plugins icon indicating copy to clipboard operation
plugins copied to clipboard

Published 20 hours ago verified publisher icon opnsense

dns/ddclient: add dnsexit

Open DiSHTiX opened this issue 2 years ago • 3 comments

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

  • [X] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
  • [X] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
  • [X] When the request is meant for an existing plugin, I've added its name to the title.

Is your feature request related to a problem? Please describe. Currently there is no configuration option for DNSEXIT

Describe the solution you'd like Please add the option to use DNSEXIT

Describe alternatives you've considered

  • DYNDNS: Continue with dyndns until it breaks?
  • DOCKER: an dnsexit script which proved to be unreliable, also I cannot have dockers at all my locations
  • DNS-O-MATIC: Does not work (Opnsense 22.1.2) GUI doesnt save the password input and gives auth errors in the debug log)

Additional context

  • DNSexit exists in the current dev branch of ddclient (bottom): https://github.com/ddclient/ddclient/blob/develop/ddclient.conf.in
  • DNSexit also supports simple HTTPS via APIKEY updates: curl https://api.dnsexit.com/dns/ud/?apikey=API-KEY -d host=host1.yourdomain.com,host2.yourdomain2.com (-d ip=xx.xx.xx.xx is optional as their system will automatically detect the public IP)
  • DNSexit's update response uses codes:
    1. code:0 indicates successful update {"code" : 0, "message" : "Success - some details about the update"}
    2. code:1 indicates IP address not changed. {"code" : 1, "message" : "IP not changed - some details about the update"}
    3. Other returning codes indicates errors.

Thank you, I should learn to code and provide a working change instead of requesting

DiSHTiX avatar Mar 19 '22 20:03 DiSHTiX

I'm using Dynamic DNS (Legacy) and I stopped updating because DNSExit support was gone. So a +1 for DNSExit Support.

myradon avatar Jun 18 '22 19:06 myradon

I'm using Dynamic DNS (Legacy) and I stopped updating because DNSExit support was gone. So a +1 for DNSExit Support.

You can continue to update your OpnSense, although the legacy Dynamic DNS package is no longer supported it wont be removed from your system and will continue to function, but probably not indefinitely.

If Dynamic DNS fails you may resort to a simple cronjob, unfortunately it is not as nice as having the status shown on the dashboard

DiSHTiX avatar Jun 23 '22 20:06 DiSHTiX

The develop branch ddclient implementation is built on the legacy update method of dnsexit (using the url https://update.dnsexit.com/RemoteUpdate.sv with all the required information added in the url). Now they have a new and much safer update method on the new endpoint, as described here; https://dnsexit.com/dns/dns-api/#guide-to-use

However, I'm not aware of an implementation for this API in ddclient.

Note that for me, the old os-dyndns plugin using the legacy dnsexit update method (using main account credentials) is still working fine.

jortkoopmans avatar Jul 30 '22 16:07 jortkoopmans

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

OPNsense-bot avatar Sep 15 '22 19:09 OPNsense-bot

I guess this issue is rightfully closed, however I've made an effort upstream to get this moving forward. But it seems also ddclient is in maintenance mode with limited activity by the maintainers.

jortkoopmans avatar Sep 19 '22 16:09 jortkoopmans

The time has come, dyndns is dropped from the repo, no ddclient update to support dnsexit in any manner.. This can be used to run off a spare vm or opnsense directly


#### let cron run the script, its set for every 4mins (shouldnt be more than 3x per 10mins or the api will cry)
crontab -e    
*/4     *       *       *       *       (/usr/local/sbin/dnsexit.sh) > /dev/null


### copy the below script to your favorite editor, update the apikey and dnshosts 
### cat it into the file, copy&paste the script, close with a ctrl-c

cat > /usr/local/sbin/dnsexit.sh

#!/bin/sh
apikey="enteryourkeyhere"
## use comma for multiple hosts
dnshosts="hostname.domain"
## if specific interface is needed add  --interface ovpnc1  as example, between curl and https:// curl. 
curl https://api.dnsexit.com/dns/ud/?apikey=$apikey -d host=$dnshosts --no-progress-meter |grep code >/var/log/dnsexit.log
date >>/var/log/dnsexit.log
#


### make dnsexit.sh executable  and  touch the log file
chmod +x /usr/local/sbin/dnsexit.sh
touch /var/log/dnsexit.log

You can get your apikey from the dnsexit website, fyi https://dnsexit.com/dns/dns-api/#guide-to-use

try it out by running dnsexit.sh and cat /var/log/dnsexit.log its set & forget, it doesnt check if there are IP changes it simply updates every 4 mins.

