Having Your Own Domain Name with a Dynamic IP Address

We describe here a method of using a domain name of your own, obtained from a domain name registrar, for a machine with a dynamic IP address. It involves setting up BIND on the machine.

Note that versions of BIND for Mac and Windows 9x are available too (see http://www.dns.net/dnsrd/servers/ and ftp://ftp.is.co.za/networking/ip/dns/bind/nt/ ).

The user may obtain an account on a dynamic DNS service, and specify that a wildcard is desired. Or the user could obtain more than one account if wildcards are not available. As many of these dynamic IP domain names as needed are then given to the user's domain name registar as the names of the name servers for the user's domain.

On the user's machine BIND only needs to serve external requests (the user is under no obligation to use their own BIND installation to serve their DNS needs). So it only needs one zone.

To avoid the need to modify the BIND configuration when the IP address changes, that one zone can just use MX and CNAME records to one of the dynamic IP domain names that were used for the name servers. The zone could contain something like:

$TTL 1D
you.ca.     SOA   you.ca. root.you.ca. (
                    20020101      ;serial
                    3600          ;refresh
                    1800          ;retry
                    604800        ;expiration
                    0             ;TTL for NACK
                    )
you.ca.     NS    ns1.you.dyndnservice.ca.
you.ca.     NS    ns2.you.dyndnservice.ca.
you.ca.     MX 0  you.dyndnsservice.ca.
www.you.ca. CNAME you.dyndnsservice.ca.

Note that CNAME records have some limitations and possibly unexpected effects. For example:

• It is not possible to have a CNAME and an SOA record for the same name. So the zone for site.com cannot have a CNAME record for site.com.

• It is not possible to have a CNAME and an MX record for the same name.

• If mail is sent to a host name defined in a CNAME record, a standards compliant MTA will re-address the mail to the canonical host name, so that the receiving MTA must accept mail addressed to the canonical/GnuDIP host name.

It would be better to set up a structure that modifies the BIND configuration when the IP address changes. The details of doing this would very greatly depending on your circumstances. For an example of how this might be done for Slackware Linux serving as an Internet gateway, obtaining its dynamic IP address using DHCP, see ownexample.html.

One difficulty that may be encountered is that domain name registrars typically require you to enter not just the name server names for a domain, but also IP addresses corresponding to these names.

However, the DNS root servers will only use these IP addresses if "glue" records are needed.

This is discussed in RFC 1033 ("Domain Administrators Operations Guide"). We quote:

"You may only put data in your domain server that you are authoritative for. You must not add entries for domains other than your own (except for the special case of "glue records")".

"If the name server host for a particular domain is itself inside the domain, then a 'glue' record will be needed. A glue record is an A (address) RR that specifies the address of the server. Glue records are only needed in the server delegating the domain, not in the domain itself."

The root and top level domain servers use BIND. BIND enforces this RFC standard, as can be verified by setting up a test configuration of BIND. In particular:

• It refuses to load "out of zone" RR-s, writing a message to sylog for each such record. So for example, if BIND finds an A RR with a left-side ending in ".org." in a zone file for the ".com" domain, it will not load it.

• It will silently ignore any remaining unnecessary glue records, and will instead do a DNS look up for the name server name.

In the case of the current author's site, the two dynamic IP domain names provided as name server names are not inside the domain macdonnell.ca, so there should be no glue records. And in fact, the IP addresses the author provided are not being used by the ".ca" root servers. There is no way to know whether unneeded glue records were provided.

It should be noted that some registrars' web interfaces perform unncessary and ignorant validation tests on the name server information as it is entered.

The user should be able to get around these by using more than one dynamic IP account, and temporarily setting the IP addresses for them to appropriate (distinct) values. Once the name server information has been accepted by the domain name registrar's web interface, the IP addresses may be reset correctly.

There is in fact a reliability advantage to using two or more different dynamic domain services. If one is down, the other will still be able to provide a name server address.