DynDNS via SSH

I recently switched from Bind to tinydns (part of djbdns/dbndns), which offers extremely simple configuration by using using one single line for a DNS entry in a plain text file. It's so simple that it's scriptable:

$ cd /etc/tinydns/tinydns4/root
$ echo "=cweiske.de:5.35.241.22" > data-cweiske.de
$ make

make concatenates all data-* files into data, and then compiles them into a binary data.cdb file. The change in this file is noticed, and tinydns reloaded.

Dynamic DNS

When I'm aboard, I need access to my home servers every now and then. Knowing the IP address of my DSL connection is crucial to access my network, but it changes every day. My provider thinks that static IP addresses are something to make money from and requires one to buy a more expensive package to get them, which I refused.

My workaround is to update my own DNS server every couple of minutes with my current home IP address - dynamic DNS.

I didn't want to use one of the free DynDNS providers since I don't like to depend on other services if I don't have to. With tinydns, my own DynDNS service was quickly setup.

ssh-dyndns

Running my own server, I want it to be as secure as possible. What's more secure than my trusted SSH connections? SSH supports secure passwordless logins via SSH keys, and that's the level of security I wanted for my automated DNS updates.

The idea is quickly described:

Whenever the dyndns user logs into the server, a script is executed instead of a normal shell. This script, ssh-dyndns, expects one parameter (the desired hostname for the DNS entry) and automatically detects the remote IP by reading the $SSH_CLIENT environment variable. It creates a tinydns DNS entry line, writes that into a dyndns zone file and runs make to update the DNS database.

Apart from that, it generates a TXT record containing date and time of the last update.

I've added some security checks like allowed dyndns hostnames and published the script on my git server, with a mirror on github.

Other implementations

Praxis Software had the same idea already in 2004. I didn't know about their article until I wrote mine..

setting up a dyndns service with route53 gave me the idea with the TXT record.

Written by Christian Weiske.

Comments? Please send an e-mail.