On Sun, Mar 10, 2013 at 02:36:49AM +0000, James Harper wrote:
dyndns isn't reliable anymore without spending money
James
I just got mine going again, so it can be done. 1. run dnssec-keygen to create a key:
dnssec-keygen -a HMAC-MD5 -b 128 -n user demo You have to give the key a name, in this case "demo". This produces 2 files:
18:29:20$ cat Kdemo.+157+19918.key demo. IN KEY 0 3 157 V0CPzW/olG4V1uWFH2REDA== 18:29:22$ cat Kdemo.+157+19918.private Private-key-format: v1.3 Algorithm: 157 (HMAC_MD5) Key: V0CPzW/olG4V1uWFH2REDA== Bits: AAA= Created: 20130310071613 Publish: 20130310071613 Activate: 20130310071613
2. configure this key in /etc/named.conf:
key demo { algorithm HMAC-MD5; secret V0CPzW/olG4V1uWFH2REDA==; };
3. Insert or modify "allow-update" lines in each applicable zone to read:
allow-update { key demo; };
4. Configure the key and the zones in which it is to be used in /etc/dhcpd.conf.
key demo { algorithm HMAC-MD5; secret V0CPzW/olG4V1uWFH2REDA==; };
zone mshome.net. { primary 127.0.0.1; key demo; }
zone 0.168.192.in-addr.arpa. { primary 127.0.0.1; key demo; }
For an explanation, see man 5 dhcpd.conf man dnssec-keygen file:///usr/doc/bind-9.9.1-P3/arm/Bv9ARM.html [YMMV] These suggest the name "DHCP_UPDATER" in place of "demo". Cheers ... Duncan. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html