Search site

Add to Google

Featured Articles
Dynamic DNS client, Ruby style back

Dyndns

What is Dynamic DNS ?

We have an interesting phenomenon in the explosive residential broadband segment of the internet currently, in that these connections are relatively cheap to obtain. They are also have very fast uplink, even compared to the old corporate T1 leased lines. So what are these uplinks and what is so interesting about them ? Well, most people use their broadband connection to access the internet with their web browsers and to retrieve personal mail. These applications make use of the downlink of a ADSL (Assymetric Digital Subscriber Line), which can be as fast as 8Mb/s these days in the western world. However, in order to send requests, form data etc. back to the web sites which host the pages, subscriber will need to use the uplink to do this. Typically, the uplink is allocated a fraction of the bandwidth of the downlink (hence Assymetric) because the amount of data you send back is usually insignificant compared with you receive (unless you are uploading a movies to a remote server).

When broadband was first available, the uplink was usually given a grand old bandwidth of 256Kb, which is more than adequate for most avarage uses. These days, with 8Mb/s downlink, the uplink is usually 1.0Mb/s. Now, if we look at a T1 leased line, which is a dedicated piece of wire between your building and the local exchange, you will see the uplink bandwidth is lot less than this, and the cost is also prohibitively expensive.

So, with all this amazing bandwidth at our disposal, theoretically you can turn your home PC into powerful very internet facing web/mail server, at no additional cost. What are the advantages ? Well, you can host your own photo albums, have your own mail server (so if an ISP accidentally wipes their mail server, you will not lose any sleep), allow you to monitor your house remotely etc. The possibilities are endless.

Maybe forseeing this, most broadband providers resort to putting a technical constraint on your connection to make this a bit more challenging to accomplish (although not impossible, which is the very purpose of this article). You see, a web server or anything server has a basic requirement, which is that it can be located by the Domain Name servers (DNS). The DNS servers do this by translating from a domain name (like www.bb.co.uk) into an IP address (212.58.251.203), then hands it over to the networking layer to traverse the internet until it reaches the destination. For most businesses, the IP address will be something statically allocated (meaning the server hosting that IP address will be bound to it automatically each time it starts up), and for most residential broadband connections, it will be dynamically allocated (meaning each time your computer starts up, it will be given, potentially, a different IP address to the last time). This makes it difficult for the DNS servers to resolve the domain name correctly to your IP address each time. That is, unless you have a facility to update the DNS servers all over the world with the IP address you have been allocated each time your computer restarts. This is where the specialised Dynamic DNS providers such as DynDns or No-IP come in.

Dynamic DNS providers

A Dynamic DNS provider is no different to a static DNS provider when it comes to resolving a Domain Name into an IP address. It simply contains a database of these values and provides the requester with both forward and reverse lookups. The one thing that sets apart a Dynamic DNS provider is it also provides a public protocol and application programming interface (API) for updating the IP address dynamically. This means the server hosting the domain name can, as part of its start up sequence, send an update to the Dynamic DNS provider to inform it of the IP address which has been allocated by the broadband provider.

Dynamic DNS Diagram

Referering to the diagram, the box labelled My Server will need to inform the Dynamic DNS provider dyndns.org that its Broadband allocated IP address is 81.155.100.200, and its domain name (which is usually purchased separately) is mysite.dyndns.org. This means that when a visitor (labelled Visitor) types http://mysite.dyndns.org/ into their browser, their computer will perform a lookup at dyndns.org and be informed of the IP address where My Server can be found. Once a route is established between the two machines, communications can take place without further domain name lookup.

So, the challenges here are:

  • How can My Server lookup its own WAN (Wide Area Network), or Broadband, IP address ? It is, after all, sitting on the LAN (Local Area Network), behind a router (which is what all Broadband users should do if they value they privacy and security) ? On the LAN, My Server is allocated the IP address of 192.168.0.2, not 81.155.100.200, so it relies on the router to automatically forward all traffic originating from the WAN side of the network to it. However, although it is responsible for updating dyndns.org upon start up, it will not know that it is now representing the IP address 85.155.100.200 from inside the LAN.
  • How can My Server perform the update to dyndns.org in a secure way ? After all, if it can send the update, so can any other malicious application. Equally, how can the Dynamic DNS provider be sure that you are who you are when you attempt to perform the update ?