If you dont know how to deal with the above, then you probably shouldnt..

DiSHTiX avatar Aug 02 '23 08:08 DiSHTiX

I guess this issue is rightfully closed, however I've made an effort upstream to get this moving forward. But it seems also ddclient is in maintenance mode with limited activity by the maintainers.

your efforts were valiant, take care 👍🏻 lets hope something will get added in future

DiSHTiX avatar Aug 02 '23 08:08 DiSHTiX

https://github.com/ddclient/ddclient/commit/ec4d83bc3f7

note that if you want something you will not do yourself you will have to wait ;)

fichtner avatar Aug 02 '23 08:08 fichtner

@DiSHTiX ; It seems like the new maintainer(s) have included dnsexit2 from my PR into the main (master) branch, which is good news. However, they have not (yet) made a new release (current 'latest' release is 3.10.0 from Oct 2022).

@fichtner ; That's a a bit harsh :stuck_out_tongue: , I've worked on getting this added to ddclient already in August 2022 :wink: . The main issue was/is the maintainer situation and getting a new release of ddclient that includes these features. If I understand correctly, opnsense follows the upstream 3.10.0 release of ddclient which is from Oct 2022. We could;

  • Wait until a new ddclient is released that includes the features (and adopt those).
  • Build it from the main branch instead.

jortkoopmans avatar Aug 07 '23 12:08 jortkoopmans

@jortkoopmans sorry this was directed at @DiSHTiX

Should I add https://github.com/ddclient/ddclient/commit/ec4d83bc3f7 to our ddclient-devel port in order to get your change into OPNsense and/or is there another commit required?

fichtner avatar Aug 07 '23 13:08 fichtner

@fichtner ; No worries, all good :wink:. I would recommend waiting just a little bit, as the new maintainers seem to be picking up the project quite quickly. There is a v3.11.0 release in the making which should include DNSExit. See tentative changelog here; https://github.com/ddclient/ddclient/blob/master/ChangeLog.md

However, if we don't feel like waiting, it is probably better to pin to a recent master commit, e.g. https://github.com/ddclient/ddclient/commit/ef496d108fea294ef83d7be6a6f9eb40ae3fc25c

Additionally, while I'm not familiar with the OPNsense plugin system, some changes may be needed here as well? (I don't see DNSexit here for example; https://github.com/opnsense/plugins/blob/master/dns/ddclient/src/opnsense/service/templates/OPNsense/ddclient/ddclient.conf)

jortkoopmans avatar Aug 07 '23 13:08 jortkoopmans

Using an upstream state is risky. I've maintained a backport but in this case the dnsexit2 changes requires regfish (conflicting patch lines), and now also digitalocean/porkbun due to the load_json_support line change. As said elsewhere I would have preferred a release tag since people started fixing things after 3.10.0

fichtner avatar Aug 07 '23 13:08 fichtner

Ok it's in https://github.com/opnsense/ports/commit/e220eb52d for 23.7.1 but I will also post a test package in the next minutes

fichtner avatar Aug 07 '23 14:08 fichtner 

# opnsense-revert -z ddclient-devel

should install 3.10.0_6 which has regfish and dnsexit2 added. I'm unsure about the plugin requiring changes, but I think those changes would only be required on non-standard implementations.

fichtner avatar Aug 07 '23 14:08 fichtner

@fichtner ; This is great, thank you! I think it "almost" works out of the box, except through the UI I can't configure the dnsexit2 protocol (it creates the dnsexit protocol config). But if I edit /usr/local/etc/ddclient.conf to (e.g.):

protocol=dnsexit2, \
login=bogus, \
password=REDACTEDMyAPIKey \
myredactedhost.example.com

then it works!

So basically I think the only minor thing needed is to adopt the dnsexit2 protocol (which is the only one remaining actually, as dnsexit was already removed). Of course some other settings are also not available on the UI, such as record type (ipv6) and TTL. But that's probably out of scope for now as you'd have to dynamically change the config form depending on the ddns provider.

jortkoopmans avatar Aug 07 '23 20:08 jortkoopmans

Let me try to update the plugin tomorrow morning. This is very helpful, thanks!

fichtner avatar Aug 07 '23 20:08 fichtner

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

OPNsense-bot avatar Aug 07 '23 21:08 OPNsense-bot