海运的博客

ubuntu安装Knot 域名权威Authoritative DNS服务器配置ddns动态更新ip

发布时间:February 4, 2021 // 分类:DNS // No Comments

目前在使用dnspod更新ddns ip,但是dnspod免费账号ttl最低设置为600,对于要求及时更新的可自己搭建dns服务器更新ddns,本文使用knot,相对bind有占用资源小,配置简单优点。

apt install knot knot-dnsutils

生成远程更新验证key并添加到配置文件,首行格式用于客户端knsupdate验证key:

keymgr -t key_knsupdate
# hmac-sha256:key_knsupdate:USWfnZKqVwfbv/rcaJtyJA+Evj9eS6v23BmXFO0h0r0=
key:
  - id: key_knsupdate
    algorithm: hmac-sha256
    secret: USWfnZKqVwfbv/rcaJtyJA+Evj9eS6v23BmXFO0h0r0=

knot配置文件,knsupdate和主从同步可使用key或ip认证:

server:
    identity: 
    version: 
    nsid: 
    rundir: "/run/knot"
    user: knot:knot
    #listen: [ 0.0.0.0@53, 127.0.0.1@53, ::1@53 ]
    listen: 192.168.1.1@53

log:
  - target: syslog
    any: info

# hmac-sha256:key_knsupdate:USWfnZKqVwfbv/rcaJtyJA+Evj9eS6v23BmXFO0h0r0=
key:
  - id: key_knsupdate
    algorithm: hmac-sha256
    secret: USWfnZKqVwfbv/rcaJtyJA+Evj9eS6v23BmXFO0h0r0=

remote:
  - id: slave
    address: 192.168.2.1@53
    key: key_knsupdate

  - id: master
    address: 192.168.1.1@53
    key: key_knsupdate

acl:
  - id: acl_slave
    #address: 192.168.2.1
    key: key_knsupdate
    action: transfer

  - id: acl_master
    #address: 192.168.1.1
    key: key_knsupdate
    action: notify

  - id: acl_knsupdate
    #address: [ 127.0.0.1, 192.168.1.1 ]
    key: key_knsupdate
    action: update

template:
  - id: default
    storage: "/var/lib/knot"
    file: "%s.zone"

zone:
    # Master zone
  - domain: ddns.haiyun.me
    notify: slave
    #acl: acl_slave
    acl: [ acl_slave, acl_knsupdate ]

knot dns主从同步配置,以上配置文件zone为master,slave要将zone替换为:

zone:
    # Slave zone
  - domain: ddns.haiyun.me
    master: master
    zonefile-load: whole
    acl: acl_master

zone文件:

cat /var/lib/knot/ddns.haiyun.me.zone 
;; Zone dump (Knot DNS 2.7.8)
ddns.haiyun.me.         3600    SOA     ns1.haiyun.me. admin.haiyun.me. 2021020415 60 60 1800 60
ddns.haiyun.me.         3600    NS      ns1.haiyun.me.
ddns.haiyun.me.         3600    NS      ns2.haiyun.me.
1.ddns.haiyun.me.       10      A       1.1.1.1
1.ddns.haiyun.me.       10      AAAA    ::1
www.ddns.haiyun.me.     10      A       1.1.1.1
;; Written 6 records
;; Time 2021-02-04 17:52:03 CST

使用knsupdate动态更新dns ip:

cat > cmd.txt << EOF
server 127.0.0.1
zone ddns.haiyun.me.
del 1.ddns.haiyun.me.
add 1.ddns.haiyun.me. 10 A 1.1.1.1
add 1.ddns.haiyun.me. 10 AAAA ::1
show
send
answer
quit
EOF
knsupdate -y "hmac-sha256:key_knsupdate:USWfnZKqVwfbv/rcaJtyJA+Evj9eS6v23BmXFO0h0r0=" cmd.txt

或通过knotc更改dns记录:

knotc zone-begin ddns.haiyun.me
knotc zone-set ddns.haiyun.me www 10 A 1.1.1.1
knotc zone-commit ddns.haiyun.me

参考:
https://www.knot-dns.cz/docs/2.7/html/reference.html
https://www.knot-dns.cz/docs/2.7/singlehtml/index.html
https://en.wikipedia.org/wiki/Comparison_of_DNS_server_software
https://blog.groverchou.com/2020/08/10/Knot-DNS-%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/

openwrt使用dnspod api自动更新ddns

发布时间:February 12, 2019 // 分类:OpenWrt // No Comments

通过dnspod api实现动态ddns更新ip,ipv4和ipv6支持,shell脚本如下:

