#!/bin/sh - # # KISS Dynamic DNS service (no locking (hint lockf wrapper), no advanced checking) # 'ping' is based on ssh call or CGI call # # = INSTALL - SSH = # 1) Make sure to allow rndc reload in your sudoers file # ssh_user ALL=(ALL) NOPASSWD: /usr/sbin/rndc reload # 2) prefix your ssh authorized key to allow only this script # command="/home/ssh_user/dyndns/dyndns.sh" # 3) Call for the remote host from crontab: # ssh -a -p 1022 -i id_rsa dnsserver.example.net `hostname -s` # # = INSTALL - CGI = # 1) Put your secret password in ``.cgi_secret'' # 2) Alter your apache configuration to allow executing the script # ScriptAlias /dyndns /path/to/dyndns/dyndns.sh # 1) Make sure to allow rndc reload in your sudoers file # www_user ALL=(ALL) NOPASSWD: /usr/sbin/rndc reload # 3) Call from the remote host from crontab: # fetch -q -o - "http://dnsserver.example.net/dyndns/`hostname -s`/SECRET/" # # = USAGE = # Make sure your DNS entries has zones like this to allow remote updating # example 60 IN A 192.0.32.10 # example 60 IN TXT "dyndns" # # Rick van der Zwet # ZONE='vanderzwet.net' ZONEFILE="/etc/namedb/master/$ZONE" CGI_SECRET_FILE="`dirname $0`/.cgi_secret" ### NO USER EDITABLE PARTS BELOW HERE ### exec 2>&1 if [ -n "$SSH_ORIGINAL_COMMAND" ]; then # SSH specific details HOSTNAME=`echo $SSH_ORIGINAL_COMMAND | tr -c -d '[a-zA-Z0-9\-_\.]' | cut -d ' ' -f 1 | cut -d '.' -f 1` REMOTEIP=`echo $SSH_CLIENT | cut -d ' ' -f 1` else # CGI specific details HOSTNAME=`echo $REQUEST_URI | tr -c -d '[a-zA-Z0-9\-_\./]' | awk -F/ '{print $3}'` SECRET=`echo $REQUEST_URI | tr -c -d '[a-zA-Z0-9\-_\./\!_]' | awk -F/ '{print $4}'` REMOTEIP=$REMOTE_ADDR echo "Content-Type: text/plain" echo "" CGI_SECRET=`cat $CGI_SECRET_FILE` if [ -z "$CGI_SECRET" ]; then echo "Secret not readable from $CGI_SECRET_FILE" exit 1 fi if [ "$SECRET" != "$CGI_SECRET" ]; then echo "Secret invalid" exit 1 fi fi # Tmpfile creation for editing 'in between' TMPFILE=`mktemp -t $(basename $0 .sh).XXX` trap "rm -f $TMPFILE; exit 1" 0 1 2 15 cp $ZONEFILE $TMPFILE || exit 1 # See whether there exists a dynamic entry for it, like this # example 60 IN A 192.0.32.10 # example 60 IN TXT "dyndns" LINENR=`awk -v host=$HOSTNAME '{if ($1 == host) { if ($4 == "A") { line=NR } else if($5 ~ /dyndns/) {print line; exit} }}' $TMPFILE` if [ -z "$LINENR" ]; then echo "$HOSTNAME does not exists or is not marked as dynamic" exit 1 fi # Do we need to update the entry OLDIP=`awk -v linenr=$LINENR 'NR==linenr {print $5}' $TMPFILE` if [ "$OLDIP" = "$REMOTEIP" ]; then echo "No changes" exit 0 fi # Update the entry sed -i '' "${LINENR}s/$OLDIP/$REMOTEIP/" $TMPFILE || exit 1 # Update serial of zone name # YYYYMMDDNN where NN is from 00 till 99 TODAY=`date "+%Y%m%d"` OLDSERIAL=`sed -n '1,10s/.*\([0-9]\{10\}\).*/\1/p' $TMPFILE` if [ -z "$OLDSERIAL" ]; then echo "Error Unable to find SERIAL of zone" exit 1 fi if `echo $OLDSERIAL | grep -q "^$TODAY"`; then if `echo $OLDSERIAL | grep -q '99$'`; then echo "Sorry domain update limit reached no more updates for today" exit 1 fi NEWSERIAL=`expr $OLDSERIAL + 1` else NEWSERIAL="${TODAY}00" fi sed -i '' "1,10s/$OLDSERIAL/$NEWSERIAL/g" $TMPFILE || exit 1 # Install and activate if `/usr/sbin/named-checkzone -q $TMPFILE $ZONE`; then echo "New zone failed to validate" exit 1 fi cp $TMPFILE $ZONEFILE || exit 1 sudo /usr/sbin/rndc reload || exit 1 echo "Entry updated"