Dns dynamically updating bind
So Red Hat 7 would be ok ;-) $TTL 86400 ; 1 minute @ IN SOA be. ( 2001072010 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 1814400 ; expire (3 weeks) 86400 ; minimum (1 day) ) @ NS be.hostname 60 IN A .13 ### ### Local settings, must be changed KEY="/etc/Kkey-test.
I will run BIND or something similar on the home machine to actually serve up the DNS records.While BIND does have DDNS support, it's a bit fiddly to set up as you need to create authentication keys because the updates seem to be handled over the DNS protocol itself, to allow for the updates to come from a different machine to that running the BIND server, so this of course requires a secure authentication mechanism.I was going to go down this path myself but ended up having my domain hosted on Amazon's Route53 service instead.157 02315.private" SERVER="be" ZONE="be" NTPSERVERS="ntp.brussels.leuven.belnet.be" ### Default settings, may be changed IF="eth0" HOSTNAME="$(hostname | cut -d.-f1)" LOGFILE="/var/log/nsupdate.log" ### Start of script INFOFILE=$ STATUS=$ ( echo "$(date) Running $0 with arguments \"$*\"" echo "--------------" if [ -r "$INFOFILE" ]; then source "$INFOFILE" else echo "File $INFOFILE cannot be read." echo "==============" exit 98 fi case "$STATUS" in (up|new) /usr/sbin/ntpdate -s -b $NTPSERVERS cat "$INFOFILE" echo "--------------" cat ### ### Local settings, must be changed KEY="/etc/Kkey-test.This gives me a foothold so that my constantly changing IP will always be rooted in a static name such as sam.
I then create CNAMEs in bind that point to this static name and voila I have permanent names.
While on its face this may seem an excessively friendly default, DNS data is essentially public (that's why its there) and the bad guys can get all of it anyway.
However if the thought of anyone being able to transfer your precious zone file is repugnant, or (and this is far more significant) you are concerned about possible Do S attack initiated by XFER requests, then use the following policy.
The problem lies in the way that Windows Server 2008 R2 computers interpret the packet received from a DNS server after attempting to dynamically register SRV records. BIND and other 3rd party DNS Servers use method 2 and cannot be configured to use method 1.
Windows Server 2008 R2 DC Locator treats response #2 as a bad packet, causing the NETLOGON error Event 5774 with status code 9502 (DNS_ERROR_BAD_PACKET) to be logged.
The allow-update in the first zone clause could have been omitted since it is the default behavior.