Roll your own dynamic DNS service using Amazon Route53

Roll your own dynamic DNS service using Amazon Route53

Posted on July 3, 2014 | 12 comments

I used the free Dynamic DNS (DDNS) service from Dyn since about 2006 and never had a single issue with it. That all changed when they phased out their free accounts. I was forced to find an alternative, so I went with which was easy to set up and provided a great service.

Recently, No-IP has been having some legal troubles that seem to be revolving around Microsoft’s crusade to rid the world of spammers/scammers/malware/botnets. My hostname was one of the ones that was nixed by Microsoft’s overly broad court order. I’m sure MSFT could have just worked with No-IPs abuse team and taken down only the offending domains – but I’m not going to get into rant about that.

So, I did what any self-respecting hacker does in this situation and decided to roll my own. I was already familiar with Amazon’s Route53 service so I figured why not? They have a nice REST API with granular access controls, as well as a command-line client that makes interacting with said API a breeze.

Step 1: Install awscli

You can install the AWS command line client really easily using pip:

# pip install awscli

Note: if you don’t have pip installed, try:

# easy_install pip

Then retry the pip command. If you’re still having a hard time, just follow the official instructions here:

Make sure you’ve got it installed properly by running aws --version. Next, you need to set up your access credentials using aws configure.

Step 2: Set up your hosted zone on Route53

This can be a bit complicated if you’re not familiar with the various ins and outs of DNS. The first step is to log into your AWS console and go to the Route53 service.

Next, create a new Hosted Zone by clicking “Create Hosted Zone”.

Creating a Hosted Zone in Route53

Creating a Hosted Zone in Route53

Once you’ve created the zone, select it in the list and you should see a list of properties show up on the right hand side. One of the properties is called Delegation Set – make note of these 4 addresses – you will need them once you’ve finished setting up all your DNS records.

Step 3: Populate your DNS records

This step will vary from domain to domain depending on what you need. The fastest way is to use the Import Zone File button if your current DNS provider allows for easy exporting of your existing zone file (mine did not – urgh). If not, you’ll need to create them all manually.

Step 4: Update your Nameservers

Your domain registrar should have somewhere in their admin panel that will allow you to change your nameserver records to point at your new Route53 nameservers instead.

You need to use the 4 addresses that were provided as your Delegation Set back up in Step 2.

Step 5: Use the BASH, Luke

Now for the fun bit. Before anyone gives me grief for not coding my own REST client, I did this all in about an hour one evening and it works well. There are a number of different ways it could be accomplished. REST APIs are easily consumable by just about every programming language out there – I just decided to do a BASH script for the sake of time.

This script is designed to be run either manually as needed, or on a schedule using something like cron.

# Hosted Zone ID e.g. BJBK35SKMM9OE
ZONEID=enter zone id here
# The CNAME you want to update e.g.
RECORDSET=enter cname here
# More advanced options below
# The Time-To-Live of this recordset
# Change this if you want
COMMENT=Auto updating @ `date`
# Change to AAAA if using an IPv6 address
# Get the external IP address
IP=`curl -ss`
function valid_ip()
local ip=$1
local stat=1
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \
&& ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
return $stat
# Get current dir (stolen from
DIR=$( cd $( dirname ${BASH_SOURCE[0]} ) && pwd )
if ! valid_ip $IP; then
echo Invalid IP address: $IP >> $LOGFILE
exit 1
# Check if the IP has changed
if [ ! -f $IPFILE ]
touch $IPFILE
if grep -Fxq $IP $IPFILE; then
# code if found
echo IP is still $IP. Exiting >> $LOGFILE
exit 0
echo IP has changed to $IP >> $LOGFILE
# Fill a temp file with valid JSON
TMPFILE=$(mktemp /tmp/temporary-file.XXXXXXXX)
cat > ${TMPFILE} << EOF
# Update the Hosted Zone record
aws route53 change-resource-record-sets \
–hosted-zone-id $ZONEID \
–change-batch file://$TMPFILE >> $LOGFILE
echo >> $LOGFILE
# Clean up
# All Done – cache the IP address for next time
echo $IP > $IPFILE
view hosted with ❤ by GitHub

I won’t go into explaining line by line what this does, but the gist of it (get it?) is that it goes out to to get the current IP address, makes sure it’s valid, compares it to the last one that it got, and if it changed then it updates the Route53 Record Set using theawscli tool. It logs to a file called update-route53.log every time it runs and stores the last IP it got in a file called update-route53.ip.

