ddclient does not work with Gandi.net

[emopinata]

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

• [X] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• [X] I have searched the existing issues, open and closed, and I'm convinced that mine is new. (Existing issue didn't use template, #3072 )
• [X] The title contains the plugin to which this issue belongs

Describe the bug Configuring ddclient for the first time with a new domain using Gandi.net for dynamic dns and the logs show that gandi is not a valid protocol in the ddclient config and falls back to dyndns.org.

To Reproduce Steps to reproduce the behavior:

1. Go to Services > Dynamic DNS > Settings
2. Add a new account, select Gandi.net as service, check ip method interface, monitor WAN, set hostname foo.bar.net, then save and apply. The username/password is irrelevant given ddclient is trying to use the wrong provider.

Expected behavior DNS record updated in Gandi.net

Relevant log files

2022-09-29T16:38:49	Notice	ddclient[2350]	 13803 - [meta sequenceId="25"] FAILED:   updating foo.bar.net: badauth: Bad authorization (username or password)
2022-09-29T16:38:49	Notice	ddclient[2350]	 13348 - [meta sequenceId="24"] RECEIVE:  badauth
2022-09-29T16:38:49	Notice	ddclient[2350]	 12773 - [meta sequenceId="23"] RECEIVE:
2022-09-29T16:38:49	Notice	ddclient[2350]	 12460 - [meta sequenceId="22"] RECEIVE:  Connection: close
2022-09-29T16:38:49	Notice	ddclient[2350]	 11944 - [meta sequenceId="21"] RECEIVE:  X-User-Status: vip
2022-09-29T16:38:49	Notice	ddclient[2350]	 11404 - [meta sequenceId="20"] RECEIVE:  Accept-Ranges: none
2022-09-29T16:38:49	Notice	ddclient[2350]	 11039 - [meta sequenceId="19"] RECEIVE:  Content-Type: text/plain
2022-09-29T16:38:49	Notice	ddclient[2350]	 10367 - [meta sequenceId="18"] RECEIVE:  Vary: Accept-Encoding
2022-09-29T16:38:49	Notice	ddclient[2350]	 9484 - [meta sequenceId="17"] RECEIVE:  Strict-Transport-Security: max-age=31536000
2022-09-29T16:38:49	Notice	ddclient[2350]	 9012 - [meta sequenceId="16"] RECEIVE:  Server: Apache/2.4.18 (Ubuntu)
2022-09-29T16:38:49	Notice	ddclient[2350]	 8451 - [meta sequenceId="15"] RECEIVE:  Date: Thu, 29 Sep 2022 16:38:49 GMT
2022-09-29T16:38:49	Notice	ddclient[2350]	 7838 - [meta sequenceId="14"] RECEIVE:  HTTP/1.1 200 OK
2022-09-29T16:38:49	Notice	ddclient[2350]	 6995 - [meta sequenceId="13"] SENDING:
2022-09-29T16:38:49	Notice	ddclient[2350]	 6995 - [meta sequenceId="12"] SENDING:
2022-09-29T16:38:49	Notice	ddclient[2350]	 6995 - [meta sequenceId="11"] SENDING:   Connection: close
2022-09-29T16:38:49	Notice	ddclient[2350]	 6995 - [meta sequenceId="10"] SENDING:   User-Agent: ddclient/3.9.1
2022-09-29T16:38:49	Notice	ddclient[2350]	 6995 - [meta sequenceId="9"] SENDING:   Authorization: Basic <redacted>
2022-09-29T16:38:49	Notice	ddclient[2350]	 6995 - [meta sequenceId="8"] SENDING:   Host: members.dyndns.org
2022-09-29T16:38:49	Notice	ddclient[2350]	 6995 - [meta sequenceId="7"] SENDING:  GET /nic/update?system=dyndns&hostname=foo.bar.net&myip=xx.xx.xx.xxx HTTP/1.0
2022-09-29T16:38:49	Notice	ddclient[2350]	 6241 - [meta sequenceId="6"] CONNECTED:  using SSL
2022-09-29T16:38:49	Notice	ddclient[2350]	 5409 - [meta sequenceId="5"] CONNECT:  members.dyndns.org
2022-09-29T16:38:49	Notice	ddclient[2350]	 4604 - [meta sequenceId="4"] UPDATE:   updating foo.bar.net
2022-09-29T16:38:49	Notice	ddclient[2350]	 3999 - [meta sequenceId="3"] INFO:     setting IP address to xx.xx.xx.xxx for foo.bar.net
2022-09-29T16:38:49	Notice	ddclient[2350]	 3546 - [meta sequenceId="2"] WARNING:  file /usr/local/etc/ddclient.conf, line 12: Invalid Value for keyword 'zone' = ''
2022-09-29T16:38:49	Notice	ddclient[2350]	 2798 - [meta sequenceId="1"] WARNING:  file /usr/local/etc/ddclient.conf, line 8: Invalid Value for keyword 'protocol' = 'gandi'

Environment Opnsense 22.7.4

[lebrou34]

same here

[tldrEllie]

I just ran into this issue as well.

