I'm trying to move my master DNS records in-house. I have two Synology servers on public static IP addresses which run the Synology DNS Server package, which is a BIND variant. I also have another server at my church, on a dynamic IP address behind a MikroTik RB3011 router. According to the Wiki there is supposed to be a command to dynamically update a BIND server, but I can't figure out a way to make it work. I will say that I am a newbie with regards to DNS, and I'm jumping in with both feet not sure whether I need a life jacket...or a parachute!
I'm wanting to move the church email onto the church's own server, so ideally what I'd have is a command to update the bare domain, the www subdomain, and the mail subdomain in case the dynamic IP changes. But the example in the Wiki is very cryptic and I couldn't puzzle it out. Thanks again for any help.
Re: Setting Up DDNS
The example is as simple as it can be, it's just one command. Only for what you need, it's missing some additional scripting around it, you'll first need to find out that the address changed, get the current one, and then give it to /tool dns-update. I won't give you whole script, because I'm bad with RouterOS scripting, but try to search for something, most likely someone else already did it.
But I'm not sure it running mail server on dynamic address is the best idea. There will always be some small delay before you notice changed address, then additional delay because of DNS record's TTL. You'll need to make it as low as possible, but it will never be zero, so it can happen that some e-mails will be rejected, because target server won't believe that yours (with freshly acquired address) is allowed to send them. And then there are some really paranoid servers and spam filters that won't like your low-TTL MX records at all.
But I'm not sure it running mail server on dynamic address is the best idea. There will always be some small delay before you notice changed address, then additional delay because of DNS record's TTL. You'll need to make it as low as possible, but it will never be zero, so it can happen that some e-mails will be rejected, because target server won't believe that yours (with freshly acquired address) is allowed to send them. And then there are some really paranoid servers and spam filters that won't like your low-TTL MX records at all.
Re: Setting Up DDNS
That's the thing; I need the other commands in order to make it work. Like I said, I'm a newbie.
While it's technically a dynamic IP, it really doesn't change much. I believe it's changed maybe one time in the six months since I opened the Internet account. And our church doesn't send a whole lot of email, and for sending email I'd planned to proxy through my own email server (on the static IP) to play nice with the SPAM filters anyway. But, since quite often no one is around, if our connection is reset and our IP address changes I'd like to update the DNS records within 30 minutes (TTL 1800) or so.
Edit To Add: I just tried sending the command as a bare command from the terminal (no script). My DNS server would not accept the update in that format; the log said "client 99.2.36.117#48624: view WideAreaNetwork: request has invalid signature: TSIG AirwayUpdateKey: tsig verify failure (BADSIG)". But, when I (temporarily) removed the key restriction on updating, it accepted the update from the MikroTik. The MikroTik, for its part, returned "BAD KEY" when I attempted to send the command with security on; I had tried to send the key in the format the DNS server exported it (with two trailing == signs), but MikroTik wouldn't process it with those equals signs in there.
My DNS server can also generate keys in HMAC-SHA512 format, but the Wiki says that only HMAC-MD5 keys will work. However, the Wiki page hasn't been updated in 8 years. Does anyone know if it's now possible to configure RouterOS to use HMAC-SHA512 keys? For that matter, does anyone know if MikroTik issues an actual MANUAL? For that matter, does Synology?
While it's technically a dynamic IP, it really doesn't change much. I believe it's changed maybe one time in the six months since I opened the Internet account. And our church doesn't send a whole lot of email, and for sending email I'd planned to proxy through my own email server (on the static IP) to play nice with the SPAM filters anyway. But, since quite often no one is around, if our connection is reset and our IP address changes I'd like to update the DNS records within 30 minutes (TTL 1800) or so.
Edit To Add: I just tried sending the command as a bare command from the terminal (no script). My DNS server would not accept the update in that format; the log said "client 99.2.36.117#48624: view WideAreaNetwork: request has invalid signature: TSIG AirwayUpdateKey: tsig verify failure (BADSIG)". But, when I (temporarily) removed the key restriction on updating, it accepted the update from the MikroTik. The MikroTik, for its part, returned "BAD KEY" when I attempted to send the command with security on; I had tried to send the key in the format the DNS server exported it (with two trailing == signs), but MikroTik wouldn't process it with those equals signs in there.
My DNS server can also generate keys in HMAC-SHA512 format, but the Wiki says that only HMAC-MD5 keys will work. However, the Wiki page hasn't been updated in 8 years. Does anyone know if it's now possible to configure RouterOS to use HMAC-SHA512 keys? For that matter, does anyone know if MikroTik issues an actual MANUAL? For that matter, does Synology?
Re: Setting Up DDNS
Try this as scheduler script:
I modified it from this and it works with my testing server.
And to fix the == problem with manual calls, just use quotes (key="your_key==").
Code: Select all
:global ddnsserver "<address_of_your_authoritative_server>"
:global ddnskeyname "<name_of_key>"
:global ddnskey "<value_of_key>"
:global ddnshost "<hostname>"
:global ddnszone "<domain>"
:global ddnsttl <ttl>
:global ddnsinterface "<name_of_wan_interface>"
:global ddnsip [ /ip address get [/ip address find interface=$ddnsinterface] address ]
:global ddnslastip
:if ([:len [/interface find name=$ddnsinterface]] = 0 ) do={ :log info "DDNS: No interface named $ddnsinterface, please check configuration." }
:if ([ :typeof $ddnslastip ] = "nothing" ) do={ :global ddnslastip 0.0.0.0/0 }
:if ([ :typeof $ddnsip ] = "nothing" ) do={
:log info ("DDNS: No ip address present on " . $ddnsinterface . ", please check.")
} else={
:if ($ddnsip != $ddnslastip) do={
:log info "DDNS: Sending UPDATE!"
:log info [ :put [/tool dns-update dns-server=$ddnsserver name=$ddnshost zone=$ddnszone ttl=$ddnsttl address=[:pick $ddnsip 0 [:find $ddnsip "/"] ] key-name=$ddnskeyname key=$ddnskey ] ]
:global ddnslastip $ddnsip
} else={
:log info "DDNS: No changes necessary."
}
}And to fix the == problem with manual calls, just use quotes (key="your_key==").
Who is online
Users browsing this forum: Bing [Bot], laku, maisondasilva, tarfox, torchify, VirtualEvan and 79 guests