Dynamic DNS

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search

Dynamic DNS[1] (DDNS) can be used to locate, or establish VPN connections with, a firewall that gets its WAN IP address dynamically, perhaps using DHCP from the internet service provider.

Hurricane Electric example

If you register for a free domain at https://dns.he.net and delegate some domain to them, you can use their excellent, free, dynamic DNS service. Unlike Dyn and other similar companies, they don't offer/require sub-domains. Instead, use one of your own domains, and delegate a sub-domain.

  1. In the DNS of your primary domain, add ns1.he.net up to ns5.he.net as NS records for a new sub-domain called for example dyn.yourdomain.com
  2. Go to http://dns.he.net and create a free account
  3. Press "Add a new domain" and type the sub-domain your created in step 1
  4. Add a new A record to that domain, for example office.dyn.yourdomain.com and check "enable dynamic DNS"
  5. Press the icon in the "DDNS" column to generate a dynamic DNS password

There are a few ways to actually update the DNS record. The most simple way is to request the URL http://domain:password@dyn.dns.he.net/nic/update?hostname=domain regularly from a cron[2] job. One could also install the ddclient[3] package using pkg_add. However, because it's so simple, I personally prefer to create a shell script.

Begin by enabling root access. Then create a file such as /cfg/dyndns.sh (for example using vi) with the content

while true
        newaddr=`ifconfig egress | grep inet | grep -v fe80:: | head -n 1 | cut -d' ' -f2`
        if [ "$newaddr" != "$oldaddr" ]
                ftp -o /tmp/dyndns.log "http://$domain:$pass@dyn.dns.he.net/nic/update?hostname=$domain"
                res=`cat /tmp/dyndns.log`
                logger "Address changed from $oldaddr to $newaddr, updated dynamic DNS, response $res"
        sleep 1

and make sure it's started during boot by running

# echo "sh /cfg/dyndns.sh &" >> /cfg/skel/rc.local