Dynamic DNS Brainstorming

Hello community.
I decided to start this topic as a brainstorming of how to implement Dynamic DNS in Hestia. I chose this forum over GitHub for two reasons:

  • I think a lot more people (technical and non-technical) will see it here and can contribute with ideas
  • When we have a pretty solid high-level draft, we can continue with code on GitHub

So, to get the party started, let me submit my ideas. I haven’t thought anything about the Web UI yet…

Client side rough specs
I believe the easier and most portable way for the client to update and IP address, is by visiting a specific URL like [Domain/AlphanumericString] e.g. http://example.com/g45kgav601vx179z
This will work very well with wget and curl and can be easily scripted almost anywhere even in SOHO NAS devices. For starters, lets assume that the actual URL does not exist (domain name should exist though).

Server-side rough specs
The following information should exist in a file “somewhere”:

  1. AlphanumericString
  2. User who owns the domain name
  3. dns record to update (like ddns.example.com)

e.g. g45kgav601vx179z,user1,ddns.example.com

A script will be searching through the web server error log in reverse order (most recent result first) for the AlphanumericString:
grep AlphanumericString /var/log/apache2/xxx.error.log | tail -n 1
and then extract the IP address from the result and place it on a variable.

Then add the record like this:
v-add-dns-record user0 example.com ddns A [IP] 0 666 yes 30

Quick cheat-sheet


We will use a specific record ID with high number value (e.g. 666) so it does not conflict with another one. If the record already exists, the command will fail so we will do:
v-delete-dns-record user0 example.com 666 no && v-add-dns-record user0 example.com ddns A [IP] 0 666 yes 30

We need the TTL to be a low number like 30 or 60 seconds, so the DNS result is not cached for long.

So what do you think? Ideas? Corrections? Improvements?

1 Like

This is an amazing idea.

I actually use duckdns.org and it actually works like that.

At the office, I have a Virtual Machine running as a router the connection script runs a wget query to duckdns to have my new IP registered.

I would set TTL for 300 - 600 seconds because a change of IP doesnt suppose a big problem for me, but It should be configurable so if someone is using it for sip communications for example it doesn’t hurt much.

As for the script, you could try incron. Incron can trigger a script when the file has been closed by linux.

Just check

You are also able to update the record via the api

I don’t like the idea of looking at error.log

You might interfere with fail2ban rules.

If you give a 200 http response, then with wget / curl we can know if the command succeded.

Good point! I haven’t thought about F2B at all :frowning:
Now we need to figure out a way to respond with HTTP status 200, without the need to place a file in httpdocs (which might be accidentally deleted by the user)

Interesting find :+1: I need to study this.

You need 2 things:

  1. A way to detect the public ip for you has changed

  2. A way to update update the records.

  3. can be done via multiple ways

  4. Via api is probaly the easiest way. The only issue is that if you want to offer this server to you “clients” it is not possible as it gives away to much permissions

You need a php file to handle URL params.

Checks if hash of api key is in our list and then updates the dns record.
The API key could be anything. Since it will be in the source code, it has to be randomly generated.

You can’t know until the new IP tries to establish a connection to the server.

So I would stick to the wget method.

The API is the easiest way.

Maybe just create a new DNS type: DynDNS where you set the CNAME and get an api key.

Easiest way is probally the same method as with Letsencrypt…

What is your ip or any similar option can do the trick only issue what happens with IPv6 becomes more common. 99% of all the connections I make allready goes over IPv6 and

ip.hestiacp.com does the same.

API key is currently not limited to a certain script or even an user. If I set up an api you get full access to the system. Probally we should fix this issue first.

How about just a hashed table in a database?

Good point @eris about IPv6. But if we follow the path “parse web server log to find client’s IP” we could safely stick to IPv4-only DDNS like this: If I have the domain example.com for DDNS, then by having no AAAA record for example.com I will get only IPv4 addresses in the web server’s logs. Of course that means that DDNS will work only for clients with IPv4 addresses. But I think it’s quite rare at the moment to have clients with IPv6-Only addresses (when I say clients I mean wget, curl clients that will update the IP)

I would prefer using CLI commands to update NS records, than using the API, because I have no experience working with APIs :frowning: CLI commands (v-add-, v-change-, etc) can be run by admin using a cron script. Unless you think this is a bad idea…

@Felix I think @eris is right.

php knows the IP and can launch a query to the database to update the IP in the database, or file or whatever we use.

  • Then a script can read the database every X seconds and execute the commands.
  • Or that PHP code can trigger the command via internal API

I am just saying. I couldn’t possibly get the API part to work.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.