How are people doing dynamic dns (like dyndns.org)? I cobbled together
some code last week for my setup (two unixy hosts with dynamic IPs, one
tinydns nameserver). Here's what my code does.
On the server, I run a program called ddns-genkey, as "ddns-genkey
some.host.name". ddns-genkey reads from /dev/random, uses poly1305aes to
generate a secret key, and writes out a file named
"ddns-some.host.name.key". I copy the key over to my remote system. The
use of poly1305aes is gratuitous, but takes care of replay issues.
On the server, I also run a program called ddns-server that listens for
connections from the clients. The server has write access to
/service/tinydns/data.
On the remote systems, after I'm assigned an IP address, I run a program to
connect with the ddns-server. The server gives me a nonce, I use it with
the shared secret, the string "some.host.name", use
poly1305aes_authenticate, and send the resultant bits to the other end. The
server uses poly1305aes_verify, and if everything's cool, edits the data
file.
Of course, after I wrote all that, I googled, and found that someone had
written ddns software for djbdns that uses pop3 for authentication. I
couldn't get to the website hosting the software.
A problem with my approach is that it won't be easy using poly1305 on
Windows; perhaps poly1305aes_test will be easier to build on win32. My
remote systems both run some form of unix, so it hasn't been an issue
for me.
I also don't use the time-to-die field in the data file. I should.
Faried.
--
The Great GNU has arrived, infidels, behold his wrath !
(> (length "eclipse") (length "emacs"))
=> T
|