GnuDIP setup on Ubuntu 10.10

Posted by digo on March 6, 2011 Leave a comment (7) Go to comments

Contents

 

*[GnuDIP]: GNU Dynamic IP

Introduction

This article briefly describes the setup of a dynamic dns-server, very similar to those commercial ones from dyndns.org and others. It will need access to the domain's zone file on the service provider's nameserver and will offer to manage dyndns-services using own domain names.

A specialty of the approach here is that a subdomain named ddns is added to yourdomain.tld. This results in dynamic names like home.ddns.yourdomain.tld, so that e.g. www.yourdomain.tld is still being managed by the nameservers of the service provider, as they usually offer a more failsafe service level.

Prerequisites

This article assumes a running web-server for the GnuDIP's webfrontend as well as a mysql-server of version > 5. This documentation won't explain their setup in further detail.

The following Ubuntu-packages need to be installed:

aptitude install bind9 apache2 libapache2-mod-perl2 \
                 mysql-server dnsutils xinetd wget

Initially, the following lines have to be added to the zone file of the domain which supposedly managed by the service provider (not locally):

ddns                     IN NS      ns1.ddns
ns1.ddns                 IN A       {IP_of_the_ddns-server}

GnuDIP setup

This documentation stores the GnuDIP files in /opt/gnudip. Unpacking the GnuDIP sources, the archive actually stores the documentation in its root-folder, which is not very elegant. Therefore, in this article the doc-files go into a subfolder called doc whereas everything else will reside in GnuDIP's root folder /opt/gnudip.

Create a new directory for GnuDIP:

mkdir -p /opt/gnudip

Download the source package:

(cd /opt/gnudip && \
 wget http://gnudip2.sourceforge.net/gnudip-www/src/gnudip-2.3.5.tar.gz)

Unpack the archive in the recently created directory:

(cd /opt/gnudip && \
 tar xzf /opt/gnudip/gnudip-2.3.5.tar.gz -C /opt/gnudip --strip 2)

To me, the directory structure of the source package is a bit weird. That's why I reorder a little:

mkdir /opt/gnudip/doc
tar xzf /opt/gnudip/gnudip-2.3.5.tar.gz -C /opt/gnudip/doc --strip 1
rm -r /opt/gnudip/doc/gnudip

In /opt/gnudip/etc/ the new dns-update-keys have to be created for later use with bind9 nameserver:

(cd /opt/gnudip/etc && \
 dnssec-keygen -r /dev/urandom -a hmac-md5 -b 128 -n HOST gnudip-key)

This results in two files called /opt/gnudip/etc/Kgnudip-key.+157+{random_id}.key and /opt/gnudip/etc/Kgnudip-key.+157+{random_id}.private.

GnuDIP's configuration needs to know about the new private-file, so the following line in /opt/gnudip/etc/gnudip.conf has to be adjusted accordingly:

nsupdate = -k /opt/gnudip/etc/Kgnudip-key.+157+{random_id}.private

Database preparation

Given an adequately configured mysql-server, the file /opt/gnudip/doc/gnudip.mysql needs to be edited in order to become compatible with recent versions (5.*) of mysql-server:

(cd /opt/gnudip/doc && \
 sed -i "s/\(.*\)default '0'\(.*\)auto_increment,/\1\2auto_increment,/" gnudip.mysql)

Now, the password for the GnuDIP database has to be set in /opt/gnudip/doc/gnudip.mysql. The relevant parts are at:

grant select, insert, update, delete on gnudip2.to gnudip           identified by '{your_password}';
grant select, insert, update, delete on gnudip2.to gnudip@localhost identified by '{your_password}';

The same password has to be set in /opt/gnudip/etc/gnudip.conf at the line containing:

gnudipdatabase = {your_password}

Now, the mysql database and tables are created:

(cd /opt/gnudip/doc && mysql -p < gnudip.mysql)

Configuration of bind9 nameserver

The update-keys created earlier in GnuDIP's etc-directory have to introduced to bind9. Therefore, the key portion in /opt/gnudip/etc/Kgnudip-key.+157+{random_id}.key (cryptic string at the end of the file, assuming 8hmy3QYvyfLb8ZB3D5MHsf== here) is extracted and saved as /etc/bind/gnudip-key:

key gnudip-key {
      algorithm hmac-md5;
      // the TSIG key
      secret "8hmy3QYvyfLb8ZB3D5MHsf==";
    };

A new zone-file for the dynamic domain has be created at /etc/bind/db.ddns{yourdomain.tld}. Beware not to mess with the dots:

$TTL 86400 ; default TTL (1 day)
@          IN SOA  ns1.ddns.{yourdomain.tld}. root.{yourdomain.tld}. (
                          0       ; serial
                          3600    ; refresh (1 hour)
                          1800    ; retry (30 minutes)
                          604800  ; expire (1 week)
                          0       ; TTL for NACK-s (0 seconds)
                        )
               IN NS    ns1.ddns.{yourdomain.tld}.
ns1            IN A     {your_ip_address}

Now, the key-file and the zone-file have to be introduced to bind9. Therefore the following lines have to be added to the end of /etc/bind/named.conf:

// include definition of GnuDIP update key
include "/etc/bind/gnudip-key";

// define GnuDIP dynamic DNS zone
zone "ddns.{yourdomain.tld}" in {
      type master;
      file "/etc/bind/db.ddns.{yourdomain.tld}";
      allow-query { any; };
      update-policy { grant gnudip-key subdomain ddns.{yourdomain.tld}; };
      };

In order to create new journal-files for the dynamic domain, bind9 will need write access to its configuration directory:

chown bind /etc/bind

The nameserver now needs a restart:

service bind9 restart

A short test is useful in order to proof the correct implementation until now. First, the connection with the new ddns-nameserver is tested:

$ dig test.ddns.{yourdomain.tld}

; <<>> DiG 9.6.0-APPLE-P2 <<>> test.ddns.{yourdomain.tld}
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58181
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;test.ddns.{yourdomain.tld}.        IN  A

;; AUTHORITY SECTION:
ddns.{yourdomain.tld}.  0   IN  SOA ns1.ddns.{yourdomain.tld}. root.{yourdomain.tld}. 19 3600 1800 604800 0

;; Query time: 11 msec
;; SERVER: 10.10.10.254#53(10.10.10.254)
;; WHEN: Sun Mar  6 16:38:22 2011
;; MSG SIZE  rcvd: 85

Now, the update function is tested:

$ /usr/bin/nsupdate -v -k /opt/gnudip/etc/Kgnudip-key.+157+{random_id}.private
> update add test.ddns.{yourdomain.tld}. 0 A 127.0.0.1
>
> $

Running the first command again should now resolve test.ddns.{yourdomain.tld} to 127.0.0.1.

Configuration of Apache webserver

In this scenario, Apache 2 is used to serve the webfrontend for the GnuDIP admin as well as for its users. Also, access to web-application is supposed to run over a ssl-secured connection.

Activate ssl in Ubuntu's Apache (load module, activate ssl, restart daemon):

a2enmod ssl
a2ensite default-ssl
service apache2 restart

The following lines have to be added to /etc/apache2/sites-enabled/default-ssl:

RedirectMatch ^/gnudip(\/*)$ https://ns1.ddns.{yourdomain.tld}/gnudip/cgi-bin/gnudip.cgi
Alias /gnudip/html/ /opt/gnudip/html/
<Location /gnudip/html/>
    Options Indexes
    ReadmeName .README
    HeaderName .HEADER
    RemoveHandler .pl
    RemoveType .pl
    AddType text/plain .pl
</Location>
ScriptAlias /gnudip/cgi-bin/ /opt/gnudip/cgi-bin/

Apache has to have access to the files above:

chown -R www-data:www-data /opt/gnudip

The initial admin-user is created using the following script:

/opt/gnudip/sbin/gdipadmin.pl -u {admin_name} {admin_password}

This user can now connect to GnuDIP's webfrontend available at:

https://ns1.ddns.{yourdomain.tld}/gnudip

Certainly, it is useful to reconfigure ns1.ddns.{yourdomain.tld} to something more memorable. The configuration options there are self explanatory and are not further documented at this point.

Apache needs a restart:

service apache2 restart

Configuration of xinetd

To be able to use update clients like e.g. ez-ipupdate a GnuDIP server on port 3495/tcp has be be set up. This is done by following these steps:

Introduction of port 3495 to the system is done by adding this line to /etc/services:

gnudip          3495/tcp

The file /etc/xinetd.d/gnudip has to be created with this content:

service gnudip
    {
            flags       = REUSE
            socket_type = stream
            protocol    = tcp
            wait        = no
            user        = www-data
            server      = /opt/gnudip/sbin/gdipinet.pl
            bind        = 0.0.0.0
    }

xinetd needs a restart now:

service xinetd restart

Client configuration

A valid update by ez-ipupdate may use the following command where [dyndns_name == username]:

ez-ipupdate -i {external_interface} -h {dyndns_name}.ddns.{yourdomain.tld} -S gnudip \
-u {username}:{password} -s {address_of_ddns-server}

Aside from the aforementioned client software GnuDIP comes with command line-based clients of its own in /opt/gnudip/client.

An elegant way of updating the dynamic dns entry is GnuDIP's "Auto URL"-function which offers a web-based update-method with an auth-cookie. Using this, a bookmark in a webbrowser can offer a shortcut to a quick IP-update. Also, commandline based browsers like w3m or elinks can be used to automatically update IPs where no ip-update-client is available.

Linux
  1. Marius July 8, 2012 at 14:33

    Hello

    I am currently trying to follow your setup but I am getting stuck on the “nsupdate = -k /opt/gnudip/etc/Kgnudip-key.+157+{random_id}.private”

    I did have look on google

    Reply
  2. Marius July 8, 2012 at 14:34

    Hello

    I am currently trying to follow your setup but I am getting stuck on the:

    “nsupdate = -k /opt/gnudip/etc/Kgnudip-key.+157+{random_id}.private”

    I did have look on google to see if I could find an example of the random_id could you maybe help me please

    Regards
    Marius

    Reply
  3. Web Hosting April 18, 2014 at 15:53

    Unfortunately ez-ipupdate as described in your client configuration paragraph does not work for me, I always get the following error message:

    Apr 18 15:45:28 myclient ez-ipupdate[21173]: failure to update em0->MY.IP.ADD.RES

    is it possible here that ez-ipupdate does not work anymore with gnudip?

    Reply
    • admin May 24, 2014 at 15:21

      ep-ipupdate works, depending on which plattform you’re using it. In my experience, OpenWRT’s builds usually work fine, while Oleg-builds fail with unknown user or seg-faults. I didn’t get to the bottom of it, but an alternative workaround can found in using the CLI-brower elinks. It supports GnuDIPs Auto URL-feature.

      Reply
  4. Marcio April 30, 2014 at 11:00

    Hi,

    Thanks for sharing this great tutorial about GnuDIP. I have followed it to configure it here in my server, but I didn’t succeed to have it working. I got the following error when I tryed to access the server address: https://ns1.ddns.atcbsb.net.br/gnudip/cgi-bin/gnudip.cgi

    Forbidden

    You don’t have permission to access /gnudip/cgi-bin/gnudip.cgi on this server.

    Any ideia on how to solve this? I have looked into the /opt/gnudip directory and seems that permissions are ok:

    mlino@server1:~# ls -la /opt/gnudip
    total 1548
    drwxr-xr-x 11 www-data www-data 4096 Apr 29 15:07 .
    drwxr-xr-x 3 root root 4096 Apr 29 15:01 ..
    drwxr-xr-x 2 www-data www-data 4096 Sep 3 2003 cgi-bin
    drwxr-xr-x 5 www-data www-data 4096 Jul 16 2002 client
    drwxr-xr-x 2 www-data www-data 4096 Apr 29 15:15 doc
    drwxr-xr-x 2 www-data www-data 4096 Apr 29 15:56 etc
    drwxr-xr-x 2 www-data www-data 4096 Mar 28 2002 fcgi-bin
    -rw-r–r– 1 www-data www-data 1538304 Sep 10 2003 gnudip-2.3.5.tar.gz
    drwxr-xr-x 2 www-data www-data 4096 Jun 1 2002 html
    drwxr-xr-x 3 www-data www-data 4096 Sep 3 2003 lib
    drwxr-xr-x 3 www-data www-data 4096 Feb 21 2002 run
    drwxr-xr-x 2 www-data www-data 4096 May 4 2003 sbin

    Thanks.

    Reply

Leave a Comment