In the last entry, I described how to create TSIG keys for MD5. Now I’m going to talk about how to use them.
I’m cheap. That means like “normal people” I have residential high speed data service at home. None of this highfalutin “business class” service for me, thank you very much!
So, periodically the power goes out or a combine harvester tears up my fiber (this really happened!) and when I get back online I have a new IP address. How do I let the authoritative nameservers for seastrom.com know that I have a new IP address at home? Via a TSIG-signed update. And you can too.
Brief sidebar: finding a place that will tell you what IP address you’re coming from without a whole lot of parsing drama can be a little hard. You could go to ARIN’s web site and try to strip out your address from the banner. The folks at Dyn offer a <a href=http://checkip.dyndns.com>similar but much easier to parse</a> service, but I wanted something that was optimized for machines, not for humans. And thus was born myip.seastrom.com / myip4.seastrom.com / myip6.seastrom.com - by connecting to it with curl, you get just your IP address, nothing else. Twenty three lines of node.js is all it took.
OK, back to the task at hand - sending an update. I have a household box that’s “always up”. Actually, it’s the DNS/DHCP server in a VM, but when the house is online, this server is online. Great place for something to run that periodically checks its IP address, then sends an update. This script runs every 5 minutes out of cron:
MYIP=`curl -s http://myip4.seastrom.com`
key $KEYNAME $KEYHMAC
update delete $HOST A
update add $HOST 60 A $MYIP