In the last entry, I described how to create TSIG keys for MD5. Now I’m going to talk about how to use them.

I’m cheap. That means like “normal people” I have residential high speed data service at home. None of this highfalutin “business class” service for me, thank you very much!

So, periodically the power goes out or a combine harvester tears up my fiber (this really happened!) and when I get back online I have a new IP address. How do I let the authoritative nameservers for know that I have a new IP address at home? Via a TSIG-signed update. And you can too.

Brief sidebar: finding a place that will tell you what IP address you’re coming from without a whole lot of parsing drama can be a little hard. You could go to ARIN’s web site and try to strip out your address from the banner. The folks at Dyn offer a <a href=>similar but much easier to parse</a> service, but I wanted something that was optimized for machines, not for humans. And thus was born / / - by connecting to it with curl, you get just your IP address, nothing else. Twenty three lines of node.js is all it took.

OK, back to the task at hand - sending an update. I have a household box that’s “always up”. Actually, it’s the DNS/DHCP server in a VM, but when the house is online, this server is online. Great place for something to run that periodically checks its IP address, then sends an update. This script runs every 5 minutes out of cron:

#!/bin/sh SERVER="" HOST="" KEYNAME="" KEYHMAC="24z1PFoyhfDgFb20HqMNwQ==" MYIP=`curl -s` /usr/bin/nsupdate&lt&ltEND server $SERVER key $KEYNAME $KEYHMAC update delete $HOST A update add $HOST 60 A $MYIP send quit END