So I run the attached shell script via cron on my pfSense gateway, and it will update the vpn.mydomain.com and nas.mydomain.com entries on the MIAB whenever my IP address changes.
Make sense?
Hope this is useful for someone – it is for me!
Thanks,
–Dennis
--------- CONTENTS OF dm-dyndns.sh below ---------
#!/bin/sh
# dm-dyndns v1.0, dmurphy@dmurphy.com
# Shell script to provide dynamic DNS to a mail-in-the-box platform.
# Requirements:
# dig installed
# curl installed
# OpenDNS myip service availability (myip.opendns.com)
# Mailinabox host (see https://mailinabox.email)
# Mailinabox admin username/password in the CFGFILE below
# one line file of the format (curl cfg file):
# user = “username:password”
# Dynamic DNS name to be set
# DYNDNSNAMELIST file contains one hostname per line that needs to be set to this IP.
MYNAME="dm-dyndns"
CURRENTIPFILE="$MYNAME.ip"
CFGFILE="$MYNAME.cfg"
DIGCMD="/usr/local/bin/dig"
CURLCMD="/usr/local/bin/curl"
CATCMD="/bin/cat"
DOMAIN="mydomain.com"
MIABHOST="box.$DOMAIN"
DYNDNSNAMELIST="$MYNAME.dynlist"
if [ ! -x $DIGCMD ]; then
echo "$MYNAME: dig command $DIGCMD not found. Check and fix please."
exit 99
fi
if [ ! -x $CURLCMD ]; then
echo "$MYNAME: curl command $CURLCMD not found. Check and fix please."
exit 99
fi
if [ ! -x $CATCMD ]; then
echo "$MYNAME: cat command $CATCMD not found. Check and fix please."
exit 99
fi
if [ ! -f $CFGFILE ]; then
echo "$MYNAME: $CFGFILE not found. Check and fix please."
exit 99
fi
if [ ! -f $DYNDNSNAMELIST ]; then
echo "$MYNAME: $DYNDNSNAMELIST not found. Check and fix please."
exit 99
fi
MYIP="`$DIGCMD +short myip.opendns.com @resolver1.opendns.com`"
if [ -z "$MYIP" ]; then
echo "$MYNAME: dig output was blank. Check myip.opendns.com services."
exit 99
fi
for DYNDNSNAME in `$CATCMD $DYNDNSNAMELIST`
do
PREVIP="`$DIGCMD +short $DYNDNSNAME @$MIABHOST`"
if [ -z "$PREVIP" ]; then
echo "$MYNAME: dig output was blank. Check $MIABHOST DNS server."
exit 99
fi
if [ "x$PREVIP" = "x$MYIP" ]; then
echo "$MYNAME: $DYNDNSNAME hasn't changed."
else
echo "$MYNAME: $DYNDNSNAME changed (previously: $PREVIP, now: $MYIP)"
STATUS="`$CURLCMD -X PUT -K $CFGFILE -s -d $MYIP https://$MIABHOST/admin/dns/custom/$DYNDNSNAME`"
case $STATUS in
"OK") echo "$MYNAME: mailinabox API returned OK, cmd succeded but no update.";;
"updated DNS: $DOMAIN") echo "$MYNAME: mailinabox API updated $DYNDNSNAME OK.";;
*) echo "$MYNAME: other status from mailinabox API. Please check.";;
esac
fi
done
exit 0
----- Contents of dm-dyndns.cfg file below -----
user = "admin@mydomain.com:MYADMINPASSWORD"
Written in PHP it allows end users to create and delete DNS entries (A records only right now). With domain checking (allowing users to only delete the domains they add.) it’s alright for internal use. Probably not secure for use by external users.
Thanks Mitchell! Your PHP script is a little different use case, in that it allows end users to login and create their own A records, etc. Mine is a quick and dirty hack to allow my firewall to automatically update some entries if/when my home IP address changes. I wanted something no-touch so when my ISP changes my IP address, the DNS entries get automatically updated. Right now I have cron running my script every 10 minutes, so if my IP address changes, within 10 minutes, the A records will catch up. That’s good enough for my simple use!
Great job working on your PHP scripts; you’ve got a nice GUIfied interface to allow self-support for end users. Mine is a quick and dirty hack to solve my corner case!
Here is another quick and dirty hack to access your home box, if you don’t necessarily need end users to access it, you just need the IP… I run basically the following in a cron job, output it to a sync’ed nextcloud directory… My address doesn’t change often (I just stick it with a name in .ssh/config for my purposes), but I can just look here on my other sync’ed systems to find it (I could theoretically write a cron job to keep a hosts file updated with the IP in this sync’ed directory if I wanted)
Here’s something similar that I hacked together for the sake of sharing. I just run it in rc.local on all my VMs but cron might be better. There is no automated cleanup, so if you take a system out of production you need to cleanup manually. Make sure you set permissions on files in rc.local.d. I have mine set to root access only.
--------------------- rc.local
#!/bin/bash
# get userid, password, and public name for server
# multiple names can map to the same server
for file in /etc/rc.local.d/*
do
read -r machine server login username secret password <"$file"
sitename=`basename $file`
# set IPv4 and IPV6 names; comment out what you don't want to set
curl -4 -X PUT --netrc-file $file https://$server/admin/dns/custom/$sitename/A
curl -6 -X PUT --netrc-file $file https://$server/admin/dns/custom/$sitename/AAAA
done
For the files in rc.local.d, name them the FDQN of what you want to set. Example name the file “home.example.com”. Add as many files as you want to create aliases. You can even set on multiple separate MIAB “boxes” by changing the “machine” and login.
I have two-ish questions for clarification regarding the shell script at the top of this thread.
I’m trying to set up a subdomain on a domain that’s managed by MiaB’s built-in DNS for the purpose of allowing my brother to VNC into a computer on my home network.
Assuming:
My MiaB is running in a data center, not on my home network.
I’m the only person using my MiaB, so I can do whatever I want in the admin interface or over ssh.
The DNS on MiaB is fully functional, but I don’t remember how to do per-alias subdomains.
I’ve already set up the alias vnc@example.com.
I have port-forwarding set up so I can already VNC into my home IP address.
My two questions are:
Where do I go in the MiaB web interface to set up the subdomain vnc.example.com for the alias vnc@example.com? I tried adding it in the “Custom DNS” page in the admin interface, but I feel like that’s the wrong way of doing it? Or does the shell script make that unnecessary?
Do I just run the shell script on any (Linux) computer on my local network via cron? If so, which variables would I need to change? Do I just change the contents of the files dm-dyndns.cfg and dm-dyndns.dynlist, or do I change parts of the shell script itself?
And the “-sh”:
What about TLS? Do I need to run certbot while I’m at it? Or is that unnecessary for VNC?
If I were to use one of the alternative scripts further down the thread, do I just run that in cron instead? Or is there additional configuration necessary?
I decided to keep the script on my server hosting the services.