NOTE: In the below post, I will use “;” instead of “;” in domain names. This is due to the fact that when I tried to submit this post, I got this error:
Sorry, new users can only put 2 links in a post. For some reason, this forum software thinks that anything that is of the format is a link which is quite unfortunate on a forum that is concerned about DNS.
I have a few hosts that are on dynamic IP addresses.
I want to set up a dyndns record for each of these devices on my own custom domain using the pattern:
For example for the two hosts dev1 and dev2, I want these records:
dev1;dyn;example;com --> 184.108.40.206 dev2;dyn;example;com --> 220.127.116.11
So, as I understand, I should be able to run something like this via cron:
curl https://update.dedyn.io/?hostname=dev1.dyn.example.com --header "Authorization: Token <your authorization token>"
Where should be replaced by some authorization token that I need to generate through the desec.io web interface.
Am I correct so far?
If I am, then that leads me to the next question: In the event that dev1 gets compromised, I dont want dev1 to be able to change all my DNS records. So I need a token for ‘dev1’ that will only be allowed to update the record on dev1;dyn;example;com. And not e.g. dev2;dyn;example;com or (even worse) *;example;com.
So to sum up:
- Am I correct that in order to configure the dynamic DNS, I just need to run a cron job that runs curl as described above, e.g. every hour?
- How do I create a token that is limited to only change certain records on a certain domain?