Connect to a remote BIND server
BIND is an authoritative and recursive DNS server developed by the Internet Systems Consortium.
It is possible to use it with happyDomain through Dynamic DNS (RFC 2136).
This documentation will guide you through configuring BIND to enable Dynamic DNS and connect your domains to happyDomain.
Configure BIND to enable Dynamic DNS
First, you need to edit the main BIND configuration file (usually /etc/named.conf
or /etc/bind/named.conf
depending on your distribution) to add a secret that will be shared between happyDomain and BIND to authenticate the changes. Then you must indicate which domains will be managed by happyDomain.
Adding a Shared Secret
Under the main key
section of your configuration, add the following key:
key "happydomain" {
algorithm hmac-sha512;
secret "<SOME_SECRET>";
};
Replace <SOME_SECRET>
with a string obtained using openssl rand -base64 48
.
Creating an Authorization Rule for happyDomain
In addition to the key, you must specify how the key can be used by defining an ACL and allowing updates from it.
Add the following ACL to your configuration:
acl "happydomain_acl" {
key happydomain;
};
Allowing Updates for Each Zone
Now that you have created a rule allowing the happydomain
key to make changes, you need to indicate to which zones this rule applies.
For each zone, you must add an update-policy
statement referencing the happydomain_acl
ACL:
For example, for an existing happydomain.org
zone, add the update-policy
statement as follows:
zone "happydomain.org" {
type master;
file "/var/named/happydomain.org.db";
update-policy {
grant happydomain_acl name happydomain.org. ANY;
};
};
The update-policy
statement is a list, so you may already have other policies in this list. In this case, just add the grant
statement for happydomain_acl
.
Allowing Updates for All Zones
If you manage many zones, it may be more convenient to set the default authorization for all zones. In this case, you can use a global
update-policy
in the options
section:
options {
update-policy {
grant happydomain_acl zonesub ANY;
};
};
This will apply the update-policy
to all zones, allowing the happydomain_acl
to update any record.
Apply the Configuration
After modifying the configuration file, reload the BIND service to apply the changes:
rndc reload
Link happyDomain and BIND
Once BIND is well configured, you can link it to happyDomain using the Dynamic DNS connector :
Follow these steps:
- Navigate to the Dynamic DNS connector on the host selection page in happyDomain.
- Fill in the form with the address where your BIND server is accessible.
- Fill in the Key fields with the information from the
key
section in the BIND configuration:- Key Name: corresponds to the key name in BIND’s configuration (e.g.,
happydomain
). - Key Algorithm: corresponds to the algorithm (e.g.,
hmac-sha512
). - Secret Key: corresponds to the secret.
- Key Name: corresponds to the key name in BIND’s configuration (e.g.,
Once the provider is added, it does not allow you to list existing domains, but you can still manually add all your domains.
By following these steps, you will have configured BIND to work with happyDomain using Dynamic DNS, ensuring secure and authenticated DNS updates.