Dynamic DNS

Dynamic DNS - with perl

NOTE: This information is historic (as at May 2006)

Dynamic DNS allows hosts to set their own IP address in the DNS namespace. When a Quest Authentication Services-enabled Unix host joins a domain, it automatically appears in Active Directory as Kerberos principals and as LDAP computer objects, but not in DNS.

This topic covers tools for managing a host's entry in Active Directory's DNS.


The SAMBA project has published a Perl script by Andrew Tridgell called nsupdate-gss. It modifies an entry in an Active Directory DNS server using a protocol extension to DNS.

# nsupdate-gss.pl host domain ip-addr ttl

The nsupdate-gss tool requires you to have installed Net::DNS version 0.44 or later, and Philip Guenther's perl GSSAPI, version 0.21 or later.

In addition, for correct use with Quest Authentication Services, you will need to apply the nsupdate-gss.vas.patch, available in the download table below. This patch causes the nsupdate-gss script to authenticate to the DNS server as the local computer account, instead of a normal user. That also means it has to be run as root on the host whose entry is being updated.

The patched components (nsupdate-gss and perl-GSSAPI) have been packaged below in as source RPMS. The can be converted into normal RPMs on your flavour of linux using the command

$ rpmbuild --rebuild file.src.rpm


Release: nsupdate-gss-0.0 (unstable)
Platform Filename Type Size Date MD5 checksum?
Other dnsupdate releases
linuxnsupdate-gss-20050330-1vas.src.rpmsource5 kB2006-01-225b231c7df0f4d34bf36d58879eba539f
perl-GSSAPI-0.13-1vas.src.rpmsource22 kB2006-01-22a0e7bccb6e1044ecf1e5308327dad78a
anyGSSAPI-0.13.tar.gzsource17 kB2006-01-22d732e246de243c0df9240129a82ac482
GSSAPI-vas.patchsource4 kB2006-01-22effab49f7839d44f9259fa1620ee1778
nsupdate-gss7 kB2006-01-2218739e476e1ba8094e01098f9d7981c4
nsupdate-gss.vas.patchsource650 B2006-01-22aa580e8a1498d8666e9c2fe26064c555

— David Leonard