Fool Me Once

For anyone who wants to handle dynamic DNS (either in conjunction with DHCPd or not) with Bind and absolutely hates the verbosity of nsupdate, here’s a shell script which handles the common-cases of adding and removing:

  • Forward/reverse entries
  • CNAMEs

The command line arguments are -k (privkey) -a (action) -h (hostname) -i (ipaddr) -c (cname) -d (debuglevel) (-t ttl)

    setns -k privkey -a set -h hostname (-i ipaddr|-c cname) [-d #] [-t ttl]
    setns -k privkey -a unset -h hostname (-i ipaddr|-c cname) [-d #]

You need to be familiar enough with Bind9/DNS to have created a keypair with dnssec-keygen and added it to your named.conf.

Other ways of simplifying this are a Tcl/Tk GUI tool and a python script. Neither of which have the distinct advantage of my tool: giving me an excuse to do useful/interesting things with bash. Downsides are perennial scripting problems with insufficient input validation, it’s not transactional (i.e. if the second half fails it won’t back out the first half), and it requires FQDNs rather than using your search domain.

The script, available under the GPL.

Also, good to see all the progress we’re making in the illegal, immoral, unjust, but magically winnable war to let Exxon take upwards of 75% profits on all the unexploited oil reserves in the Baghdad in the Midwest Cornfields.

3 thoughts on “Fool Me Once

  1. forget bind, just use dnsmasq instead.

    The nameserver is authoritative for 4 domains and (currently) 12 VLANs, clients on any one of which could be using DDNS. There are slave nameservers on the other side of the (currently sole, soon to be many) WAN link(s), and we need as close to 5-nines as is practical.

    I appreciate the pointer, but dnsmasq is not even close to being an option for that situation. 🙂

Comments are closed.