On 12/24/20 8:48 AM, @lbutlr wrote:
That is what example.com always is, yes.
Sorry. I'm so used to people not using documentation domains that I double check that they aren't actually trying to literally use documentation domains internally.
It's a refreshing change to see documentation domains / IPs / networks used properly.
I tip my hat to you.
As I said, it is authoritative for example.com.
ACK
Yep.No, I just want my bind server to get updated with the external IP of my home connection when it changes and update the A pointer.
Okay. IMHO that's relatively easy to do. See Stanley's reply as it seems quite good.
About the only thing that I'd do differently is to use update-policy { ... } "grant" statements to more granularly control what the key can update. E.g. allow it to /only/ update A and / or AAAA records for the home.example.com name and nothing else.
An alternative to grant statements is to use a CNAME to yourself in a different sub-domain where you have carte blanch access to update. But, seeing as how the CNAME will reference explicitly one name, you have less of a security risk in the alias domain. E.g. home.example.com -> home.client1.ddns.example.com. Then give each client the ability to update it's client#.ddns.example.com sub-doimain.
I just want to update the IP address in a single A record.
IMHO that makes this almost trivial once you know how to do it.
Possibly, though that is certainly part of what I am asking.
*nod*nod*
But the bind server doesn't know the new IP address?
SSH from rPI to bind9 and remotely run a command. Possibly extracting the IP from the SSH_{CLIENT,CONNECTION} environment variable. ;-)
As I said. The bind server is at example.com. It is authoritative for example.com (and several other domains as well).
*nod*nod*nod* I expect that many on this list have such systems at their disposal. }:-)
At home I have a connection to an ISP and that connection MAY change since it is in a DHCP pool. I want to be able to updated my DNS server so that "home.example.com" points to my home IP address.
Typical and quintessential use case.
I have done this in the past with various dynamic DNS services (like DynDNS) where their software client would automatically update a custom subdomain of one of their domains like homeftp.net (the have many and which one isn't relevant) and then on the Bind server I would have, for example, in example.com,home CNAME lbutlr.homeftp.net. #example name, not real dynDNS address)When the client updated my IP address, bind would simply relay connections to home.exmple.com to lbutlr.homeftp.net regardless of what the IP address was.What I want to do is eliminate the 3rd party service and client so that the bind server can simply have:home A 12.34.56.789 # obvs not a real IP
Aw ... no Test-Net IPs? :-PIMHO what you're wanting to do is quite doable with a little bit of knowledge and trial and error. See Stanley's email for more details on said knowledge.
The only parting thoughts I'll add is that I don't know if TSIG keys are sufficiently secure, or if there is a better option. I've not looked in a while. -- I personally tend to isolate what can be changed with grant statements and consider it good enough. -- This is also where remotely executing nsupdate through SSH sort of elides this issue and makes things somewhat simpler.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
