Ghetto DDNS

** I am redoing some background DNS articles as part of a new DNS series I am writing about DNS performance. This one did not make the cut. **

Dynamic DNS can often be a lifesaver when it comes to administering remote systems, particularly if they are connected via 4G or a consumer grade internet connection. “Secure” solutions generally require you to masquerade on a subdomain AND cost money. If you’re running a completely open source stack like us, scouring through logs or relying on a modem might not sound like an appealing option.

We come across this dilemma all the time and have almost deployed a Dynamic DNS solution multiple times but in the end I am stubborn and reluctant to test and maintain another moving part.

In 2011 I had a critical business instrument that lived in a traveling van, connected on the Telstra 3.5G network at all times. The system did some mundane tasks like report it’s location and log things but it also handled a payment gateway and a VPN client for the operator to access a legacy system.

For the project manager, defining a hostname was something he was very much against.

Enter Ghetto DDNS

Our goal was to simply keep a log of the externally accessible IP address for the van and to not advertise a hostname.

So we came up with an idea. What if we generated a log entry on our server from the van?

$     curl

In fact in this cirumstance we had two Telstra Mobile Broadband connections so we could get both IP addresses by running the command with the interface switch

$     curl –interface enp5s0 Machine

Now if we look in our access log for that website on our static IP server we can see the following entry

$     cat /var/log/httpd/access.log | grep MysteryMachine – – [04/Jul/2018:23:49:03 +1000] “GET /MysteryMachine HTTP/1.1” 301 243 “-” “curl/7.59.0”

Our remote machine has “phoned home” and we can see the IP address of the machine. Now we just need to get it to call home more often. We can use our standard operator account to schedule the “calls” via cron.

$     crontab -e
*/10 * * * * curl –interface enp5s0
*/10 * * * * curl –interface enp3s0

Now as long as our firewall allows inbound connections to your services we can always access the van via either of the 4G modems.

If this post was interesting to you, I would be interested in your thoughts about best practice DNS security implementation, please get in touch.