In prior articles, I’ve mentioned the FreeDNS service a number of times, how I’ve used their commercial side for several years, and I really enjoy their attributes:
- Reliable.
- Fast — for both their service, and their responses.
- Affordable (and in nearly all cases, free – this includes
Arecord updates with a TTL of 60.) - Simple to use (updates can be made via basic HTTPS calls, such as with
curl,wget, or your favorite programming language.) - Saving the best for last: the founder, Joshua Anderson, is really nice.
Use cases
- Several servers that run on ephemeral IP addresses (e.g. on Google Compute Engine).
- Reduce ingress connections to bastion hosts based upon these dynamic IP addresses. I’ve run into cases where the Netgate SG-2440 chokes when a VPN server running as TCP/443 (useful for circumventing restrictive network connections) is exposed on the WAN interface, and a horde of bots bangs on it.
Implementation
- Create a FreeDNS account:
https://freedns.afraid.org/pricing/ - Setup a DDNS sub-domain:
https://freedns.afraid.org/subdomain/ - Obtain the reciprocal hash
https://freedns.afraid.org/dynamic/
(it ends with two equal signs) - Save this script from my snippets repository to
/etc/network/if-up.d/ - Edit the appropriate variables:
watchNIC— Interface to watch.freeDNShash— FreeDNS hash, including the two equal signs at the end.lockFile— Path to LockFile.wait— Minimum time to wait before trying to update again (useful if your network connection is bouncing).
- Set user and group ownership:
chown root: /etc/network/if-up.d/freedns.bash - Make this script executable, and only accessible by file owner:
chmod 700 /etc/network/if-up.d/freedns.bash
FAQ
Q. Why not just use ddclient?
A. ddclient is great, but, I don’t want my FreeDNS credentials sitting on a bunch of servers. If a box is compromised, I want to try and reduce what’s compromised, and FreeDNS doesn’t support oAuth (with their hashing mechanism, they don’t necessarily need to.)
See also
External links
- FreeDNS
- ddclient
- Ubuntu Wiki : OnNetworkConnectionRunScript
- Stack Exchange network:
- Server Fault : Is every script located in /etc/network/if-up.d run when an interface is brought up?
- Super User : Run only specific /etc/network/if-up.d-script for specific interfaces
- Unix & Linux Stack Exchange : Pass multiple commands to flock
- Ask Ubuntu : How do I make the script to run automatically when tun0 interface up/down events?
Did this article save you time or money? I'd love a coffee!
Did you find this useful?
Please share with those who you believe would find this useful too!