Dynamic DNS
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
In This Chapter
Dynamic DNS And NAT Router/Firewalls
Installing And Using ez-ipupdate
© Peter Harrison, www.linuxhomenetworking.com
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
What Is DNS?
As explained on the introduction to networking chapter, DNS is the way in which a URL or domain like www.linuxhomenetworking.com is converted to an IP address.
If you want to host a website at home you have two DNS options:
Static DNS: This is used when your ISP provides you with unchanging "fixed" or "static" Internet IP addresses. Your DNS server acts as the authoritative source of information for your my-site.com domain. You can consider static DNS as the "traditional" or "regular" form of DNS.
Dynamic DNS: Used when you get a changing "dynamic" Internet IP addresses via DHCP from your ISP. You will have to use the services of a third party DNS provider to provide DNS information for your my-site.com domain.
What Is Dynamic DNS?
In many home networking environments, the DSL IP address is provided by DHCP and therefore changes from time to time. Dynamic DNS (DDNS) allows you to host a website such as www.my-site.com in which the IP address is dynamically assigned.
Before considering using a dynamic DNS solution for hosting a website at home with dynamic IPs:
· you must make sure your DSL provider will allow inbound connections, specifically HTTP, or else it will not work
· be prepared for slower response times for your home based site than if you were using a static IP and a regular DNS service.
· register your domain name and read your DDNS provider's instructions on how to use their name servers.
DDNS works by having webmasters register their DDNS sites on the DDNS provider's servers. The web masters then register their domains with companies such as Verisign and RegisterFree and tells these registrars to direct queries to www.my-site.com to the servers of the DDNS provider.
The webserver itself then has a DDNS client program running that updates the DDNS providers name servers with the most current DHCP IP address of the site.
This chapter describes how to configure the most popular Linux based DDNS software ez-ipupdate and DDclient in the following two configurations:
· on a Linux box directly connected to the Internet
· on a Linux box when protected by a NAT router / firewall
Remember that unlike DSL, most cable modem providers may not allow you to host sites at home. dynDNS.org offers a service to overcome this limitation.
Dynamic DNS And NAT Router/Firewalls
As discussed in the introduction to networking chapter, in order to conserve the limited number of IP addresses available for internet purposes, most home router / firewalls will use Network Address translation (NAT) to map a single public DHCP obtained IP addresses to the many private IP addresses within your network.
NAT can fool the operation of some DDNS client software. In these cases, the software can only report the true IP address of the Linux box's NIC interface. If the Linux box is being protected behind a NAT router / firewall then the NIC will report in its data stream to the DDNS provider a private IP address which no one can reach directly via the Internet. The reported value is therefore invalid.
Some DDNS providers use more intelligent clients such as DDclient which can be configured to let the DDNS provider record the public IP address from which the data stream is originating. Once this is done, you'll have to also configure your router / firewall to do port forwarding to make all HTTP traffic destined for the IP address of the router / firewall to be exclusively NAT-ed and forwarded to a single server on your home network. An example of port forwarding with a Cisco PIX firewall is given in both the Cisco PIX firewall chapter and Net-Filter chapters.
Dynamic DNS Prerequisites
Sign Up With A DDNS Provider
First you'll have to register with a DDNS provider, some of which are listed on the Bibliography. This chapter focuses on the services of miniDNS and DynDNS.org. Most DDNS providers assume you are going to create a sub domain of their main domain. For example miniDNS.net will default to a domain such as machine-name.minidns.net.
If you want to create your own domain such as my-site.com, you'll have to do a little extra work. You'll have to register your domain with a DNS registrar such as www.registerfree.com or www.verisign.com. The cost is about US$20 per year.
o The miniDNS registration for your own domain requires you to use the "add DNS Record" link on the registration page to create your own domain.
o With dynDNS.org you'll have to go with their paid service to get a customized domain name. They call it Custom DNS and it doesn't support ez-ipupdate, you'll need DDclient in this case.
First you add your domain such as my-site.com. Then you must add a host record. You can give your machine's name or you can name the machine "www" to create a combined domain-subdomain of www.my-site.com which would be more intuitive to use.
Update Your DNS Registration
If you have your own domain, you'll have to return to www.registerfree.com or www.verisign.com and update the nameserver entries for your domain to point to the name servers of your DDNS provider. DNS queries for my-site.com will eventually query RegisterFree or Verisign which will then refer the query to your DDNS providers name servers which will have the most current IP address of your site because of the DDNS client software you are running at your home site.
Installing And Using ez-ipupdate
Download the tar/gzip file to your server's /tmp directory from the ez-ipupdate site listed in the Bibliography. Use the following commands to extract the contents into a new subdirectory.
[root@bigboy]tmp]# gunzip zip-tar-filename
[root@bigboy]tmp]# tar –xvf tar-filename
[root@bigboy]tmp]# cd /tmp/filename
Follow the install instructions for doing the "make" or program compilation. The ez-ipupdate installation will put the executable file in /usr/local/bin and all the files in the /tmp/filename directory will become extraneous.
