GnuDIP setup on Ubuntu 10.10

 

*[GnuDIP]: GNU Dynamic IP

Introduction

This article briefly describes the setup of a dynamic dns-server, very similar to those commercial ones from dyndns.org and others. It will need access to the domain's zone file on the service provider's nameserver and will offer to manage dyndns-services using own domain names.

A specialty of the approach here is that a subdomain named `ddns` is added to `yourdomain.tld`. This results in dynamic names like `home.ddns.yourdomain.tld`, so that e.g. `www.yourdomain.tld` is still being managed by the nameservers of the service provider, as they usually offer a more failsafe service level.

Prerequisites

This article assumes a running web-server for the GnuDIP's webfrontend as well as a mysql-server of version > 5. This documentation won't explain their setup in further detail.

The following Ubuntu-packages need to be installed:

~~~
aptitude install bind9 apache2 libapache2-mod-perl2 \
mysql-server dnsutils xinetd wget
~~~

Initially, the following lines have to be added to the zone file of the domain which supposedly managed by the service provider (not locally):

~~~
ddns IN NS ns1.ddns
ns1.ddns IN A {IP_of_the_ddns-server}
~~~

GnuDIP setup

This documentation stores the GnuDIP files in `/opt/gnudip`. Unpacking the GnuDIP sources, the archive actually stores the documentation in its root-folder, which is not very elegant. Therefore, in this article the doc-files go into a subfolder called `doc` whereas everything else will reside in GnuDIP's root folder `/opt/gnudip`.

Create a new directory for GnuDIP:
~~~
mkdir -p /opt/gnudip
~~~

Download the source package:
~~~
(cd /opt/gnudip && \
wget http://gnudip2.sourceforge.net/gnudip-www/src/gnudip-2.3.5.tar.gz)
~~~

Unpack the archive in the recently created directory:
~~~
(cd /opt/gnudip && \
tar xzf /opt/gnudip/gnudip-2.3.5.tar.gz -C /opt/gnudip --strip 2)
~~~

To me, the directory structure of the source package is a bit weird. That's why I reorder a little:
~~~
mkdir /opt/gnudip/doc
tar xzf /opt/gnudip/gnudip-2.3.5.tar.gz -C /opt/gnudip/doc --strip 1
rm -r /opt/gnudip/doc/gnudip
~~~

In `/opt/gnudip/etc/` the new dns-update-keys have to be created for later use with `bind9` nameserver:
~~~
(cd /opt/gnudip/etc && \
dnssec-keygen -r /dev/urandom -a hmac-md5 -b 128 -n HOST gnudip-key)
~~~

This results in two files called `/opt/gnudip/etc/Kgnudip-key.+157+{random_id}.key` and `/opt/gnudip/etc/Kgnudip-key.+157+{random_id}.private`.

GnuDIP's configuration needs to know about the new `private`-file, so the following line in `/opt/gnudip/etc/gnudip.conf` has to be adjusted accordingly:
~~~
nsupdate = -k /opt/gnudip/etc/Kgnudip-key.+157+{random_id}.private
~~~

Database preparation

Given an adequately configured mysql-server, the file `/opt/gnudip/doc/gnudip.mysql` needs to be edited in order to become compatible with recent versions (5.*) of mysql-server:
~~~
(cd /opt/gnudip/doc && \
sed -i "s/\(.*\)default '0'\(.*\)auto_increment,/\1\2auto_increment,/" gnudip.mysql)
~~~

Now, the password for the GnuDIP database has to be set in `/opt/gnudip/doc/gnudip.mysql`. The relevant parts are at:
~~~
grant select, insert, update, delete on gnudip2.to gnudip identified by '{your_password}';
grant select, insert, update, delete on gnudip2.to gnudip@localhost identified by '{your_password}';
~~~
The same password has to be set in `/opt/gnudip/etc/gnudip.conf` at the line containing:
~~~
gnudipdatabase = {your_password}
~~~

