Dynamic DNS service

ThomasWaldmann wrote: similar to manual browser ip-update, but supported by javascript that runs in a loop and checks the IP addresses every N minutes, detects changes and uses the update api service url to update the dns when the IP(s) change.

could use http basic auth or form based login or reuse admin session.

shows the update results codes somehow on the UI.

Finally managed to kludge along far enough to get nsupdate running on my local server. Have been using the nsupdate.info services for a few days so I know how it is supposed to work when working properly.

My local version, pulled from git is generating the shared secrets wrongly. Example:

Nameserver Shared Secret Generated New nameserver shared secret generated for you. Everytime you visit this page a new secret will be generated and the old one becomes invalid.

Algorithm: hmac-md5

Secret: b'YXE2YXdjZVVGVlRkU0VyNQ=='

This is not a valid secret. A more valid secret is YXE2YXdjZVVGVlRkU0VyNQ== Getting an extra b' Not sure why its like that.

Oh and the most important part. I am updating the same dns server (different domains) with my locally installed copy as I am with the nsupdate.info service. And it doesn't work.

request has invalid signature: TSIG

Probably cause of wrong key gen. I did try removing the b' but it still didnt work.

Update: Even after running the dnssec-keygen -a hmac-md5 -b 128 -n HOST my.dns.update.key. and setting up my server and my local nsupdate service, still doesn't work.

I'm going to try and revert to a stable release of nsupdate.info but git version as of today seems borked.

From my inbox:

Add under "Show Configuration" this example:

Speedport Hybrid configuration:
(Firmware 050124.03.00.012)
 
Domänenname: fkjdbnsfjsd.nerdpol.ovh
 
Benutzername: fkjdbnsfjsd.nerdpol.ovh
 
Kennwort: here you must enter the "Secret" you get under "Show Configuration"
 
Updateserver-Adresse: https://ipv4.nsupdate.info
Protokoll HTTPS
Port 443

I have a domain name that I have registered with a domain name registrar. I'm confused how to add this domain to my nsupdate.info domains.

1. Do I need a hosting provider for this domain or just configuring the DNS in the domain name registrar would suffice?
2. If a hosting is required, would it be possible to use cPanel based shared hosting?

for some purposes, it would be nice to have a good-looking logo, e.g. some social sites like to show some picture (and some even show a not-so-nice one if you don't provide one).

it should also be evaluated where that logo fits best into the userinterface of the software.

should be made in svg and we also need some pixel renderings of it in misc. sizes (including a new favicon).

so, if you have some artistic skills, help! :)

My domain is: https://mydomain.awsmppl.com

I ran this command to renew my certificate: certbot renew or certbot certonly --webroot -w /var/lib/letsencrypt/ -d mydomain.awsmppl.com (ArchWiki)

It produced this output:

Domain: mydomain.awsmppl.com
Type: connection
Detail: DNS problem: SERVFAIL looking up CAA for mydomain.awsmppl.com

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

My web server is (include version): Apache The operating system my web server runs on is (include version): Archlinux 32bits My hosting provider, if applicable, is: self-hosted I can login to a root shell on my machine (yes or no, or I don’t know): yes

Thank you! My certificate will expire in 7 days and I really need my server for my work.

Might be related with the DNSSEC config?

reference issue: https://community.letsencrypt.org/t/renew-failed-servfail-looking-up-caa/57681

Hello,

Since yesterday, my subdomain (and apparently all //*.awsmppl.com) was marked as a Deceptive Site by Google. I already informed to Google that my subdomain is safe, but is there anything else we/you the admins can do?

Thank you in advance.

if you go to the nerdpol.ovh site itself, your browser gives a "deceptive site" warning and additionally is not allowed to be used with LetsEncrypt certificates.

Any idea whats going on and if the domain site is infected? Please inform the owner asap.

