	                ENABLE DYNAMIC DNS 	
========================================================================
========================================================================
   >>> This document contains the instructions of how to enable    <<<
   >>> dynamic DNS for both IPv4 and IPv6 Resource Records.        <<< 

DNS Server Side

------------------------------------------------------------------------
Install Required Software 
------------------------------------------------------------------------
1. Bind 9 or above
2. Perl modules:
	Net::DNS (0.29 or above) and its dependencies

All the above software can be installed through ports on FreeBSD; for Linux,
download the source tar ball from http://www.isc.org and http://www.cpan.org
respectivly, unpack and install them. Please read the documentations of 
each individual package for details.

Note: BIND has to be compiled with OpenSSL (built using the '--with-
openssl' configure option).

-------------------------------------------------------------------------
Generating TSIG Keys
-------------------------------------------------------------------------
Only authenticated Updaters are allowed to add, delete or modify Resource 
Records. Authentication should be based on TSIG keys.

TSIG keys are generated with the following command:
$ dnssec-keygen -a hmac-md5 -b <bit-length> -n HOST <keyname>

<keyname> is the name of the key. The key will be stored in the file
k<keyname>+157+<keyid>.private.

e.g.
$ dnssec-keygen -a hmac-md5 -b 128 -n HOST key-test
two files actually get generated: Kkey-test.+157+32035.key, and
Kkey-test.+157+32035.private.

The actual key can be found in either file.
$ cat Kkey-test.+157+32035.private 
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: PdfLjJF6pM6vc76nz+v60Q==

$cat Kkey-test.+157+32035.key
key-test. IN KEY 256 3 157 PdfLjJF6pM6vc76nz+v60Q==

-------------------------------------------------------------------------
Configuration Files
-------------------------------------------------------------------------
1. make-localhost

For FreeBSD:
Be sure to
  # cd /etc/namedb
  # sh make-localhost
to properly create the local reverse DNS zone file in 
/etc/namedb/localhost.rev if it doesn't exist.

For Linux:
  # cd /var/named
to check whether localhost.zone and named.local exist.

2. /etc/namedb/named.conf (FreeBSD) or /etc/named.conf (Linux) 

Add the following entries to the named.conf file to support Dynamic 
DNS and IPv6.
  
  options {
	listen-on-v6 port 53 {any;};
  };
  - To make the server listen on any IPv6 address
  
  key key_id {
	algorithm string;
	secret "XXXX";
  };
  - Defines a secret key and an algorithm to be used
  e.g.
  key "key-test" {
	algorithm hmac-md5;
	secret "PdfLjJF6pM6vc76nz+v60Q==";
  };

  zone "domain name" {
	type master;
	file "zone file"
	allow-update {key "key_id";};
  };
  -Configure the zone to allow updates using the key
  e.g.
  zone "xbone.overlay" {
        type master;
	file "xbone/xbone-forward.zone";
	check-names ignore;
	allow-update {key "key-test";};
  };
  
  zone "26.172.in-addr.arpa" {
	type master;
	file "xbone/xbone-reverse.zone";
	check-names ignore;
	allow-update {key "key-test"};
  };

  //fec0::/112
  zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.e.f.IP6.INT" {
	  type master;
	  file "xbone/xbone-reverse6.zone";
	  check-names ignore;
	  allow-update {key "key-test";};
  };


3. Zone Files
No modifications would be necessary to zone files in order to support 
Dynamic DNS.

Here is an example of IPv6 forward zone file:
$ORIGIN .
$TTL 3600       ; 1 hour
v6.example.com   IN SOA  NS01.v6.example.com. root.v6.example.com. (
                    20001033   ; serial
           	    10800      ; refresh (3 hours)
	       	    900        ; retry (15 minutes)
		    604800     ; expire (1 week)
  	 	    86400      ; minimum (1 day)
		)
		NS      NS01.v6.example.com.
$ORIGIN v6.example.com.
foo                     AAAA    3ffe:1800:2030:21::2
mailv6                  AAAA    3ffe:1800:2030:20::2
NS01                    AAAA    3ffe:1800:2030:20::4

4. Resolv.conf

The resolv.conf of all overlay nodes must be updated to use the 
name server's address. For example:

$ cat /etc/resolv.conf 
search xbone.overlay example.com
nameserver 182.91.123.102 ; name server for the X-Bone system
nameserver 182.91.106.11


-------------------------------------------------------------------------
Test
-------------------------------------------------------------------------
Runing the following command on the server side:
$ named -c /derectory of named.conf/named.conf

There are 2 methods for submitting updates from client to server.
1. Perl modules. Client needs to keep the actual key. Please check the 
details in the attached code.

2. command "nsupdate". Client needs to keep the secret keyfile.
e.g.
on the client side, run
$ nsupdate -k Kkey-test.+157+32035.private
> server servername
> update add foo.xbone.overlay 86400 A 172.26.0.1
>

The command "nslookup" can be used to check whether update succeeded or
not. Alternatively you can enter

> answer 

to see the response

note, "set q=any" should be specified to query IPv6 Resource Records.

-------------------------------------------------------------------------
Further Reading
-------------------------------------------------------------------------
. Official ISC Bind Page (http://www.isc.org/products/BIND/)
. RFC1035-Domain Names-Implementation and Specification
. DNSsec Page (http://www.dnssec.net/)
. IPv6 DNS support Page (http://6net.iif.hu/docs/ipv6_dns_intro.sxi.pdf)




