Network & Systems Architect

Welcome to my little blog. I am mostly techie over here, blogging about networking and system administration topics, but there will also be some Travel Reports from time to time…

How to Create your own ‘DynDNS’ Service

February 27, 2011Christian Kildau2 Comments

First off: This is not DynDNS as you might know it from You can’t use clients like ddclient. I’m using DNSSEC and ‘nsupdate’. You’ll need to be familiar with Bind and some shell scripting… Also I only got this working on *nix and I don’t have any intention to try it on Windows.

Let’s start with what you have to do on your client:

$ dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom

Now copy (your pubkey) to your server’s configdir (in case of Debian: /etc/bind) and define it as follows:

key {
        algorithm HMAC-MD5;
        secret "<put key from here>";
zone "" {
        type master;
        file "master/";
        allow-update { key; };

This allows everyone with the key, to update zone ‘’. Feel free to find out how to do privilege separation on your own Back to your client: Since we can’t use ddclient or similar clients, I wrote my own small script:

dir=$(dirname $0)
old_ip=$(cat $dir/ip_cur.txt)
new_ip=$(ifconfig pppoe0 | grep -E 'inet.[0-9]' | 
       grep -v '' | awk '{ print $2}')

if [ $old_ip != $new_ip ];
  echo $new_ip >> $dir/ip_log.txt
  echo "server <yourserver>nzone 
    nupdate delete A
    nupdate add 60 A $new_ip 
    nsend" > $dir/ip_nsupdate_instructions.txt
  nsupdate -k $dir/ 
    $dir/ip_nsupdate_instructions.txt || exit 1
  echo $new_ip > $dir/ip_cur.txt

My script get’s the current IP Address of pppoe0, compares it to the one from it’s previous run and executes ‘nsupdate’ if they mismatch. ‘nsupdate’ doesn’t accept it’s configuration from stdin, that’s why I needed to hack around with echo… If ‘nsupdate’ fails (due to connection issues or something like that) my script exits. If update was successful it writes the current ip into ip_cur.txt, so the script only executes ‘nsupdate’ on IP Address change and not every time your run it. Add my script to crontab to run it once a minute or so…

* * * * *

This article has 2 comments
  1. Apo

    If you’re using pppd, you can just create an executable file in your pppd’s ip-up.d folder (in my case that’s /etc/ppp/ip-up.d), or edit the ip-up script.

    Contents of my /etc/ppp/ip-up.d/60-dyndns:

    nsupdate -k /etc/nsupdate/named.private << EOF
    update delete A
    update add 60 A $4

    pppd will run the ip-up script every time you get a new IP, so you don’t have to poll your interface every minute.

    There’s also a patch for ddclient to run nsupdate, but that’d mean that you have to disable updates in your package manager, so meh.


Leave a Reply

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.