A user reported this about the example pfsense configuration we show after adding a new host: """ I use pfSense and had the "Result match" code copy-pasted to my pfSense configuration. However, in pfSense one must escape the vertical bar (i.e. |) with a backslash (i.e. ). I now added the "" and believe all is well now. """

What we currently show is: Result match: good|nochg

What the user suggests is: Result match: good\|nochg

Can somebody please comment on what is correct? I personally don't use pfsense and can't test it.

maybe related to the recent changes in these code parts (that should make it work without having to patch registration for django 1.6)?

Environment:


Request Method: GET
Request URL: http://localhost:8000/account/activate/complete/

Django Version: 1.6.1
Python Version: 2.7.3
Installed Applications:
('django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.sites',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'social.apps.django_app.default',
 'nsupdate.login',
 'south',
 'nsupdate',
 'nsupdate.accounts',
 'nsupdate.api',
 'nsupdate.main',
 'bootstrapform',
 'registration',
 'django.contrib.admin',
 'django_extensions',
 'debug_toolbar')
Installed Middleware:
('debug_toolbar.middleware.DebugToolbarMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'social.apps.django_app.middleware.SocialAuthExceptionMiddleware')


Template error:
In template /home/tw/w/nsupdate/nsupdate/accounts/templates/registration/activation_complete.html, error at line 6
   Reverse for 'auth_login' with arguments '()' and keyword arguments '{}' not found. 0 pattern(s) tried: []
   1 : {% extends "registration/registration_base.html" %}


   2 : {% load i18n %}


   3 : {% block title %}Activation complete{% endblock %}


   4 : {% block content %}


   5 : <h1>Thanks, activation complete!</h1>


   6 : <p>You may now <a href=" {% url 'auth_login' %} ">login</a> using the username and password you set at registration.</p>


   7 : {% endblock %}


   8 : 


   9 : 


   10 : 

Traceback:
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
  139.                 response = response.render()
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/response.py" in render
  105.             self.content = self.rendered_content
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/response.py" in rendered_content
  82.         content = template.render(context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/base.py" in render
  140.             return self._render(context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/test/utils.py" in instrumented_test_render
  85.     return self.nodelist.render(context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/base.py" in render
  840.                 bit = self.render_node(node, context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/debug.py" in render_node
  78.             return node.render(context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/loader_tags.py" in render
  123.         return compiled_parent._render(context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/test/utils.py" in instrumented_test_render
  85.     return self.nodelist.render(context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/base.py" in render
  840.                 bit = self.render_node(node, context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/debug.py" in render_node
  78.             return node.render(context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/loader_tags.py" in render
  123.         return compiled_parent._render(context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/test/utils.py" in instrumented_test_render
  85.     return self.nodelist.render(context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/base.py" in render
  840.                 bit = self.render_node(node, context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/debug.py" in render_node
  78.             return node.render(context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/loader_tags.py" in render
  62.             result = block.nodelist.render(context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/base.py" in render
  840.                 bit = self.render_node(node, context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/debug.py" in render_node
  78.             return node.render(context)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/defaulttags.py" in render
  447.                         six.reraise(*exc_info)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/template/defaulttags.py" in render
  433.             url = reverse(view_name, args=args, kwargs=kwargs, current_app=context.current_app)
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/core/urlresolvers.py" in reverse
  509.     return iri_to_uri(resolver._reverse_with_prefix(view, prefix, *args, **kwargs))
File "/home/tw/w/nsupdate-env/local/lib/python2.7/site-packages/django/core/urlresolvers.py" in _reverse_with_prefix
  429.                              (lookup_view_s, args, kwargs, len(patterns), patterns))

Exception Type: NoReverseMatch at /account/activate/complete/
Exception Value: Reverse for 'auth_login' with arguments '()' and keyword arguments '{}' not found. 0 pattern(s) tried: []

if hostnames are orphaned (not updated any more, for a long time), have some means to remove them from dns and database.

same for users who did not use the service for a longer time (and didn't update hosts either).

