Running a secure DDNS service with BIND

If you lack of static ip for your home machines but would like to have static address to access them there is a simple setup to make on your primary DNS server to achieve that.

On our client side let’s generate some keys:

This will results in creating Kkeyname.***.key and Kkeyname.***.private, we will need to copy key from *.private file which will look like this:

Now on server let us edit BIND configuration file (eg. named.conf or named.conf.local) and add:

From now on we can allow zone updates by editing zone declaration and adding allow-update:

Last thing that we need to do on server i restart BIND

 

On client side we would need to use something capable of updating dns records (eg. nsupdate)

 

Facebooktwittergoogle_plusreddit

Fixing BIND’s journal out of sync with zone error

When BIND stop to work and throw error like this:

The simplest and fastest fix is by removing that journal file for zone

and then restart bind

 

 

Facebooktwittergoogle_plusreddit

Linux – Hide Bind version

If we would like to hide version of our bind server and make it harder for bot to sniff what version you use (assuming you always update 😉 ) you can make it by editing file: /etc/bind/named.conf.options:

Restart service:

Use dig to check that version you use now:

 

Facebooktwittergoogle_plusreddit

Linux – Own DNS server (bind9)

The second most important service for internet use is DNS server.

In my opinion www server (Apache/NginX) is most important part but DNS is just after it ;-). DNS service use very useful when we are managing your own domain.

Here is the simplest setup for own service:

Everytime we add ‘zone’ file we need to restart server:

 

Facebooktwittergoogle_plusreddit