Etherarp
Etherarp

Networking, Security, Linux

Share


Dynamic DNS with Route53

This is a python script I made for dynamic dns with Amazon Route53. I also made a Python REST API.

Rohan MolloyRohan Molloy

What is Route53

Amazon Route53 offers hosting for public DNS as well as private DNS for use within the cloud.

I really like the Amazon AWS API. I prefer it to Cloudflare for Dynamic DNS because Route53 provides granual API access (you can generate a key that can only update a single domain) while Cloudflare has a single API key unrestricted privileges.

The Script

IAM policies for Service account

Begin by going to the IAM console at https://console.aws.amazon.com/iam/home and click on Create Policy. Add the following JSON

Then create a group and attach the policy to the group. Finally, create a user, assign it to the group, and download its credentials.

Creating a RESTful API

I have a number of small devices (like routers) that don't have a proper python environment. I want a dynamic dns solution that can be accessed purely with curl. Using Flask, it is possible to host the python script as a service!.

Clients connect to it, and the script runs on the server, updating the records with the clients ip.

Securing it

I'm still new to Flask, so didn't have time to learn how to set up HTTP basic authentication. I used an ad-hoc solution, the API endpoint is defined by an environment variable, which can be set to some random string.

Access control can also be set up with a reverse proxy (e.g. nginx/caddy) but this is outside of the scope of this tutorial.

The service also uses TLS (https). To easily generate LetsEncrypt certs for your local environment, see my tutorial

Author

Rohan Molloy

View Comments