Knot kresd nsupdate for DDNS

stokito · November 28, 2022, 5:07pm

I trying to make a small Dynamic DNS server. It will have an http API that receives a subdomain, password and IP and refresh the DNS record for the subdomain.
Currently all such DDNS servers just executes nsupdate command for a BIND server.
But the command requires a TSIG and overall seems like not a fast.
The kresd has the knsupdate command knsupdate – Dynamic DNS update utility — Knot DNS 2.4.5 documentation which looks like the same as nsupdate.

My main goal is to have a lightweight solution so that it can work on my Turris Omnia but serve many clients.
So the part of nsupdate call and signing with TSIG looks like a slow place.
Can anyone help me to understand: should I use the kresd + knsupdate + TSIG or maybe I just have to create my own DNS server in C or Golang that will work in memory and update DNS records in a hashmap without any additional dances with the TSIG.

As far I understood the kresd adds the DNS over HTTPS which may be useful. Is anything else that I should take in account?

vcunat · November 28, 2022, 5:36pm

Knot Resolver (kresd) can’t process DDNS messages, i.e. those generated by (k)nsupdate.

stokito · November 28, 2022, 7:16pm

sorry, could you please elaborate: so the nsupdate can’t create a subdomain but only update an existing?

vcunat · November 28, 2022, 7:29pm

Knot Resolver is not an authoritative DNS server, so its capabilities around that are rather limited and it does not support the UPDATE opcode.

stokito · November 28, 2022, 7:31pm

thank you, so it’s only for a caching and resolving

vcunat · November 28, 2022, 7:32pm

Yes, mainly. Some basic support for authoritative data is there, which is also how local *.lan names are done, but it’s not much.

system · December 1, 2022, 7:33pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.