Now, the mysql database and tables are created:
~~~
(cd /opt/gnudip/doc && mysql -p < gnudip.mysql) ~~~

Configuration of bind9 nameserver

The update-keys created earlier in GnuDIP's etc-directory have to introduced to `bind9`. Therefore, the key portion in `/opt/gnudip/etc/Kgnudip-key.+157+{random_id}.key` (cryptic string at the end of the file, assuming `8hmy3QYvyfLb8ZB3D5MHsf==` here) is extracted and saved as `/etc/bind/gnudip-key`:
~~~
key gnudip-key {
algorithm hmac-md5;
// the TSIG key
secret "8hmy3QYvyfLb8ZB3D5MHsf==";
};
~~~

A new zone-file for the dynamic domain has be created at `/etc/bind/db.ddns{yourdomain.tld}`. Beware not to mess with the dots:
~~~~
$TTL 86400 ; default TTL (1 day)
@ IN SOA ns1.ddns.{yourdomain.tld}. root.{yourdomain.tld}. (
0 ; serial
3600 ; refresh (1 hour)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
0 ; TTL for NACK-s (0 seconds)
)
IN NS ns1.ddns.{yourdomain.tld}.
ns1 IN A {your_ip_address}
~~~~

Now, the key-file and the zone-file have to be introduced to `bind9`. Therefore the following lines have to be added to the end of `/etc/bind/named.conf`:

~~~
// include definition of GnuDIP update key
include "/etc/bind/gnudip-key";

// define GnuDIP dynamic DNS zone
zone "ddns.{yourdomain.tld}" in {
type master;
file "/etc/bind/db.ddns.{yourdomain.tld}";
allow-query { any; };
update-policy { grant gnudip-key subdomain ddns.{yourdomain.tld}; };
};
~~~

In order to create new journal-files for the dynamic domain, `bind9` will need write access to its configuration directory:
~~~
chown bind /etc/bind
~~~

The nameserver now needs a restart:
~~~
service bind9 restart
~~~

A short test is useful in order to proof the correct implementation until now. First, the connection with the new ddns-nameserver is tested:

~~~
$ dig test.ddns.{yourdomain.tld}

; <<>> DiG 9.6.0-APPLE-P2 <<>> test.ddns.{yourdomain.tld}
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58181 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;test.ddns.{yourdomain.tld}. IN A ;; AUTHORITY SECTION: ddns.{yourdomain.tld}. 0 IN SOA ns1.ddns.{yourdomain.tld}. root.{yourdomain.tld}. 19 3600 1800 604800 0 ;; Query time: 11 msec ;; SERVER: 10.10.10.254#53(10.10.10.254) ;; WHEN: Sun Mar 6 16:38:22 2011 ;; MSG SIZE rcvd: 85 ~~~ Now, the update function is tested: ~~~ $ /usr/bin/nsupdate -v -k /opt/gnudip/etc/Kgnudip-key.+157+{random_id}.private > update add test.ddns.{yourdomain.tld}. 0 A 127.0.0.1
>
> $
~~~

Running the first command again should now resolve `test.ddns.{yourdomain.tld}` to `127.0.0.1`.

Configuration of Apache webserver

In this scenario, `Apache 2` is used to serve the webfrontend for the GnuDIP admin as well as for its users. Also, access to web-application is supposed to run over a ssl-secured connection.

Activate ssl in Ubuntu's `Apache` (load module, activate ssl, restart daemon):
~~~
a2enmod ssl
a2ensite default-ssl
service apache2 restart
~~~

The following lines have to be added to `/etc/apache2/sites-enabled/default-ssl`:
~~~
RedirectMatch ^/gnudip(\/*)$ https://ns1.ddns.{yourdomain.tld}/gnudip/cgi-bin/gnudip.cgi
Alias /gnudip/html/ /opt/gnudip/html/

Options Indexes
ReadmeName .README
HeaderName .HEADER
RemoveHandler .pl
RemoveType .pl
AddType text/plain .pl

