Si vous cherchez mon site professionnel, merci de cliquer ici.
How to setup your own dynamic host (dyndns) server / service with bind
Today, many ISP provide their clients dynamic IP. This is a good security practice, as an attacker cannot tracks your system, and you simply have to reconnect to teleport you on the net. Anyway, that’s quite tricky if you want to include your personal system in a domain. This article discusses how to setup an dynamic host system that lets you change the IP a domain points to without needing to edit the config files of your nameserver each times.
The idea is to load zones’ informations in a mysql database. You can then provide a web interface and a user can change his zone’s informations from it. This could be used to include your home computer in your domain, to offer service has dyndns.org, or to let your client change their domainname information if your are a domain name provider.
setting up mysql
The first thing to do is to create a database that will handle the zones, let’s say dns.
create database dns ;grant all on dns.* to 'dns'@'localhost' \identified by 'PASSWORD' ;
Then, we have to create the very table which will contain the zones. As zones’ configuration can be really polymorphic, the best is to create a resource record table. Each row contains the zone’s name, TTL and host, informations following his type, and NULL for the others.
CREATE TABLE `records` ( `id` int(10) unsigned NOT NULL auto_increment, `zone` varchar(255) NOT NULL, `ttl` int(11) NOT NULL default '86400', `type` varchar(255) NOT NULL, `host` varchar(255) NOT NULL default '@', `mx_priority` int(11) default NULL, `data` text, `primary_ns` varchar(255) default NULL, `resp_contact` varchar(255) default NULL, `serial` bigint(20) default NULL, `refresh` int(11) default NULL, `retry` int(11) default NULL, `expire` int(11) default NULL, `minimum` int(11) default NULL, PRIMARY KEY (`id`), KEY `type` (`type`), KEY `host` (`host`), KEY `zone` (`zone`) );
A typically SOA record will be entered as this :
insert into records( zone, ttl, type, host, \primary_ns, resp_contact, serial, refresh, \retry, expire, minimum ) \values( 'example.com', 86400, 'SOA', '@', \'ns.example.com', 'root.example.com', 200801311, \10800, 900, 604800, 3600 ) ;
And a typically A record will be entered as this :
insert into records ( zone, ttl, type, \host, data ) \values( 'example.com', 86400, \'A', '@', '1.2.3.4' ) ;
Only SOA records use the fields primary_ns, resp_contact, serial, refresh, retry, expire, minimum. Only MX records use the field mx_priority. The data filed is for all records, except SOA.
converting zone files to mysql entries
Obviously, writing insert queries for each resource record of each of your zones may be a really pain. I’ve wrote a ruby script to do it automatically. It is there. You can run it interactively or let it parse a zone file. You need mysql support for ruby for it to work.
setting up bind
The final step is to configure your named.conf to support the mysql loaded zones. Here is what you have to put in it :
dlz "Mysql zone" {
database "mysql
{host=localhost dbname=dns user=dns pass=PASSWORD}
{SELECT zone FROM records WHERE zone = '%zone%'}
{SELECT ttl, type, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data
FROM records
WHERE zone = '%zone%' AND host = '%record%' AND type <> 'SOA' AND type <> 'NS'}
{SELECT ttl, type, data, primary_ns, resp_contact, serial, refresh, retry, expire, minimum
FROM records
WHERE zone = '%zone%' AND (type = 'SOA' OR type='NS')}
{SELECT ttl, type, host, mx_priority, IF(type = 'TXT', CONCAT('\"',data,'\"'), data) AS data, resp_contact, serial, refresh, retry, expire, minimum
FROM records
WHERE zone = '%zone%' AND type <> 'SOA' AND type <> 'NS'}";
};
Ensure that you have the mysql support in your bind installation.
security
That will be enough to setup a dyndns or host registering webservice. Just write a webpage than can access the database and modify it.
But if you want to use this to include your local dynamic ip’d machine into your domain, there is a big security issue. The question is : what happens when you disconnect? The person that will obtain your previous ip will be included in your domain, until you update your zone. This can be really dangerous, since there are techniques to arbitrary choose his ip when connecting to a dhcp server (even if you can’t protect this ip when you disconnect).
An attacker knowing you use a dynhost service may ping you to detect when you disconnect and immediately get your ip. Using some services as dyndns.org, it is wise not to send critical data to the dynamic host, but you may want to totally integrate it.
In the next post, we will discuss of a method that ensures hostname point to your particular system, using SSL sockets.
Comments
Well done.
But I have little a question, when we are using this method, do we still need to restart bind each time we update something into the MySQL table ?
By the way (little detail), you should reverse how the [–password|-pPASSWORD] arguments works in your ruby script, since with the command line mysql binary, -p DOES prompt you in interactive mode, and –password doesn’t ( –password=123456 ).
I didn’t test the script yet, it seems to be a nice one by the way.
No, that’s the very point.
Since configurations are dynamically loaded, they can be changed on the fly, without needing any admin intervention. Change the mysql data, and a query to the nameserver is instantly updated.
Nevertheless, there can still be some latency due to the cache of other nameservers than yours, so it may be good to have a low expire value in the ressource records of your dynamic hosts.
you’re right for the arg stuff, i’ll change this
Write a Comment