开发者社区> 芷沁> 正文

Dynamic DNS using Alibaba Cloud DNS API

简介: This post shows you how to set up Dynamic DNS on Alibaba Cloud ECS using API. Dynamic DNS is a method of automatically updating a name server record, .


By Alberto Roura, Alibaba Cloud Tech Share Author

According to Wikipedia, "Dynamic DNS (DDNS or DynDNS) is a method of automatically updating a name server record, often in real time, with the active Dynamic DNS configuration of its configured hostnames, addresses or other information."

Typically, a server has a static IP, and the related domain name contains an A Record stating which one it is. An illustration as example of how a machine resolves the IP of wikipedia.org is shown below:


As you can see, there are a lot of steps involved for the visitors' machine to "translate" wikipedia.org into After the DNS resolves wikipedia.org into its IP address, the computer can locate where the page is hosted in the Internet. This is also the common case for most of websites.

Why We Need a Dynamic DNS solution

For the most part, static IPs work well for accessing the Internet. The problem arises when we want to design a mobile (not just cell phones) network.

For example, if we have some personal NAS or IoT devices, or even a cell phone, we can't use the same IP address outside of our personal network. eses

In this tutorial, we hope to set up a similar network for home devices that we want to access from the outside. For example, you may have a smart home or security device set up and you need to access it while being away from home.

What Do We Need

This tutorial assumes that you already have the following products with Alibaba Cloud:
● A domain.
● An ECS instance with Apache & PHP.

If you are not sure how to set up a domain, you can check out some tutorials on Alibaba Cloud Getting Started, or visit the Documentation Center for more information.

The whole idea will be to schedule a cron job in a device at home using curl to run a PHP script hosted in our ECS instance that uses Alibaba Cloud DNS API to update the A Record of the given domain.

The standardized method for dynamically updating a domain name server record is defined in RFC2136, commonly known as dynamic DNS update. This method is a network protocol for use with managed DNS servers, and it includes a security mechanism. Check the relevant documents for RFC2136 if you want to dig more about it.

So, knowing how the DNS works and why we need to setup a Dynamic DNS for our home use, lets dive into the details. We will use alicloud-php-dns-updater, a PHP script made specifically for this purpose. It is based in a class ready to use.

Clone the Repo

Go ssh into your Alibaba Cloud ECS instance and go to the /var/www/html directory (or whichever one of your choice serving public content).
Once there, type git clone https://github.com/roura356a/alicloud-php-dns-updater.git dyndns-updater.

Get Your Access Keys from Alibaba Cloud

Getting a key pair is easy, and lets you to use more API features apart from the DNS one.

In order to get one, log into your Alibaba Cloud console and in the top navigation bar, hover with your mouse in your email address and click "accesskeys" as illustrated below.


Once in the keys screen, copy the Access Key ID and the Access Key Secret into a safe place. To show the Secret Key to need to click on "Show". Be careful where you save this data, as it is very sensitive and could potentially cause irreversible damages if mishandled. Also you should consider creating more limited keys using their policies, but that's a topic for another entry.

Setting the Dynamic DNS Updater Script up in the ECS

Going back to our ECS, we need to open the index.php file and replace the placeholders with the information you gathered before, such as ACCESS_KEY_ID and ACCESS_KEY_SECRET.

In this example, I have assumed that our ACCESS_KEY is CAmKUmIUGiMO83mS, our ACCESS_KEY_SECRET is CjKaN02Ann9maMmiauusmoGOI7mn, and the domain customnasathome.com. The index.php file should look like this:



include_once 'alicloud-php-updaterecord/V20150109/AlicloudUpdateRecord.php';

use Roura\Alicloud\V20150109\AlicloudUpdateRecord;

$AccessKeyId     = 'CAmKUmIUGiMO83mS';
$AccessKeySecret = 'CjKaN02Ann9maMmiauusmoGOI7mn';
$updater         = new AlicloudUpdateRecord($AccessKeyId, $AccessKeySecret);

$newIp = $_SERVER['REMOTE_ADDR']; // New IP




Testing the Updater

Now that we have finished all the steps above, it's time to test if everything is correctly set up. By this moment, you should have a public URL (, which will run the updater just by visiting it. Open it in your browser and look at the output.

If the API response is positive, the output should look like this:

    [RecordId] => 3666544576879860
    [RequestId] => F4VDF8A-D2DF-49VV-ER00-458D6918FDDE

Hooray! You successfully updated the A Record of your domain by using Alibaba Cloud DNS API. Easy, right?