Feel free to poke fun at my BASH skills.

Optional Step 6: Set up your crontab

To make this run every 30 minutes, I added this to my crontab (using crontab -e):

*/30 * * * * /home/will/scripts/

How much does it cost?

The Amazon Route53 Pricing Page does a pretty good job of explaining it – basically you’re looking at about $0.60 – $1.00/month depending on your site’s traffic.


Connecting to Amazon EC2 using Transmit

Connecting to Amazon EC2 using Transmit


I’ve recently started using Amazon’s EC2 could based web servers which has been great but it requires a PEM (privacy enhanced email) certificate in order to login and access the server. This is fine for Terminal access usingsftp or ssh but it took a bit of trial and error to get it working for GUI apps such as Panic’s awesome Transmit client. If you’re trying to do the same here’s the quick how-to (at least for Mac OS X 10.6 / Snow Leopard).

First, copy your Amazon EC2 .pem file to your local ssh directory in/Users/your_user_name/.ssh. You can open this directory easily by entering the following command in the Terminal app:

 $ open ~/.ssh 

Assuming the file is called server.ssh you can test it using the Terminal command:

$ ssh -i ~/.ssh/server.pem root@your_amazon_server 

If that worked then your certificate is good.

Next, you need to add an ssh configuration option to let your apps know about the PEM. Open (or create) ~/.ssh/config and add the following line (again, assuming your file is called server.pem):

IdentityFile "~/.ssh/server.pem" 

Save the config changes and then use the Terminal to alter the permissions of your PEM file to 700 (otherwise ssh may not allow you to use the file):

$ chmod 700 ~/.ssh/server.pem 

Lastly, you need to restart the SSH dameon. Either restart your entire computer (slow and lame) or just quickly drop into the Terminal again and use the launchctl command (you’ll need to be root):

# launchctl launchd% stop com.openssh.sshd launchd% start com.openssh.sshd launchd% quit 

Now all you have to do is use Transmit to connect to your Amazon EC2 server via SFTP, using the root user and leave the password field blank.


You may also find it useful to add a HOST block around the config changes. I found the above configuration started to conflict with my GIT repos so I modified the config to:

Host IdentityFile "~/.ssh/server.pem" 

that way it only applies to the servers.

pi samba server,%20Simple%20and%20Brief%20Way!



About This Guide

In this text, I teach how to create a network share via Samba using the CLI (Command-line interface/Linux Terminal) in an uncomplicated, simple and brief way targeting Windows users.



All commands must be done as root (precede each command with ‘sudo’ or use ‘sudo su’).

  • Install Samba

      sudo apt-get update sudo apt-get install samba


  • Set a password for your user in Samba

      sudo smbpasswd -a <user_name>


      • Note: Samba uses a separate set of passwords than the standard Linux system accounts (stored in /etc/samba/smbpasswd), so you'll need to create a Samba password for yourself. This tutorial implies that you will use your own user and it does not cover situations involving other users passwords, groups, etc...
        Tip1: Use the password for your own user to facilitate.
        Tip2: Remember that your user must have permission to write and edit the folder you want to share.
        sudo chown <user_name> /var/opt/blah/blahblah
        sudo chown :<user_name> /var/opt/blah/blahblah
  • Create a directory to be shared


    mkdir /home/<user_name>/<folder_name>


  • Make a safe backup copy of the original smb.conf file to your home folder, in case you make an error


    sudo cp /etc/samba/smb.conf ~


  • Edit the file “/etc/samba/smb.conf”


    sudo nano /etc/samba/smb.conf


    • Once "smb.conf" has loaded, add this to the very end of the file:
      path = /home/<user_name>/<folder_name>
      available = yes
      valid users = <user_name>
      read only = no
      browseable = yes
      public = yes
      writable = yes
      Tip: There Should be in the spaces between the lines, and note que also there should be a single space both before and after each of the equal signs.
  • Restart the samba:


    sudo restart smbd


  • Once Samba has restarted, use this command to check your smb.conf for any syntax errors




  • To access your network share

    To access your network share use your username (<user_name>) and password through the path “smb://<HOST_IP_OR_NAME>/<folder_name>/” (Linux users) or “\\<HOST_IP_OR_NAME>\<folder_name>\” (Windows users). Note that “<folder_name>” value is passed in “[<folder_name>]”, in other words, the share name you entered in “/etc/samba/smb.conf”.