My router is configured as follows:

Provider: other Host name: myHostName.nsupdate.info User name: myHostName.nsupdate.info Password: bliblablub Updateserver address: ipv4.nsupdate.info Protocol: https Port: 443

I used the configuration of the "Speedport Hybrid" router from your website as template, but entered the value from "Domain name" there in "Host name" here.

API Authentication Result Message: 2022-11-03 12:58:30 api authentication success. [hostname: myHostName.nsupdate.info (given in basic auth)] Client Result Message: 2022-11-03 12:58:30 myHostName.nsupdate.info - received bad ip address: '2003:e7:7ff:1b82:ca99:b2ff:fe09:860d,80.132.212.228' Server Result Message: // = empty

So, it seems the authentication worked, but then the IP address information was not provided by the router in the format expected by nsupdate.info.

The router logs report

<Domain existiert nicht (notfqdn)>

i.e. the "domain does not exist". But if I enter something else (e.g. just "myHostName") in the "Host name" field, already after saving the configuration the router reports an authentication failure. So I think that using "myHostName.nsupdate.info" as "Host name" value is correct.

I do not know whether the format of the IPs ($ipv6Address,$ipv4Address) provided by the router is the problem (so the router firmware has a bug), or whether the expectation of nsupdate.info server is incorrect (so the server has a bug). If it is the router, please just indicate. I will then try to file a bug report with the router producer.

Note that the Speedport Smart 4 is one of the two systems that work with hybrid LTE for the German Telekom (T-Com), and the device maybe (?) also used in othere countries. My guess is that others have the same problem and that this is rather an important router model.

Allow an extra argument ipprefix for both ipv4 and ipv6 to pass a separate prefix, like often for IPv6 connections where one gets a main ipv6 for the router and a subnet for the internal network.

Passing the ipprefix will also override the default netmask from the config.

Fixes #353

UNTESTED CHANGES! I've never worked with Django, nor do I run my own nsupdate.info instance. Unfortunately I don't have enough time to set things up to test the changes I made. The changes are rather trivial, so I'm rather confident that they should do the trick, but they need testing nevertheless. I believe that providing this patch is better than nothing, even if this PR is considered unmergeable - it at least gives some hints about what the issue might be with #479.

Fixes #479

spamhaus.org put nsupdate.info onto its domainname black list.

i contacted them after being notified of that, but my issue was just closed without considering my arguments and without removing nsupdate.info from the DBL (as another query on their site showed).

https://check.spamhaus.org/ticketing/?a=ST1503684&b=d632a81406a1d5d1dc1a12cd3be173b0

i filed another ticket there, pointing out that not considering the public suffix list is a bug on their side (and unacceptable behaviour in case they are aware of it and not fixing it):

https://check.spamhaus.org/ticketing/?a=ST1507591&b=9b9540a58077bab645d839a69d6c91d5

i also requested that they confirm they will in future consider the public suffix list before blacklisting domains.

This is site-specific for the https://www.nsupdate.info site - from the updated site notes:

* your nameserver has a native IPv6 address - just use it!

* your nameserver only has IPv4 (e.g. 192.0.2.33), then create a IPv6
      address like shown below and enter it into the nsupdate.info form field:

     +-------------------+--------------+----------------------------+
     | Well-Known Prefix | IPv4 address | IPv4-Embedded IPv6 address |
     +-------------------+--------------+----------------------------+
     | 64:ff9b::/96      |  192.0.2.33  | 64:ff9b::192.0.2.33        |
     +-------------------+--------------+----------------------------+
     (taken from RFC 6052, section 2.4)

     NOTE: due to changes in tayga, this does not work any more since we
     moved to a new VM host at 2021-11-06.

     An immediate fix is possible if you can enter a valid public IP v6
     of your DNS server.

     If that is not possible, make sure your DNS server has a valid A
     record at least, so it can be referred to by FQDN.
     With that and a fix to the nsupdate.info code, we can make
     it working later again based on the FQDN of your nameserver.