DDNS

From Wildsong Wiki
Jump to: navigation, search

When a server is behind a firewall I want to know when the server's public IP address changes, and to communicate it back to my DNS servers at dns.he.net.

I need to know the outside IP address, not the private IP address of the server itself.

DDNS on Debian servers

The DNS service is hosted for free at http://Cloudflare.com and/or Hurricane Electric http://dns.he.net

My registrar (currently hostmonster.com) points at the appropriate name servers. HE.net is great for just supporting DNS. Cloudflare is also a free CDN (content delivery network).

Using Cloudflare

I set up my domain wildsong.biz on Cloudflare on 2017-08-21, as an experiment. Sign up for Cloudflare and let them take care of not just content delivery but also providing DNS for you, for free.

To get DDNS working with CloudFare, get an API key from them and alter your ddclient.conf settings. Mine looks something like this

# We're directly connected to the router
use=if, if=eth1

daemon=3600                 # check every hour
syslog=yes                  # log update msgs to syslog
mail=root                   # mail all msgs to root
mail-failure=root           # mail failed update msgs to root
pid=/var/run/ddclient.pid   # record PID in file.
zone=wildsong.biz	    # did not used ta need this before cloudflare huh wuh?

# CLOUDFLARE
ssl=yes
protocol=cloudflare
server=www.cloudflare.com
[email protected]
password=xxxxxx secret api key goes here xxxxxxxx

bellman.wildsong.biz

Run this to test, it will spew out information about what happens and it should also send you an email telling the outcome.

ddclient -daemon=0 -debug -verbose -noquiet
.
.
.
DEBUG:    get_ip: using if, eth1 reports 174.62.120.105
SUCCESS:  bellman.wildsong.biz: skipped: IP address was already set to 174.62.120.105.

Using Hurricane

HE.net part: Create a key. You have to create a key on the DNS server so that it will trust updates coming from the Debian server.

  1. Log into dns.he.net
  2. Go to the appropriate domain
  3. Click on the entry for the server (create one if it does not exist)
  4. Check the box "Enable entry for dynamic DNS. This will also clear the current IP address and set TTL to 5 minutes.
  5. Click Update.
  6. There will now be a "recycle" type icon for the entry. Click on it to either enter a key or generate a random key.

Debian: Install and configure a DDNS package.

sudo apt-get install ddclient

/etc/ddclient.conf

# /etc/ddclient.conf

protocol=dyndns2
use=cmd

# Read ip address from Mikrotik
cmd=/usr/local/sbin/get_ip.py

server=dyn.dns.he.net
login=bellman.wildsong.biz
password='eOYop3nMoEaT4a4U'

daemon=3600                 # check every hour
syslog=yes                  # log update msgs to syslog
mail=root                   # mail all msgs to root
mail-failure=root           # mail failed update msgs to root
pid=/var/run/ddclient.pid   # record PID in file.

bellman.wildsong.biz

Getting the outside IP address

/usr/local/sbin/get_ip.py contains

#!/usr/bin/env python
#
#   Read our outside IP address from the Mikrotik router.
#
import sys,subprocess
import re
args = ['ssh', '[email protected]', '/ip address print']
re_ip = re.compile(r'^ 1 D ([\d\.]+)')
p = subprocess.check_output(args)
for line in p.split('\n'):
    mo = re_ip.search(line)
    if mo:
        print mo.group(1)
        exit(0)
exit(-1)

This script relies on an account with an SSH key pair so that it can run commands on the router without requiring a password.

Mikrotik "/IP/Cloud" Service

This uses DDNS to talk to a service hosted by Mikrotik, we don't need it right now.