#!/bin/bash
token="www.haiyun.me"
domain="haiyun.me"
if which jq > /dev/null; then
  json="jq"
elif which jsonfilter > /dev/null; then
  json="jsonfilter"
else
  echo 'please install jq or jsonfilter'
  exit
fi
if ! which curl > /dev/null || ! which curl > /dev/null; then
  echo 'please install curl and grep'
  exit
fi
if [[ $1 == "list" ]]; then
  curl -s -d "login_token=$token&format=json&domain=$domain" "https://dnsapi.cn/Record.List" | jq -r -M '.records[]|.name + "\t\t " + .type + "\t\t " + .value'
  exit
fi
if [[ $1 == "delete" ]]; then
  if [[ ! $3 || ! $2 ]]; then
    echo 'use ddns.sh delete name type'
    exit
  fi
  id=$(curl -s -d "login_token=$token&format=json&domain=$domain" "https://dnsapi.cn/Record.List" | jq -r -e ".records | .[] | select(.name == \"$2\" and .type == \"${3^^}\")|.id")
  if [[ $id ]]; then
    if curl -s -d "login_token=$token&format=json&domain=$domain&record_id=$id" https://dnsapi.cn/Record.Remove | grep -q '"code":"1"'; then
      echo "sus"
    fi
  else
    echo 'no record'
  fi
  exit
fi
if [[ ! $1 || ! $2 ]]; then
  echo 'use ddns.sh name ip'
  echo 'use ddns.sh list'
  echo 'use ddns.sh delete name type'
  exit
fi
name=$1
new_ip=$2
if [[ $new_ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
  #sleep 10
  #curl http://192.168.168.6/announce.php --silent --output /dev/null
  record_type='A'
  echo 'ipv4'
elif [[ $new_ip =~ ^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}$ ]]; then
  echo 'ipv6'
  record_type='AAAA'
else
  echo "invalid IP address $new_ip"
  #logger -t ddns "invalid IP address $new_ip"
  exit
fi
curl -s -d "login_token=$token&format=json&domain=$domain" "https://dnsapi.cn/Record.List" -o /tmp/dns.txt
if ! grep -q '"code":"1"' /tmp/dns.txt; then
  echo 'get record list error'
  exit
fi

if [[ $record_type == "AAAA" ]]; then
  if [[ $json == "jq" ]]; then
    id=$(jq -r -e ".records | .[] | select(.name == \"$name\" and .type == \"AAAA\")|.id" /tmp/dns.txt)
    ip=$(jq -r -e ".records | .[] | select(.name == \"$name\" and .type == \"AAAA\")|.value" /tmp/dns.txt)
  else
    ip=$(jsonfilter -i /tmp/dns.txt -e "@.records[@.name='$name'&&@.type='AAAA'].value")
    id=$(jsonfilter -i /tmp/dns.txt -e "@.records[@.name='$name'&&@.type='AAAA'].id")
  fi
elif [[ $record_type == "A" ]]; then
  if [[ $json == "jq" ]]; then
    id=$(jq -r -e ".records | .[] | select(.name == \"$name\" and .type == \"A\")|.id" /tmp/dns.txt)
    ip=$(jq -r -e ".records | .[] | select(.name == \"$name\" and .type == \"A\")|.value" /tmp/dns.txt)
  else
    ip=$(jsonfilter -i /tmp/dns.txt -e "@.records[@.name='$name'&&@.type='A'].value")
    id=$(jsonfilter -i /tmp/dns.txt -e "@.records[@.name='$name'&&@.type='A'].id")
  fi
fi
#echo $name;
#echo $id;
#echo $ip;
#echo $new_ip;
if [[ $ip == $new_ip ]]; then
  echo 'no update needed'
  exit
fi
if [[ $id ]]; then
  echo "mod ip"
  if curl -s -d "login_token=$token&format=json&domain=$domain&record_id=$id&value=$new_ip&record_type=$record_type&record_line_id=0&sub_domain=$name" https://dnsapi.cn/Record.Modify | grep -q '"code":"1"'; then
    echo "sus"
  fi
else
  echo "add ip"
  if curl -s -d "login_token=$token&format=json&domain=$domain&sub_domain=$name&record_type=$record_type&record_line_id=0&value=$new_ip" https://dnsapi.cn/Record.Create | grep -q '"code":"1"'; then
    echo "sus"
  fi
fi

