updating zones with TSIG, part 2...

  • Thu 06 November 2014
  • misc

In the last entry, I described how to create TSIG keys for MD5. Now I'm going to talk about how to use them.

I'm cheap. That means like "normal people" I have residential high speed data service at home. None of this highfalutin "business class" service for me, thank you very much!

So, periodically the power goes out or a combine harvester tears up my fiber (this really happened!) and when I get back online I have a new IP address. How do I let the authoritative nameservers for seastrom.com know that I have a new IP address at home? Via a TSIG-signed update. And you can too.

Brief sidebar: finding a place that will tell you what IP address you're coming from without a whole lot of parsing drama can be a little hard. You could go to ARIN's web site and try to strip out your address from the banner. The folks at Dyn offer a similar but much easier to parse service, but I wanted something that was optimized for machines, not for humans. And thus was born myip.seastrom.com / myip4.seastrom.com / myip6.seastrom.com - by connecting to it with curl, you get just your IP address, nothing else. Twenty three lines of node.js is all it took.

OK, back to the task at hand - sending an update. I have a household box that's "always up". Actually, it's the DNS/DHCP server in a VM, but when the house is online, this server is online. Great place for something to run that periodically checks its IP address, then sends an update. This script runs every 5 minutes out of cron:

{% raw %} #!/bin/sh SERVER="bifrost.seastrom.com" HOST="foohost.example.com" KEYNAME="foohost.example.com-20141106-00" KEYHMAC="24z1PFoyhfDgFb20HqMNwQ==" MYIP=curl -s http://myip4.seastrom.com /usr/bin/nsupdate <<END server $SERVER key $KEYNAME $KEYHMAC update delete $HOST A update add $HOST 60 A $MYIP send quit END