BIND下可通过nsupdate远程、本地动态更新域指向,无需重启BIND,即DDNS,相应域规则需配置allow-update权限。
直接允许指定IP更新:
#https://www.haiyun.me
allow-update { 8.8.8.8; };或以密钥方式验证:
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST ddns #生成密钥类型为HOST,主机名ddns
cat Kddns.+157+61025.key #查看生成的密钥,后续需添加到配置文件中
ddns. IN KEY 512 3 157 S/ZqoSgQB3OZ8M0Bm4rTFJp54zTEZoBqHLMjg/ljdCTH/8VTYMvxornk y0bCpuAC0VwHzX3Eq+2Fymw/L+iQdA==添加到主配置:
key "ddns" {
algorithm hmac-md5;
secret "S/ZqoSgQB3OZ8M0Bm4rTFJp54zTEZoBqHLMjg/ljdCTH/8VTYMvxornk y0bCpuAC0VwHzX3Eq+2Fymw/L+iQdA==";
};
zone "www.haiyun.me" IN { #相应域授权
type master;
file "named.www.haiyun.me";
allow-query { any; };
update-policy {
grant ddns name ddns.www.haiyun.me. A; #仅允许对ddns.www.haiyun.me A记录进行更改
};复制生成的公钥与私钥到执行更新的服务器,执行更新操作:
nsupdate -k Kddns.+157+61025.key
> server 184.164.141.188
> update delete ddns.www.haiyun.me
> update add ddns.www.haiyun.me 60 A 8.8.8.8
> send
> quit新建脚本自动更新IP:
#!/bin/bash
while ture
do
interface=pppoe-wan
dnsserver=184.164.141.188
keyfile=/root/Kddns.+157+61025.key
keydir=/root/
domain=ddns.www.haiyun.me
ddnsip=ping -c 1 $domain|grep from|awk '{print $4}'|sed 's/:$//g'
ip=`ifconfig pppoe-wan|grep inet|awk -F"[ ]+|[:]" ' {print $4}'`
if [ $ddnsip == $ip ]
echo "当前IP没有更改"
else
cd $keydir
echo "server $dnsserver" > ddns
echo "update delete $domain A " >> ddns
echo "update add $domain 600 A $ip" >> ddns
echo "send" >> ddns
nsupdate -k $keyfile -v ddns
fi
sleep 300
done标签:dns, bind, ddns, 使用bind配置ddns