I have a small internal network of physical machines running hypervisors, which in turn run several KVM Ubuntu virtual machines. How would I setup an internal dynamic DNS server so that when I run a script to create a new virtual machine, that VM could automatically register itself in the DNS server?
Bind seems to be the standard DNS server for Linux, but it seems designed for a much more "static" DNS model. Dynamically updating this would require a complicated script that would have to SSH into the DNS server, edit configuration files, and then restart the server. This doesn't seem like a very elegant solution. Are there better options?
I saw a similar question, although they're asking for a solution for a public setting on Amazon. My servers are entirely private, and I don't want to rely on an external VM host or Dynamic DNS provider.
Best Answer
Actually Bind is capable of doing dynamic dns updates through RFC 2136 standard messages. Using the nsupdate tool and the right configuration (not terribly hard but not completely trivial either).
Your options for authenticating these update messages are 1) allowing only certain IPs to send update messages 2a) TSIG symmetrical encryption 2b) SIG(0) based public key cryptography or a combination of 1 and 2*. Among other places instructions can be found here
In implementing this personally I found the biggest problem was with giving named sufficient write privileges in /var/named. It needs to be able to create files in the directory as well as having write permissions to the files for the dynamic zones.
Sig(0) keys are generated with the dnssec-keygen utility with nametype HOST and keytype KEY. For exmaple (may not be exact)(RSAMD5 covers nearly every bind package):
dnssec-keygen -a RSAMD5 -b 1024 -n HOST -f Key host.domain.tld
The resulting .key file will be added to your zonefile, the .private will be specified on the commandline with nsupdate.