When a server is behind a firewall I want to know when the server's public IP address changes, and to communicate it back to my DNS servers at dns.he.net.
I need to know the outside IP address, not the private IP address of the server itself.
DDNS on Debian servers
My registrar (currently hostmonster.com) points at the appropriate name servers. HE.net is great for just supporting DNS. Cloudflare is also a free CDN (content delivery network).
I set up my domain wildsong.biz on Cloudflare on 2017-08-21, as an experiment. Sign up for Cloudflare and let them take care of not just content delivery but also providing DNS for you, for free.
To get DDNS working with CloudFare, get an API key from them and alter your ddclient.conf settings. Mine looks something like this
This was the set up using ddclient running on Bellman.
# We're directly connected to the router use=if, if=eth1 daemon=3600 # check every hour syslog=yes # log update msgs to syslog mail=root # mail all msgs to root mail-failure=root # mail failed update msgs to root pid=/var/run/ddclient.pid # record PID in file. zone=wildsong.biz # did not used ta need this before cloudflare huh wuh? # CLOUDFLARE ssl=yes protocol=cloudflare server=www.cloudflare.com [email protected] password=xxxxxx secret api key goes here xxxxxxxx bellman.wildsong.biz
Run this to test, it will spew out information about what happens and it should also send you an email telling the outcome.
ddclient -daemon=0 -debug -verbose -noquiet . . . DEBUG: get_ip: using if, eth1 reports 18.104.22.168 SUCCESS: bellman.wildsong.biz: skipped: IP address was already set to 22.214.171.124.
HE.net part: Create a key. You have to create a key on the DNS server so that it will trust updates coming from the Debian server.
- Log into dns.he.net
- Go to the appropriate domain
- Click on the entry for the server (create one if it does not exist)
- Check the box "Enable entry for dynamic DNS. This will also clear the current IP address and set TTL to 5 minutes.
- Click Update.
- There will now be a "recycle" type icon for the entry. Click on it to either enter a key or generate a random key.
Debian: Install and configure a DDNS package.
sudo apt-get install ddclient
# /etc/ddclient.conf protocol=dyndns2 use=cmd # Read ip address from Mikrotik cmd=/usr/local/sbin/get_ip.py server=dyn.dns.he.net login=bellman.wildsong.biz password='eOYop3nMoEaT4a4U' daemon=3600 # check every hour syslog=yes # log update msgs to syslog mail=root # mail all msgs to root mail-failure=root # mail failed update msgs to root pid=/var/run/ddclient.pid # record PID in file. bellman.wildsong.biz
Getting the outside IP address
#!/usr/bin/env python # # Read our outside IP address from the Mikrotik router. # import sys,subprocess import re args = ['ssh', '[email protected]', '/ip address print'] re_ip = re.compile(r'^ 1 D ([\d\.]+)') p = subprocess.check_output(args) for line in p.split('\n'): mo = re_ip.search(line) if mo: print mo.group(1) exit(0) exit(-1)
This script relies on an account with an SSH key pair so that it can run commands on the router without requiring a password.
Mikrotik "/IP/Cloud" Service
This uses DDNS to talk to a service hosted by Mikrotik, we don't need it right now.