Running a secure DDNS service with BIND

If you lack of static ip for your home machines but would like to have static address to access them there is a simple setup to make on your primary DNS server to achieve that.

On our client side let’s generate some keys:

This will results in creating Kkeyname.***.key and Kkeyname.***.private, we will need to copy key from *.private file which will look like this:

Now on server let us edit BIND configuration file (eg. named.conf or named.conf.local) and add:

From now on we can allow zone updates by editing zone declaration and adding allow-update:

Last thing that we need to do on server i restart BIND


On client side we would need to use something capable of updating dns records (eg. nsupdate)



Fixing BIND’s journal out of sync with zone error

When BIND stop to work and throw error like this:

The simplest and fastest fix is by removing that journal file for zone

and then restart bind




Linux – Hide Bind version

If we would like to hide version of our bind server and make it harder for bot to sniff what version you use (assuming you always update 😉 ) you can make it by editing file: /etc/bind/named.conf.options:

Restart service:

Use dig to check that version you use now:



Linux – Own DNS server (bind9)

The second most important service for internet use is DNS server.

In my opinion www server (Apache/NginX) is most important part but DNS is just after it ;-). DNS service use very useful when we are managing your own domain.

Here is the simplest setup for own service:

Everytime we add ‘zone’ file we need to restart server: