• Site map
• Text to search for:

How to use the dynamic DNS service

The dynamic DNS service allows you to associate a host name with an IP address which changes frequently, such as one assigned to a dial-up intenet connection or a cable modem.

Before using the service, you will need to have a host name allocated to you. We allocate hostnames of the form something.dyn.mythic-beasts.com; these are assigned on a first-come, first-served basis. Once you have a dynamic hostname, you can also ask us to create a CNAME or alias to the dynamic name from a name in a domain which you own. So, for instance, you could get the dynamic name fred.dyn.mythic-beasts.com, and ask us to set up fred.example.com to point to the dynamic name. Both names could then be used interchangeably.

Once a name has been assigned, you need to associate an address with it. This is done using the "dyndns" command; for instance,

dyndns fred.dyn.mythic-beasts.com 192.168.1.2

will associate the address 192.168.1.2 with fred.dyn.mythic-beasts.com. Note that you must give the name in full and the address as a dotted IP address, exactly as shown above.

Obviously this is most useful if it operates automatically, so that whenever your computer connects to the internet or whenever its IP address changes, the appropriate dyndns command is run. The simplest way to do this is by having the computer to which the name refers run the dyndns command through SSH. In this case, it's not even necessary to know the IP address to use ahead of time, since this information can be obtained from the $SSH_CLIENT environment variable which is set by SSH itself. A command of the form

ssh sphinx.mythic-beasts.com 'dyndns fred.dyn.mythic-beasts.com $( echo $SSH_CLIENT | cut -d\  -f1 )'

will configure fred.dyn.mythic-beasts.com to point to the host from which the SSH connection was made. Note that if you are connecting from behind a firewall, $SSH_CLIENT will give the IP address of the firewall, but typical firewalls now translate addresses (called "network address translation" or "IP masquerading") so this will accomplish what you want anyway.

To do this completely automatically, you will need to set up an SSH key which can be used to execute commands on sphinx.mythic-beasts.com without entering a password or pass phrase. In general, this is strongly discouraged, because possession of such a key is as insecure as simply keeping the password for your account stored in plain text on disk. However, it is possible to restrict an SSH key so that it may be used to execute one specific command and no others, which is reasonably secure for this application.

This is done in the following way:

1. First, create the SSH key; this may be done on any machine, but typically you would do this on the client host (that is, the one which will run SSH, rather than sphinx.mythic-beasts.com). You will want to give the key a specific name, rather than "identity.pub" which is the name of your personal SSH key. Here, the private key will be stored in ~/.ssh/dyndns-key, and the public key in ~/.ssh/dyndns-key.pub.

   $ ssh-keygen -t dsa -f ~/.ssh/dyndns-key -N ""
   Generating public/private dsa key pair.
   Your identification has been saved in /home/me/.ssh/dyndns-key.
   Your public key has been saved in /home/me/.ssh/dyndns-key.pub.
   The key fingerprint is:
   ba:59:76:ac:08:c4:5a:f1:21:6f:b7:7e:27:42:6b:88 me@somewhere
   

2. Copy the public half of the key to sphinx.mythic-beasts.com:

   $ scp ~/.ssh/dyndns-key.pub me@sphinx.mythic-beasts.com:
   Password: [ ... ]
   

3. Add the key to your ~/.ssh/authorized_keys2 file, which tells SSH which keys may be used to connect without requiring a password. The simplest way to do this is to use a text editor to add the following to the bottom of the file:

   no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="dyndns fred.dyn.mythic-beasts.com $( echo $SSH_CLIENT | cut -d' ' -f1 )"
   

   followed by the text of the public key, which must appear on the same line, otherwise the restrictions will have no effect. There is more information on restricted SSH keys in this chapter from SSH, The Secure Shell: The Definitive Guide.

Having done this, you can use the command

ssh -i ~/.ssh/dyndns-key sphinx.mythic-beasts.com 'dyndns fred.dyn.mythic-beasts.com $( echo $SSH_CLIENT | cut -d\  -f1 )'

to automatically update your dynamic DNS record. You should arrange for this to be run whenever your machine's IP address changes. (The reason that we specify the dyndns command line explicitly here as well as in the ~/.ssh/authorized_keys2 file is so that the operation will still work even if you are authenticated by some other key, for instance an unrestricted key held by the SSH agent.)

If you are using Microsoft Windows, it is possible to accomplish the above using plink, the command-line utility which is available with PuTTY. The use of plink is described in chapter 7 of the PuTTY documentation, and the use of public keys in chapter 8.

(We are currently working on ways to make Microsoft Windows update this information when it connects to the internet.)

Copyright © 2000-2007 Mythic Beasts Ltd. All Rights Reserved.