The /etc/ez-ipupdate.conf File
ez-ipupdate uses a configuration file named /etc/ez-ipupdate.conf in which you must specify:
o Your registration username and password
o The host name you have selected for your Linux box
o The NIC interface which is connected to your DSL line.
Here is a sample:
service-type=justlinux
user=registration-username:registration-password
host=servername.my-site.com
interface=eth0
Note: The service-type line is specific to your dynamic DNS provider which will often provide a customized /etc/ez-ipupdate.conf file for you to use.
ez-ipupdate And NAT
The ez-ipupdate software runs as a daemon in memory continuously checking the IP address of your NIC. If your Linux server is protected behind a firewall using NAT then the IP address of the NIC won't match that of the public IP address of the firewall and DDNS won't work properly, you'll have to use a client like DDclient which doesn't have this limitation.
Installing And Using DDclient
Another highly used solution is DDclient. The developer of DDclient has recognized the limitations of using ez-ipupdate with NAT. DDclient has a simple "web" update mode which tells your DDNS provider to use the source IP address of the data stream used to update your DDNS record. In most Home / SOHO environments this will be the same as that of the firewalls external NAT IP address.
In cases where "web" mode doesn't work, the DDclient script can also log in and parse out the external IP address of the router. It then communicates this information to your dynamic DNS provider. DDclient claims to offers support for a wide variety of routers from different manufacturers.
Remember, some routers such as the netgear line may provide automatic DDNS service and you may not have to download the software.
Before installing DDclient, read the README file to give you an idea of what to do. Check the Bibliography for the DDclient URL. Here is an example of the steps used to install it.
[root@bigboy tmp]# gunzip ddclient.tar.gz
[root@bigboy tmp]# tar -xvf ddclient.tar
ddclient-3.6.2/
ddclient-3.6.2/COPYRIGHT
ddclient-3.6.2/COPYING
…
…
…
[root@bigboy tmp]# cd dd*
[root@bigboy ddclient-3.6.2]# ll
-rw-r--r-- 1 root root 18007 Jan 3 2002 COPYING
-rw-r--r-- 1 root root 869 Jan 3 2002 COPYRIGHT
…
…
…
[root@bigboy ddclient-3.6.2]# cp sample-etc_rc.d_init.d_ddclient.redhat /etc/rc.d/init.d/ddclient
[root@bigboy ddclient-3.6.2]# /sbin/chkconfig --add ddclient
[root@bigboy ddclient-3.6.2]# cp ddclient /usr/sbin/
The /etc/ddclient.conf File
DDclient uses a configuration file named /etc/ddclient.conf in which you must specify:
o Your registration username and password
o The host name you have selected for your Linux box. This is referenced on the line labeled "server".
o The NIC interface which is connected to your DSL line.
Here is a sample using interface eth0:
## dyndns.org custom addresses
##
## (supports variables: wildcard,mx,backupmx)
##
use=if, if=eth0 # via interfaces
login=your-login # default login
password=your-password # default password
custom=yes \
server=members.dyndns.org, \
protocol=dyndns2 \
your-domain.top-level,your-other-domain.top-level # Your domains here
Before updating the file you can use DDclient with the "-query" option to tell you which is the best mode to use. Here is an example.
[root@bigboy ddclient-3.6.2]# ddclient -daemon=0 -query
use=if, if=lo address is 127.0.0.1
use=if, if=wlan0 address is 192.168.1.100
use=web, web=dyndns address is 97.158.253.26
[root@bigboy ddclient-3.6.2]#
In this case, the simple web mode provides an acceptable value for your external IP address. You can then configure your /etc/ddclient.conf file to use "web"
#use=if, if=eth0 # via interfaces
use=web # via web
Testing Your Dynamic DNS
You can test your dynamic DNS by:
· Looking at the status page of your DNS provider and making sure the IP address that matches your "www" site is the same as your router / firewall's public IP address.
· Using the nslookup www.my-site.com command from your Linux command prompt and see whether you are getting a valid response. If you failed to add your host record, you will get an error message like this:
[root@bigboy tmp]# nslookup www.my-site.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find www.my-site.com: NXDOMAIN
Note: This error could also be due to the fact that your domain hasn't propagated fully throughout the Internet. You can test to make sure everything is OK by forcing NS lookup to query the nameservers directly. The example below queries the miniDNS name server:
[root@bigboy tmp]# nslookup
> server ns1.minidns.net
Default server: ns1.minidns.net
Address: 202.64.51.214#53
> www.my-site.com
Server: ns1.minidns.net
Address: 202.64.51.214#53
Name: www.my-site.com
Address: 12.235.194.96
>
Testing Port Forwarding
Remember to read the configuration manual of your router / firewall to activate port forwarding. Test it by asking a friend to access your web server by pointing their browser to the external IP address of your router / firewall.
No comments:
Post a Comment