=======================================
FreeBSD 14 bind9 ddns
=======================================

How to setup ddns for a domain that can be updated over the internet.

Prerequisites are a working named server and a web server to install the php script.

NOTE: the example php script should only be used for testing.


=======================================
/usr/local/etc/namedb/ddns.tld.key
---------------------------------------

tsig-keygen -a sha512 ddns.tld.key > /usr/local/etc/namedb/ddns.tld.key

ls -l /usr/local/etc/namedb/ddns.tld.key             <---- 644


=======================================
/usr/local/etc/namedb/named.conf.zones
---------------------------------------

include "/usr/local/etc/namedb/ddns.tld.key";

zone "ddns.tld" IN {
        type primary;
        file "/usr/local/etc/namedb/dynamic/db.ddns.tld";
        allow-update {
                key ddns.tld.key;
        };
};


=======================================
/usr/local/etc/namedb/dynamic/db.ddns.tld
---------------------------------------

$TTL 3m
@               IN SOA  ns1.ddns.tld. root.ddns.tld. (
                        1               ; Serial Number
                        10800           ; Refresh after  3 hours
                        3600            ; Retry after    1 hour
                        604800          ; Expire after   1 week
                        86400           ; Minimum TTL of 1 day
                )
@                       NS              ns1.ddns.tld.
ns1                     A               99.99.99.99


=======================================
/tmp/foo
---------------------------------------

server 127.0.0.1
zone ddns.tld
update delete host.ddns.tld. A
update add host.ddns.tld. 2 A 10.10.10.101
show
send


=======================================
test command line
---------------------------------------

named-checkconf

rndc reload

nslookup host.ddns.tld

nsupdate -k /usr/local/etc/namedb/ddns.tld.key /tmp/foo

nslookup host.ddns.tld


=======================================
/path/to/site/testddnsupdate.php
---------------------------------------

<?php

// this script is only a bare essentials example for testing
// you might add an update-policy grant/deny to your zone config to restrict what record types can be updated
// you should create your own script with security such as user validation and hostname association for multiple domain keys

$hostname   = 'mylaptop';
$domain     = 'ddns.tld';
$ip         = $_SERVER['REMOTE_ADDR'];
$key        = '/usr/local/etc/namedb/'.$domain.'.key';

$data       = 'server 127.0.0.1
update delete '.$hostname.'.'.$domain.'. A
update add    '.$hostname.'.'.$domain.'. 2 A '.$ip.'
send
';

exec('echo "'.$data.'" | /usr/local/bin/nsupdate -k '.$key, $out, $ret);

if($ret) {
  print('fail');
} else {
  print('success. check nslookup '.$hostname.'.'.$domain);
}

?>


=======================================
test internet
---------------------------------------

https://ns1.ddns.tld/testddnsupdate.php


=======================================
~/.netrc
---------------------------------------

machine ns1.ddns.tld
login username
password secret

---------------------------------------

chmod 600 ~/.netrc

curl --netrc https://ns1.ddns.tld/testddnsupdate.php


=======================================
references
---------------------------------------

https://man.freebsd.org/cgi/man.cgi?query=named
https://man.freebsd.org/cgi/man.cgi?query=named.conf
https://man.freebsd.org/cgi/man.cgi?query=nsupdate
https://man.freebsd.org/cgi/man.cgi?query=tsig-keygen


=======================================
done
=======================================