The version of ddclient included with opnsense doesn't support Gandi at all (https://github.com/opnsense/ports/blob/master/dns/ddclient/Makefile), version 3.9.1 is what opnsense is using right now. So including Gandi support in this plugin doesn't make any sense at all. Version 3.9.1 is almost 3 years old.

A commit was made back to update to the newest release candidate, but it was reversed: https://github.com/opnsense/ports/commit/063479f94c97bb21d09233c7a54159d0bfaeebba

This PR is what added Gandi support, but in addition to not being supported by the ddclient version currently being used by opnsense, this PR doesn't update the dialog form to give users the text field for entering a zone, which is a required configuration variable for Gandi (again, in the version of ddclient that isn't being used by opnsense).

https://github.com/opnsense/plugins/pull/2797 This PR at least includes code for back-porting Gandi support into an older version of ddclient, but again, not part of https://github.com/opnsense/ports/

[tspr]

Same here. Need the Gandi. Please get this thing going asap. Devs chose to replace the running plugin with this. Now apparently, they chose an outdated version, that makes it harder to keep up.

Extremely frustrating to read:

johnnyslee commented on 063479f on Jul 11 @fichtner Reverted, built, and installed. IP updates successfully for both HE.net TunnelBroker and Gandi.net (These two are all I'm actually using)

Exactly that is what i need as well. HE.net and Gandi.net. Works perfectly in the old plugin.

Get it done, please.

[fichtner]

@tspr final warning

[winny-]

Looks like this has hit opnsense stable (tested opnsense 23.1_6). Just install os-ddclient (It should be version 1.11_1 or later). Fill in values such as the following:

Service: gandi.net Username: (leave blank) Password: Your api key Zone: Your domain name you own with Gandi - e.g. example.com Hostname(s) The Fully Qualified Domain Names you wish to update. - e.g. router.example.com

I think this issue could be closed.

@tspr By the way, you can set up ddclient or whatever tooling you like on non-opnsense appliances or devices... devs aren't preventing you from doing this.

[fichtner]

@winny- Thanks for posting the how-to :)

[DomiStyle]

Hostname(s) The Fully Qualified Domain Names you wish to update. - e.g. router.example.com

As a side note to this, if you want to update the base domain you will have to enter @.example.com. Just entering example.com will instead create a subdomain like example.com.example.com.

Also, TTL is set to 3h by default which is way too high for dynamic DNS but can be set to 5 minutes in the config file at /usr/local/etc/ddclient.conf by adding ttl=300 on the corresponding entry.

Other than that everything seems to work perfectly fine.

[no-usernames-left]

Looks like this has hit opnsense stable (tested opnsense 23.1_6). Just install os-ddclient (It should be version 1.11_1 or later). Fill in values such as the following:

Service: gandi.net

gandi.net does not appear as an option with os-ddclient 1.21_2 on OPNsense Business Edition 24.4_8.

@fichtner Is this a regression?

[AdSchellevis]

settings->backend : ddclient ?

[no-usernames-left]

settings->backend : ddclient ?

Oh come on.

Yes, that fixed it. Thank you!

Why is this not the default? What a headache. I wasted a solid half-hour on this alone. 😕

EDIT: Perhaps ddclient should be entirely deprecated and its support folded into the native client because of this.

[AdSchellevis]

Why is this not the default? What a headache. I wasted a solid half-hour on this alone. 😕

long story I'm afraid (project was sunsetting, then it wasn't (sort of), in the meantime we build a python implementation https://docs.opnsense.org/manual/dynamic_dns.html#general-settings) , we prefer the native backend, but supported options differ.

[no-usernames-left]

@AdSchellevis Unfortunately this doesn't actually seem to work; the Current IP and Updated columns stay blank and no log output is generated, even with verbose enabled. (In other words, I'm experiencing #3344 but with gandi.net and no updates at all.)

This is regardless of whether I check an interface for an IP or use either dyndns or googledomains.

Setup is as mentioned above, with no username, the Gandi PAT token in the password field, the domain in the zone box, and the FQDN in the hostname box.

The service is running, the PID changes when I restart it, and the config file on disk looks good:

$ sudo cat /usr/local/etc/ddclient.conf
syslog=yes                  # log update msgs to syslog
pid=/var/run/ddclient.pid   # record PID in file.
verbose=yes
ssl=yes

use=cmd, cmd="/usr/local/opnsense/scripts/ddclient/checkip -t 1 -s googledomains --timeout 10", \
protocol=gandi, \
zone=$DOMAIN_NAME, \
password=$GANDI_PAT_TOKEN \
$HOSTNAME.$DOMAIN_NAME

If I delete the Gandi entry, create a DuckDNS entry (still with the ddclient backend), the IP is detected from the interface no problem. If I then add a second entry for Gandi with a different hostname, but with the same interface for IP detection, the Current IP and Updated columns stay blank for that second row.

Stopping the service, deleting /var/tmp/ddclient.cache, and starting the service did not help.