4 Update DNS records by simply SSH'ing into a server.
6 The idea is to create a separate "dyndns" user on the DNS server.
7 It gets the ``ssh-dyndns`` script as login shell, so that no other programs
9 SSH provides secure, password-less key-based authentication.
11 Upon login, the remote IP is used to create/update a tinydns file with the
12 DNS record for a hostname given by the SSH client.
13 In addition to the IP record, a TXT record with the update time will be added.
15 tinydns is part of the dbjdns/dbndns package.
24 1. Clone ssh-dyndns into a sensible location, e.g. ``/usr/local/src/ssh-dyndns``::
26 $ cd /usr/local/src/ && git clone git://git.cweiske.de/ssh-dyndns.git
28 2. Create a user with ``ssh-dyndns`` as login shell::
30 $ useradd -g nogroup -m -N -s /usr/local/src/ssh-dyndns/ssh-dyndns dyndns
32 3. Prepare password-less ssh keys for the dyndns user::
34 $ su - dyndns -s /bin/bash
37 4. Prevent showing login messages::
39 $ su - dyndns -s /bin/bash
42 Alternatively, you may commend out the "motd" lines in ``/etc/pam.d/sshd``
43 5. Configure ssh-dyndns as root::
45 $ cp /usr/local/src/ssh-dyndns/ssh-dyndns.sh.config-dist /etc/ssh-dyndns.sh
46 $ nano /etc/ssh-dyndns.sh
48 6. Allow ssh-dyndns to run "sudo make" without password::
51 dyndns ALL= NOPASSWD: /usr/bin/make
56 On a machine at home, or which other IP you want to dyndns, setup a new ssh key
57 as one of your users::
61 $ ssh-keygen -N "" -C "dyndns@home.example.org" -f ~/ssh-dyndns/ssh-dyndns_rsa
63 Copy the contents of the public key (``ssh-dyndns_rsa.pub``) into
64 ``/home/dyndns/.ssh/authorized_keys`` on your server.
66 Run the next command manually to confirm the new ssh key::
68 $ cd ~/ssh-dyndns/ && ssh -i ssh-dyndns_rsa dyndns@example.org home.example.org
70 If that worked, and you DNS entry worked, add the command to cron::
73 # update dns entry home.example.org every 5 minutes
74 */5 * * * * cd /home/$user/ssh-dyndns/ && ssh -i ssh-dyndns_rsa dyndns@example.org home.example.org
79 The configuration file template ``ssh-dyndns.sh.config-dist`` may be copied
80 to either ``/etc/ssh-dyndns.sh`` or ``~/.config/ssh-dyndns.sh``.
82 The system-wide config file is loaded first, the user-specific one after that.
84 The configuration file may define the following variables:
87 Path to the tinydns zone files, e.g. ``/etc/tinydns/root/``
89 File name template. ``%DOMAIN%`` will be replaced with the actual
92 Default: ``data-dyndns-%DOMAIN%``
94 DNS entry TTL (time to live) in seconds
98 Defines patterns for domains that may be dynamically changed.
99 If the domain name does not match the pattern, the script aborts.
101 You may use several patterns by separating them with a space.
102 Shell wildcards are supported (``*`` and ``?``).
104 Default: ``home.example.org *.home.example.org``
110 Simply ssh into the server and pass the hostname as parameter::
112 $ ssh dyndns@example.org home.example.org
114 This will start the ``ssh-dyndns`` script on the remote server, generate
115 the tinydns zone file and run ``make`` in the ``data_dir`` directory to
116 compile the ``data.cdb`` file.
117 tinydns will automatically pick up the change.
120 Check time of last update
121 =========================
124 $ dig +short home.example.org ANY
125 "Last update 2013-08-21 21.21.28+02.00."
131 You can test it locally:
133 1. Create config file::
135 $ cp ssh-dyndns.sh.config-dist ~/.config/ssh-dyndns.sh
137 2. Create dummy makefile::
139 $ touch /tmp/Makefile
143 $ SSH_CLIENT=192.168.1.4 SSH_CONNECTION=1 ./ssh-dyndns foo home.example.org
145 4. See generated file::
147 $ cat /tmp/data-dyndns-home.example.org
152 - IPv6 is not supported yet
158 ssh-dyndns is licensed under the `AGPL v3`__ or later.
160 __ http://www.gnu.org/licenses/agpl.html
166 Written by Christian Weiske, cweiske@cweiske.de