Securing the Script

So we are able to change the A Record of a given domain by only opening a URL, either from a browser or using curl, but the URL by default is publicly accessible, and, even if you don't tell the URL to anyone, is a really bad practice to leave it like that. To secure the access we will use Apache .htaccess and .htpasswd.


Put this file (.htaccess) in the same folder as index.php:
AuthType Basic
AuthName "DNS Updater Access"
AuthUserFile /var/www/dyndns-updater/.htpasswd
Require valid-user


For this step you need to run a command to create the user and its password.

Type, in any location, htpasswd -c /var/www/dyndns-updater/.htpasswd updater_user.

This will create the file for the first time. "updater_user" is the username you are adding. It will ask you for the password when you run it. According to the official Apache documentation, htpasswd encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system's crypt() routine, so the password will be never be saved in plain text. This is important to know, as you will need to keep the password in a safe place after executing the command. You won't be able to recover it if you forget it because it is encrypted.

After that you should be able to access the URL by providing the username and password.

Cron Job

Cron is a time-based job scheduler utility in Unix-like operating systems. It comes in very handy for running automatic backups or other routine tasks. It suits perfectly in our case, as we will need to check from time to time if the external IP changed to update the A Record of our domain.

The location of the crontab in your instance does not matter, as we will add the cronjob by using the command line.

Run crontab -e and select your favorite editor (if not sure, choose nano, as it is the easiest one out there).

If you choose nano, remember that to exit and save the file, you need to press ctrl + x, then y and enter.

For this tutorial, we are setting the scheduled job to run every 30 minutes. You can see that in the variable /30. If you want to set it every 15 minutes, you should update that part to /15. For more advanced cron adjustments check the official Linux cron guide.

Without authentication:
Go to the bottom of the crontab file and add /30 * curl

With authentication:
In this case, we will need to add the credentials for basic authentication to curl in order to get access. Go to the bottom of the crontab file and add /30 * curl -u "updater_user:YOUR_PASSWORD"

Wrapping Up

By default, Alibaba Cloud sends you an email whenever there is any record changes. So you will be able to keep track of all the automated updates the moment they happen. If you want to know more about Alibaba Cloud API, you can visit the official Developer Resources, where you can check all the Alibaba Cloud API references.


kong gateway 授权插件配置
kong gateway 授权插件配置 auth
94 0
kong gateway 插件使用
kong 插件使用, 其中限流插件是默认安装的
57 0
SpringCloud升级之路2020.0.x版-3.Eureka Server 与 API 网关要考虑的问题
SpringCloud升级之路2020.0.x版-3.Eureka Server 与 API 网关要考虑的问题
61 0
上了 istio 的贼船之 API Gateway
通过将传统微服务架构的这些控制面功能解耦到 istio,可以让微服务应用本身专注于业务开发,是一个比较简的单体 springboot 应用。再结合 k8s 的高扩展性,研发整体的迭代速度和运维效率还是比较高的,缺点是无论是 k8s 还是 istio ,学习成本偏高,需要团队至少 2 人具有专业知识,对于招聘成本、系统升级都有风险。
250 0
API 网关(API Gateway)
API 网关(API Gateway)提供高性能、高可用的 API 托管服务
404 0
Kubernetes API server工作原理
Kubernetes API server工作原理
61 0
API Gateway网关应用分析,使用Zuul搭建网关实战
本文介绍了微服务项目中的RPC远程调用中使用的RESTful风格的API接口,分析的API Gateway网关的作用,包括拦截请求,负载均衡,权限控制,接口监控相关功能。同时使用一个API Gateway网关示例Zuul的完整的搭建过程,通过对网关搭建,实现网关的过滤,路由转发和网关机群相关功能,更加深入的了解了网关的功能和使用。
618 0
API Gateway Kong在Rainbond上的部署
Kong是一个可扩展的开源API平台(也称为API网关,API中间件或微服务服务网格)。Kong最初是由Kong Inc(以前称为Mashape)实现的,用于为其API Marketplace维护、管理和扩展超过15,000个微服务,这些微服务每月产生数十亿个请求。
1864 0
4457 0
Spring Cloud Alibaba迁移指南(四):零代码兼容 Api-Gateway
自 Spring Cloud 官方宣布 Spring Cloud Netflix 进入维护状态后,我们开始制作《Spring Cloud Alibaba迁移指南》系列文章,向开发者提供更多的技术选型方案,并降低迁移过程中的技术难度。
3756 0
阿里巴巴DevOps 最佳实践手册