DDNS - LinuxUserGroupUWSP/RackMesa GitHub Wiki
Create new DNSSEC key.
dnssec-keygen -a HMAC-SHA384 -b 256 -r /dev/urandom -n USER DDNS_UPDATE
Copy key from K*.private file and save to ddns.key.
vi ddns.key
key DDNS_UPDATE {
algorithm HMAC-SHA384;
secret "<key>";
};
Copy ddns.key to DHCP and DNS paths.
cp ddns.key /etc/named/
cp ddns.key /etc/dhcp/
chown root:named /etc/named/ddns.key
chown root:root /etc/dhcp/ddns.key
chmod 640 /etc/named/ddns.key
chmod 640 /etc/dhcp/ddns.key
Allow services with the key to update DNS entries.
vi /etc/named.conf
include "/etc/named/ddns.key";
zone "example.org" {
type master;
notify no;
file "/var/cache/named/db.example.org";
allow-update { key DDNS_UPDATE; };
};
zone "2.168.192.in-addr.arpa" {
type master;
notify no;
file "/var/cache/named/db.192.168.2";
allow-update { key DDNS_UPDATE; };
};
Give DHCP the key and tell it to update DNS.
vi /usr/local/etc/dhcpd.conf
option domain-name "example.org";
ddns-updates on;
ddns-update-style standard;
ignore client-updates;
update-static-leases on;
include "/usr/local/etc/ddns.key";
zone EXAMPLE.ORG. {
primary 127.0.0.1;
key DDNS_UPDATE;
}
zone 2.168.192.in-addr.arpa. {
primary 127.0.0.1;
key DDNS_UPDATE;
}
Tell SELinux to allow named to write master zones.
setsebool -P named_write_master_zones 1
Restart both services.
systemctl restart named
service isc-dhcpd restart
##Hostname Generation if (not (option host-name ~~ "^[a-z0-9][a-z0-9-]+[a-z0-9]$")) { set new_host-name = concat("host-", binary-to-ascii(16, 8, "", substring(hardware, 1, 6))); log(concat("invalid hostname: ", option host-name, " => ", new_host-name)); ddns-hostname = new_host-name; } else { ddns-hostname = pick (option fqdn.hostname, option host-name, substring (option dhcp-client-identifier, 1, 20)); }