Re: Passing key algo to nsupdate

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3137 bytes --]

Hello Adrian,

Thank you for looking into this. We really would like some help to improve ddns.

> On 3 Apr 2022, at 13:15, Adrian Zaugg <ipfire.org(a)mailgurgler.com> wrote:
> 
> Hi there
> 
> After some digging in the code I found some Problems with the ddns component 
> of IPFire and especially with the nsupdate provider. The main thing which 
> renders the nsupdate provider unusable, I reported under Bug #12837 [1]. It 
> seems to me there are more problems, but since I don't use IPFire, I do not 
> feel to get involved to much.

Generally, the UI does not have good support for nsupdate, since we did not want to add any extra fields. This method is not very popular and since we wanted to release ddns, we skipped changing the UI and never revisited this.

However, it should work if you write the correct configuration by hand.

> It seems to me that the scriptlet the nsupdate provider produces is missing 
> the "update" commands. It connects, authenticates and saves, but does not pass 
> any information to the server. A generated scriptlet for nsupdate should look 
> like this:
> 
> 	server $SERVER
> 	zone $ZONE
> 	update delete $HOSTNAME $RR
> 	update add $HOSTNAME $TTL $RR $IP
> 	send
> 
> ...where: 
> $SERVER is the name server to send the record update/ deletion
> $ZONE is the domain in which to update the host record
> $HOSTNAME is the dynamic host's FQDN
> $TTL is the time to live value for the record
> $IP is the numerical IP address of the dynamic host
> $RR is the record type, "A" for an IPv4, "AAAA" for an IPv6 host address
> 
> If I watch the debug output of ddns I do not see the update command being 
> sent. I did not check this good enough to report a bug.

This scriptlet looks good and in theory is what ddns generates and sends to nsupdate:

https://git.ipfire.org/?p=ddns.git;a=blob;f=src/ddns/providers.py;h=5b2a82d1b727172c2011574277988977b8013db0;hb=HEAD#l507

It can happen that no update line is generated if the system cannot find its own IP address.

So the problem is not in support for nsupdate, it is that this function is not returning a valid result:

https://git.ipfire.org/?p=ddns.git;a=blob;f=src/ddns/system.py;h=73a27a5cd0b56484feda70006b3ba4065e11e0c8;hb=HEAD#l281

This will cause other methods that cannot detect your IP address automatically to fail, too.

What do you get when you run this command:

  ddns guess-ip-addresses

> The whole provider does not work at all and the code in the ddns seems half 
> baken to me. I started to report bugs, but I gave up, when I saw, that it 
> nsupdate doesn't work at all. So if some one corrects the code and tests it 
> (who actually knows to code in Python unlike me), those deficiencies should 
> get discovered anyway. I hope I could help with some bug reports against the 
> ddns core and the hint in this mail here.
> 
> Best regards, Adrian.
> 
> [1] https://bugzilla.ipfire.org/show_bug.cgi?id=12837
> _______________________________________________
> ddns mailing list
> ddns(a)lists.ipfire.org
> https://lists.ipfire.org/mailman/listinfo/ddns