public inbox for ddns@lists.ipfire.org
 help / color / mirror / Atom feed
* Passing key algo to nsupdate
@ 2022-04-01 18:47 ipfire.org
  2022-04-03 12:15 ` Adrian Zaugg
  0 siblings, 1 reply; 4+ messages in thread
From: ipfire.org @ 2022-04-01 18:47 UTC (permalink / raw)
  To: ddns

[-- Attachment #1: Type: text/plain, Size: 932 bytes --]

Dear List

Trying to use nsupdate method for DDNS with my own BIND9, I fail with the 
WebUI. There are only three fields to provide information:
	Hostname, Username and Password. 

In my opinion nsupdates needs the 
	- ns server address
	- the TSIG key name
	- the key algorithm
	- key length
	- dynamic host name 
	- numerical IP address

I figured out, that the ns server has to be written in the "Hostname"-field, 
but the rest I couldn't find out how to write the correct information. At best 
I get a "BAD KEY" error on my server, when I try to update the RR. 

Unfortunately the Wiki doesn't help, the source code I did not understand and 
the forum, where I posted [1] this question redirected me to this list.

Can some one tell me how to use nsupdate WebUI page of IPFire?

Thank you very much.

Best regards, Adrian.


[1] https://community.ipfire.org/t/nsupdate-ddns-for-bind-how-to-use/7629

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Passing key algo to nsupdate
  2022-04-01 18:47 Passing key algo to nsupdate ipfire.org
@ 2022-04-03 12:15 ` Adrian Zaugg
  2022-04-04  9:11   ` Michael Tremer
  0 siblings, 1 reply; 4+ messages in thread
From: Adrian Zaugg @ 2022-04-03 12:15 UTC (permalink / raw)
  To: ddns

[-- Attachment #1: Type: text/plain, Size: 1709 bytes --]

Hi there

After some digging in the code I found some Problems with the ddns component 
of IPFire and especially with the nsupdate provider. The main thing which 
renders the nsupdate provider unusable, I reported under Bug #12837 [1]. It 
seems to me there are more problems, but since I don't use IPFire, I do not 
feel to get involved to much.

It seems to me that the scriptlet the nsupdate provider produces is missing 
the "update" commands. It connects, authenticates and saves, but does not pass 
any information to the server. A generated scriptlet for nsupdate should look 
like this:

	server $SERVER
	zone $ZONE
	update delete $HOSTNAME $RR
	update add $HOSTNAME $TTL $RR $IP
	send

...where: 
$SERVER is the name server to send the record update/ deletion
$ZONE is the domain in which to update the host record
$HOSTNAME is the dynamic host's FQDN
$TTL is the time to live value for the record
$IP is the numerical IP address of the dynamic host
$RR is the record type, "A" for an IPv4, "AAAA" for an IPv6 host address

If I watch the debug output of ddns I do not see the update command being 
sent. I did not check this good enough to report a bug.

The whole provider does not work at all and the code in the ddns seems half 
baken to me. I started to report bugs, but I gave up, when I saw, that it 
nsupdate doesn't work at all. So if some one corrects the code and tests it 
(who actually knows to code in Python unlike me), those deficiencies should 
get discovered anyway. I hope I could help with some bug reports against the 
ddns core and the hint in this mail here.

Best regards, Adrian.

[1] https://bugzilla.ipfire.org/show_bug.cgi?id=12837

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Passing key algo to nsupdate
  2022-04-03 12:15 ` Adrian Zaugg
@ 2022-04-04  9:11   ` Michael Tremer
  2022-04-04 12:48     ` Adrian Zaugg
  0 siblings, 1 reply; 4+ messages in thread
From: Michael Tremer @ 2022-04-04  9:11 UTC (permalink / raw)
  To: ddns

[-- Attachment #1: Type: text/plain, Size: 3137 bytes --]

Hello Adrian,

Thank you for looking into this. We really would like some help to improve ddns.

