cli.pignat.org

Finding home - dynamic DNS

Finding home - dynamic DNS

by RandomReaper

ubuntu 18.04 hw2018 server network openwrt xsuperseded

This post has been updated.

My ISP would like to charge me $10 a month for a fixed IPv4 address, but accessing your machine remotely only need a know address, not a fixed one, and that’s why dynamic DNS have been invented.

There are plenty of providers for this service, but I use FreeDNS, which provides this service for free for some hosts (5 as of today). Another reason to use this service is that it does not need your account credentials for updates.

Account setup

  • Go to the FreeDNS pricing page, and select an account type, starter is free.
  • Fill in the blanks, confirm your email address, …

Host setup

  • Got the the FreeDNS subdomain page, login.
  • Click Add a subdomain
  • Fill the form
    • Type : A
    • subdomain : mysuperhostname
    • domain : mooo.com (or whichever you want)
    • destination : should be automatically filled with your current external IP address
    • Wildcard : not checked
    • Fill the captcha.
    • Save!
  • Now the subdomain page should show mysuperhostname.mooo.com.
  • Go the the Dynamic DNS page.

ubuntu

There are plenty of DDNS clients for ubuntu, but the quick cron example will just work fine.

  • Click on cron example
  • Copy the file and add it to your cron (see how)
  • Replace http://freedns.afraid.org/dynamic/ by https://freedns.afraid.org/dynamic/
...
# You might need to include this path line in crontab, (or specify full paths)
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin

2,7,12,17,22,27,32,37,42,47,52,57 * * * * sleep 20 ; wget -O - http://freedns.afraid.org/dynamic/update.php?d2VsY29tZSB0byBodHRwczovL2NsaS5waWduYXQub3JnDQo= >> /tmp/freedns_mysuperhostname_mooo_com.log 2>&1 &

openwrt

  • Since the default wget (from busybox) does not support https, the full wget and the certificates must be installed: 
    opkg update
opkg install opkg install wget ca-certificates
  • If you’re using the web interface (luci): 
    opkg install opkg install luci-app-ddns
  • Or without web interface support: 
    opkg install opkg install ddns-scripts
  • edit the file /etc/config/ddns
config ddns 'global'
	option ddns_dateformat '%F %R'
	option ddns_loglines '250'
	option upd_privateip '0'

# Setup a good name, it will be shown in the web interface
# I have chosen a name that reflects the service used and the hostname
config service 'freedns_mysuperhostname_mooo_com'
    
    # Use the internet connected interface
	option interface 'wan'
	
	# Use afraid.org service
	option service_name 'afraid.org-keyauth'

	# Use this authentication key (could be found in the quick cron example)
	option password 'd2VsY29tZSB0byBodHRwczovL2NsaS5waWduYXQub3JnDQo='

	# Use https, since you don't want someone else to update your own IP
	option use_https '1'
	option cacert '/etc/ssl/certs/ca-certificates.crt'

	# Get the external IP from the dedicated google service
	option ip_source 'web'
	option ip_url 'https://domains.google.com/checkip'
	
	# Compare the external IP to this lookup, update when it differs
	option lookup_host 'mysuperhostname.mooo.com'
	
	# Enable!
	option enabled '1'
  • restart the service 
    /etc/init.d/ddns restart

    Verifications

    The IP should be shown almost immediately on the subdomain page. DNS propagation could be a little bit long (3600 seconds caching for free accounts), and this can be verified using dig:

    dig +short mysuperhostname.mooo.com
23.75.345.200

    DNS and caching

    DNS answers can (and will) be cached by the DNS server, and a change in name resolution will take some time to propagate. The duration of the validity for a name resolution is included in the response, it’s the TTL (time-to-live).

The time to live will be a fixed value when asking the authoritative name server, for instance 60 seconds:

dig +nocmd +noall +answer mysuperhostname.mooo.com @ns1.afraid.org
mysuperhostname.mooo.com. 60	IN	A	23.75.345.200

Or a value that decrement when asking another server:

dig +nocmd +noall +answer mysuperhostname.mooo.com 
mysuperhostname.mooo.com. 26	IN	A	23.75.345.200

Some providers does not follow the rules and may cache DNS entries longer.

Notes

The update need a shared secret, in this example d2VsY29tZSB0byBodHRwczovL2NsaS5waWduYXQub3JnDQo=. This one is completly fake, but the real one can be found on the Dynamic DNS page, then by looking in the quick cron sample or at the direct url.

Bonus

echo 'd2VsY29tZSB0byBodHRwczovL2NsaS5waWduYXQub3JnDQo=' | base64 -d

~~~

Question, remark, bug? Don't hesitate to contact me or report a bug.