2024-11-28

ddnsupdate_web 0.10

    CGI script to dynamically update a BIND name server using nsupdate according to RFC 2136

    This script gets called by your web server to update a host's address in your DNS. It uses
    nsupdate and TSIG keys to update a BIND DNS server.


Requirements:

Runs in bash, tested under Devuan GNU+Linux.
Install nsupdate, dig and the usual suspects like sed, grep, etc.

Set up your name server to accept zone updates. See the comments in the beginning of
the script letsencrypt_acme_dns-01_challenge_hook, how to allow dynamic updates using TSIG-keys:
	https://ente.limmat.ch/ftp/pub/software/bash/letsencrypt/letsencrypt_acme_dns-01_challenge_hook

A running web server able to call CGI scripts.


Installation:

Download the script to your /usr/local/bin directory, make it executable and set a softlink in /usr/lib/cgi-bin.
Edit the script and set the variables in the header suiting your environment.


Setup:

Configure your BIND name server first to accept dynamic zone updates. Then setup your web server to call this
script and finally you need to configure your client, that should register or update the DNS record.

The script understands the following URL parameters:

	host	FQDN of host to update
	ipv4	numerical IPv4 address of the host
	ipv6	numerical IPv6 address of the host without prefix length
	keyname	TSIG keyname without trailing dot
	keyalgo	TSIG key algorithm, only hmac-sha512 accepted
	key	TSIG key as string, must be given as last parameter!

You may test the setup of your name server by pipeing the URL paramters into the script on the command line:

	$ echo "host=test.example&ipv4=10.0.0.1&keyname=test.example&keyalgo=hmac-sha512&key=xxxx" | ddnsupdate_web

This should register or update the host and its ip in your name server.

Using Apache HTTPd you need something like the following for the execution of CGI scripts:

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI SymLinksIfOwnerMatch
                Require all granted
        </Directory>

Do not log the query string of requests to this script in your webserver to avoid writing your TSIG keys to the
log files in clear text! For Apache HTTPd use something like:

	LogFormat "%h %l %u %t \"%m %U %H\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined_wo_querystring
	SetEnvIfExpr "%{QUERY_STRING} =~ /key=.+/" key_in_query
	CustomLog "/var/log/apache2/access.log" combined_wo_querystring env=key_in_query

Finally configure the client to pass the correct values for the URL paramters mentioned above.

For an AVM Fritz!Box use the following line below, replace the <server address> and <path> tag and let the rest as is for 
custom dyndns updates:

	https://<server address>/<path>?host=<domain>&ipv4=<ipaddr>&ipv6=<ip6addr>&keyname=<username>&keyalgo=hmac-sha512&key=<pass>

	In the Fritz!Box GUI-settings:
	-> enter the host name in the field "domain name"
	-> enter the keyname in the field "user name"
	-> enter the key as the "passwort"

For a FreedomBox use:
	https://<server address>/<path>?host=<Domain>&ipv4=<Ip>&keyname=<User>&keyalgo=hmac-sha512&key=<Pass>

If you have another client, like dd-wrt and you found out the correct URL, please report back.


Feedback:

Please use the web form under http://ente.limmat.ch/feedback/.


Bugs:

Unfortunately every software has bugs...


Source:

Well, it's a bash script.


Download:

https://ente.limmat.ch/ftp/pub/software/bash/ddnsupdate_web/


License:

GNU General Public License Version 3:
https://www.gnu.org/licenses/gpl-3.0.html#license-text


Stay updated, Adrian.


(c) 2021-2024 by Adrian Zaugg under GNU General Public License Version 3 or later.