> On 3 Apr 2022, at 13:15, Adrian Zaugg <ipfire.org(a)mailgurgler.com> wrote:
> 
> Hi there
> 
> After some digging in the code I found some Problems with the ddns component 
> of IPFire and especially with the nsupdate provider. The main thing which 
> renders the nsupdate provider unusable, I reported under Bug #12837 [1]. It 
> seems to me there are more problems, but since I don't use IPFire, I do not 
> feel to get involved to much.

Generally, the UI does not have good support for nsupdate, since we did not want to add any extra fields. This method is not very popular and since we wanted to release ddns, we skipped changing the UI and never revisited this.

However, it should work if you write the correct configuration by hand.

> It seems to me that the scriptlet the nsupdate provider produces is missing 
> the "update" commands. It connects, authenticates and saves, but does not pass 
> any information to the server. A generated scriptlet for nsupdate should look 
> like this:
> 
> 	server $SERVER
> 	zone $ZONE
> 	update delete $HOSTNAME $RR
> 	update add $HOSTNAME $TTL $RR $IP
> 	send
> 
> ...where: 
> $SERVER is the name server to send the record update/ deletion
> $ZONE is the domain in which to update the host record
> $HOSTNAME is the dynamic host's FQDN
> $TTL is the time to live value for the record
> $IP is the numerical IP address of the dynamic host
> $RR is the record type, "A" for an IPv4, "AAAA" for an IPv6 host address
> 
> If I watch the debug output of ddns I do not see the update command being 
> sent. I did not check this good enough to report a bug.

This scriptlet looks good and in theory is what ddns generates and sends to nsupdate:

https://git.ipfire.org/?p=ddns.git;a=blob;f=src/ddns/providers.py;h=5b2a82d1b727172c2011574277988977b8013db0;hb=HEAD#l507

It can happen that no update line is generated if the system cannot find its own IP address.

So the problem is not in support for nsupdate, it is that this function is not returning a valid result:

https://git.ipfire.org/?p=ddns.git;a=blob;f=src/ddns/system.py;h=73a27a5cd0b56484feda70006b3ba4065e11e0c8;hb=HEAD#l281

This will cause other methods that cannot detect your IP address automatically to fail, too.

What do you get when you run this command:

  ddns guess-ip-addresses

> The whole provider does not work at all and the code in the ddns seems half 
> baken to me. I started to report bugs, but I gave up, when I saw, that it 
> nsupdate doesn't work at all. So if some one corrects the code and tests it 
> (who actually knows to code in Python unlike me), those deficiencies should 
> get discovered anyway. I hope I could help with some bug reports against the 
> ddns core and the hint in this mail here.
> 
> Best regards, Adrian.
> 
> [1] https://bugzilla.ipfire.org/show_bug.cgi?id=12837
> _______________________________________________
> ddns mailing list
> ddns(a)lists.ipfire.org
> https://lists.ipfire.org/mailman/listinfo/ddns


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Passing key algo to nsupdate
  2022-04-04  9:11   ` Michael Tremer
@ 2022-04-04 12:48     ` Adrian Zaugg
  0 siblings, 0 replies; 4+ messages in thread
From: Adrian Zaugg @ 2022-04-04 12:48 UTC (permalink / raw)
  To: ddns

[-- Attachment #1: Type: text/plain, Size: 348 bytes --]

Hi Michael

In der Nachricht vom Monday, 4 April 2022 11:11:59 CEST schrieb Michael 
Tremer:
> What do you get when you run this command:
> 
>   ddns guess-ip-addresses
You can see this in Bug #12836 (https://bugzilla.ipfire.org/show_bug.cgi?
id=12836); with the standard service of IPFire it did exit with an error, see 
#12834.

Regards, Adrian.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-04-04 12:48 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-01 18:47 Passing key algo to nsupdate ipfire.org
2022-04-03 12:15 ` Adrian Zaugg
2022-04-04  9:11   ` Michael Tremer
2022-04-04 12:48     ` Adrian Zaugg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox