
We have a few customers on dynamic IP addresses that we would like to be able to connect to remotely. If we lead the customer through the procedure to find their IP address and tell us then it all works fine but I'd like something a bit smoother. The customers in this case are charities and other very low budget organisations so even then extra $10/month for a static IP address isn't feasible. I have a bind9 server, can that make use of standard dyndns protocols somehow (even via a separate daemon)? Or anything option would be good too. I'm getting a lot of noise on google when I try and search. Thanks James

On 06/03/13 14:22, James Harper wrote:
We have a few customers on dynamic IP addresses that we would like to be able to connect to remotely. If we lead the customer through the procedure to find their IP address and tell us then it all works fine but I'd like something a bit smoother. The customers in this case are charities and other very low budget organisations so even then extra $10/month for a static IP address isn't feasible.
I have a bind9 server, can that make use of standard dyndns protocols somehow (even via a separate daemon)?
Or anything option would be good too. I'm getting a lot of noise on google when I try and search.
Thanks
James _______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main When I was on an Optus dynamic IP connection temporarily, I used noip address and noip update client.
www.noip.com. Worked well for the short time I used it. They have a free service, but requires you to reactivate once everymonth. Daniel

On 6/03/13 2:22 PM, James Harper wrote:
We have a few customers on dynamic IP addresses that we would like to be able to connect to remotely. If we lead the customer through the procedure to find their IP address and tell us then it all works fine but I'd like something a bit smoother. The customers in this case are charities and other very low budget organisations so even then extra $10/month for a static IP address isn't feasible.
I have a bind9 server, can that make use of standard dyndns protocols somehow (even via a separate daemon)?
Or anything option would be good too. I'm getting a lot of noise on google when I try and search. How are you giving out IP addresses? DHCP? PPPoE? Whatever you're using, you should be able to trigger a dynamic DNS update using the ip-up or equivalent script. It's been years since I've looked into it, but it should be feasible. IIRC, I did actually get something similar working once, several years back.
-- 73 de Tony VK3JED http://vkradio.com

On 6/03/13 2:22 PM, James Harper wrote:
We have a few customers on dynamic IP addresses that we would like to be able to connect to remotely. If we lead the customer through the procedure to find their IP address and tell us then it all works fine but I'd like something a bit smoother. The customers in this case are charities and other very low budget organisations so even then extra $10/month for a static IP address isn't feasible.
I have a bind9 server, can that make use of standard dyndns protocols somehow (even via a separate daemon)?
Or anything option would be good too. I'm getting a lot of noise on google when I try and search. How are you giving out IP addresses? DHCP? PPPoE? Whatever you're using, you should be able to trigger a dynamic DNS update using the ip-up or equivalent script. It's been years since I've looked into it, but it should be feasible. IIRC, I did actually get something similar working once, several years back.
These are remote users. ADSL, probably from Telstra. james

On Wed, 6 Mar 2013, James Harper <james.harper@bendigoit.com.au> wrote:
We have a few customers on dynamic IP addresses that we would like to be able to connect to remotely. If we lead the customer through the procedure to find their IP address and tell us then it all works fine but I'd like something a bit smoother. The customers in this case are charities and other very low budget organisations so even then extra $10/month for a static IP address isn't feasible.
I have a bind9 server, can that make use of standard dyndns protocols somehow (even via a separate daemon)?
http://etbe.coker.com.au/2010/12/08/dynamic-dns/ I use BIND and some shell scripts for this, the above blog post describes what I'm doing. I haven't made any change of note over the last two years so it works well. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

I have a bind9 server, can that make use of standard dyndns protocols somehow (even via a separate daemon)?
http://etbe.coker.com.au/2010/12/08/dynamic-dns/
I use BIND and some shell scripts for this, the above blog post describes what I'm doing. I haven't made any change of note over the last two years so it works well.
Thanks for that. It validates my approach somewhat! On the subject of the -k option - that worked fine for me in testing while the .private and .key files were in the same directory. As soon as I copied the .private key file to another directory (without the .key file), bind gave me some funny syntax errors. I'm not sure if it was the absence of the .key file from that directory or what, but specifying the key as part of the nsupdate script makes a lot more sense - only one file to protect and not visible on the command line from ps. Thanks James

Russell Coker <russell@coker.com.au> writes:
http://etbe.coker.com.au/2010/12/08/dynamic-dns/ IP=$(ip addr list $1|sed -n -e "s/\/.*$//" -e "s/^.*inet //p")
Saw this in moreutils a while back, NFI if it's any good. $ ifdata -pa eth0 203.7.155.89 For ip, you might want to use -o and -4 also.

