$ cat subnet.txt # # A file to define Subnet names and IDs # %%SUBNET SECTION #name subnetid srv :a0b1: clt :a0b2: dmz :0001: lo :0: mgmtlo :f000: $ cat scope.txt # # A file for scope definitions (domain names, views and matching prefixes) # %%SCOPE SECTION #name view domain matchprefix prov1 * example.de. 2003::/19 # telekom prov2 * example.de. 2a00::/22 # vodafone (arcor) allpub none example.de. 2000::/3 # match on any public prefix mgmt intern mgmt.example.de. fd00::/8 $ cat hosts.txt # # A file with host names, IID (mac address or interface identifier) and related subnet id # %% HOST SECTION #name int_id / mac_address subnet_id scope horst 00:17:53:85:80:3b clt [prov1, prov2] ns1 ::53 srv [prov1] ns2 ::d9b2:56f3:7694:1c5c srv [prov2] hugo <24h> 00:13:35:a2:91:f4 :1: [prov1, prov2, mgmt] gustav.test 0013.35a2.91f5 :1: [mgmt] rtr1 ::100b:0:0:1 lo [mgmt]With these input files forward and reverse dns record sets can be generated and stored in a couple of output files:
$ gen6dns -w -S -p 2003:db8:A::/48 -p 2a00:b8:B::/48 -p fda9:60e9:b504::/48 subnet.txt scope.txt hosts.txt $ ls g6* g6d.example.de. g6d_intern.mgmt.example.de. g6r.0 g6r_intern.0 $ for f in g6*; do echo "# $f"; cat $f; echo; done # g6d.example.de. horst IN AAAA 2003:db8:a:a0b2:217:53ff:fe85:803b horst IN AAAA 2a00:b8:b:a0b2:217:53ff:fe85:803b ns1 IN AAAA 2003:db8:a:a0b1::53 ns2 IN AAAA 2a00:b8:b:a0b1:d9b2:56f3:7694:1c5c hugo 86400 IN AAAA 2003:db8:a:1:213:35ff:fea2:91f4 hugo 86400 IN AAAA 2a00:b8:b:1:213:35ff:fea2:91f4 # g6d_intern.mgmt.example.de. hugo 86400 IN AAAA fda9:60e9:b504:1:213:35ff:fea2:91f4 gustav.test IN AAAA fda9:60e9:b504:1:213:35ff:fea2:91f5 rtr1 IN AAAA fda9:60e9:b504:0:100b::1 # g6r.0 b.3.0.8.5.8.e.f.f.f.3.5.7.1.2.0.2.b.0.a IN PTR horst.example.de. 3.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.b.0.a IN PTR ns1.example.de. c.5.c.1.4.9.6.7.3.f.6.5.2.b.9.d.1.b.0.a IN PTR ns2.example.de. 4.f.1.9.2.a.e.f.f.f.5.3.3.1.2.0.1.0.0.0 86400 IN PTR hugo.example.de. # g6r_intern.0 4.f.1.9.2.a.e.f.f.f.5.3.3.1.2.0.1.0.0.0 86400 IN PTR hugo.mgmt.example.de. 5.f.1.9.2.a.e.f.f.f.5.3.3.1.2.0.1.0.0.0 IN PTR gustav.test.mgmt.example.de. 1.0.0.0.0.0.0.0.0.0.0.0.b.0.0.1.0.0.0.0 IN PTR rtr1.mgmt.example.de.The generated filenames have a prefix of "g6d" for forward (AAAA), and "g6r" for reverse (PTR) RR.
There are some other options and mode of operations:
usage: gen6dns -h|-V usage: gen6dns -R [-b mask]| [...] usage: gen6dns [-f] [-s|-S] [-w|-a] [-t ttl] [-D ] [-C ] {-p prefix |-6 ipv4addr } [file ...] usage: gen6dns [-r] [-b mask] [-w|-a] [-t ttl] [-D ] [-C ] [-o origin] {-p prefix |-6 ipv4addr } [file ...] usage: gen6dns -d [-l label] [-t ttl] [-D ] [-C ] [-o origin] {-p prefix} {-P prefix} [file ...] -h, --help print out this help message -V, --version print out version and exit -R, --revzone print the ip6.arpa zone of the given prefix -v, --verbose give some hints about what's going on in the background use -v more often to increase the verbosity (up to level 2) -D, --delim[=char] use additionally to white space as delimiter (default is ';') -C, --comment[=char] use as comment character (default is '#') -s, --squeeze print ipv6 addresses w/o leading zeros (like 2001:db8:0:0:0:0:0:1/128) -S, --full-squeeze compress ipv6 address slightly more (like 2001:db8::1/128) -t, --ttl specify ttl of RR (default is none or the host specific one) known ttl units are s(ecs), m(ins), h(ours), d(ays) or w(eeks) -d, --ddns-update print dynamic update messages to stdout (this implies -f) -l, --lookup=label The update add/del is done only for the host matching "label" -f, --forward generate AAAA records for forward zone only -r, --reverse generate PTR records for reverse zone only The default is to generate forward and reverse zone entries (The use of the -w switch is highly recommended then) -b, --bits[=mask] split zone files on boundary (default is prefix size) -w, --write write output to file instead of stdout filename is g6d. for the forward or g6r.0000 for the reverse zone This option potentially generates a lot of files (up to the compiled in # of 128) -a, --append same as -w but append to file instead of overwriting -o, --origin=zone specify forward domain (default is example.net.) -p, --add-prefix=prefix network prefix to add (default is 2001:db8::/48) -P, --del-prefix=prefix network prefix to delete (default is none) -6, --6to4=ipv4 same as -p but argument is an ipv4 address resulting prefix is a 6to4 prefix (2002:ipv4:addr::/48)
This command is typically run by the NetworkManager(8) whenever an interface up event occurs.
