Getting the DynDNS Custom DNS Service Working in NSM 6
Novell Cool Solutions: Feature
By Lewis Rosenthal
Digg This -
Posted: 9 Aug 2006
The DynDNS Custom DNS service does not work under Novell Security Manager 6. The problem really is that Astaro seems to have backrev'd ez-ipupdate to version 3.0.10, which predates the support in that project for Custom DNS services at DynDNS.com. There was an earlier hack for version 5 which worked, but this was broken with the backleveling of this package./p>
Here's a quick fix to make it work, broken down into two parts. Part 1 is the update of the ez-ipupdate package. Part 2 is the actual configuration for the Custom DNS service.
Part 1: Update ez-ipupdate to a recent version
1. Log into the NSM box as root.
2. Change to the /tmp directory.
3. Download a recent ez-ipupdate build from, say,
http://rpmfind.net/linux/rpm2html/search.php?query=ez-ipupdate (for SuSE 9, a current build is 3.0.11b8-130). You may do this from the NSM box itself with curl, as in:
curl -O ftp://rpmfind.net/linux/SuSE-Linux/i386/9.3/suse/i586/ ez-ipupdate-3.0.11b8-130.i586.rpm
4. Once the file has been downloaded, ez-ipupdate must be brought up to date with rpm. Using the above example, the rpm syntax would be:
rpm -U ez-ipupdate-3.0.11b8-130.i586.rpm
Part 2: Hack the dyndns script and ez-ipupdate.conf to allow for the dyndns-custom service type
1. Make sure that NSM has DynDNS updating turned on in the Web Admin interface.
2. Populate the hostname, username, and password fields with the information for your first custom host and your account, respectively.
3. Switch back to the NSM box's command line.
4. Copy /etc/dyndns.conf to /etc/ez-ipupdate.conf.
5. Edit /etc/ez-ipupdate.conf as follows:
service-type=dyndns-custom user=username:password host=mydomain.com,myseconddomain.com,thirddomain.com mx=mail.mydomain.com interface=eth1 max-interval=86400 cache-file=/opt/tmpfs/ez-ipupdate.cache daemon
(Note: The lines to edit are service-type, host, and if necessary, mx. Leave user, interface, max-interval, cache-file, and the daemon directive as is.)
6. Save the file and exit vi (or your preferred editor).
7. Edit the startup file. The startup file is in the /var/mdw/scripts directory and called dyndns. Change the line that reads ARGS=" -c /etc/dyndns.conf" to read ARGS=" -c /etc/ez-ipupdate.conf"
8. Then, simply hup the ez-ipupdate daemon with:
9. Press Enter and you should be good to go.
There is a newer build of ez-ipupdate available (build 142) which ships with SuSE 10.1, however, this requires libc.so.6 (GCC_2.4). Using the KISS principal, I didn't attempt to apply the updated GCC, as I didn't want to break something on the NSM box which may have a dependency on GCC_2.3.3.
The above hack is completely unsupported by Astaro and I'm sure, by Novell. Use it at your own risk, and remember that there is certainly no guaranty that a future automatic update on the Astaro box won't back rev ez-ipupdate, causing you to have to apply this hack again. The best practice is to watch your logs, and read any email alerts which may come down to you.
This solution was tested on Novell Security Manager 6.201.
I worked this out based on some very insightful postings on the Astaro support bulletin board, most notably, the original dyndns-custom hack posted by theRat (see
http://www.astaro.org/showthread.php?t=12220 and http://www.astaro.org/showthread.php?t=15424).
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com