Simple Dynamic DNS with MyDNS

From Blink

Some time ago, when I got my first broadband internet connection I wanted to connect to my home computer from anywhere. But I was on DHCP so my IP address was changing almost daily. After trying some ideas I had at the time, I realized I need some easy to use and elegant solution. Since I was already using MyDNS as a DNS server for my domain, the solution was there in front of my nose. Instead of 'remembering' ever changing IP, I created a DNS record for my home computer and created a set of scripts that will update the record when the IP address is changed. So if this sounds interesting to you, continue reading. :)

Contents 1 What is Dynamic DNS 2 What is MyDNS 3 MyDNS Setup 3.1 MyDNS Installation 3.2 MySQL Setup 3.3 Starting MyDNS 4 Create your first zone 5 Setup Dynamic DNS 5.1 Server 5.2 Client 6 Conclusion 7 Notes

[edit] What is Dynamic DNS

"Dynamic DNS is a system which allows the domain name data held in a name server to be updated in real time. The most common use for this is in allowing an Internet domain name to be assigned to a computer with a varying (dynamic) IP address. This makes it possible for other sites on the Internet to establish connections to the machine without needing to track the IP address themselves. A common use is for running server software on a computer that has a dynamic IP address, as is the case with many consumer Internet service providers." ^[1]

Simply put, Dynamic DNS lets you quickly and easily update DNS record for a host whose IP address is constantly changing.

[edit] What is MyDNS

MyDNS is easy to setup and use DNS server with SQL back end. It can use MySQL or PostgreSQL database for storing DNS data. This HOWTO is oriented to MySQL. I assume that you already have a working database and web server with PHP and DB support and that part will not be covered here. For security reasons, you should run this PHP scripts on a SSL enabled host^[2], but again, that part is not covered in this tutorial.

So, now thats everything clear lets get started.

[edit] MyDNS Setup

[edit] MyDNS Installation

We should first install MyDNS. We need to download the latest version^[3] of the software and prepare it for the installation. Installation is pretty simple and straight forward as you can see. Steps are: download the source, unpack it, configure for compiling, compile, switch to root for installation, install the program and default configuration (we will deal with the config file latter).

server$ cd ~/src
server$ wget http://mydns.bboy.net/download/mydns-1.1.0.tar.gz
server$ tar zxvf mydns-1.1.0.tar.gz
server$ cd mydns-1.1.0
server$ ./configure --prefix=/usr/local
server$ make
server$ su
Password: 
server# make install
server# make conf

MyDNS is now installed.

[edit] MySQL Setup

MyDNS keeps all it's data in the MySQL database so we need to create one and authorize MyDNS user to use it.

mysql> CREATE DATABASE mydns_db;
mysql> GRANT ALL ON mydns_db.* TO mydns@'127.0.0.1' IDENTIFIED BY 'pass';
mysql> FLUSH PRIVILEGES;

With this we created database 'mydns_db' and user 'miljan' who has all the rights on this database. User can connect only from localhost and using password 'pass'.

MyDNS DB is setup and user is created, but the DB is still empty, without data tables. We need to create them too. That can easily be done with mydns command.

server$ mydns --create-tables | mysql -u mydns -ppass -h 127.0.0.1 mydns_db

Finally, change the MyDNS config file (/etc/mydns.conf) so it suites your configuration.

db-host = 127.0.0.1             # SQL server hostname
db-user = mydns                 # SQL server username
db-password = pass              # SQL server password
database = mydns_db             # MyDNS database name

[edit] Starting MyDNS

In folder contrib/ you can find startup scripts you can use to start MyDNS during boot. You can choose between one for RedHat and one for Solaris. If you are not using RedHat you can safely use the other one.

server# cp contrib/mydns.solaris /etc/init.d/mydns
server# chmod +x /etc/init.d/mydns

Start MyDNS.

server# /etc/init.d/mydns start
mydns starting.

And check if it is really started.

server# ps -aef | grep mydns
nobody  15239     1  0  2007 ?        00:01:55 /usr/local/sbin/mydns --background
server# netstat -npl | grep :53
udp        0      0 0.0.0.0:53          0.0.0.0:*             15242/mydns

[edit] Create your first zone

MyDNS comes with web administration interface we can use to create, modify and delete zones in our DNS server. In order to use this interface we need to put it under the document root of our web server. Create a folder '.secret' under the document root and protect it with username and password. The reason why the folder name starts with a dot is to prevent Apache from displaying if someone tries to list the parent folder.

server# mkdir .secret && cd .secret
server# htpasswd -bc .htpasswd mydns secret_password
server# cat > .htaccess << EOF
> AuthUserFile /path/to/webroot/.secret/.htpasswd
> AuthName "Secret facility..."
> AuthType Basic
>
> require user mydns
> ^D

Now try to open the folder (http://www.example.com/.secret/) in web browser. If it asks and accepts your username/password everything is ok. Otherwise, check you web server ErrorLog, maybe you need to allow htaccess in your Apache configuration file.

Web interface to MyDNS is located in contrib/ folder of MyDNS source and it's called admin.php. Copy that file into .secret/ folder and configure the right DB connection parameters.

$dbhost = "127.0.0.1";
$dbuser = "mydns";
$dbpass = "pass";
$dbname = "mydns_db";

$auto_update_serial = 1;

You can now add your first zone.

[edit] Setup Dynamic DNS

[edit] Server

Now comes the interesting part where we setup our little DYNDNS. Copy the file called dyndns.php into your .secret folder and configure it with correct parameters.

$dbhost="127.0.0.1";                                    # MySQL hostname
$dbuser="mydns";                                        # MySQL username
$dbpass="pass";                                         # MySQL password
$dbname="mydns_db";                                     # MySQL database
                                                        #
$secret="794cea9390770d27fd5437c39d6bfe40afbce115";     # Secret string; this has to be the same as the
                                                        # secret string your clients are using; you can do
                                                        # md5sum on some random file to generate one
                                                        #
$mail_to='admin@example.com';                           # If you want to get email report when records are
                                                        # changed enter you email address here; otherwise
                                                        # keep it empty

As said above, $secret should be a secret string that will allow you to add an extra layer of security. Even if someone guess you web username and password he will still have to guess this string in order to do any harm. You can very easily create this string by issuing md5sum or sha1sum on any file you like. Remember, in this case longer is better. ;)

server# md5sum /etc/passwd
65fa82df21c304ee96109a50859044a2  /etc/passwd
server# sha1sum /etc/passwd
794cea9390770d27fd5437c39d6bfe40afbce115  /etc/passwd

[edit] Client

On the client side, put dyndns.sh script into your cron an schedule it for every 30 minutes, or whatever else suites your needs.

*/30 * * * * /usr/local/bin/dyndns.sh

Before that don't forget to set right permisions.

client# chown root:root /usr/local/bin/dyndns.sh
client# chmod 700 /usr/local/bin/dyndns.sh

...and configure it...

SUB="subdomain"                                         # Name of your subdomain
DOMAIN="example.com"                                    # Name of your domain
FILE=/usr/local/etc/dyndns.conf                         # File where we to save IP information
                                                        #
SERVER="www.example.com"                                # DNS/Web server
USER="mydns"                                            # Username for web authentication
PASS="secret_password"                                  # Password for web authentication
SRV_FOLDER=".secret"                                    # Folder with Dynamic DNS script
SRV_FILE="dyndns.php"                                   # Name of PHP Dynamic DNS script
                                                        #
SECRET="794cea9390770d27fd5437c39d6bfe40afbce115"       # Secret string; this has to be the same as the
                                                        # secret string on the DNS server; you can do
                                                        # md5sum on some random file to generate one

SUB should be subdomain name for this node and DOMAIN, domain to which this node belongs. Client's IP address is saved in txt file ($FILE variable) for purpose of comparing addresses. Client first connects to the server to retrieve it's IP address, and than compares it with the one it saved last time address was changed. If it differs, or file is empty, it issues request for address update and saves the IP value. The reason why client checks it's address with the server and not locally is that client can be behind NAT. In that case address we actually need is the address of the gateway, not the client's address.

[edit] Conclusion

And that's all. I hope some of you will find this interesting an useful. Please post your comments, suggestions and critics. :) Enjoy! :)

[edit] Notes

1. ↑ Wikipedia: http://en.wikipedia.org/wiki/Dynamic_DNS
2. ↑ HTTP communication is performed in plain text format. Which means it can be easily sniffed. That's why it is recomended you run this setup over SSL. All data will be encrypted before sending, making the data unreadable to the third party.
3. ↑ Latest version of MyDNS can be found on this address. http://mydns.bboy.net/download/