User Tools

Site Tools


doc:howto:ddns.client

Under Construction!
This page is currently under (re-)construction. You can edit the article to help completing it.

DDNS Client

If you want to set up a DDNS Server instead, please see ddns.server.

:!: During reconstruction you will find the old wiki text here. :!:

Introduction

DDNS stands for Dynamic DNS. Simply put, using this service gives a name to your IP. So if you're hosting something on your line, people would not have to bother typing your IP. They can just type in your domain name! It also helps when your IP changes. Users won't need to discover what your new IP is, they can simply type your domain name.

This guide will help you configure your DDNS service, so that your router auto-updates your IP to your DDNS provider. The simplest method possible would be through LuCI (the default webUI for OpenWrt).

OpenWrt uses ddns-scripts which are Bourne shell scripts.
There are other scripts and programs available in the web, also some DDNS providers offer their own programs.
All of them are currently not ported and tested on OpenWrt.

:!: Inside OpenWrt two package versions are available:
up to Barrier Breaker 14.07 it's ddns-scripts version 1.x
since Chaos Calmer 15.05 it's ddns-scripts version 2.x with IPv6 support and many other extensions
the corresponding LuCI application luci-app-ddns is also available.

Without any annotation the description works for all ddns-scripts versions.

Requirements

First of all, you'll need to pick and register a DNS name with a compatible DynamicDNS service provider.
For a list of DDNS providers, see:

ddns-scripts support the following services out of the box:

since 10.07
ver. 1.0.0-17
added in AA 12.09
ver. 1.0.0-21
added in BB 14.07
ver. 1.0.0-23
added in CC 15.05
ver. 2.4.3-1
added in trunk
ver. 2.4.3-1
changeip.com 3322.org ddns.com.br BIND nsupdate IPv6 (3 4)
dnsdynamic.org dnsomatic.com duiadns.net cloudflare.com IPv6 (2)
dnsexit.com easydns.com mythic-beasts.com domains.google.com
dnsmax.com / thatip.com namecheap.com spdns.de IPv6 loopia.se IPv6
dyndns.org ovh.com mydns.jp IPv6
free.editdns.net no-ip.com / noip.com (1)
freedns.afraid.org IPv6 no-ip.pl IPv6
he.net IPv6 selfhost.de
no-ip.com / noip.com (1) twodns.de
zoneedit.com

(1) since CC 15.05 require additional package ddns-scripts_no-ip_com to be installed.
(2) needs additional package ddns-scripts_cloudflare to be installed.
(3) directly updates a PowerDNS (or maybe bind server) via nsupdate.
(4) needs additional package ddns-scripts_nsupdate and bind-client to be installed.
IPv6 since CC 15.05 support IPv6

If you have picked a DDNS service provider and create your host/domain name you need to note additional your username and password.
Now you need to decide if you want to use secure communication with your DDNS provider or not.
Some provider require secure (HTTPS) communication. Read their help pages for details and also read provider specific informations below.

Support

If you need support, found an issue or only want to request a new extension for the next release, please post your questions/issues/requests here: (Don't forget to post informations about your used software versions.)

A full list of supported settings (some not supported by LuCI webUI):

The source code is maintained at GitHub:

Installation

using LuCI

Login into your router through your browser.
From the menu select SystemSoftware
Press button [Update Lists] to update internal lists of available packages.
Filter for ddns and install luci-app-ddns package.

Installing the package luci-app-ddns will automatically install the package ddns-scripts.
:!: since CC 15.05 you might need to install provider specific packages ddns-scripts_xxxxx and LuCI language packages luci-i18n-ddns-xx.

After luci-app-ddns (and other packages) are installed, just press any other menu entry on the Openwrt LuCI webUI, and the page will refresh itself and Dynamic DNS will appear in the menu under ServicesDynamic DNS.

via Console

To install ddns-scripts use the OPKG Package Manager
:!: since CC 15.05 you might need to install provider specific packages

opkg update
opkg install ddns-scripts
opkg install ddns-scripts_xxxxx

SSL support

By default ddns-scripts uses BusyBox buildin wget for DDNS updates over http, which does not support https (SSL).
To perform DDNS updates over https (SSL), you will need to install the wget or curl package, and add the appropriate root certificate for your ddns provider.
:!: including AA 12.09 only curl is supported. To use wget look at SSL and Certificates in wget.
:!: since BB 14.07 If both wget and curl packages are installed, ddns-scripts will use wget for communication.
:!: since CC 15.05 If both packages installed you can configure which one to prefere. Default is wget.

:!: since BB 14.07 installation is simple by installing wget or curl plus ca-certificates packages.

opkg update
opkg install wget     # normally you only need
opkg install curl     # either wget or curl
opkg install ca-certificates

For older OpenWrt versions install curl using description below. FIXME
or follow the instructions at: SSL and Certificates in wget.

other functions

:!: since CC 15.05 ddns-scripts support other special communication functions to be used:

  • Set proxy with/without authenfication for http/https requests
  • Set DNS server to use other than system default
  • Binding to specific network if wget or to specific interface if curl installed.
  • Force the usage of either IPv4 or IPv6 communication only. Require either wget or curl AND bind-host !
  • DNS requests via TCP. Require either wget or curl AND bind-host !

Configuration

Basics

ddns-scripts are designed to update one host per configuration/section.
To update multiple hosts or providers or IPv4 and IPv6 for the same host you need to define separate configurations/sections.
Some provider offer to update multiple host within one update request. A possible solution for this option is to use –custom– service name settings.
Have a look at Provider specifics.

The main settings you need to set are (all other normally work fine with the defaults):

Service name the DDNS service provider to use
Host/Domain your FQDN you want to update (used by ddns-scripts using nslookup to check if update has happen)
Username username or other parameter to use as username
Password password or other parameter to use as password
:!: including BB 14.07 Ensure this password does not have "$1" or $ with any number following in it, as this breaks the script.
Interface network name (i.e. wan, wan6) used by OpenWrt hotplug event system to start ddns-scripts

After fresh installation a configuration/section 'myddns' and since CC 15.05 'myddns_ipv4' and 'myddns_ipv6' exists ready to be modified for your needs.
You could delete them and define your own.

Please heed the following important hints:

  • It is NOT allowed to use dash-sign "-" inside configuration/section names.
  • A full list of supported settings (some not supported by LuCI webUI) you will find in UCI documentation!
  • Always keep in mind the Provider specific settings if there are any!
  • Don't forget to enable your configuration/section!
  • You need minimum one enabled configuration/section for ddns service to start!
  • since BB 14.07 you need to enable ddns service to enable updates being send on reboot and hotplug events!
  • Although described elsewhere, it is not recommended to change the files '/usr/lib/ddns/services' or '/usr/lib/ddns/services_ipv6' because they will be overwritten during updates!

using LuCI

Login into your router through your browser.
From the menu select 'Services' → 'Dynamic DNS'.
Navigate to the configuration/section you like to change.
Modify the fields you need to change.
Don't forget to check the 'Enabled' option!
Click [Save & Apply] button to save changes.

To add a new configuration/section:
Type the new name into the text entry box at the bottom of the page next to [Add] button.
:!: Do not use a dash character "-" in configuration/section name!
Click [Add] button.
Modify the fields you need to change.
Don't forget to check the 'Enabled' option!
Click [Save & Apply] button to save changes.

:!: since CC 15.05 'Username' and 'Password' fields are required fields. If your provider do not require one or both of them, simply put in a character of your choise.

:!: since BB 14.07 you need to enable ddns service!
From the menu select 'System' → 'Startup'.
Set ddns service to enabled.

SSL Support

:!: including BB 14.07 it is not possible to configure SSL-Support (using HTTPS) via LuCI webUI. You need to configure via console!
:!: since CC 15.05 Options to configure HTTPS communication are only available if wget or curl package is installed. (See Hints if shown.)

Check 'Use HTTP Secure' option.
Additional field 'Path to CA-Certificate' is shown with it's default setting.
If you have installed ca-certificate package leave the shown default! (/etc/ssl/certs)
If you like to use other certificate you need to set here the full path to the certificate including file name. (/path/to/file.crt)
If your certificates are stored in a different path, set here the path where your certificates are located. (/path/to/files)
Click [Save & Apply] button to save changes.

Custom Service

If you want to use a DDNS provider currently not listed or you want to update multiple hosts within one configuration/section then you should do the following:
Choose '–custom–' as service.
Additional field 'Custom update-URL' is shown.
Fill in the URL you like to use. :!: Please read URL syntax description below.
Also have a look at Provider specifics.
Click [Save & Apply] button to save changes.

:!: If you found a DDNS provider not listed or with additional IPv6 support or with changed update URL please open an issue at Github-OpenWrt-Packages so it can be included with the next release.

via Console

The easiest way to configure ddns-scripts via console is to edit the file /etc/config/ddns directly using build-in vi editor or any other editor you prefer. Other editors as vi needs to be installed separately.

A configuration/section looks like:

config service "myddns"
	option service_name	"example.org"
	option domain		"yourhost.example.org"
	option username		"your_username"
	option password		"your_password"
	option interface	"wan"
	option ip_source	"network"
	option ip_network	"wan"

Alternatively you can use UCI command line interface.
Example input:

uci set ddns.myddns.service_name="ddnsprovider.com"	# only use names listed in /usr/lib/ddns/services 
							# or /usr/lib/ddns/services_ipv6 (since CC 15.05)
uci set ddns.myddns.domain="host.yourdomain.net"
uci set ddns.myddns.username="your_user_name"
uci set ddns.myddns.password="p@ssw0rd"
uci set ddns.myddns.interface="wan"	# network interface that should start this configuration/section
uci set ddns.myddns.enabled="1"
uci commit ddns				# don't forget this, otherwise data not written to configuration file

ddns.myddns.enabled="1" means:

  • ddns is the configuration file to change (here /etc/config/ddns)
  • myddns is the configuration/section to change
  • enabled is the option to set/change
  • behind the equal-sign is the value to set. :!: Set single- or double-quotes around the value and no space or whitespace around the equal-sign.

Example to create/add a new configuration/section "newddns":

uci set ddns.newddns="service"
uci set ddns.newddns.service_name="ddnsprovider.com"	# only use names listed in /usr/lib/ddns/services
							# or /usr/lib/ddns/services_ipv6 (since CC 15.05)
uci set ddns.newddns.domain="host.yourdomain.net"
uci set ddns.newddns.username="your_user_name"
uci set ddns.newddns.password="p@ssw0rd"
uci set ddns.newddns.interface="wan"	# network interface that should start this configuration/section
uci set ddns.newddns.enabled="1"
uci commit ddns				# don't forget this, otherwise data not written to configuration file

:!: since BB 14.07 you need to enable ddns service by:

/etc/init.d/ddns enable

SSL Support

To enable SSL-Support edit '/etc/config/ddns' file and add the following options:

config service "myddns"
	...
	option use_https	"1"
	option cacert		"/etc/ssl/certs"	# default if ca-certificates package installed
or via UCI command line interface:
uci set ddns.myddns.use_https="1"
uci set ddns.myddns.cacert="/etc/ssl/certs"
uci commit ddns					# don't forget this, otherwise data not written to configuration file

'option cacert' settings:
If you have installed ca-certificate package leave the shown default! (/etc/ssl/certs)
If you like to use other certificate you need to set here the full path to the certificate including file name. (/path/to/file.crt)
If your certificates are stored in a different path, set here the path where your certificates are located. (/path/to/files)

:!: including AA 12.09 additionally follow instructions to install curl using description below. FIXME
or follow the instructions at SSL and Certificates in wget.

Custom Service

Following changes need to be done if you use a DDNS provider currently not listed or to update multiple hosts within one configuration/section.
Edit '/etc/config/ddns'

config service "myddns"
	...
#	option service_name	"example.org"		# comment out "#" or delete
	option update_url	"http://your.update.url...[USERNAME]...[PASSWORD]...[DOMAIN]...[IP]"
or use UCI command line interface
uci delete ddns.myddns.service_name
uci set ddns.myddns.update_url="http://your.update.url...[USERNAME]...[PASSWORD]...[DOMAIN]...[IP]"
uci commit ddns		# don't forget this, otherwise data not written to configuration file

URL Syntax

:!: It's not needful to set 'https://'. If SSL support is activated 'http://' is replaced automatically.
:!: The entries [USERNAME] [PASSWORD] [DOMAIN] [IP] are replaced by ddns-scripts just before update.
[USERNAME] is replaced by content of 'option username' from configuration file.
[PASSWORD] is replaced by content of 'option password' from configuration file.
[DOMAIN] is replaced by content of 'option domain' from configuration file.
[IP] is replaced by the current IP address of your OpenWrt system.

:!: carefully set 'option domain' in your configuration. This option is also used to detect if the update was successfully done.
:!: This entry is the DNS name your OpenWrt system will be reachable from the internet.
:!: Have a look at Provider specifics for samples.

:!: If you found a DDNS provider not listed or with additional IPv6 support or with changed update URL please open an issue at Github-OpenWrt-Packages so it can be included with the next release.

Utilization

Enable minimum one configuration/section !
since BB 14.07 you need to enable ddns service !

Basics

Normally no user actions are required because ddns-scripts starts when hotplug ifup event happens. This will happen automatically at system startup when the named interface comes up. Event ifup also happen when a dialup network comes up.
ddns-scripts regularly check if there is a difference between your IP address at DNS and your interface. If different an update request is send to DDNS provider.
since CC 15.05 whenever you [Save & Apply] an Enabled configuration/section from LuCI webUI the corresponding script is automatically restarted.

To check if ddns-scripts are running you could check inside LuCI via 'Status' → 'Processes' or via console running 'ps -w | grep ddns'.
You should find something like '{dynamic_dns_upd} /bin/sh /usr/lib/ddns/dynamic_dns_updater.sh myddns 0'
for every configuration/section you configured and enabled, where myddns shows your configuration/section name.

since CC 15.05 inside LuCI also exists a section at 'Status' → 'Overview' showing the current status of your DDNS configurations.

Run manually

From console command line you could create an 'ifup' hotplug event for the desired network interface. This will start all enabled ddns configurations/sections monitoring this interface.
:!: Keep in mind that also other service processes (i.e. firewall) might be (re-)started via 'ifup' hotplug event!
For INTERFACE, type the specified ddns-scripts interface name (the interface name from /etc/config/network, usually 'wan')

ACTION=ifup INTERFACE=wan /sbin/hotplug-call iface
To start only one ddns configuration/section (here 'myddns') from command line:
/usr/lib/ddns/dynamic_dns_updater.sh myddns 0 &
since BB 14.07 you could enable/disable and start/stop/restart all enabled ddns configuration/section like every other service:
/etc/init.d/ddns enable
/etc/init.d/ddns start
/etc/init.d/ddns stop

===========================================================================================================

-

OLD WIKI TEXT

  • Tested with:
    • OpenWrt Attitude Adjustment 12.09
    • OpenWrt Barrier Breaker 14.07
  • New Version (2.x) with IPv6 support and many other options availible since:
    • Chaos Calmer

Introduction

DDNS stands for Dynamic DNS. Simply put, using this service gives a name to your ip. So if you're hosting something on your line, people wouldn't have to bother typing your IP. They can just type in your domain name! It also helps when your ip changes. Users won't need to discover what your new ip is, they can simply type your domain name.

This guide will help you configure your ddns service, so that your router auto-updates your ip to your ddns. The simplest method possible would be through LuCI (the default webUI for openwrt).

Requirements

First of all, you'll need to pick and register a DNS name with a compatible DDNS service. Note the DNS name, your service username and password for use below.

Here is a list of suggested DDNS providers.

A list of currently supported DDNS providers by ddns-scripts:

For a longer list of additional DDNS providers, see:

Using LuCI

Step 1: Install the Packages

Login into your router through your browser. Go to Administration (top right) > System (top left) > Software > Update Package Lists Let it update, go back to Software. Find luci-app-ddns and install the package.

Installing the package luci-app-ddns will automatically install the package ddns-scripts, which contains the scripts that actually update the dynamic DNS name (see below).

After luci-app-ddns is installed, just press any other link on the Openwrt LuCI WebUI, and the page will refresh itself and Dynamic DNS will appear under Services > Dynamic DNS. If those tabs don't show up, run /etc/init.d/uhttpd restart, delete /tmp/luci-indexcache or reboot the router.

Beginning ddns-scripts Version 1.0.0-23 you need to enable ddns service in "System"-"Startup" or run: /etc/init.d/ddns enable to enable updates being send on reboot and hotplug events.

Step 2: Configuration

In LuCI, go to Services > Dynamic DNS.

There is a default configuration called "MYDDNS" ready to edited.

Variable Description Example
Enable Self-explanatory check this to enable this configuration
Event interface The DDNS scripts use the Linux hotplug events system. When this specified network interface comes up, a related ifup hotplug event will cause DDNS script to start to monitor (and update) the external IP address of . Select the WAN interface that will have the external IP address to use in the DDNS registration. wan
Service Which DDNS online service do you use? Choose one dyndns.org
Hostname The DNS name to update (this name must already be registered with the the DDNS service) your.domain.name
Username Username of your DDNS service account yourusername
Password Password of your DDNS service account. Ensure this password does not have "$1" or $ with any number following in it, as this breaks the script. For freedns.afraid.org, read below. yourpassword
Source of IP address This tells the script how to determine your interface external IP address. See below for a description. Usually "network"
Network/Interface/URL This will be named based on the section of "Source of IP address". Select the network, interface physical name, or type in the URL to use to determine the external IP address. Usually "wan"
Check for changed IP every Self Explanatory. Checks below 5 minutes make no sence because from testing, it takes this time until the global DNS servers be in sync 10
Check-time unit The unit for the value above min
Force update every Even if the detected external IP address has not changed, update the DDNS name anyway after this time interval 72
Force-time unit Unit for the value above h

Click "Save & Apply" to save changes.