    • Note: The default user group of samba is "WORKGROUP".



transmission block list

Which is the best blocklist for Transmission?


Transmission is, in my opinion, the best BitTorrent client for OS X and Linux [and did you know there’s even an unofficial Windows version too?]. Why? Because it’s super easy to use and configure and it’s not resource-hungry like some other one [someone said µTorrent for OS X?].

But it has a problem. Blocklists are damn hard to find.

Looking for a nice and complete blocklist for Transmission can be a pain, especially if you’re not sure of which one to pick. In fact there are a ton of lists all for different purposes and no one will give you complete bad-peer protection since one will shield your client from spammers, one from the US Government [really?] and no one from all those things combined.

If you search on Google you will find people recommending this website, called iBlocklist, which collects various block lists but there are to many of them and they all have the same problem I said before: no complete 100% protection.

Luckly John Tyree, a user from, created a GitHub project which combines all those iBlocklist lists in to a single one and he hosted the result here:

simply add this URL in the Transmission preferences like this:

Peer blocklist

and the application will do all the magic for you combining the lists and adding those IP rules to the built-in firewall. Be sure to check the option below to make Transmission update the blocklist weekly for you so you won’t have to worry anymore. This works with all versions of Transmission and with all OSs.

xbmc uk repository

add add-on via get zip file

then install

video addon NotFilmOn


mode info:

raspberry pi format sd card as ext4

list your drives:

df -h

unmount the drive

sudo umount /dev/sdb1 (or whatever your usb is) 

Then formatting the partition for ext4 (it cannot be formatted while mounted/in use):

sudo mkfs.ext4 /dev/sdb1 
Mount the drive 
sudo mount /dev/sda1

Rename the usb drive to something else.

sudo e2label /dev/sdb1 somethingelse
Unount the drive to see the changes
sudo unmount /dev/sda1
Mount it again (haven’t tested this step as I just took it off at added it back in)
sudo mount /dev/sda1

raspberry pi: backup sd card

Back-up a Raspberry Pi SD card using a Mac

I’ve re-installed my Pi’s SD card storage more times than I care to recall. New cards, programming glitches, messing with Linux’s settings files – all of these reasons have forced me to go through the process of re-flashing the Pi’s storage card. That’s bad enough – what’s worse is having to re-download the applications I’d added since the previous install, applying updates and choosing again all of my system preferences.

What I should have done was clone my card, allowing me to re-flash the SD card with a complete, working and configured to my personal satisfaction Pi operating system.

I don’t know why I didn’t do this. I suppose Mac OS X’s inability to cope with the Pi’s EXT4 file-system was the main reason: I can’t simply drag and drop the card’s contents, first to the Mac and then, later, back to a freshly formatted card. But a little Googling set me on track to use the next best thing: the dd command, available in OS X – and Linux for that matter.

So clone the Pi’s SD card, slip it out the Pi and into a Mac. Open the Mac’s Terminal app and first enter the command:

diskutil list

This will give you a list of the disks and volumes inside or connected to your computer. The Pi SD card will contain a Linux partition under TYPE NAME:

Diskutil on OS X

diskutil shows the Pi SD card as /dev/disk1

Now you’re ready to duplicate the SD card, saving it as a disk image file on your hard drive:

sudo dd if=/dev/rdisk1 of=~/Desktop/pi.img bs=1m

The if stands for ‘input file’, in this case the SD card. diskutil will list it as /dev/disk1 – prefix ‘disk’ with ‘r’ to point to the card’s raw storage space to speed up the process: /dev/rdisk1.