在/lib/netifd/ppp-up文件内调用上面的脚本,当pppoe网络连接成功时会执行此文件,$4变量为pppoe连接的本地IP。

/usr/bin/update-ip.sh name $4 > /dev/null 2>&1 &

pppoe只能传递公网ipv4,使用ifstatus可获取pppoe接口ipv6地址和分配内网的ipv6前缀,根据mac生成的ipv6后缀可为内网其它机器做ddns。

ifstatus wan_6
ifstatus wan
ubus call network.interface dump
jsonfilter -i /tmp/wan6.txt -e '@["ipv6-prefix"][0].address'
jsonfilter -i /tmp/wan6.txt -e '@["ipv6-address"][0].address' 

PHP版本:
https://www.haiyun.me/archives/1186.html

dnspod php api ddns

发布时间:February 18, 2018 // 分类: // No Comments

<?php
ini_set('date.timezone','Asia/Shanghai');
if (isset($_REQUEST['id']) && !empty($_REQUEST['id']) && isset($_REQUEST['ip']) && !empty($_REQUEST['ip'])) {
  $ip = trim($_REQUEST['ip']);
  $name =  trim($_REQUEST['id']);
  $token = "www.haiyun.me";
  if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
    $type = "A";
    echo 'ipv4'.PHP_EOL;
  } elseif (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
    $type = "AAAA";
    echo 'ipv6'.PHP_EOL;
  } else {
    echo "invalid IP address $ip".PHP_EOL;
    exit;
  }
  if (($list = getlist($token))) {
    $key = $name.'-'.$type;
    if (isset($list[$key])) {
      if ($ip == $list[$key]['value']) {
        die("no update needed".PHP_EOL);
      } else {
        $list[$key]['value'] = $ip;
      }
    } else {
      $list[$key]['value'] = $ip;
      $list[$key]['record_type'] = $type;
      $list[$key]['sub_domain'] = $name;
    }
    modip($token, $list[$key]);
  }
  file_put_contents('ip/ip.log', date("Y-m-d-H:i:s").'--'.$name.'--'.$_SERVER['REMOTE_ADDR'].'--'.$ip."\n", FILE_APPEND);
}

function modip($token, $value) {
  if (isset($value['record_id'])) {
    $url = "https://dnsapi.cn/Record.Modify";
  } else {
    $url = "https://dnsapi.cn/Record.Create";
  }
  $str = http_build_query($value);
  $post_data = "login_token={$token}&format=json&domain=haiyun.me&record_line_id=0&".$str;;
  $data = post($url, $post_data);
  $data = json_decode($data, 1);
  if (!$data) {
    return '';
  }
  if ($data['status']['code'] == 1) {
    echo "successful".PHP_EOL;
  } else {
    echo $data['status']['message'].PHP_EOL;
  }
}

function getlist($token) {
  $url = "https://dnsapi.cn/Record.List";
  $post_data = "login_token={$token}&format=json&domain=haiyun.me";
  $data = post($url, $post_data);    
  $data = json_decode($data, 1);  
  if ($data['status']['code'] == 1) {
    foreach ($data["records"] as $value) {
      $list[$value['name'].'-'.$value['type']] = array('sub_domain' => $value['name'], 'record_id' => $value['id'], 'record_type' => $value['type'], 'value' => $value['value']);
    }
    return $list;
  }
  return "";
}

function post($url, $post_data) {
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($ch, CURLOPT_TIMEOUT, 5);
  curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
  curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0');
  curl_setopt($ch,CURLOPT_POST, 1);
  curl_setopt($ch,CURLOPT_POSTFIELDS, $post_data);
  $data = curl_exec($ch);
  curl_close($ch);
  return $data;
}
?>

shell版本:
https://www.haiyun.me/archives/1305.html

ROS动态DNS更新IP到dyndns.org

发布时间:November 2, 2012 // 分类:ROS // No Comments

本脚本用于ROS更新IP至DDNS,适用于dyndns.org。

#https://www.haiyun.me
#设置变量
:local ddnsuser "onovps"
:local ddnspass "onovps"
:local ddnshost "onovps.dyndns.org"
:local ddnsinterface "pppoe-out1"

#设置IP变量
:global newip
:global lastip
:if ([ :typeof $lastip ] = nil ) do={ $lastip "0" }

