DDNS+Bind

Alexander Widera alexander.widera at s2003.tu-chemnitz.de
Mon Mar 8 23:47:31 UTC 2004 

Hi,

DynSite is a tool to update a DNS or to use dynamic DNS services like
www.dyndns.org.
You can get it at http://www.noeld.com/dynsite.asp
I use it at the moment only for testing purposes ... I thought it would work
with it ... but it always sais: "DNS-Server kann das Format nicht erkennen."
it means "DNS-Server couldn't understand the format". I don't know what this
should mean.

I'm using the TSIG-key - i think this is easier...
I created a key with:
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST mydomain.com
then i have 2 files:
Kmydomain.com.+157+45233.key
Kmydomain.com.+157+45233.private

The keyname is "mydomain.com." (with dot at the end), isnt it?
The value of the key is in the file .private, isnt it?
Where should these both files be placed? Or isnt this important?

then i created in the named.conf the following entrys:

key mydomain.com. {
    algorithm HMAC-MD5;
    secret "pojasfmaf0awfp==";
};

(this isnt the correct key ... only for example)
must there be the dot after "mydomain.com" ?

and i extendet my zone to this:

zone "mydomain.com" in {
        type master;
        update-policy {
            grant * name antibotz.de A TXT;
        };
        file "mydomain.com.zone";
};

I also tried some other update-policys or the old allow-update method.

The thing is that:
The client, who shoud update, is the computer with the changing IP that
shoud be updatet at the DNS.
I use only DynSite for testing purposes at the moment ... at the end I want
to use a router. It has has a menu where I can insert a domain and something
like an unsername or password ... and the router shoud update the DNS.

What make I wrong? What is missing?
I think somehow has the client to submit the key, or not?

Where can I find some logfiles if there is one?

Alex


"Kevin Darcy" <kcd at daimlerchrysler.com> schrieb im Newsbeitrag
news:c2ituo$1qde$1 at sf1.isc.org...
> Alexander Widera wrote:
>
> >Hiho,
> >
> >I have a running nameserver ...
> >I searched and found for example that:
> >http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
> >but i don't get it running...
> >
> OK, so how far did you get? Do you get errors? Do you have any log
> output, debugging output?
>
> >I want to update (for example with dynsite) a domain (entry is on my
> >nameserver)...
> >
> What's "dynsite"? I've never heard of it.
>
> >What have I to do? What's that with the keys? TSIG and SIG(0) ... and
where
> >shoud I place them?
> >Has someone a complete example?
> >
> As the HOWTO explains, you need to generate the keys, make them
> available to both the nameserver and the update client, and then you
> need to use the key to sign each update that you send from the client to
> the server. Beyond that, the specifics are going to differ depending on
> whether you choose to use TSIG or SIG(0). I can speak with some
> experience on TSIG, since we are using TSIG-signed Dynamic Updates in
> production. For SIG(0), you're on your own...
>
>
>                                                    - Kevin
>
>
>

More information about the bind-users mailing list