 

The first problem is addressed with the help of a freely provided facility by dyndns.org, which is in the form of a URL. This URL, when invoked, will report back to the requester the IP address of what dyndns.org sees. This value can then be used by the requester to represent its WAN IP address.
Of course, the smarter readers will ask the question at this point: what happens if this URL is spoofed to return the IP address of a malicious server instead ? Equally, what happens if your Dynamic DNS provider is compromised by some dark forces and redirects all requests destined for your server to some other parallel universe ? Aww, too dark a contemplation ! Let's get back to reality...

The seconds question is addressed by using an update application which communicates with the Dynamic DNS provider using encrypted channels (SSL), instead of raw http (this means the update call has to be over a URL starting with https://). The Dynamic DNS server will then perform authentication on your request to make sure you are who you are. The user name and password are sent in clear text, hence the need to perform the update over secure channels.

Implemation

There are ready-to-use dyndns clients which can be used to perform this update automatically. Most do this by periodically waking up and performing a check of the IP address returned from the Check IP service, and compares it against a DNS lookup of your domain name. If the two values are different, then an update is requested to make sure they are in sync again. I have seen numerous Windows based applications which can do this for you, for a fee. There is a good Perl client to do the same thing on non-Windows platforms. Some router even have this facility built-in, which will automatically force an update for you (although you should make sure they are capable of doing it over secure channels).

My point is, it is all fine and good to hand over this task to ready-to-use dyndns clients, but if you are interested in knowing how it works, then read on. The next section will describe how to achieve the same thing with just a few lines of Ruby code. My intentions here are two-fold, first, that Ruby is beautiful, second, the Dynamic DNS update protocol is so trivial that you can do it without resorting to fancy, over the top, resource hogging monster application.
As ever, the code I am providing here is for proof of concept, and requires a bit of polishing up before it can be of production quality.

Find out my IP address

require 'resolv'

my_ip = Resolv.getaddress('mysite.dyndns.org')

Check my WAN (Broadband) address

require 'net/https'
require 'uri'

external_ip=''
uri = URI.parse('http://checkip.dyndns.org/')
Net::HTTP.new(uri.host,uri.port).start { |http|
 http.request_get('/') { |resp|
# The response looks like:
  #
  # Current IP Address: 81.155.100.200
#
  external_ip = resp.read_body.gsub(/[^:]*: ([^<]*)<.*$/,"\\1")
  external_ip = external_ip.gsub(/\n/,'')
 }
}

Update the IP address, but only if necessary

# do nothing if my IP address has not changed
exit 0 if my_ip == external_ip
# perform the update

# This header is required by dyndns.org
headers = {
 "User-Agent" => "My Server - #{__FILE__} - 1.0"
}

uri = URI.parse('https://members.dyndns.org/')
http = Net::HTTP.new(uri.host, uri.port)
# switch on SSL
http.use_ssl = true if uri.scheme == "https"
# suppress verification warning
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
req = Net::HTTP::Get.new('/nic/update?hostname=mysite.dyndns.org', headers)
# authentication details
req.basic_auth 'my_user_name','my_password'
resp = http.request(req)
# print out the response for the update
p resp.body

The usual blurbs

  • The reference to the dyndns.org protocol can be found here
  • The above code is specific to dyndns.org, although it can be easily adapted to update other Dynamic DNS providers, as long as they support HTTP based update
  • DynDns.org automatically detects your IP address, so you do not have to specify it in the update request. You can always add to the update URL the parameter &myip=85.155.100.200 if you want to force it to your detected IP, or any other IP address you want. This opens an interesting security hole, in that if someone intercepts the raw header of your HTTP request, they can simply grab the authentication details (simply base-64 encoded) to masquerade as you and redirect your domain to any IP address they want. This is why this kind of call should always be done over https
  • The script which performs the above can simply be invoked from cron to periodically perform the check. You might want to add a bit of logging to notify or mail yourself each time an update is necessary (which should only happen if your Broadband router is rebooted, even then the IP address might not change if its lease is still active)

back

discuss
 by by David at 21 Nov 2007 20:24:10
Copyrights © Transcraft Trading Limited 2006.All rights reserved. Bots Rss-rss