Dynamic DNS Notes

phiral.net
Home
1) Generate the keys (using example.org)

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST example.org

This gives you the keys:

Kexample.org.+157+47620.key     Kexample.org.+157+47620.private

The 47620 part is the process id I believe so it will be different for you.

2) Create a example.org.key

Take the info from Kexample.org.+157+47620.key, which contains:

example.org. IN KEY 512 3 157 R3xdgikEvDPbqcI4lwj1RQ==

Use that to make example.org.key which contains:

key example.org. {
        algorithm "HMAC-MD5";
        secret "R3xdgikEvDPbqcI4lwj1RQ==";
};

3) On the dns server make a directory under etc/
   called keys (eg. /var/named/etc/keys)

In named.conf add the line:

include "/etc/keys/example.org.key";

Then alter the zone info from:

zone "example.org" in {
           type master;
           file "db.example.org";
           allow-transfer { 64.200.100.3;  };
};

to

zone "example.org" in {
        type master;
        file "db.example.org";
        allow-transfer { 64.200.100.3;  };
        allow-update {
                key example.org;
        };

};

4) In the zone file change the TTL to 60 seconds, then restart named.