Quick dynamic DNS?

@lbutlr kremels at kreme.com
Thu Dec 24 15:48:16 UTC 2020

On 23 Dec 2020, at 21:23, Grant Taylor via bind-users <bind-users at lists.isc.org> wrote:
> On 12/23/20 6:53 PM, @lbutlr wrote:
>> Give that I have a authoritative bind9 server for example.com and given that I have a home connection that is (technically) dynamic home.example.com what is the easiest way for me to automatically update the DNS on the rare occasions that it changes?
> I assume:
> 1)  That example.com is a stand in for the real domain name(s)

That is what example.com always is, yes.

> 2)  Your bind9 server is somewhere on the Internet

As I said, it is authoritative for example.com.

> 3)  You are asking how to dynamically update it to change where home.example.com resolves to.


>> The example.com domain is setup with DNSSEC and the home connection has a rPI already acting as an unbound/piHole server, if that helps.
> Are you wanting to do some sort of zone transfer from the rPI to BIND?

No, I just want my bind server to get updated with the external IP of my home connection when it changes and update the A pointer.

> Is home.example.com public or private?  Can the world query it?

The world can reach my home connection, but no the world cannot send DNS queries to it since it does not run an external DNS server (unbound is just a catching server, piHole is a DNS blocker that prevents LAN machines from reaching known bad hosts).

>> I used to use a dynamic DNS service, but I figure I have the tools available to do this all myself. What am I doing right now is just manually changing the IP.
> I'm going to further assume:
> 4)  That you have home.example.com delegated to the rPI at your house.

No, I just have home.example.com as a A record the points to my home IP address. There is no delegations and no subdomains for home.example.com.

> 5)  That you want to dynamically update this delegation.

I just want to update the IP address in a single A record.

> You can use BIND's support for Dynamic DNS across the Internet.  (I can't speak to the security of such.)  I assume that you will be using something like TSIG keys or Kerberos to authenticate your Dynamic DNS updates.  (Possibly even a VPN or the likes.)

Possibly, though that is certainly part of what I am asking.

> Or you can use nsupdate on the system hosting your public BIND DNS server.

But the bind server doesn't know the new IP address?

> Please clarify where the Dynamic DNS client will be in comparison to the BIND DNS server.  Then we can get into the minutia of how to go about things.

As I said. The bind server is at example.com. It is authoritative for example.com (and several other domains as well).

At home I have a connection to an ISP and that connection MAY change since it is in a DHCP pool. I want to be able to updated my DNS server so that "home.example.com" points to my home IP address.

I have done this in the past with various dynamic DNS services (like DynDNS) where their software client would automatically update a custom subdomain of one of their domains like homeftp.net (the have many and which one isn't relevant) and then on the Bind server I would have, for example, in example.com,

home	CNAME lbutlr.homeftp.net. #example name, not real dynDNS address)

When the client updated my IP address, bind would simply relay connections to home.exmple.com to lbutlr.homeftp.net regardless of what the IP address was.

What I want to do is eliminate the 3rd party service and client so that the bind server can simply have:

home	A # obvs not a real IP

I went to a restaurant that serves "breakfast at any time". So I
	ordered French Toast during the Renaissance.

More information about the bind-users mailing list