Sunday, 31 December 2017

Using Azure AD and DNS as an alternative to DynDNS

I asked my ISP to remove my fixed IP address as there is a firmware bug on their supplied router that makes it incompatible with fast broadband. Instead of getting the 200Mbps I am paying for I was getting 20-50Mbps.

This left me with a problem, how do I address my network now? I didn't particularly want to sign up to DynDNS or equivalents. I've got an Azure subscription, so can I do anything with that?

This post gives a beautifully elegant solution. Create an Azure DNS zone for your domain. Create an Azure Function that exposes a HTTP API. Use this function to update the DNS record by PowerShell.

Expose the API and call it regularly (by a scheduled task on a Raspberry PI for example).

When I ran the function for the first time it wouldn't work and errored with a 401. On running the PowerShell line-by-line I noticed the Azure login was erroring with AADSTS50055: Force Change Password.

Logging in with the newly-created Azure AD account required an interactive login so that the password could be changed. I solved this by navigating to the Azure portal, logging in as the AD user I created for the DNS Contributor role, changing the password and then updating the Function password variable to match the new password.

You can run the updater on a low-power Raspberry PI with the following commands:


curl "https://<your function app><your function name>?code=<your function key>&ipaddr=<ip address determined>"

and piping the two commands together you can update the IP address from one shell command:

curl -s 2>&1 | curl "https://<your function app><your function name>?code=<your function key>&ipaddr=$(cat -)"

That command can be scheduled to run with crontab, according to your preference.

PS - Another option worth considering is not even needing to specify the IP address to the Web service exposed by the Azure Function. Can it get the referrer's IP address automatically?

No comments:

Post a Comment