以下設定在DDNS的Server
apt install bind9
建立一個 ddns 帳號
tsig-keygen -a hmac-sha512 ddns >> /tmp/ddns.key cat /tmp/ddns.key
key "ddns" {
algorithm hmac-sha512;
secret "lTeWMnY036W3A/Sb775mbAG9QHNiaK+DoQbFyT7k7BDtt12eMIb9ldd0tticGZ2PoSyWnVvB2yR+7zVyBzge2w==";
};
將上面的key貼在下面的設定檔, named.yourddnsdomain.com必須已經預先設定好
vi /etc/bind/named.conf.default-zones
key "ddns" {
algorithm hmac-sha512;
secret "lTeWMnY036W3A/Sb775mbAG9QHNiaK+DoQbFyT7k7BDtt12eMIb9ldd0tticGZ2PoSyWnVvB2yR+7zVyBzge2w==";
};
zone “yourddnsdomain.com" IN {
type master;
file “/var/cache/bind/named.yourddnsdomain.com";
also-notify { xxx.xxx.xxx.xxx; };
update-policy { grant ddns name subdomain.yourddnsdomain.com. A; };
};
以下設定在DDNS的Client
apt install bind9
Copy剛才在Server產生的ddns.key到Client /root/ddns.key
vi /root/do-nsupdate
#!/bin/bash
updateServer=ns1.masterdns.com
updateDomain=subdomain.yourddnsdomain.com
encryptKeyPath="/root/ddns.key"
checkIPWeb="http://checkip.amazonaws.com/"
CURRENT_IP=$(nslookup $updateDomain $updateServer| grep Address | grep -v “#53")
CURRENT_IP=$(echo ${CURRENT_IP:9})
EXT_IP=$(curl $checkIPWeb)
if [ $CURRENT_IP != $EXT_IP ]; then
KEY=$encryptKeyPath
cat <<EOF | nsupdate -k “$KEY"
server $updateServer
update delete $updateDomain. A
update add $updateDomain. 3600 A $EXT_IP
send
EOF
fi
chmod 755 /root/do-nsupdate
vi /etc/crontab
*/5 * * * * root /root/do-nsupdate