DynDNS updates with TSIG and NetworkManager dispatcher

for paid accounts (DynDNS Pro and Dyn Standard DNS), one can do the updates with TSIG.

This allows us to not use ddclient, thus not having our DynDNS.com password in a config file on disk. Obviously, if the key is leaked, an attacker can still wreak havoc with your DynDNS zone configurations, but at least they will not be able to log onto the web interface of DynDNS under your name.

Create /etc/NetworkManager/dispatcher.d/20-nsupdate-tsig with this content

nail down the file permissions:

cd /etc/NetworkManager/dispatcher.d/
chmod 700 20-nsupdate-tsig
chown root.root 20-nsupdate-tsig
restorecon -v /etc/NetworkManager/dispatcher.d/20-nsupdate-tsig

I’ve only used this on Fedora 15, but you should get this working on all distributions which use NetworkManager.

If the above makes no sense to you, then you probably want to continue updating your DynDNS entries with ddclient.

nsupdate can be found in the bind-utils RPM. yum install bind-utils

When having trouble with bind, I find that the book DNS and BIND (5th Edition), ISBN 9780596100575, published by O’Reilly Media, Inc always comes in handy.