tomclegg.net


Diary
Examples
    256-router
    adzap
    apache-double-reverse
    cacti-adodb-php4
    debian-quota
    diskonmodule
    dollarsperbyte
  >dynip<
    ezmlm-linux
    fbsdhabits
    freebsdclone
    macbook-quantal-sound
    maildirpop3d-awfulhak
    mandy
    md
    mrtg
    net-snmp
    nodefaultroute
    oracle9i
    oracle9i-bsd5
    oracle9i-client
    oracle9i-nat
    php-cgi
    php-commandline
    php-image
    php-kics
    php-mini_httpd
    pinouts
    pizzaperdollar
    plesk-symlink-php
    pxe
    qmail-linux
    qmail-qfilter
    racoon-sonicwall
    redundant-vpn
    rewriterule
    seahorse-workaround
    setting-locale-failed
    smalldog
    snmpv3-cacti
    spamassassin
    squid-tproxy
    supfile
    suse73
    svc-nmbd
    svc-smbd
    svc-smtpd
    switch-virtualbox-virsh
    toyotastereo
    vm
    vn-file
    wmp-invalid
    xcode-remote-install
    xen-eth0-renamed
    xen-monowall
    xen3-ubuntu-dapper
    zz-update-grub-fail
Hire Tom
Mostly Mozart
Patches
School
Scrapbook
Software
Telephones




colocation
comments
davidireland
edsgranola
faq
funsites
goodlooking
goodmovies
google-earth-saucy-amd64
houserules
liberating
resume
resume2
scratch
shopping
snacks
todo
university
warisbogus

Create a DNS group.

# pw groupadd DNS -g 995

Make sure the tinydns data directory is writeable by the DNS group.

# chown root:DNS /service/tinydns/root
# chmod g+rwx,g+s /service/tinydns/root

Split the DNS data into two files, root.data for regular dns entries and dynip.data for dynamic dns entries.

# cd /service/tinydns/root
# mv -i data root.data
# touch dynip.data

Create a Makefile to concatenate the *.data files before running tinydns-data.

data.cdb: data
	/usr/local/bin/tinydns-data
	chmod g+w data.cdb
data: *.data
	echo  >data.tmp '#'
	echo >>data.tmp '# DO NOT EDIT THIS FILE'
	echo >>data.tmp '#'
	cat *.data >>data.tmp
	mv data.tmp data

Create a dynip user and make it a member of the DNS group.

# pw useradd dynip -m -G DNS -s /usr/local/bin/bash

As the dynip user, create bin/ and .ssh/ folders.

# su -l dynip
$ mkdir .ssh
$ chmod 700 .ssh
$ mkdir bin

/home/dynip/bin/register saves the client's current IP address in a file in /home/dynip/data/.

#!/bin/sh
exec </dev/null
if [ "$HOST" = "" ]
then
  echo "dynip register: fatal: no host name"
  exit 1
fi

ip=`echo $SSH_CLIENT | cut -d' ' -f1 | sed -e 's,::ffff:,,'`
if [ "$ip" = "" ]
then
  echo "dynip register: fatal: no ip address"
  exit 1
fi

echo $ip > $HOME/data/$HOST
$HOME/bin/update >/dev/null 2>/dev/null

date
echo "$HOST -> $ip"

/home/dynip/bin/update reads IP addresses from /home/dynip/data/ and writes them in tinydns format in /service/tinydns/root/dynip.data.

#!/bin/sh

domain1=example.com
domain2=example.net
tinydnsroot=/service/tinydns/root

exec </dev/null
TMPFILE=`mktemp /tmp/data.dyn.XXX`
egrep -v '.\.'"$domain1"':' $tinydnsroot/dynip.data \
 | egrep -v '.\.'"$domain2"':' > $TMPFILE
cd $HOME/data
for host in [a-z]*
do
        ip=`cat $host`
        echo >>$TMPFILE "=$host.$domain1:$ip:5"
        echo >>$TMPFILE "=$host.$domain2:$ip:5"
done \
 && chown dynip:DNS $TMPFILE \
 && mv $TMPFILE $tinydnsroot/dynip.data \
 && cd $tinydnsroot \
 && chmod a+r dynip.data \
 && make

Make sure bin/update and bin/register are executable.

$ chmod +x bin/update bin/register

Client setup

Create an SSH key with no passphrase.

# ssh-keygen -t dsa -f /root/.ssh/id_dsa -N ''

Arrange for the client to connect to the server periodically (or, if possible, whenever its IP address changes). If you use daemontools, your run might look like this.

#!/bin/sh
while :
do
  ssh -2 -i /root/.ssh/id_dsa -n dynip@server.ip.addr
  sleep 300
done

For an SSH2 client, add a line like this to /home/dynip/.ssh/authorized_keys on the server.

environment="HOST=mandy",command="export SSH_CLIENT; $HOME/bin/register",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC...QIXUeIq7NCGPv3s= root@mandy

• "HOST=mandy" means this machine will be registered as "mandy"
• "ssh-rsa AAAAB3NzaC...QIXUeIq7NCGPv3s= root@mandy" is the public part of the client's SSH2 key (/root/.ssh/id_dsa.pub on the client)

For an SSH1 client, add a line like this to /home/dynip/.ssh/authorized_keys on the server.

environment="HOST=mal",command="export SSH_CLIENT; $HOME/bin/register",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty 1024 35 1349473699...3027473 root@mal

• "HOST=mal" means this machine will be registered as "mal"
• "1024 35 1349473699...3027473 root@mal" is the public part of the client's key (/root/.ssh/identity.pub on the client)

Execute your run script interactively. This will give you a chance to add the server's key to the client's known_hosts file.

su-2.05b# cd /var/service/dynip
su-2.05b# ./run
The authenticity of host '204.244.102.57 (204.244.102.57)' can't be established.
DSA key fingerprint is c8:b1:de:4d:f6:b3:0d:9d:1d:ed:f9:46:0a:66:d2:da.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '204.244.102.57' (DSA) to the list of known hosts.
Sun Nov 14 21:35:28 PST 2004
mal -> 24.71.13.118
Connection to 204.244.102.57 closed.
^C