* Passing key algo to nsupdate
@ 2022-04-01 18:47 ipfire.org
2022-04-03 12:15 ` Adrian Zaugg
0 siblings, 1 reply; 4+ messages in thread
From: ipfire.org @ 2022-04-01 18:47 UTC (permalink / raw)
To: ddns
[-- Attachment #1: Type: text/plain, Size: 932 bytes --]
Dear List
Trying to use nsupdate method for DDNS with my own BIND9, I fail with the
WebUI. There are only three fields to provide information:
Hostname, Username and Password.
In my opinion nsupdates needs the
- ns server address
- the TSIG key name
- the key algorithm
- key length
- dynamic host name
- numerical IP address
I figured out, that the ns server has to be written in the "Hostname"-field,
but the rest I couldn't find out how to write the correct information. At best
I get a "BAD KEY" error on my server, when I try to update the RR.
Unfortunately the Wiki doesn't help, the source code I did not understand and
the forum, where I posted [1] this question redirected me to this list.
Can some one tell me how to use nsupdate WebUI page of IPFire?
Thank you very much.
Best regards, Adrian.
[1] https://community.ipfire.org/t/nsupdate-ddns-for-bind-how-to-use/7629
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Passing key algo to nsupdate
2022-04-01 18:47 Passing key algo to nsupdate ipfire.org
@ 2022-04-03 12:15 ` Adrian Zaugg
2022-04-04 9:11 ` Michael Tremer
0 siblings, 1 reply; 4+ messages in thread
From: Adrian Zaugg @ 2022-04-03 12:15 UTC (permalink / raw)
To: ddns
[-- Attachment #1: Type: text/plain, Size: 1709 bytes --]
Hi there
After some digging in the code I found some Problems with the ddns component
of IPFire and especially with the nsupdate provider. The main thing which
renders the nsupdate provider unusable, I reported under Bug #12837 [1]. It
seems to me there are more problems, but since I don't use IPFire, I do not
feel to get involved to much.
It seems to me that the scriptlet the nsupdate provider produces is missing
the "update" commands. It connects, authenticates and saves, but does not pass
any information to the server. A generated scriptlet for nsupdate should look
like this:
server $SERVER
zone $ZONE
update delete $HOSTNAME $RR
update add $HOSTNAME $TTL $RR $IP
send
...where:
$SERVER is the name server to send the record update/ deletion
$ZONE is the domain in which to update the host record
$HOSTNAME is the dynamic host's FQDN
$TTL is the time to live value for the record
$IP is the numerical IP address of the dynamic host
$RR is the record type, "A" for an IPv4, "AAAA" for an IPv6 host address
If I watch the debug output of ddns I do not see the update command being
sent. I did not check this good enough to report a bug.
The whole provider does not work at all and the code in the ddns seems half
baken to me. I started to report bugs, but I gave up, when I saw, that it
nsupdate doesn't work at all. So if some one corrects the code and tests it
(who actually knows to code in Python unlike me), those deficiencies should
get discovered anyway. I hope I could help with some bug reports against the
ddns core and the hint in this mail here.
Best regards, Adrian.
[1] https://bugzilla.ipfire.org/show_bug.cgi?id=12837
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Passing key algo to nsupdate
2022-04-03 12:15 ` Adrian Zaugg
@ 2022-04-04 9:11 ` Michael Tremer
2022-04-04 12:48 ` Adrian Zaugg
0 siblings, 1 reply; 4+ messages in thread
From: Michael Tremer @ 2022-04-04 9:11 UTC (permalink / raw)
To: ddns
[-- Attachment #1: Type: text/plain, Size: 3137 bytes --]
Hello Adrian,
Thank you for looking into this. We really would like some help to improve ddns.
> On 3 Apr 2022, at 13:15, Adrian Zaugg <ipfire.org(a)mailgurgler.com> wrote:
>
> Hi there
>
> After some digging in the code I found some Problems with the ddns component
> of IPFire and especially with the nsupdate provider. The main thing which
> renders the nsupdate provider unusable, I reported under Bug #12837 [1]. It
> seems to me there are more problems, but since I don't use IPFire, I do not
> feel to get involved to much.
Generally, the UI does not have good support for nsupdate, since we did not want to add any extra fields. This method is not very popular and since we wanted to release ddns, we skipped changing the UI and never revisited this.
However, it should work if you write the correct configuration by hand.
> It seems to me that the scriptlet the nsupdate provider produces is missing
> the "update" commands. It connects, authenticates and saves, but does not pass
> any information to the server. A generated scriptlet for nsupdate should look
> like this:
>
> server $SERVER
> zone $ZONE
> update delete $HOSTNAME $RR
> update add $HOSTNAME $TTL $RR $IP
> send
>
> ...where:
> $SERVER is the name server to send the record update/ deletion
> $ZONE is the domain in which to update the host record
> $HOSTNAME is the dynamic host's FQDN
> $TTL is the time to live value for the record
> $IP is the numerical IP address of the dynamic host
> $RR is the record type, "A" for an IPv4, "AAAA" for an IPv6 host address
>
> If I watch the debug output of ddns I do not see the update command being
> sent. I did not check this good enough to report a bug.
This scriptlet looks good and in theory is what ddns generates and sends to nsupdate:
https://git.ipfire.org/?p=ddns.git;a=blob;f=src/ddns/providers.py;h=5b2a82d1b727172c2011574277988977b8013db0;hb=HEAD#l507
It can happen that no update line is generated if the system cannot find its own IP address.
So the problem is not in support for nsupdate, it is that this function is not returning a valid result:
https://git.ipfire.org/?p=ddns.git;a=blob;f=src/ddns/system.py;h=73a27a5cd0b56484feda70006b3ba4065e11e0c8;hb=HEAD#l281
This will cause other methods that cannot detect your IP address automatically to fail, too.
What do you get when you run this command:
ddns guess-ip-addresses
> The whole provider does not work at all and the code in the ddns seems half
> baken to me. I started to report bugs, but I gave up, when I saw, that it
> nsupdate doesn't work at all. So if some one corrects the code and tests it
> (who actually knows to code in Python unlike me), those deficiencies should
> get discovered anyway. I hope I could help with some bug reports against the
> ddns core and the hint in this mail here.
>
> Best regards, Adrian.
>
> [1] https://bugzilla.ipfire.org/show_bug.cgi?id=12837
> _______________________________________________
> ddns mailing list
> ddns(a)lists.ipfire.org
> https://lists.ipfire.org/mailman/listinfo/ddns
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Passing key algo to nsupdate
2022-04-04 9:11 ` Michael Tremer
@ 2022-04-04 12:48 ` Adrian Zaugg
0 siblings, 0 replies; 4+ messages in thread
From: Adrian Zaugg @ 2022-04-04 12:48 UTC (permalink / raw)
To: ddns
[-- Attachment #1: Type: text/plain, Size: 348 bytes --]
Hi Michael
In der Nachricht vom Monday, 4 April 2022 11:11:59 CEST schrieb Michael
Tremer:
> What do you get when you run this command:
>
> ddns guess-ip-addresses
You can see this in Bug #12836 (https://bugzilla.ipfire.org/show_bug.cgi?
id=12836); with the standard service of IPFire it did exit with an error, see
#12834.
Regards, Adrian.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-04-04 12:48 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-01 18:47 Passing key algo to nsupdate ipfire.org
2022-04-03 12:15 ` Adrian Zaugg
2022-04-04 9:11 ` Michael Tremer
2022-04-04 12:48 ` Adrian Zaugg
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox