I use PowerDNS for my own DNS servers, but what is written in this post can be applied with little changes to any DNS server that doesn’t support DDNS out of the box. Read on to see my situation and the solution!

My setup is like this:

• I have a few colocated servers (my play and experiments machine and NOVIT clients’ machines) – all on static IPs of course. This is where my DNS servers are located too.
• I have one machine at home that I need to be able to access (secondary backups and storage machine). My home Internet connections is a home-user FTH plan provided by romanian ISP RDS (boooooo!). The authentication method is PPPoE, and RDS changes my IP from time to time (usually after I reboot my router or if they have a outage).

My D-Link DIR-300 wireless router has DDNS support, but I don’t want to create an account to one of the many free DNS providers like ZoneEdit (which I already use as backup DNS). It would just be another care for me and not worth it for a single machine. So why not flex my scripting muscle and fix the issue myself?

What I need to do is to have the “hidden machine” (let’s call it the client) find out its IP, then send it to the server, where it will be processed (and the DNS will be updated). I will only talk about the client side in this post.

This is what the client does:

1. Every 15 minutes, a script is run on a cronjob (the script runs as a unpriviledged user).
2. The script uses http://jackson.io/ip/ to find out the router’s IP. The reason: the output is very easy to use in scripts (since there’s no HTTP code, just the IP itself).
3. If the IP is different than the cached (old) IP, the script will write it to a file and scp that file to the server machine (another unpriviledged user there, of course). SSH is configured to only use keys.
4. Magic happens on the server side.

Some notes:

• I have dedicated users, called ddnsuser, on both the client and server machines – they are locked and are only used to run the script.
• The script should do more error checking – both to insure more security and to make sure the IP is valid. For example, if jackson.io is compromised or someone hijacks the DNS responses to my client machine, I am vulnerable to shell commands injection (which, in the worst case, could be carried on to the server, too). I’ll add some more checking when I’ll have time.
• There are other ways to find out the IP than to use a remote, outside my control, server. Most likely, I will change this in the future, by using my own web service that does it.

So, setup time on the client side:

• Create a user called ddnsuser on both the client and the server machines.
• Configure ssh to allow key authentication from the client to the server (so you can scp files without using passwords).
• Save the file update-dns.sh to /home/ddnsuser on the client machine and make it executable.
• Save the cron file ddns.cron to /etc/cron.d on the client machine.

You can download the script and the cron file here (make sure you edit them before using):

• update-dns.sh
• ddns.cron

Enjoy I will publish the second part in a few days!

Related posts:

1. How to make cron send remote email without a MTA on the server
2. Unicul client