Airport Extreme: update dynamic hostname through BIND

If you are the owner of an Apple Airport Extreme base station, you may have wondered if it is possible to assign a static hostname to your dynamically changing ADSL IP address. Many other routers offer this feature through one of the popular dynamic DNS services such as DynDNS. Apple however decided not to support the proprietary interfaces of those commercial services, but instead use a generic approach as described in RFC 2136 Dynamic Updates in the Domain Name System (DNS UPDATE).

Here’s how you can use this feature.

Requirements:

• Apple Airport Extreme Base Station
• Airport Utility version 5.6 (the DNS update feature is not accessible in 6.0+)
• a domain name where you can choose your own nameserver (most domain sellers allow this)
• a (Linux) server running BIND9 on a static IP address

Setup

• for this setup I assume that your Linux box has the static hostname mybox.com on IP address 46.19.92.98. The domain name you want to use for your airport extreme is airport.mydomain.com. This means mydomain.com is owned by you and has its nameserver set to mybox.com.
• Install BIND version 9 on your Linux server (e.g. “sudo apt-get install bind9”) and create a zone file for your domain. You can put it in /etc/bind/zones/mydomain.com.db and make it look like this:

$ORIGIN .
$TTL 86400	; 1 day
mydomain.com		IN SOA	mybox.com. mailaddress.gmail.com. (
				2012060524 ; serial
				28800      ; refresh (8 hours)
				7200       ; retry (2 hours)
				864000     ; expire (1 week 3 days)
				86400      ; minimum (1 day)
				)
			NS	mybox.com.
			A	46.19.92.98
			MX	10 mydomain.com.
$ORIGIN mydomain.com.
*			A	46.19.92.98
$ORIGIN _dns-sd._udp.mydomain.com.
b			PTR	mydomain.com.
db			PTR	mydomain.com.
dr			PTR	mydomain.com.
lb			PTR	mydomain.com.
r			PTR	mydomain.com.
$ORIGIN _udp.mydomain.com.
_dns-update		SRV	0 0 53 mybox.com.

• google for some BIND tutorials if you need more information on the zone file configuration
• make sure port 53 UDP is open in your Linux box’s firewall
• create a RNDC key. This is the “password” used to update your DNS zone. Run “rndc-confgen -a -c /etc/bind/rndc.key”
• add the following to your /etc/bind/named.conf.local:

include "/etc/bind/rndc.key";
zone "mydomain.com" {
      type master;
      file "/etc/bind/zones/mydomain.com.db";
      update-policy {
        grant rndc-key name airport.mydomain.com A;
      };
};

• ensure that your zone file and the named.conf.local have permissions -rw-r–r– and are owned by root, group bind.
• on Ubuntu 12.04 I had to edit the file /etc/apparmor.d/usr.sbin.named and change the line “/etc/bind/zones/** r,” to “/etc/bind/zones/** rw,”
• restart apparmor and bind
• check the syslog for any bind errors
• if you’ve just changed the nameserver of domain.com to mybox.com, it may take 24h or more for this update to reach your provider’s DNS cache
• check your nameserver configuration with “dig”. “dig a domain.com” should give you an answer section with your Linux box’s IP address. “dig ns domain.com” should return mybox.com. “dig PTR b._dns-sd._udp.domain.com” should return domain.com.
• when everything works as expected, we can now configure Airport Extreme. Open “Airport Utility 5.6”, choose the “base station” tab and click “Edit…”. Configure it as in the screenshot below. The password is the “secret” as mentioned inside your rndc.key file. Enter it without the quotes.

• click “Done” and “Update”. Your Airport Extreme should update the DNS A record for airport.domain.com every 15 minutes. In your syslog it looks like this:

Jun 11 07:15:07 alderaan named[31953]: client 40.224.233.149#5353: updating zone 'domain.com/IN': deleting rrset at 'airport.domain.com' A
Jun 11 07:15:07 alderaan named[31953]: client 40.224.233.149#5353: updating zone 'domain.com/IN': adding an RR at 'airport.domain.com' A

• you can now reach your home network from anywhere through the hostname “airport.domain.com”. Success!!