Find external IP and update a DNS A|AAAA record (RFC 2136)
Find a file
2026-05-04 22:56:29 -04:00
LICENSE initial commit 2026-05-04 00:40:13 -05:00
README.md initial commit 2026-05-04 00:40:13 -05:00
updatedns.sh (chore): adjust description text location (#7) 2026-05-04 22:56:29 -04:00

A simple bash script to grab either an IPv4 or IPv6 external address and update an A/AAAA DNS record to a DNS server using RFC 2136. This script does make a curl call to the domain ifconfig.co for external IP discovery. I am not affiliated with them in any way; it's an open source project that returns a result I made this script to expect. This is so running an HTTP/HTTPS stack is not required but can easily be self-hosted with a HTTP 200 return of remote_addr. See below for an nginx example. Be sure to change the CHECKURL variable in the do_setvars() function accordingly.

Requirements

This requires the following packages that may not be previously installed:

dig, curl, base64 (for change alert emails), nsupdate (bind-utils/sambda-nsupdate)

Usage

At a minimum, edit the script and change the following variables at the top of the file:

TSIGKEY="/path/to/dns-tsig.key"         # tsig-keygen -a hmac-sha512 ddnsupdatekey
DIGHOST="9.9.9.9"                       # DNS server to use when checking the current DNS record
DNSZONE="name.tld."                     # DNS zone expecting the DDNS update.  Varies depending on DNS server configuration.
NSUPDATESERVER="ns.name.tld|x.x.x.x"    # DNS server to send the record update request to

Usage: update.sh [A | AAAA] host.to.update.tld
Example IPv4: update.sh A dynamic.host.my.domain
Example IPv6: update.sh AAAA dynamic.host.my.domain

There is currently no syntax checking!

Change alert emails

This script can send a simple record change summary email-

From: alerts@domain.tld
Subj: Updated [A] DNS record for dyn.domain.tld
Dynamic DNS record for dyn.domain.tld have been updated! Below is a summary of the change-
Domain: dyn.domain.tld
Record type: A
Old record: 1.2.3.4
New record: 4.3.2.1

To enable these, change the following variables at the start of the script-

EMAILENABLED=1		# Enable sending email function after a record change
SMTPUSER		# Username for SMTP authentication
SMTPPASSWORD		# Password for SMTP authentication
SMTPSERVER		# Server to use for SMTP.  Must support StartTLS on 587.
MAILFROM		# Address to use as the From address.  Since most servers will not allow spoofing, this will end up being SMTPUSER.
MAILTO			# Email address(es) to send alerts to

DNS server configuration examples

Example for KnotDNS 3.x-

...
key:
  - id: ddnsupdatekey
    algorithm: hmac-sha512
    secret: w==
  ...
acl:
  - id: ddnsupdate
    key: ddnsupdatekey.
    action: update
    update-type: [A, AAAA]
  ...
zone:
  - domain: domain.tld
    ...
    acl: [..., ddnsupdate, ...]
...

Example for BIND 9.x-

...
key "ddnsupdatekey" {
  algorithm hmac-sha256;
  secret w==;
};
zone "domain.tld" {
  ...
  allow-update {
    key ddnsupdatekey;
  };
  ...
}
...

Web server configuration examples

nginx-

server {
  ...
  location / {
    default_type text/plain;
    return 200 "$remote_addr";
   }
  ...
}