PyroPeter's homepage (PyroPeters Heimseite)

IPv6 ready since 2010

Providing a dynamic DNS service

(This blogpost is still work-in-progress)

Some months ago had problems with their service, which caused me to log into my control panel to update my A record ( manually. Before that made wildcard support a premium feature, so I lost my wildcard entry when I updated the A record. I was seriously not amused.

I started to search for other dyndns providers, but did not find what I searched for, which is:

The nearest I got was They lacked the wildcards and imposed annoying limits (e.g. a maximum of 5 records). I managed to work around this limits by tricking their system into accepting an external nameserver for This nameserver ( is just a simple dyndns-domain pointing to my computer. This gave me total control over the zone.

In theory this is a valid way to achieve the above mentioned goal. But, imho, my solution is a bit complicated. So I decided to make my nameserver useful for the public by providing a dyndns-service with the features I needed.

I probably won't be able to provide a user/noob-friendly service with 24/7 uptime (After all, I am hosting the nameserver on my desktop pc, using a DSL-connection that reconnects at least once every day) but I will see this as an opportunity to work out techniques to provide a DynDNS-service. This might be useful some day :-P.

Des Pudels Kern

My nameserver uses bind 9.8.0. named.conf (excerpt):

key "" {
    algorithm hmac-md5;
    secret "s7gf6s9d86g89s6fg78sd6==";

key "" {
    algorithm hmac-md5;
    secret "d6g9sd876g98d6sg876dfg==";

zone "" IN {
    type master;
    file "pri/";
    update-policy {
        grant subdomain ANY;
        grant subdomain ANY;
    notify no;

The keys are generated using

$ dnssec-keygen -a HMAC-MD5 -b 128 -n host

The secret (needed for the key section of named.conf) is saved in the file

$ cat
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: d6g9sd876g98d6sg876dfg==
Bits: AAA=
Created: 20120328235137
Publish: 20120328235137
Activate: 20120328235137

The records can be updated using

$ nsupdate -v -k bind-dyndns/ 
> server localhost
> zone
> update add 300 A
> send

Updating of A records via GET request to a cgi-script


A wget-invocation could look like this:

wget --password=4242424242424242424242== \

Authentication is done by the httpd (.htaccess or similar)

The script does the following:

nsupdate input:

server localhost
update delete $domain A
update add $domain 300 A $http_remote_ip

The finished script can be found here.

Todo und so....