.key"
|
||||||
TTL=604800
|
TTL=604800
|
||||||
|
|
||||||
FQDN=$(hostname)
|
FQDN=$(hostname)
|
||||||
@ -17,6 +18,12 @@ if [[ ! "$MYIP" =~ ^([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([1-9]?[0-9]|1[
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# fetch current record with dig, and choose what to do
|
# fetch current record with dig, and choose what to do
|
||||||
|
# TODO we should probably improve this choice: current implementation prevents hosts that do not have a record yet to register themselves; We'd need to differentiate cases:
|
||||||
|
# * correct ip, not the same -> OK, need to update
|
||||||
|
# * correct ip, the same -> OK, nothing to do
|
||||||
|
# * no result, name server was reachable -> OK, need to register
|
||||||
|
# * no result, name server was not reachable -> NOK, abort
|
||||||
|
# * result which is not a correct ip -> NOK, abort
|
||||||
current_ip_record=$(dig $FQDN +short)
|
current_ip_record=$(dig $FQDN +short)
|
||||||
if [[ "$current_ip_record" =~ ^([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ ]]; then
|
if [[ "$current_ip_record" =~ ^([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ ]]; then
|
||||||
if [[ ! "$MYIP" = "$current_ip_record" ]]; then
|
if [[ ! "$MYIP" = "$current_ip_record" ]]; then
|
||||||
|
@ -2,5 +2,6 @@
|
|||||||
Description=Update (if needed) name server with our IP
|
Description=Update (if needed) name server with our IP
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
User=PH_USER
|
User=PH_USER
|
||||||
ExecStart=PH_DIRECTORY/main.sh
|
ExecStart=PH_DIRECTORY/main.sh
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
Description=Run DNS update every 30 minutes
|
Description=Run DNS update every 30 minutes
|
||||||
|
|
||||||
[Timer]
|
[Timer]
|
||||||
OnBootSec=1min
|
OnBootSec=5min
|
||||||
OnUnitActiveSec=30min
|
OnUnitActiveSec=30min
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
# Copy this file as variables.conf, with the correct values
|
# Copy this file as variables.conf, with the correct values
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user