• Create your own dynamic DNS using Bind9

    If you are tired of using commercial (or free-like commercial) dynamic dns providers, having to use their funny(!) domain names appended to your super- serious hostname and think that it’s time to roll up your own DNS server then follow..

    I will explain the steps according to Ubuntu Linux but I think you can apply the same or slightly different on other distros and then please, just let people know how your steps differ. Let’s start..

    1. Install bind9

    # sudo apt-get install bind9 bindutils

    2. Create your dnssec key
    Run this command to create your dnssec key to be included in the configuration and to be used to update the dns record(s) remotely. We will later use a script to the update periodically.

    # ddns-confgen -r /dev/urandom -s myhost.example.com

    This command should produce an output with the newly created key and some information about how to configure the rest:

    # To activate this key, place the following in named.conf, and
    # in a separate keyfile on the system or systems from which nsupdate
    # will be run:
    key "ddns-key.myhost.example.com" {
      algorithm hmac-sha256;
      secret "lLeySmmWp2TrF0qSlSyblQOp7wTTNxWoDkFYUaTyGtk=";
    # Then, in the "zone" statement for the zone containing the
    # name "myhost.example.com", place an "update-policy" statement
    # like this one, adjusted as needed for your preferred permissions:
    update-policy {
        grant ddns-key.myhost.example.com name myhost.example.com ANY;
    # After the keyfile has been placed, the following command will
    # execute nsupdate using this key:
    nsupdate -k 

    3. Edit /etc/bind/named.conf.local
    Now we can edit bind configuration to point our key secret and zone file. We can just copy/paste the key definition (the block in orange color above) and create the zone definition. Be sure to add the “update-policy” section that ties the zone and the key. For this, you can copy/paste update-policy part as ddns-confgen tool says. (Above in green color)

    key "ddns-key.myhost.example.com" {
      algorithm hmac-sha256;
      secret "lLeySmmWp2TrF0qSlSyblQOp7wTTNxWoDkFYUaTyGtk=";
    zone "example.com" {
      type master;
      file "/var/lib/bind/db.example.com";
      update-policy {
        grant ddns-key.myhost.example.com name myhost.example.com. ANY;

    4. Of course, you have a zone file

    $ORIGIN .
    $TTL 60 ; 1 minute
    example.com   IN SOA  ns1.example.com. admin.example.com. (
            2015011651 ; serial
            604800     ; refresh (1 week)
            86400      ; retry (1 day)
            2419200    ; expire (4 weeks)
            604800     ; minimum (1 week)
          NS  ns1.example.com.
          NS  ns2.example.com.
          MX  0 mail.example.com.
    $ORIGIN example.com.

    5. Server configuration is done

    Now we can restart the name server and continue with the client configuration.

    # service bind9 restart

    6. Client configuration
    Create the key file with the content to contain the same key we created on the server earlier.

    key "ddns-key.myhost.example.com" {
      algorithm hmac-sha256;
      secret "lLeySmmWp2TrF0qSlSyblQOp7wTTNxWoDkFYUaTyGtk=";

    7. Update script
    Create the update shell script.

    MYIP=$(dig +short myip.opendns.com @resolver1.opendns.com)
    nsupdate -k $KEY -v << EOF
    server $NS
    zone $ZONE
    update delete $DOMAIN A
    update add $DOMAIN 30 A $MYIP

    Make it executable

    # chmod +x /usr/local/bin/ddnsupdate

    8. Cron
    Open the cron configuration to add schedule the upgrade script

    # crontab -e

    Add the line to run the update script in every 5 minutes

    */5 * * * * /usr/local/bin/ddnsupdate > /dev/null 2>&1

    Categories: General

    Tags: , , , ,

    Leave a Reply

    Your email address will not be published. Required fields are marked *