Use Dynamic DNS for fun and profit!

David Simmons
August 17, 1997

WHAT IS DYNAMIC DNS?

The Domain Name System (DNS) is a worldwide distributed database that gives meaning to Internet domains and host names. Nameserver machines handle chunks of the database called zones, which correspond to the domain or domains they are responsible for. Traditionally, Internet host information for zones are stored in static tables on nameserver machines. When a change needs to be made, the system administrator must edit these files by hand, then instruct the nameserver software to reload the zones.

Dynamic DNS is a lightweight mechanism which allows data in a zone to be modified without the need for reloading zone data, and is a protocol extension to DNS so the update can theoretically originate from a remote host. This allows DNS data to be modified often with little overhead. RFC2136 specifies the protocol for performing dynamic DNS updates, and RFC2137 specifies an authentication mechanism.

WHO NEEDS DYNAMIC DNS?

The most obvious application of Dynamic DNS is its use in conjunction with DHCP, the Dynamic Host Configuration Protocol. DHCP allows workstations and PCs on a local area network to obtain a dynamically assigned IP address (and other useful information) at boot-time. Because a DHCP server may assign IP address seemingly randomly, it would be useful to assign meaningful DNS entries to these addresses on the fly. For instance, if "Bob" walks into work in the morning and boots up his PC, and the DHCP server subsequently assigns him a dynamic IP address, a DNS entry "bob-pc.company.com" could be dynamically added so other machines on the network could reference his PC without having to know the IP address.

Another good application of Dynamic DNS is to provide static host names for dialup customers of ISPs. Many people would like to have a single, consistant host name for their home computer, but very few ISPs provide static IP addresses these days due to limited address space. If an ISP is using a centralized authentication mechanism, such as RADIUS, the authentication software can be patched to dynamically add user-specific host names to the appropriate forward and reverse DNS zones whenever a user connects to the service.

HOW CAN DYNAMIC DNS BE USED TODAY?

BIND-8, released by the Internet Software Consortium in May of 1997, includes some support for Dynamic DNS as specified in RFC2136. It does not currently include the authentication mechanism that is described in RFC2137, however, meaning that any update requests received from allowed hosts will be honored.

A PRACTICAL EXAMPLE OF DYNAMIC DNS

As an experiment, I set up a system that allows users of a member-only web site to have static host names for their home computers using dialup ISP accounts. The first step was to set up a new domain and zone file, "dyn.company.com", to keep things organized. The entry for the zone in BIND-8's /etc/named.conf looks like:

zone "dyn.company.com" in {
        type master;
        file "dyn.company.com";
        allow-update {localhost;};
};

Note that the "allow-update" only allows update messages from localhost. It would be bad to allow dynamic updates to originate from anywhere, due to BIND-8's lack of RFC2137 implementation. The idea is to implement a web interface for making changes and have a local perl CGI script perform sanity checks and submit the update message.

Because the member-only web site is already password-protected using basic http authentication, the perl script doesn't need to do any password-checking and has all the information it needs to add a DNS entry in the form "username.dyn.company.com" which points to the IP address that the user is currently accessing the web site from. This perl script, referenced below, requires the use of the CGI and Net::DNS perl5 modules.

The end result is that users can update their static name to point to the IP address they originate from. Linux users can put a "lynx" command line in their ppp-up and ppp-down scripts that sets or removes their DNS entry automatically.

REFERENCES

RFC2136 -- Dynamic Updates in the Domain Name System (DNS UPDATE)
This document gives the specification for Dynamic DNS updates.
RFC2137 -- Secure Domain Name System Dynamic Update
This document specifies the authentication mechanism for Dynamic DNS.
dynname.html.txt
HTML interface for the dynname perl script.
dynname.pl
Perl CGI script to handle dynamic updates.
perl-mods/
Some perl modules needed to run dynname.pl.

David Simmons
send mail