[TCLUG] Bind 9

[Nate Carlson]

On 4 Jun 2002, duncan wrote:
> Cool. glad to hear it. Do you use the rndc control feature?

You bet.

I also use signed requests to do DNS updates from my box at home.

This is how I assign a static name to my cablemodem at home.. forget using
dyndns!  :)

how you set that up:

key host.example.com. {
	algorithm hmac-md5;
	secret "shhdonttell";
};

zone "example.com" {
	type master;
	file "example.com";
	update-policy {
		grant host.example.com. name host.example.com. A;
	};
};

this will allow any host providing the secret in the key
'host.example.com' to modify (delete, add, etc) the A record for
host.example.com. Then, in my dhclient-script on my box at home:

echo -e "server ns.example.com\nzone example.com.\nupdate delete host.example.com A\nupdate add host.example.com. 120 A $new_ip_address\n\n" | nsupdate -k /etc/nsupdate.private &> /dev/null

and /etc/nsupdate.private contains:

Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: shhdonttell

/me loves bind9  :)

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (952)943-8700
http://www.real-time.com                | Fax   : (952)943-8500