Hello community.
I decided to start this topic as a brainstorming of how to implement Dynamic DNS in Hestia. I chose this forum over GitHub for two reasons:
I think a lot more people (technical and non-technical) will see it here and can contribute with ideas
When we have a pretty solid high-level draft, we can continue with code on GitHub
So, to get the party started, let me submit my ideas. I haven’t thought anything about the Web UI yet…
Client side rough specs
I believe the easier and most portable way for the client to update and IP address, is by visiting a specific URL like [Domain/AlphanumericString] e.g. http://example.com/g45kgav601vx179z
This will work very well with wget and curl and can be easily scripted almost anywhere even in SOHO NAS devices. For starters, lets assume that the actual URL does not exist (domain name should exist though).
Server-side rough specs
The following information should exist in a file “somewhere”:
A script will be searching through the web server error log in reverse order (most recent result first) for the AlphanumericString: grep AlphanumericString /var/log/apache2/xxx.error.log | tail -n 1
and then extract the IP address from the result and place it on a variable.
Then add the record like this: v-add-dns-record user0 example.com ddns A [IP] 0 666 yes 30
Quick cheat-sheet
Usage: v-add-dns-record USER DOMAIN RECORD TYPE VALUE [PRIORITY] [ID] [RESTART] [TTL]
We will use a specific record ID with high number value (e.g. 666) so it does not conflict with another one. If the record already exists, the command will fail so we will do: v-delete-dns-record user0 example.com 666 no && v-add-dns-record user0 example.com ddns A [IP] 0 666 yes 30
We need the TTL to be a low number like 30 or 60 seconds, so the DNS result is not cached for long.
So what do you think? Ideas? Corrections? Improvements?
I actually use duckdns.org and it actually works like that.
At the office, I have a Virtual Machine running as a router the connection script runs a wget query to duckdns to have my new IP registered.
I would set TTL for 300 - 600 seconds because a change of IP doesnt suppose a big problem for me, but It should be configurable so if someone is using it for sip communications for example it doesn’t hurt much.
As for the script, you could try incron. Incron can trigger a script when the file has been closed by linux.
Good point! I haven’t thought about F2B at all
Now we need to figure out a way to respond with HTTP status 200, without the need to place a file in httpdocs (which might be accidentally deleted by the user)
Via api is probaly the easiest way. The only issue is that if you want to offer this server to you “clients” it is not possible as it gives away to much permissions
Checks if hash of api key is in our list and then updates the dns record.
The API key could be anything. Since it will be in the source code, it has to be randomly generated.
You can’t know until the new IP tries to establish a connection to the server.
So I would stick to the wget method.
The API is the easiest way.
Maybe just create a new DNS type: DynDNS where you set the CNAME and get an api key.
Easiest way is probally the same method as with Letsencrypt…
What is your ip or any similar option can do the trick only issue what happens with IPv6 becomes more common. 99% of all the connections I make allready goes over IPv6 and
API key is currently not limited to a certain script or even an user. If I set up an api you get full access to the system. Probally we should fix this issue first.
Good point @eris about IPv6. But if we follow the path “parse web server log to find client’s IP” we could safely stick to IPv4-only DDNS like this: If I have the domain example.com for DDNS, then by having no AAAA record for example.com I will get only IPv4 addresses in the web server’s logs. Of course that means that DDNS will work only for clients with IPv4 addresses. But I think it’s quite rare at the moment to have clients with IPv6-Only addresses (when I say clients I mean wget, curl clients that will update the IP)
I would prefer using CLI commands to update NS records, than using the API, because I have no experience working with APIs CLI commands (v-add-, v-change-, etc) can be run by admin using a cron script. Unless you think this is a bad idea…
I need to study this.
CLI commands (v-add-, v-change-, etc) can be run by admin using a cron script. Unless you think this is a bad idea…