#获取当前外网IP
:set newip [ /ip address get [/ip address find interface=$ddnsinterface ] address ]
#去掉IP的网段
:set newip [:pick $newip 0 [:find $newip "/"]]

#判断新旧IP是否相同
:if ([ :typeof $newip ] = nil ) do={
   :log info ("DynDNS: " . $ddnsinterface . "没有获取到外网IP")
} else={
  :if ($newip != $lastip) do={
    :log info ("DynDNS:" . $ddnsinterface . "更新IP为" . $newip)
    :local str "/nic/update?hostname=$ddnshost&myip=$newip&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG"
    /tool fetch address=members.dyndns.org src-path=$str mode=http user=$ddnsuser password=$ddnspass dst-path=("/DynDNS.".$ddnshost)
    :delay 1
    :local str [/file find name="DynDNS.$ddnshost"];
    /file remove $str
#设置新IP为上次IP,供下次调用
    :global lastip $newip
  }
}

使用BIND配置动态DDNS

发布时间:July 6, 2012 // 分类:DNS // No Comments

BIND下可通过nsupdate远程、本地动态更新域指向,无需重启BIND,即DDNS,相应域规则需配置allow-update权限。
直接允许指定IP更新:

#https://www.haiyun.me
allow-update { 8.8.8.8; };

或以密钥方式验证:

dnssec-keygen -a HMAC-MD5 -b 512 -n HOST ddns #生成密钥类型为HOST,主机名ddns
cat Kddns.+157+61025.key #查看生成的密钥,后续需添加到配置文件中
ddns. IN KEY 512 3 157 S/ZqoSgQB3OZ8M0Bm4rTFJp54zTEZoBqHLMjg/ljdCTH/8VTYMvxornk y0bCpuAC0VwHzX3Eq+2Fymw/L+iQdA==

添加到主配置:

key "ddns" {
        algorithm hmac-md5;
        secret "S/ZqoSgQB3OZ8M0Bm4rTFJp54zTEZoBqHLMjg/ljdCTH/8VTYMvxornk y0bCpuAC0VwHzX3Eq+2Fymw/L+iQdA==";
};
zone "www.haiyun.me" IN { #相应域授权
        type master;
        file "named.www.haiyun.me";
        allow-query { any; };
        update-policy {
        grant ddns name ddns.www.haiyun.me. A; #仅允许对ddns.www.haiyun.me A记录进行更改
        };

复制生成的公钥与私钥到执行更新的服务器,执行更新操作:

nsupdate -k Kddns.+157+61025.key
> server 184.164.141.188
> update delete ddns.www.haiyun.me
> update add ddns.www.haiyun.me 60 A 8.8.8.8
> send
> quit

新建脚本自动更新IP:

#!/bin/bash
while ture
do
interface=pppoe-wan
dnsserver=184.164.141.188
keyfile=/root/Kddns.+157+61025.key
keydir=/root/
domain=ddns.www.haiyun.me
ddnsip=ping -c 1 $domain|grep from|awk '{print $4}'|sed 's/:$//g'
ip=`ifconfig pppoe-wan|grep inet|awk -F"[ ]+|[:]" ' {print $4}'`
if [ $ddnsip == $ip ]
    echo "当前IP没有更改"
else
cd $keydir
echo "server $dnsserver"                       >  ddns
echo "update delete $domain A "               >>  ddns
echo "update add    $domain 600 A $ip"        >>  ddns
echo "send"                                   >>  ddns
nsupdate -k $keyfile -v ddns
fi
sleep 300
done
分类
最新文章
最近回复
  • zr: 大佬,这个bash-completion是从哪个源搞到的
  • 姚生: 要要下载
  • 阿东: 我在编译树莓派的时候也遇到同样的问题,后来发现是make menuconfig 的时候忘了带环...
  • crowjin: 你确定这能过滤??不是所有请求都返回空地址::?
  • : linux系统上单个网卡多条宽带拨号获取公网IP,外网可以访问这些IP,有偿! Q:25299...
  • 硅谷少年: 非常有用,感谢分享
  • spartan2: https://dashboard.hcaptcha.com/welcome_accessib...
  • 海运: 应该能,在购买页面先手工跳过cf机器验证,后续一定时间内不更换ip应该不会再次验证。
  • spartan: 大佬斯巴达开启了CF的机器识别验证,请问插件能自动跳过吗? 另外这个脚本有没有简单使用说明,新...
  • vincent: 膜拜大佬