sandip's blog

Notes on setting up a dynamic dns for home with bind-9.x

1. Generating Secure DNS Keys

On the home/client machine:

# mkdir /etc/bind/tsig
# cd /etc/bind/tsig
# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST host.domain.tld.

Note the "." after the tld. This generates the public and the private keys.




2. named.conf

On the remote server:

Edit "/etc/named.conf" and add the generated key to the conf. (Note the trailing dot):

key host.domain.tld. {
        algorithm hmac-md5;
        secret "qUSfVtkYf7WLxiZaOTN3Ua==";
};




3. Grant Authority

Still on the remote server:

Edit the "/etc/bind/zone.domain.tld" file, and modify the current allow-update line to include the key.

allow-update   { key "default_key."; key "host.domain.tld."; };

This allows full authority to modify any record within the domain (Be Warned).

Restart named and make sure nothing is broken.




4. nsupdate

Back to the client machine:

Run nsupdate to test that the client can now make updates.

# nsupdate -k /etc/bind/tsig/Khost.domain.tld.*.key
> update delete host.domain.tld A
> update add host.domain.tld. 600 A 1.2.3.4
> send
> quit

It first deletes host.domain.tld if it already exists, then recreates it with the given TTL, type, and IP address. The TTL is the time-to-live, which is a value used by other DNS servers to determine how often they refresh the entry for this host. A smaller values means they'll refresh more often, which is what you want for a dynamic entry. "send" tells nsupdate to send the updates to the server.




5. Automate

Create a script and put it in a 10 minute cron to check for changes in the wan ip address and run nsupdate automagically.

# cat /etc/cron.d/ddns
SHELL=/bin/sh
*/10 * * * * root /etc/bind/ddns

Below is an example script that gets the info from a Belkin wireless router within the home lan.

#!/bin/bash
# ddns

HOSTNAME="host.domain.tld"
KEYFILE="/etc/bind/tsig/Khost.domain.tld.*.key"
TTL=600
#LOG="/tmp/ddns_log"
LOG="/dev/null"
IP_FILE="/tmp/ddns_ip"

NEW_IP=`wget -q -O - 192.168.2.1 | grep "Up.*dw" | tr "\n" " " | awk -F "'" '{print $12}'`

function do_nsupdate {
        echo "New IP address (${NEW_IP}) found. Updating..." >> $LOG
        echo $NEW_IP > $IP_FILE
        nsupdate -k $KEYFILE >> $LOG << EOF
        update delete $HOSTNAME A
        update add $HOSTNAME $TTL A $NEW_IP
        send
        quit
EOF
}

if [ ! -f $IP_FILE ]; then
        echo "Creating $IP_FILE..." >> $LOG
        do_nsupdate
else
        OLD_IP=`cat $IP_FILE`
        if [ "$NEW_IP" = "$OLD_IP" ]; then
                echo "new and old IPs (${OLD_IP}) are same. Exiting..." >> $LOG
                exit 0
        else
                do_nsupdate
        fi
fi

exit 0

DAR (Disk ARchive) is a command-line backup tool, that uses compression, makes differential or full backups, which can be split over several files or disks. Dar saves all *NIX inode types, hard links, as well as Extended Attributes. And many other features...

Below are the steps on what was done to get a full archive of an external production server and restore it to a local test machine. The process can also be used for recovering from hard-disk failures.

1. Installation:

VNC server setup:

1. Install the vncserver if not installed already on the server-side.
   

   # up2date -i vncserver
   

2. Set a password for the VNC server. To do this, log in as a normal user and run the command `vncpasswd` from a shell prompt.

   # su - <user1>
   $ vncpasswd
   

   Note: The VNC service will not start unless you have set a password.

3. Edit the "/etc/sysconfig/vncservers" file as below replacing the user values with the actual usernames.
   

   VNCSERVERS="1:<user1> 2:<user2>"
   

Here's a trackback to neworder from where we have been linked!

The below is a simple script that handles sending form data to email using php:

<?php

   // checks to see if the page that called this script was sent from the same host
   if ($_SERVER['REQUEST_METHOD']=="POST"){
      if (strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])>7 ||
         !strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST']))
         die("Bad referer");

      // begin building the message body
      $msg="Values submitted by the user:\n";
      foreach($_POST as $key => $val){
         if (is_array($val)){
            $msg.="Item: $key\n";
            foreach($val as $v){

Linux Newbie Administrator Guide is a complete reference for new Linux users who wish to set up and administer their own Linux home computer, workstation and/or their home or small office network. It is meant to be simple, with just sufficient detail, and always supported with a readily usable example. The topic ranges from Linux installation to some more advanced and useful commands/tools.

In vi use the following:

:%s/^M/\n/g

or with perl on the command line:

$ perl -pi.bak -e 's/^M/\n/g' <filename>

NOTE: Be sure to create the ^M by typing ctrl+V followed by ctrl+M.

^M is ASCII 13 (Ctrl+M), which is the carriage return.

Different operating systems use different symbols to set the end of a line/new line.
Unix uses newline (\n)
Mac uses carriage return (\r)
And Windows/DOS use both (\n\r)

To prevent the ^M from showing up in files, be sure to use ASCII (text) mode when transfering text files.

Prior to rebuilding SRPMs create a seperate account for building RPMs and set up the environment for it:

# su -
# useradd rpmbuild
# su - rpmbuild
# mkdir -p rpm/{BUILD,RPMS/$ARCH,RPMS/noarch,SOURCES,SRPMS,SPECS,tmp}

Replace "$ARCH" with the architecture(s) you plan to build packages.

Then create the minimal "~/.rpmmacros" file with the below contents:

%_topdir               /home/rpmbuild/rpm
%_tmppath              /home/rpmbuild/rpm/tmp

Now we are ready to build RPMs from SRPMs.

1. Download the latest source rpm from dag.wieers.com to the "~/rpm/SRPMS" directory.
   

Prior to using cvs, set up the CVSROOT and EDITOR environment if not set up already.

$ export CVSROOT=/path/to/cvsroot
$ export EDITOR=vi

There are only a handful of CVS commands that you need to know to get everything done to control a project. All the commands share a common general syntax of:

$ cvs [-d cvs_root_path] command [command-options-and-arguments]

1. init: Create/initialize a project.
   

   $ cvs -d /path/to/cvs/PROJECT init
   

On follow up of the comment at: secure ssh...

To disallow direct root login via SSH, edit the "/etc/ssh/sshd_config" file with a text editor and find the following line:

#PermitRootLogin yes

Change the yes to no and remove the comment character at the beginning of the line:

PermitRootLogin no

Restart the sshd service.

# service sshd restart

It is also recommended to restrict access to your system by limiting users root access with the su command.

Add trusted users to the special administrative group called wheel via:

# usermod -G wheel <username>

Next open the PAM configuration file for su, "/etc/pam.d/su" in a text editor and remove the comment [#] from the following line:

auth  required /lib/security/pam_wheel.so use_uid

The root user is part of the wheel group by default and doing this will permit only members of the administrative group wheel to use the program.

Additionally, you can change the permission on the 'su' binary as below: