Helmut Pozimski
9799509da3
dnsping_v6: filter the private prefixes with :: to avoid catching addresses that have these somewhere in the middle
|
7 سال پیش | |
|---|---|---|
| .. | ||
| README.md | 8 سال پیش | |
| dnsping.py | 8 سال پیش | |
| dnsping_v6.sh | 7 سال پیش | |
| update_ip.sh | 8 سال پیش | |
README.md
dnsping
A collection of scripts to run your own dynamic DNS service. It is based on the assumption that you already have an authoritative DNS server running and a domain you want to use for your dynamic (sub)domain entry.
Requirements
dnsping requires the following components to work:
- Bind9
- apache web server with mod_wsgi
- bash
- python 2
- dig,nsupdate (usually part of the package "dnsutils")
- curl (on the client side)
Components
dnsping.py
This is the main script. It runs on the web server using python and mod_wsgi. It receives the changes to the IP address from the GET parameters in it's URL and saves it to a temporary file from where they can be processed by update_ip.sh which tells the DNS server to update the zone file. Currently dnsping.py does not perform any input validation and should be secured by configuring user authentication on the web server level.
update_ip.sh
This bash scripts runs on the web server. It reads the files created by dnsping.py and passes the IP addresses on to the DNS server to update the zone file. It is a separate script so (if your setup requires it) you could periodically run it as root through cron or another mechanism and the web application can run without requiring any privileges.
dnsping_v6.sh
This is an optional helper script that can be run on any client to update it's IPv6 address (which might change at regular intervalls) to the dnsping service. In a typical setup, the router will be assigned a prefix and will announce it to the other computers in the network so if you want to put the IPv6 address of a specific computer in your DNS record, it's currently the best option to query it directly at the client and update from there.
Installation and configuration
Apache2 and dnsping
After installing the apache web server and the wsgi module, you need to create a vhost to use for dnsping. The script "dnsping.py" is supposed to be placed directly in the document root and has to be readable by the web server. The script requires a sub-directory called "tmp" to store the data submitted to it which has to be writable by the web server. A sample vhost to use with dnsping could look like this:
<VirtualHost IPv4 address:443 [IPv6 address]:443 >
ServerName $domain
ServerAdmin $email_address
DocumentRoot /var/www/dnsping
<Directory /var/www/dnsping>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride AuthConfig
Require all granted
</Directory>
<IfModule ssl_module>
SSLEngine On
SSLCertificateFile $cert_path
SSLCertificateKeyFile $key_path
Header always set Strict-Transport-Security "max-age=15768000"
</IfModule>
WSGIScriptAlias / /var/www/dnsping/dnsping.py
WSGIDaemonProcess dnsping processes=1 threads=1 display-name=%{GROUP}
WSGIProcessGroup dnsping
ErrorLog ${APACHE_LOG_DIR}/dnsping_error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/dnsping_access.log combined
</VirtualHost>
This assumes that your document root is /var/www/dnsping, please adapt everything to your needs. The options for authentication, HSTS (requires mod_headers) and TLS are optional but highly recommended. The user authentication would in this case happen with a .htaccess file in the document root but could also be defined directly in the vhost configuration.
After everything is configured properly, you can test the functionality with a manuall call:
curl --user user:password "https://domain/?ipv6=ipv6_address&ipv4=ipv4_address"
If the call was successful, the addresses passed in the parameters will be saved in tmp/ipv4_address and tmp/ipv6_address.
Bind9
The zone that contains the (sub)domain you want to update dinamically needs to already be configured in Bind. To be able to update the zone using nsupdate, the follwoing option needs to be set in the definition of the master zone:
update-policy local;
After setting this option, you should no longer edit the zone manually, all updates should happen using "nsupdate". Should manual changes be required, they should only happen after doing a "rndc freeze" first. Please read the bind manual if you any questions regarding the specific functionality.
update_ip.sh
In this scripts, there are several variables that need to be filled to adjust everything to your specific setup. It should be placed somewhere the user that is executing it can access it and be made executable. Since there is no mechanism that would propagate updates automatically implemented currently, I assume that this script is executed as root via cron. Example:
* * * * * root /usr/local/sbin/update_ip.sh
Execution and correct functionally can of course be tested manually.
dnsping_v6.sh
To execute this script on a client computer, the URL and the user credentials have to be entered into the script and a cron job created to execute it automatically. The script detects the currently active public IPv6 address from the MAC address and sumbits it to the server.
Updating the IP address from your router
Some routers support configuring dynamic DNS services other than the ones preconfigured by the manufacturer. If yours does and you want to have your router automatically update your IP(v4) address each time it changes, a sample configuration (here for a Fritz Box router from AVM) would look like this:
Dynamic DNS provider: Custom
Update URL: https://domain/?ipv4=<ipaddr>
Domain: your sub domain
User name: user name
Password: password