In the next section, of stands for ‘output file’, here a new file, pi.img which is to be place by dd on my desktop. Remember, ~ is the Unix symbol that represents your home directory.

Finally, bs for ‘block size’ – I’ve chosen 1MB, or 1m as dd prefers it. You’ll need to prefix the dd command with the sudo command, and this will first ask your for your Mac admin password. If you’re a Pi user, you’ll likely be used to sudo. When you’ve entered your password, the duplication process will begin. Depending on the capacity of your SD card, it could take some time. While the back-up is being made, all you’ll see in the Terminal is a flashing cursor, but you can get some feedback by looking at the size of the pi.img file on your Desktop.

WARNING Always make sure you check these values carefully – get them wrong and you can wreck the data on your hard drive. Don’t, for instance, key in the wrong /dev/disk entry from the diskutil list. If you accidentally tell dd to copy the wrong disk or copy the SD to your hard drive, it will merrily go ahead and do so. It won’t check to see if you’re happy for it to proceed. Don’t copy my examples exactly – the input and output file locations may be different on your system.

Re-flashing the SD card from the image is just a matter of swapping around the input file and output file values to read from your .img file and write to the card.

Now, pi.img in the example above is large. You can compress it afterwards by right-clicking and selecting Compress “pi.img”, but it’s more efficient to compress the file as you go. To do this, you use the Unix ‘pipe’ symbol, | , to route the output of dd not to a file but to thegzip utility:

sudo dd if=/dev/rdisk1 bs=1m | gzip > ~/Desktop/pi.gz

Re-flashing the SD card then becomes:

gzip -dc ~/Desktop/pi.gz | sudo dd of=/dev/rdisk1 bs=1m

Update Note that you’ll need to unmount – but not eject – your SD card before you can write to it. So enter diskutil unmountDisk /dev/disk1 to do so. Now you’re ready to run the restoration using the command sequence in the previous paragraph.

I got my 16GB SD card down to a 1.48GB .gz file, small enough to keep safe on a USB stick I had kicking around. Depending on how big your SD card is and how much data you’ve put on it, your mileage may vary.

PS. If you’re reading this but you’re not a Mac user, Lifehacker has instructions for Windows. Backing up the Pi SD card on a Linux machine is an almost identical process to the Mac one. The difference: the SD card will be listed as /dev/sdx-something.

PPS. If you’re reading this but you’re not a Raspberry Pi users, what are you waiting for? Go and buy one! Here’s a nice set comprising the Pi and a stack of handy accessories.

To restore:

sudo dd of=/dev/rdisk1 if=~/Downloads/RaspbmcPi.img bs=1m

raspberry pi samba

How To – NAS with Samba and Windows


This tutorial is for very limited security and is intended for easy access to an internal share on a secure network.

You can find similar tutorials on the official Wiki

Attaching a usb hard drive to the Pi will put the drive here:


If you are able to browse to that location (DRIVE being the name of your device attached)

You are now ready to setup Samba with guest access

sudo su
# adduser guest --home=/home/public --shell=/bin/false --disabled-password
# sudo chmod -R 0700 /home/public
# chown -R guest.guest /home/public

su pi
$ sudo apt-get install samba smbfs

You have a new user “guest” with no password authentication. This covers the creation of a shared home (/home/public) but to use this with Windows you will need to add your access to Windows over the network connection. (WORKGROUP is the default name for most Windows based PC’s)

You can find your settings by following the steps below in Windows:

  1. Open System by clicking the Start button Picture of the Start button, clicking Control Panel, clicking System and Maintenance, and then clicking System.
  2. Under Computer Name, Domain, and Workgroup Settings, click Change settings.

To allow Windows to browse files on the Pi you need to edit your Samba’s smb.conf file:

sudo nano /etc/samba/smb.conf
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name
#  your Samba server will part of
workgroup = WORKGROUP

####### Authentication #######
security = share

obey pam restrictions = yes
guest account = guest
invalid users = root

Next add:

comment = drive
read only = no
locking = no
path = /media/DRIVE
guest ok = yes
force user = pi

“force user” allows a user (i.e. guest) to get the files from a device mounted by another user. Pi will be the default owner of these files this will force the connection to use Pi as the guest account.

