Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
I just discovered an interesting named command called nsupdate which basically allows you to update records on the fly without having to restart/reload the service, just need to setup the records differently and create a secret key that is used for updating as a form of authentication. I wrote a script so that my home IP can automatically update when it changes as I used to do it manually but now it's automated.
So I got that working nicely, basically the script is called via SSH from a cron job on one of my home VMs and it uses the $SSH_CLIENT variable on the server to determine the origin IP then compares to what the current IP is set to and updates if needed. Works great, but I don't like the idea that nsupdate also works from outside the server, and I simply have no need for it. I can't seem to find info on how to restrict updates to require the key AND a certain host. Is there a proper way of doing that? I found some way of doing it but it's ridiculously nasty, there's got to be a better way. Seems like a rather basic security option that should be there.
So I got that working nicely, basically the script is called via SSH from a cron job on one of my home VMs and it uses the $SSH_CLIENT variable on the server to determine the origin IP then compares to what the current IP is set to and updates if needed. Works great, but I don't like the idea that nsupdate also works from outside the server, and I simply have no need for it. I can't seem to find info on how to restrict updates to require the key AND a certain host. Is there a proper way of doing that? I found some way of doing it but it's ridiculously nasty, there's got to be a better way. Seems like a rather basic security option that should be there.