We have a few customers on dynamic IP addresses that we would like to be able to connect to remotely. If we lead the customer through the procedure to find their IP address and tell us then it all works fine but I'd like something a bit smoother. The customers in this case are charities and other very low budget organisations so even then extra $10/month for a static IP address isn't feasible.
I have a bind9 server, can that make use of standard dyndns protocols somehow (even via a separate daemon)?
Or anything option would be good too. I'm getting a lot of noise on google when I try and search.
I just wrote a quick php script (redacted below) to do this for now. It's basically just for us to be able to connect to remote PCs and servers and we can just schedule a wget to the script with some authentication (htaccess file etc). Most of the servers will be Windows so a wget on a schedule is the most straightforward way to do it. James <? $ip = $_SERVER["REMOTE_ADDR"]; $user = $_SERVER['PHP_AUTH_USER']; $pipespecs = array( 0 => array("pipe", "r"), 1 => array("pipe", "w") ); $proc = proc_open('/usr/bin/nsupdate', $pipespecs, $pipes, '/tmp'); if (is_resource($proc)) { fwrite($pipes[0], "key <domain name> <key> \n"); fwrite($pipes[0], "server <server name>\n"); fwrite($pipes[0], "zone <zone name>\n"); fwrite($pipes[0], "update delete $user.<zone name>. A\n"); fwrite($pipes[0], "update add $user.<zone name>. 900 A $ip\n"); fwrite($pipes[0], "send\n"); fclose($pipes[0]); echo stream_get_contents($pipes[1]); } ?>

I think youi guys might be trying to use a nuclear reactor to boil an egg. Most adsl modem routers support dyndns. It might be worth it to set that up instead. just my 2 cents worth Murray On Wednesday 06 March 2013 03:22:30 James Harper wrote:
We have a few customers on dynamic IP addresses that we would like to be able to connect to remotely. If we lead the customer through the procedure to find their IP address and tell us then it all works fine but I'd like something a bit smoother. The customers in this case are charities and other very low budget organisations so even then extra $10/month for a static IP address isn't feasible.
I have a bind9 server, can that make use of standard dyndns protocols somehow (even via a separate daemon)?
Or anything option would be good too. I'm getting a lot of noise on google when I try and search.
Thanks
James _______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main

On Sun, Mar 10, 2013 at 02:36:49AM +0000, James Harper wrote:
dyndns isn't reliable anymore without spending money
James
I just got mine going again, so it can be done. 1. run dnssec-keygen to create a key:
dnssec-keygen -a HMAC-MD5 -b 128 -n user demo You have to give the key a name, in this case "demo". This produces 2 files:
18:29:20$ cat Kdemo.+157+19918.key demo. IN KEY 0 3 157 V0CPzW/olG4V1uWFH2REDA== 18:29:22$ cat Kdemo.+157+19918.private Private-key-format: v1.3 Algorithm: 157 (HMAC_MD5) Key: V0CPzW/olG4V1uWFH2REDA== Bits: AAA= Created: 20130310071613 Publish: 20130310071613 Activate: 20130310071613
2. configure this key in /etc/named.conf:
key demo { algorithm HMAC-MD5; secret V0CPzW/olG4V1uWFH2REDA==; };
3. Insert or modify "allow-update" lines in each applicable zone to read:
allow-update { key demo; };
4. Configure the key and the zones in which it is to be used in /etc/dhcpd.conf.
key demo { algorithm HMAC-MD5; secret V0CPzW/olG4V1uWFH2REDA==; };
zone mshome.net. { primary 127.0.0.1; key demo; }
zone 0.168.192.in-addr.arpa. { primary 127.0.0.1; key demo; }
For an explanation, see man 5 dhcpd.conf man dnssec-keygen file:///usr/doc/bind-9.9.1-P3/arm/Bv9ARM.html [YMMV] These suggest the name "DHCP_UPDATER" in place of "demo". Cheers ... Duncan. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
participants (7)
-
Daniel Jitnah
-
Duncan Roe
-
James Harper
-
muzza
-
Russell Coker
-
Tony Langdon
-
trentbuck@gmail.com