ScriptAlias /gnudip/cgi-bin/ /opt/gnudip/cgi-bin/
~~~

`Apache` has to have access to the files above:
~~~
chown -R www-data:www-data /opt/gnudip
~~~

The initial admin-user is created using the following script:
~~~
/opt/gnudip/sbin/gdipadmin.pl -u {admin_name} {admin_password}
~~~

This user can now connect to GnuDIP's webfrontend available at:
~~~
https://ns1.ddns.{yourdomain.tld}/gnudip
~~~

Certainly, it is useful to reconfigure `ns1.ddns.{yourdomain.tld}` to something more memorable. The configuration options there are self explanatory and are not further documented at this point.

`Apache` needs a restart:
~~~
service apache2 restart
~~~

Configuration of xinetd

To be able to use update clients like e.g. `ez-ipupdate` a GnuDIP server on port 3495/tcp has be be set up. This is done by following these steps:

Introduction of port 3495 to the system is done by adding this line to `/etc/services`:
~~~
gnudip 3495/tcp
~~~

The file `/etc/xinetd.d/gnudip` has to be created with this content:
~~~
service gnudip
{
flags = REUSE
socket_type = stream
protocol = tcp
wait = no
user = www-data
server = /opt/gnudip/sbin/gdipinet.pl
bind = 0.0.0.0
}
~~~

`xinetd` needs a restart now:
~~~
service xinetd restart
~~~

Client configuration

A valid update by `ez-ipupdate` may use the following command where [`dyndns_name` == `username`]:

~~~
ez-ipupdate -i {external_interface} -h {dyndns_name}.ddns.{yourdomain.tld} -S gnudip \
-u {username}:{password} -s {address_of_ddns-server}
~~~

Aside from the aforementioned client software GnuDIP comes with command line-based clients of its own in `/opt/gnudip/client`.

An elegant way of updating the dynamic dns entry is GnuDIP's "Auto URL"-function which offers a web-based update-method with an auth-cookie. Using this, a bookmark in a webbrowser can offer a shortcut to a quick IP-update. Also, commandline based browsers like `w3m` or `elinks` can be used to automatically update IPs where no ip-update-client is available.

  1. Hello

    I am currently trying to follow your setup but I am getting stuck on the “nsupdate = -k /opt/gnudip/etc/Kgnudip-key.+157+{random_id}.private”

    I did have look on google

  2. Hello

    I am currently trying to follow your setup but I am getting stuck on the:

    “nsupdate = -k /opt/gnudip/etc/Kgnudip-key.+157+{random_id}.private”

    I did have look on google to see if I could find an example of the random_id could you maybe help me please

    Regards
    Marius

  3. Unfortunately ez-ipupdate as described in your client configuration paragraph does not work for me, I always get the following error message:

    Apr 18 15:45:28 myclient ez-ipupdate[21173]: failure to update em0->MY.IP.ADD.RES

    is it possible here that ez-ipupdate does not work anymore with gnudip?

    • ep-ipupdate works, depending on which plattform you’re using it. In my experience, OpenWRT’s builds usually work fine, while Oleg-builds fail with unknown user or seg-faults. I didn’t get to the bottom of it, but an alternative workaround can found in using the CLI-brower elinks. It supports GnuDIPs Auto URL-feature.

  4. Hi,

    Thanks for sharing this great tutorial about GnuDIP. I have followed it to configure it here in my server, but I didn’t succeed to have it working. I got the following error when I tryed to access the server address: https://ns1.ddns.atcbsb.net.br/gnudip/cgi-bin/gnudip.cgi

    Forbidden

    You don’t have permission to access /gnudip/cgi-bin/gnudip.cgi on this server.

    Any ideia on how to solve this? I have looked into the /opt/gnudip directory and seems that permissions are ok:

    mlino@server1:~# ls -la /opt/gnudip
    total 1548
    drwxr-xr-x 11 www-data www-data 4096 Apr 29 15:07 .
    drwxr-xr-x 3 root root 4096 Apr 29 15:01 ..
    drwxr-xr-x 2 www-data www-data 4096 Sep 3 2003 cgi-bin
    drwxr-xr-x 5 www-data www-data 4096 Jul 16 2002 client
    drwxr-xr-x 2 www-data www-data 4096 Apr 29 15:15 doc
    drwxr-xr-x 2 www-data www-data 4096 Apr 29 15:56 etc
    drwxr-xr-x 2 www-data www-data 4096 Mar 28 2002 fcgi-bin
    -rw-r–r– 1 www-data www-data 1538304 Sep 10 2003 gnudip-2.3.5.tar.gz
    drwxr-xr-x 2 www-data www-data 4096 Jun 1 2002 html
    drwxr-xr-x 3 www-data www-data 4096 Sep 3 2003 lib
    drwxr-xr-x 3 www-data www-data 4096 Feb 21 2002 run
    drwxr-xr-x 2 www-data www-data 4096 May 4 2003 sbin

    Thanks.

Leave a Comment