How can I set up a Dynamic DNS fetching service on Ubuntu Server?
Setting up ddclient for No-IP
ddclient
is a Dynamic Update Client (DUC) which can be used to update dynamic DNS entries. It checks the current IP address at regular intervals and updates the DNS information when a change is detected. Here is how to install and configure it for the No-IP (noip.com/no-ip.com) service.
First, install the ddclient
package. We will configure it manually later, so just press enter for all configuration questions.
sudo apt-get install ddclient
Stop the ddclient
daemon. The sudo service ddclient stop
command does not work on Ubuntu 12.04 due to a bug, so we use pkill
instead.
sudo pkill ddclient
Edit the config files. To turn off the backup files (e.g. /etc/ddclient.conf~
) which gedit
creates by default and which could for example contain passwords after you thought you had deleted them, turn off the setting
Edit -> Preferences -> Editor -> Create a backup copy of files before saving
.
sudo gedit /etc/ddclient.conf /etc/default/ddclient
Delete the old content of /etc/ddclient.conf
and paste in the template shown below.
Read through the comments of the template and customize the file to your needs.
It could be a good idea to use a noip.com sub-account, i.e. a group with password (this feature is a pay-service). This way, the password only gives access to updating the specified hosts and not full access to your entire No-IP account, which could include MX records (an attacker which acquires your password could change the MX records in order to intercept your e-mails) or other services such as IMAP accounts.
You should probably set daemon_interval=3600
(see template comments).
Test your configuration with the following command:
sudo ddclient -daemon=0 -debug -verbose -noquiet -force
You should get a good
(IP address updated) or nochg
(IP address was already set to that value) response. It is OK to receive the following warning at this point (but it is not OK to keep getting the warning during normal operation):
WARNING: updating <hostname>: nochg: No update required; unnecessary attempts to change to the current address are considered abusive
Note: There seems to be some caching going on at the No-IP server, so if the response you get from the server is not what you expect, it might help to just wait a little while.
When you are done configuring, start the ddclient
daemon:
sudo service ddclient start
The daemon will also start automatically each time you start the computer.
The DNS entry/entries will now be updated each time an IP address change is detected.
Troubleshooting
Run package configuration again:
sudo dpkg-reconfigure ddclient
Remove package and config files:
sudo apt-get purge ddclient
Daemon control:
sudo service ddclient status
sudo service ddclient start
sudo service ddclient stop
# The stop command above does not work on Ubuntu 12.04 due to a bug, but
# it works on 14.04. Here are alternative ways to control the daemon:
ps -A f | grep -i ddclient
sudo pkill ddclient
Delete the cache to trick the daemon into updating the DNS entry for debugging purposes (during normal operation the DNS entry is only updated if the current IP address is different from the IP address stored in the cache):
sudo pkill ddclient
sudo rm /var/cache/ddclient/ddclient.cache
sudo service ddclient start
# See the result:
tail /var/log/syslog
# If you have set up mail=..., you should also receive an e-mail.
# The syslog and e-mail should show a "good" or "nochg" response.
Test whether the daemon will actually update the DNS entry when the IP address has changed, by setting the DNS entry IP address to 1.2.3.4 and then starting the daemon:
sudo pkill ddclient
sudo ddclient -daemon=0 -debug -verbose -noquiet -force -use ip -ip 1.2.3.4
sleep 30 # ddclient will not perform updates less than 30 seconds apart
sudo service ddclient start
Debug run (update DNS entry never / as needed / always):
sudo ddclient -daemon=0 -debug -verbose -noquiet -noexec
sudo ddclient -daemon=0 -debug -verbose -noquiet
sudo ddclient -daemon=0 -debug -verbose -noquiet -force
Try to detect current IP address using various methods:
sudo ddclient -query
Files of interest:
/etc/ddclient.conf
/etc/default/ddclient
/var/cache/ddclient/ddclient.cache
Messages from the daemon will appear here (and will also be sent by e-mail if set up to do so):
/var/log/syslog
Documentation:
ddclient -help
/usr/share/doc/ddclient/examples/sample-etc_ddclient.conf.gz
- ddclient home page
- No-IP protocol
Template for /etc/ddclient.conf
################################################################################
# Configuration file for ddclient
################################################################################
################################################################################
# Misc. configurations
# To choose between ipup mode (for dial-on-demand) and daemon mode, please edit
# /etc/default/ddclient.
#mail=root # E-mail messages to this address
#mail-failure=root # E-mail messages about failed updates to this address
################################################################################
# How to obtain current IP address
# Methods:
# use=ip, ip=ADDRESS # Set the IP address to ADDRESS
# use=if, if=INTERFACE, if-skip=PATTERN # Obtain IP address by calling 'ifconfig INTERFACE'
# use=web, web=PROVIDER|URL, web-skip=PATTERN # Obtain IP address from IP discovery web page
# use=cmd, cmd=PROGRAM, cmd-skip=PATTERN # Obtain IP address by calling PROGRAM
# use=fw|FWMODEL, fw=ADDRESS|URL, fw-skip=PATTERN # Obtain IP address from firewall web page
# fw-login=LOGIN, fw-password=SECRET
#
# The *-skip options can be used to skip IP addresses found before PATTERN.
#
# NOTE: The ddclient IP detection routines do not respect the HTTPS prefix in
# URLs, and instead fall back to HTTP (this is fixed in version 3.8.1). The
# option ssl=yes does not apply to the IP detection either (this is at least
# how versions 3.8.0 to 3.8.2 behave).
#
# The default time between each IP address change check is daemon_interval=300
# (5 minutes), which may be a bit too frequent when using an external IP
# discovery service. To set the checking interval to e.g. one hour instead,
# please edit /etc/default/ddclient and set daemon_interval=3600.
# Obtain IP address from network interface
#use=if, if=eth0
# Obtain IP address from no-ip.com IP discovery web page (unencrypted connection)
use=web, web='http://ip1.dynupdate.no-ip.com:8245/'
# Obtain IP address from no-ip.com IP discovery web page (encrypted connection)
# Encryption does not offer any real protection since a man-in-the-middle
# attack could route the HTTPS connection through a host belonging to the
# attacker, thus causing an incorrect IP address to be reported.
#use=cmd, cmd='bash -c "set -o pipefail; timeout 120 wget -qO- \
# --header=Host:ip1.dynupdate.no-ip.com https://dynupdate.no-ip.com/ | head -c 1000"'
################################################################################
# Dynamic DNS service setup
protocol=noip
#server= # Defaults to dynupdate.no-ip.com for noip protocol
ssl=yes # NOTE: Does not apply when obtaining IP address, just when updating the DNS entry!
login='[email protected]' # Username. For No-IP sub-accounts (groups with passwords), use '<groupname>%3A<username>'.
password='1234'
################################################################################
# Hosts to update, with optional per-host options
# Examples:
# protocol=hammernode1, \
# login='my-hn-login', password='my-hn-password' \
# myhost.hn.org,myhost2.hn.org
#
# login='group2%[email protected]', password='1234' myhost3.no-ip.biz,myhost4.no-ip.biz
#
# myhost.no-ip.biz,myhost2.no-ip.biz
my.full.hostname
Update: Encrypted connection to IP detection service is quite pointless. This is now explained in the ddclient.conf template and it now defaults to using unencrypted connection for IP detection.
Here is a good walkthrough... http://www.ubuntugeek.com/update-ip-addresses-at-dynamic-dns-services-using-ddclient.html
Hope this helps :)