dynamic dns.

Kevin Darcy kcd at daimlerchrysler.com
Tue Jan 22 23:15:15 UTC 2002


bob bobing wrote:

> Has anyone written a perl script or something that can
> do dynamic update using tsig keys, or some kind of tui
> front end for nsupdate?

Basically, the perl fragment you'd want at the core of your system would
be something like (based on the command-line argument format of BIND 9's
nsupdate):

if (open(PIPE, "-|")) {
# parent process
    while (<PIPE>) {
# read debug output in this branch, look for success/errors, set flag
variables
     }
     close(PIPE);
} else {
# child process
              exec "/usr/local/bin/nsupdate",
                    "-d", "-k", $keyfile, $updatefile;
# do error recovery here, in case the exec fails
}

Now, how you go about parsing the debug output, how you go about
populating $updatefile, how you go about determining the right $keyfile
to use, the sanity checks and consistency checks you put the updates
through before committing them, how many updates you combine into a
single nsupdate invocation, those are all things you'll need to program
in accordance with your own business requirements. I can't really
divulge much more about how we have dealt with those issues without
potentially giving away DaimlerChrysler intellectual property...

(I note that later versions of BIND 9 nsupdate allow you change keys on
the fly, so maybe you would be better off embedding "key" commands in
the $updatefile instead of hardwiring the key name into the nsupdate
command-line. I haven't incorporated that new functionality into my
system yet.)

A cleaner, but less "safe" alternative would be to use the "latest
development" version of the Net::DNS module which is supposedly capable
of generating TSIG-signed Dynamic Updates.
http://www.fuhr.org/~mfuhr/perldns/Net-DNS-current.tar.gz. Note that
Perl 5.6.0 is a minimum prerequisite for this version of Net::DNS.



- Kevin




More information about the bind-users mailing list