Specific settings for freedns.afraid.org

  • You must NOT set your account password in the "password" field. On the contrary, go to http://freedns.afraid.org/dynamic/, login, click "Direct URL". On the location bar of your browser, copy the the authorisation token, the part after http://freedns.afraid.org/dynamic/update.php? url. and paste it in the password field.
  • DO enter the host into the Hostname field. Although it is not used for the update, it is used to check the host's current IP address (via nslookup).

Further details

  • A full list of supported settings (some not supported by LuCI WebUI) and their description you will find in UCI documentation.
  • Source of IP address ("ip_source" in the configuration file)
    • The "ip_source" option can be "network", "interface", "script" or "web", with "network" as the default
    • If "ip_source" is "network" you specify a network section in your /etc/network config file (e.g. "wan", which is the default) with the "ip_network" option. If you specify "wan", you will update with whatever the ip for your wan is.
    • If "ip_source" is "interface" you specify a hardware interface (e.g. "eth1") and whatever the current ip of this interface is will be associated with the domain when an update is performed.
    • If "ip_source" is "script" you specify a script to obtain ip address. The "ip_script" option should contain path to your script. This option is not available through the LuCI web interface.
    • The last possibility is that "ip_source" is "web", which means that in order to obtain our ip address we will connect to a website (specified in the URL field), and use the first valid ip address listed on that page. Use this option if the OpenWrt device is behind a NAT device and does not have a real external IP address assigned to the WAN interface being monitored. The correct URL will depend on the DDNS service being used. Check with the service's documentation to determine if they offer this feature and, if so, what the correct URL is.
      • For the DynDNS service, the URL is http://checkip.dyndns.org
      • Multiple URLs can be used by separating the entries with a space.

Step 3: Start ddns-scripts

  • Normally, the DDNS scripts are automatically started through a hotplug event. The very first time they are configured, there is no ifup event to start them.
  • The simplest option is to reboot the router. This will automatically start the scripts as part of the normal interface startup process.
  • If a reboot should be avoided, the scripts can be started manually by generating a hotplug event from the command line (see below for details)
  • Beginning ddns-scripts Version 1.0.0-23 you need to enable ddns service in "System"-"Startup" to enable updates being send on reboot and hotplug events.
  • You can also start/stop/restart the service without reboot or generating a hotplug event.

Step 4: You're done!

  • If the wan interface changes its address, the DDNS account is updated automatically.
  • Additionally, an unconditional update is sent periodically. The interval is specified by the force update option.

Additional DDNS registration entries

In LuCI, go to Services > Dynamic DNS.

  • Use the text entry box and "Add" button to add additional DDNS configurations
    • Do not use a - character in the DDNS configuration name

Using ddns-scripts directly

The ddns-scripts package can be installed and used on its own without luci-app-ddns. No web GUI will be available in this case. This section describes how to use the command line to use ddns-script directly.

Step 1: Installation

Install the ddns-scripts package.

opkg update
opkg install ddns-scripts

Step 2: Configuration

The configuration is stored in /etc/config/ddns which contains more thorough documentation.

In order to enable Dynamic DNS you need at least one section, and in that section the enabled variable must be set to "1".

Each section represents an update to a different service. This sections specifies several things:

  • service (dyndns.org, etc.)
  • domain (set this to all.dnsomatic.com for DNS-o-Matic)
  • username
  • password (sometimes it is the api token, not your login password)
  • ip_source (wan, eth0, web)

Optionally, the following may be specified:

  • update_url (needed if the service isn't supported by /usr/lib/ddns/services)
  • check_interval
  • force_interval

Use the check_interval variable to specify how often to check whether an update is necessary, and the force_interval variable to specify how often to force an update. Specify the units for these values with the check_unit and force_unit variables. Units can be "days", "hours", "minutes" or "seconds". The default value for check_interval is "600", and the default value for check_unit is "seconds" (check_interval = 10 minutes). The default value for force_interval is "72", and the default value for force_unit is "hours" (force_interval = 72 hours).

