Dynamic DNS using Alibaba Cloud DNS API

By Alberto Roura, Alibaba Cloud Tech Share Author

According to Wikipedia, "Dynamic DNS (DDNS or DynDNS) is a method of automatically updating a name server record, often in real time, with the active Dynamic DNS configuration of its configured hostnames, addresses or other information."

Typically, a server has a static IP, and the related domain name contains an A Record stating which one it is. An illustration as example of how a machine resolves the IP of wikipedia.org is shown below:

As you can see, there are a lot of steps involved for the visitors' machine to "translate" wikipedia.org into 145.97.39.155. After the DNS resolves wikipedia.org into its IP address, the computer can locate where the page is hosted in the Internet. This is also the common case for most of websites.

Why We Need a Dynamic DNS solution

For the most part, static IPs work well for accessing the Internet. The problem arises when we want to design a mobile (not just cell phones) network.

For example, if we have some personal NAS or IoT devices, or even a cell phone, we can't use the same IP address outside of our personal network. eses

In this tutorial, we hope to set up a similar network for home devices that we want to access from the outside. For example, you may have a smart home or security device set up and you need to access it while being away from home.

What Do We Need

This tutorial assumes that you already have the following products with Alibaba Cloud:
● A domain.
● An ECS instance with Apache & PHP.

If you are not sure how to set up a domain, you can check out some tutorials on Alibaba Cloud Getting Started, or visit the Documentation Center for more information.

The whole idea will be to schedule a cron job in a device at home using curl to run a PHP script hosted in our ECS instance that uses Alibaba Cloud DNS API to update the A Record of the given domain.

The standardized method for dynamically updating a domain name server record is defined in RFC2136, commonly known as dynamic DNS update. This method is a network protocol for use with managed DNS servers, and it includes a security mechanism. Check the relevant documents for RFC2136 if you want to dig more about it.

So, knowing how the DNS works and why we need to setup a Dynamic DNS for our home use, lets dive into the details. We will use alicloud-php-dns-updater, a PHP script made specifically for this purpose. It is based in a class ready to use.

Clone the Repo

Go ssh into your Alibaba Cloud ECS instance and go to the /var/www/html directory (or whichever one of your choice serving public content).
Once there, type git clone https://github.com/roura356a/alicloud-php-dns-updater.git dyndns-updater.

Get Your Access Keys from Alibaba Cloud

Getting a key pair is easy, and lets you to use more API features apart from the DNS one.

In order to get one, log into your Alibaba Cloud console and in the top navigation bar, hover with your mouse in your email address and click "accesskeys" as illustrated below.

Once in the keys screen, copy the Access Key ID and the Access Key Secret into a safe place. To show the Secret Key to need to click on "Show". Be careful where you save this data, as it is very sensitive and could potentially cause irreversible damages if mishandled. Also you should consider creating more limited keys using their policies, but that's a topic for another entry.

Setting the Dynamic DNS Updater Script up in the ECS

Going back to our ECS, we need to open the index.php file and replace the placeholders with the information you gathered before, such as ACCESS_KEY_ID and ACCESS_KEY_SECRET.

In this example, I have assumed that our ACCESS_KEY is CAmKUmIUGiMO83mS, our ACCESS_KEY_SECRET is CjKaN02Ann9maMmiauusmoGOI7mn, and the domain customnasathome.com. The index.php file should look like this:

<?php

date_default_timezone_set('UTC');

include_once 'alicloud-php-updaterecord/V20150109/AlicloudUpdateRecord.php';

use Roura\Alicloud\V20150109\AlicloudUpdateRecord;

$AccessKeyId     = 'CAmKUmIUGiMO83mS';
$AccessKeySecret = 'CjKaN02Ann9maMmiauusmoGOI7mn';
$updater         = new AlicloudUpdateRecord($AccessKeyId, $AccessKeySecret);

$newIp = $_SERVER['REMOTE_ADDR']; // New IP

$updater->setDomainName('customnasathome.com');
$updater->setRecordType('A');
$updater->setRR('@');

$updater->setValue($newIp);

print_r($updater->sendRequest());

Testing the Updater

Now that we have finished all the steps above, it's time to test if everything is correctly set up. By this moment, you should have a public URL (http://11.111.11.111/dyndns-updater/), which will run the updater just by visiting it. Open it in your browser and look at the output.

If the API response is positive, the output should look like this:

Array
(
    [RecordId] => 3666544576879860
    [RequestId] => F4VDF8A-D2DF-49VV-ER00-458D6918FDDE
)

Hooray! You successfully updated the A Record of your domain by using Alibaba Cloud DNS API. Easy, right?

 

Securing the Script

So we are able to change the A Record of a given domain by only opening a URL, either from a browser or using curl, but the URL by default is publicly accessible, and, even if you don't tell the URL to anyone, is a really bad practice to leave it like that. To secure the access we will use Apache .htaccess and .htpasswd.

.htaccess

Put this file (.htaccess) in the same folder as index.php:

AuthType Basic
AuthName "DNS Updater Access"
AuthUserFile /var/www/dyndns-updater/.htpasswd
Require valid-user

.htpasswd

For this step you need to run a command to create the user and its password.

Type, in any location, htpasswd -c /var/www/dyndns-updater/.htpasswd updater_user.

This will create the file for the first time. "updater_user" is the username you are adding. It will ask you for the password when you run it. According to the official Apache documentation, htpasswd encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system's crypt() routine, so the password will be never be saved in plain text. This is important to know, as you will need to keep the password in a safe place after executing the command. You won't be able to recover it if you forget it because it is encrypted.

After that you should be able to access the URL by providing the username and password.

 

Cron Job

Cron is a time-based job scheduler utility in Unix-like operating systems. It comes in very handy for running automatic backups or other routine tasks. It suits perfectly in our case, as we will need to check from time to time if the external IP changed to update the A Record of our domain.

The location of the crontab in your instance does not matter, as we will add the cronjob by using the command line.

Run crontab -e and select your favorite editor (if not sure, choose nano, as it is the easiest one out there).

If you choose nano, remember that to exit and save the file, you need to press ctrl + x, then y and enter.

For this tutorial, we are setting the scheduled job to run every 30 minutes. You can see that in the variable /30. If you want to set it every 15 minutes, you should update that part to /15. For more advanced cron adjustments check the official Linux cron guide.

Without authentication:
Go to the bottom of the crontab file and add /30 * curl http://11.111.11.111/dyndns-updater/.

With authentication:
In this case, we will need to add the credentials for basic authentication to curl in order to get access. Go to the bottom of the crontab file and add /30 * curl -u "updater_user:YOUR_PASSWORD" http://11.111.11.111/dyndns-updater/.

Wrapping Up

By default, Alibaba Cloud sends you an email whenever there is any record changes. So you will be able to keep track of all the automated updates the moment they happen. If you want to know more about Alibaba Cloud API, you can visit the official Developer Resources, where you can check all the Alibaba Cloud API references.