The following script can be stored in /etc/NetworkManager/dispatch.d
to
achieve this.
#!/bin/sh -e # Script to dispatch NetworkManager events # # Try to update DNS with actual hostname/IP address # # Install this in /etc/NetworkManager/dispatcher.d # See NetworkManager(8) for more details # # set path to ddns-update skript ddnsupdate="/usr/local/bin/ddnsupd" if [ -z "$1" ]; then echo "$0: called with no interface" 1>&2 exit 1; fi # Run the right scripts case "$2" in up|vpn-up) $ddnsupdate -v -i $1 add ;; down|vpn-down) ;; pre-up) ;; pre-down) # this is actually not supported $ddnsupdate -v -i $1 del ;; hostname|dhcp4-change|dhcp6-change) ;; *) echo "$0: called with unknown action \`$2'" 1>&2 exit 1 ;; esacddnsupd is now managed as part of ddns.
The command reads a zone file and adds all resource records beginning with a '+' or '>' sign
to the zone via dynamic update.
All lines starting with a '−' or '<' sign are removed from the zone via
update delete message.
Option -w can be used to delete the command characters later on from the zone file.
If you want to change a record you have to remove it and and then add the new value (see "renum" below).
Example:
$ cat zone.dyn $ORIGIN dyn.de. $TTL 1day @ IN SOA ns1.example.net. hostmaster.example.net. ( 666 ; serial 43200 ; refresh (12 hours) 1800 ; retry (30 minutes) 1209600 ; expire (2 weeks) 900 ; minimum (15 minutes) ) NS ns1.example.net. b A 1.2.3.6 +c A 1.2.3.7 d AAAA 2001:db8:1235:12::17 <renum AAAA 2001:db8:1235:12::17 >renum AAAA 2001:db8:5321:12::17 ns1 3600 A 127.0.0.1 AAAA 2001:db8:1235:1::5 $ ./ddns -n zone.dyn update add c.dyn.de. 86400 IN A 1.2.3.7 update del renum.dyn.de. 86400 IN AAAA 2001:db8:1235:12::17 update add renum.dyn.de. 86400 IN AAAA 2001:db8:5321:12::17 sendOption −n print out commands to send it to nsupdate(1).
Of course there is no longer a need to change the SOA serial number of the zone file.
Nowerdays it is much easier to generate a TSIG key with the tsig-keygen (or the ddns-confgen) command provided by BIND.
$ tsig-keygen -a hmac-sha256 ns1.fq.dn-ns2.fqdn-v1 | tee ns1.fq.dn-ns2.fqdn-v1.secret key "ns1.fq.dn-ns2.fqdn-v1" { algorithm hmac-sha256; secret "glOygskrr35mVgTnvFc/0binFnReGb+e6I4ws83U97M="; };Since the file contains a secret, please make it not world readable, and include the content with a
include
directive into the named.conf file.
In case you want to use the TSIG key to authenticate the zone transfer between two
$ mkdir $HOME/keys $ ager --create-key $ ager --print-idAnyone who knows your public key can now send you an file encrypted with age(1).
$ cut -d: -f1 /etc/group | 4 -w100
$ x2b -spacing -word fd 2c $ o2x 177 $ d2b byte 192 168 10 15 00000000 11111101 7F 11000000 00000000 00101100 10101000 00001010 00001111
$ portrange -l "b0100 0000 0000 0000" port range mask 16384 allow 2 users to use a range of 32768 ports port range value 0 port range value 16384 $ portrange -v 0x4000 -B -p "b0100 0000 0000 0000" list of port ranges for port range value 16384 16384 16384 to 32767 0100 0000 0000 0000 - 0111 1111 1111 1111 16384 49152 to 65535 1100 0000 0000 0000 - 1111 1111 1111 1111Please download the source code (portrange.c) or the Linux or Windows executable file.
# trace4 15min --DNS # trace4 1h --ALLUDP # trace4 20pkt -i ste0 dest host _myip4_The latter is also possible with a option of tcpdump (See the tcpdump cheat sheet for a brief overview of tcpdump options).