Default configuration

This is the default configuration in /etc/config/ddns as of OpenWrt Attitude Adjustment 12.09.

config service "myddns"
        option enabled          "0"
        option interface        "wan"

        option service_name     "dyndns.org"
        option domain           "mypersonaldomain.dyndns.org"
        option username         "myusername"
        option password         "mypassword"

        option force_interval   "72"
        option force_unit       "hours"
        option check_interval   "10"
        option check_unit       "minutes"
        option retry_interval   "60"
        option retry_unit       "seconds"

        #option ip_source       "network"
        #option ip_network      "wan"

        #option ip_source       "interface"
        #option ip_interface    "eth0.1"

        #option ip_source       "script"
        #option ip_script       "path to your script"

        option ip_source        "web"
        option ip_url           "http://checkip.dyndns.com/"

        #option update_url      "http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?hostname=[DOMAIN]&myip=[IP]"

Configuration using the uci program

A short example for a dyndns.org service to configure via UCI CLI:

root@OpenWrt:~# uci set ddns.myddns.enabled=1
root@OpenWrt:~# uci set ddns.myddns.domain=host.dyndns.org
root@OpenWrt:~# uci set ddns.myddns.username=
root@OpenWrt:~# uci set ddns.myddns.password=
root@OpenWrt:~# uci set ddns.myddns.enabled=1
root@OpenWrt:~# uci commit ddns

Configuration for namecheap.com

An example for a namecheap.com domain with an A-record with name '@'.

config service 'myddns'
        option enabled '1'
        option interface 'wan'
        option force_interval '72'
        option force_unit 'hours'
        option check_interval '10'
        option check_unit 'minutes'
        option retry_interval '60'
        option retry_unit 'seconds'
        option service_name 'namecheap.com'
        option domain 'yourdomain.info'
        option username '@'
        option password 'xxxxxxx-your-token-xxxx-xxxxxxxxxxxx'
        option ip_source 'network'
        option ip_network 'wan'
        #option use_https '1'
        #option cacert '/etc/ssl/certs/cacert.pem'

Note that with the namecheap protocol, the username option is translated to the host argument in the update request. Therefore, it should be the hostname on the DNS record, not the username that you use to log into the namecheap.com site. In this example, the script will update the '@' (full domain) DNS A-record. To update a subdomain A-record, enter the name of the subdomain instead. To get your password, log into the namecheap.com site, enter the management console for the domain, and click the Dynamic DNS menu option.

Make a record for each subdomain. Using Luci, enter a label for the subdomain into the Add field (near lower left of page)and click the (+), or hand edit the /etc/config/ddns file and add a new stanza.

Example /etc/config/ddns records to update two subdomains at namecheap:

config service 'myddns'
        option interface 'wan'
        option force_unit 'hours'
        option check_interval '20'
        option check_unit 'minutes'
        option retry_interval '60'
        option retry_unit 'seconds'
        option password 'YourNamecheapDDNSpassword'
        option enabled '1'
        option ip_source 'interface'
        option ip_interface 'pppoe-wan'
        option service_name 'namecheap.com'
        option force_interval '72'
        option domain 'Your.Domain'
        option username 'www'

config service 'mail'
        option interface 'wan'
        option force_unit 'hours'
        option check_interval '20'
        option check_unit 'minutes'
        option retry_interval '60'
        option retry_unit 'seconds'
        option password 'YourNamecheapDDNSpassword'
        option enabled '1'
        option ip_source 'interface'
        option ip_interface 'pppoe-wan'
        option service_name 'namecheap.com'
        option force_interval '24'
        option domain 'Your.Domain'
        option username 'mail'

You can hand test the records for 'www' and 'mail', labeled 'myddns' and 'mail' with:

/usr/lib/ddns/dynamic_dns_updater.sh myddns
/usr/lib/ddns/dynamic_dns_updater.sh mail

Look at the return XML and see that the Error Count is 0 to validate a successful update. Check each record, one at a time. Use <Ctrl-C> to kill the test daemons.

Example for the LUCI form :

Enable = <checked>
Hostname = 'example.com'
username = 'www'
password = 'xxx-your-specific-ddns-pass-xx'
Source of IP address = 'URL'
URL = 'http://dynamicdns.park-your-domain.com/update?'

Manually starting ddns-scripts

The ddns-scripts monitoring script starts when hotplug ifup event happens. This will happen automatically at system startup when the named interface comes up. The simplest way to start ddns-scripts is to reboot, but to avoid a reboot, it can be started manually from the command line. After setting "enabled" to 1 and configuring other settings as above, manually generate an ifup hotplug event for the desired interface.