Where /media/DRIVE is the path to your external usb drive.

And then:

# /etc/init.d/samba restart

to apply.

Have fun

Now on the Windows machine on the Network panel look for RASPBERRYPI and inside it find the “drive” folder, with all the files from DRIVE.

transmission on a pi

Transmission is a tool to download files using torrent service. Transmission-daemon is basically the same, but without user interface. We install it in always-on server (like Raspberry Pi), then access it from different computers. This guide assumes you already have Raspbian OS installed in your Raspberry Pi with LAN setting properly established. My Raspbian image file is dated 9 Feb 2013. Different version of Raspbian might produce different behavior.

transmissionBefore installing new application or service in Raspbian, make sure to always type this into terminal :
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

If you’re installation is not the latest version, it might take a while as Raspbian will download the latest files from Internet.

Now, open terminal again and install Transmission-daemon:
sudo apt-get install transmission-daemon

Ideally, we need two folders to contain Transmission files:
mkdir /home/pi/progress (for incomplete downloads)
mkdir /home/pi/completed (for completed downloads)

We need to take care about some permission stuff:
sudo usermod -a -G debian-transmission pi (change “pi” with your Raspberry Pi username if necessary)
chgrp debian-transmission /home/pi/progress
chgrp debian-transmission /home/pi/completed
chmod 770 /home/pi/progress
chmod 770 /home/pi/completed

If you wish to combine Raspberry Pi with an existing NAS server for downloading torrents, there’s a chance you will get error message related to permission. There are various ways to solve it, but I shall go with the easiest one: adding your Raspbian username into debian-transmission group (in my case “pi”) then change ownership of your mounted folders using the following commands:
sudo service transmission-daemon stop (stopping Transmisssion)
sudo adduser pi debian-transmission (add pi or your username to debian-transmission group)
sudo nano /etc/init.d/transmission-daemon (change startup user for transmission, change user name to your username: USER=pi)
sudo chown pi -R /var/lib/transmission-daemon/info/ (change owner rights to transmission configuration files to you)
sudo chown pi -R /home/pi/progress (change owner right of download folder to your user)
sudo chown pi -R /home/pi/completed (change owner right of download folder to your user)
sudo chown pi -R /etc/transmission-daemon/settings.json (change owner right of configuration file to your user)
sudo service transmission-daemon start (start Transmission again)

Next, we need to take care of some settings:
sudo nano /etc/transmission-daemon/settings.json

You shall see many setting lines. Feel free to explore those settings one by one, but for now let’s focus only on few important settings to get started.

1. Find rpc-username and rpc-password, change the values. This is supposed to be different from your Raspbian username.
2. Find rpc-whitelist and add the IP addresses of your other computers there (computers you plan to access Transmission from). For my case, I simply add 192.168.1.*
3. Find download-dir and change it into /home/pi/completed or whatever the name of the folder you have prepared before.
4. Find incomplete-dir and change it into /home/pi/progress or whatever the name of the folder you have prepared before.
5. Find watch-dir and change it into /home/pi/torrentwatch or whatever the name of the folder you have prepared before.

Save the settings.json file and force transmission-daemon to load it:
sudo service transmission-daemon reload

Transmission-daemon saves configuration file when it closes. So using restart parameter instead of reloadwill get the previous settings revert back.
If you change the password, then type sudo service transmission-daemon reload followed by sudo service transmission-daemon restart.

Now you need to know the IP address of your Raspberry Pi.
ifconfig eth0 (if you’re using network cable)
ifconfig wlan0 (if you’re using WiFi)

You might also want to make your Raspberry Pi having a static IP address:
sudo nano /etc/network/interfaces

Then change this line:
iface eth0 inet dhcp
iface eth0 inet static
and add the following lines below the iface line:
address (change this with your desired address for the Pi)
Of course, you should adjust the lines according to your network settings.

All done. You might want to restart your Raspberry Pi, then try the connection from another machine.

In the other machine, open web browser and type:

For example:

You will be asked username and password, which you need to answer with the value of rpc-username andrpc-password.

ubuntu set locales

sudo dpkg-reconfigure locales