Bind9 - Dynamic DNS

This is a quick how-to. This represents the bare minimum to get things working on a Debian system. Note: other systems may vary.

Bind9 config

First you need to create your zone file. The location of the file is very specific to Debian. Under the apparmor rules (/etc/apparmor.d/usr.sbin.named) this directory is granted write access, specicifically to dynamically updated zone files.

/var/lib/bind/db.pragmaticaddict.com

$TTL 3600
@ IN SOA pragmaticaddict.com. dnsmaster.pragmaticaddict.com. ( 2404241555 1H 1H 1W 2H )

Next you need to reference the zone file to your config (/etc/bind/named.conf)

zone "pragmaticaddict.com" {
    type master;
    file "/var/lib/bind/db.pragmaticaddict.com";
    allow-update { 127.0.0.1; };
};

A few notes about this config:

allow-update is somewhat secure but the docs lean towards using the more fine grained update-policy.
This zone file can only reside in one bind9 view.

Bind9 client

Bind9 has it’s own updater program nsupdate which can be found in the bind9-dnsutils package in Debian. Note that nsupdate doesn’t really have any command line options, a script needs to be fed into it.

Example script to use dhcp of my internet interface to update dyndns.

/etc/dhcp/dhclient-exit-hooks.d/dyndns

#!/bin/bash

logger dhcp dyndns-pragmatic $new_ip_address

cat <<EOF | nsupdate 
server 127.0.0.1
zone pragmaticaddict.com
update delete www.pragmaticaddict.com. A
update add www.pragmaticaddict.com. 0 A $new_ip_address
update delete pragmaticaddict.com. A
update add pragmaticaddict.com. 0 A $new_ip_address
show
send
EOF

Notes:

You must delete the record you with to update first, before adding to ensure only one A record exists.
The ttl value of 0 provides a non-expiring record.
The show command is optional and helps with debugging.

Created: 2024-04-25

Modified: 2024-04-27