  • This will case the the hotplug script /etc/hotplug.d/25-ddns to run
    • For INTERFACE, type the specified ddns-scripts interface name (the interface name from /etc/config/network, usually 'wan')

root@OpenWrt:~# ACTION=ifup INTERFACE=wan /sbin/hotplug-call iface

  • As an alternative, ddns-scripts can be called at a lower level
    • type the specified ddns-scripts interface name (the interface name from /etc/config/network, usually 'wan')

sh
. /usr/lib/ddns/dynamic_dns_functions.sh # note the leading period
start_daemon_for_all_ddns_sections "wan"
exit

  • Beginning ddns-scripts Version 1.0.0-23
    • simply enable/disable start/stop/restart like every other service

root@OpenWrt:~# /etc/init.d/ddns enable
root@OpenWrt:~# /etc/init.d/ddns start

Verification

  • Verify the ddns-scripts interface monitor script is running
  • One instance of this script should be running for each ddns-scripts configuration defined

ps | grep dynamic_dns_updater.sh

  • Verify the correct IP address by pinging the dynamic DNS name

Alerting

  • ddns-scripts does not send any alerts when it detects or updates the DDNS IP address
  • Marius Gedminas posted a two-line patch to ddns-scripts available at http://patchwork.openwrt.org/patch/1072/. This change adds syslog output when an IP change is detected. It can be manually added to /usr/lib/ddns/dynamic_dns_updater.sh.
    • For ddns-scripts ver. 1.0.0-21 (the version OpenWrt Attitude Adjustment 12.09), the line numbers to look for are after original lines 294 and 325
    • If OpenWrt is configured to send syslog output to a remote syslog server (see log.overview), that server can be configured to perform various alerting actions
  • For Barrier Breaker: Since Marius Gedminas's post isn't available anymore at the link above, here is an alternative solution:
    • open file /usr/lib/ddns/dynamic_dns_functions.sh for editing
    • insert a new if condition into verbose_echo() function
    • if [ -n "$ddns_logfile" ]; then
    • echo $1 » $ddns_logfile
    • fi
    • modify the ddns config file via UCI:
    • uci set ddns.myddns.ddns_logfile=/var/log/ddns.log
    • uci commit ddns
    • /etc/init.d/ddns restart
  • For Chaos Calmer: ddns has been completely rewritten, now it supports loggig:
    • the logdir variable can be specified in global section of config file, the default value is /var/log/ddns/

Debugging

If something goes wrong, you can see a log of activity by calling

/usr/lib/ddns/dynamic_dns_updater.sh myddns
Note: myddns is the name of the service config entry in /etc/config/ddns file.

If you only see the update_url= output you forgot the enable flag for the service.

For example if you see badauth in Update Output, you have to change your password which contains only letters and numbers. Because busybox's (v1.15.3) wget implementation has an issue handling encoded URLs.

Sometimes the scripts mess up and many instances of the updater will be fired. In this case, use this command to kill them all and start again

root@OpenWrt:~# ps | grep dynami[c] | awk '{print $1}' | xargs kill
root@OpenWrt:~# ACTION=ifup INTERFACE=wan /sbin/hotplug-call iface

Provider specifics

duckdns.org

Inside LuCI web UI select –custom– and fill in the other options accordingly
:!: Be sure to install the ssl certificates in /etc/ssl/certs/ca-bundle.pem as stated in the instructions for openwrt on https://duckdns.org/install.jsp
If duckdns' instructions still say download ca-bundle.crt, replace 'crt' with 'pem'. ca-bundle.crt doesn't exist.
Additional use update_url and settings from below because otherwise updates fails.
Last tested: 2015-03-16

# option service_name  ''
option update_url    'http://www.duckdns.org/update?domains=[USERNAME]&token=[PASSWORD]&ip=[IP]'
option domain        '[Your FQDN]'
option username      '[Your Host without ".duckdns.org"]'
option password      '[Your token]'
option use_https     '1'
option cacert        '/etc/ssl/certs/cacert.pem'

other

To enable wildcard domains (*.foo.dyndns.org) on dyndns.org, replace the line in /usr/lib/ddns/services with:

"dyndns.org"            "http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?wildcard=ON&hostname=[DOMAIN]&myip=[IP]"

To retain the wildcard setting on dyndns.org, replace the line in /usr/lib/ddns/services with:

"dyndns.org"            "http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?wildcard=NOCHG&hostname=[DOMAIN]&myip=[IP]"

To add dyndns protocol compatible services like dyndns.fr, add a line in /usr/lib/ddns/services with:

"dyndns.fr"            "http://[DOMAIN]:[PASSWORD]@dyndns.dyndns.fr/update.php?hostname=[DOMAIN]&myip=[IP]"

To add dyndns protocol compatible services like dyndnspro.com, add a line in /usr/lib/ddns/services with:

"dyndnspro.com"            "http://[DOMAIN]:[PASSWORD]@dyndns.dyndnspro.com/update.php?hostname=[DOMAIN]&myip=[IP]"

To add dyndns protocol compatible services like dynamicdomain.net, add a line in /usr/lib/ddns/services with:

"dynamicdomain.net"            "http://[DOMAIN]:[PASSWORD]@dyndns.dynamicdomain.net/update.php?hostname=[DOMAIN]&myip=[IP]"

To add dyndns protocol compatible services like dyndns.it, add a line in /usr/lib/ddns/services with:

"dyndns.it"            "http://[USERNAME]:[PASSWORD]@dyndns.it/nic/update?hostname=[DOMAIN]&myip=[IP]"

To add dyndns protocol compatible services like no-ip.com, add a line in /usr/lib/ddns/services with:

"no-ip.org"            "http://[USERNAME]:[PASSWORD]@dynupdate.no-ip.com/nic/update?hostname=[DOMAIN]&myip=[IP]"

To add dyndns protocol compatible services like system-ns.com, add a line in /usr/lib/ddns/services with:

"system-ns.com"          "http://system-ns.com/api?type=dynamic&domain=[DOMAIN]&command=set&token=[PASSWORD]&ip=[IP]"

To add dyndns protocol compatible services like two-dns.de, add a line in /usr/lib/ddns/services with:

"two-DNS"          "http://[USERNAME]:[PASSWORD]@update.twodns.de/update?hostname=[DOMAIN]&ip=[IP]"
# with https Support
"two-DNS_https"          "https://[USERNAME]:[PASSWORD]@update.twodns.de/update?hostname=[DOMAIN]&ip=[IP]"
# needs:
# option use_https        1
# option cacert           /etc/ssl/certs/Example_CA.pem
# and install curl
# as shown below

SSL support

By default ddns-scripts uses BusyBox buildin wget for DNS updates over http, it does not support https (SSL).
To perform DNS updates over https (SSL), you will need to install the wget or curl package, and add the appropriate root certificate for your ddns provider.
If both wget and curl packages are installed, ddns-scripts will use wget for communication. You can either follow the instructions at SSL and Certificates in wget or install curl and see the correct way below.

:!: since Barrier Breaker 14.07 you can simplify installation using:

  • wget - Version >= 1.16-1 OR
  • curl - Version >= 7.38.0-1 AND
  • ca-certificates - Version >= 20141019

packages. Inside DDNS configuration you need (LuCI accordingly):

option use_https '1'
option cacert    '/etc/ssl/certs'

The correct way using curl

( :!: This curl section didn't work for me, I've created a description of what worked for me here:Setup DDNS with GratisDNS)

There is no need to modify /usr/lib/ddns/services. Automatic change of URI scheme from http to https is controlled by the use_https variable. Install curl and add the following to /etc/config/ddns (replace cacert path to the correct one, either a file or a directory):

option use_https        1
option cacert           /etc/ssl/certs/Example_CA.pem
Note that you need to download a Certificate Authority bundle as curl's pre-packaged bundle is out of date. Curl does maintain a current CA bundle here: http://curl.haxx.se/ca/

Use the following commands to download the Curl CA bundle:

root@OpenWrt:~# mkdir -p /etc/ssl/certs/
root@OpenWrt:~# wget -P /etc/ssl/certs/ http://curl.haxx.se/ca/cacert.pem

Curl SSLv2,3 Support

If your DDNS provider is using SSLv2 or SSLv3 Curl will throw error code 35 because it can't connect unless you specify the correct SSL version. To fix this, you must modify /usr/lib/ddns/dynamic_dns_updater.sh as such:

For SSLv2 replace –sslv3 with –sslv2

Find this string of code:

retrieve_prog="${retrieve_prog}--cacert $cacert "

Replace it with the following:

retrieve_prog="${retrieve_prog}--sslv3 --cacert $cacert "

Find this string of code:

retrieve_prog="${retrieve_prog}--capath $cacert "

Replace it with the following:

retrieve_prog="${retrieve_prog}--sslv3 --capath $cacert "

If your ddns provider uses a self-signed certificate, or if the certificate issuer is not listed in the curl CA bundle, curl will throw error code 60 and not open a connection to the ddns provider. To fix this, demand your ddns provider to send you the right certificate.

If you don't care, you can break curl to accept any certificate by editing /usr/lib/ddns/dynamic_dns_updater.sh.

Warning: This allows curl to connect to https sites without SSL certificates. Only do this if no other options are available, and if you ultimately trust your ddns provider and everyone else on the internet (DONT DO IT, YOU BREAK CURL and could use http without ssl just the same. COMMENT: This section on breaking curl should be deleted, it is not good advice. I edited it instead of deleting it because I just registered and don't dare to correct/delete too much at once. Please also note the last sentence below the instructions on what breaking curl's ssl support means.)

Find this string of code:

retrieve_prog="${retrieve_prog}--cacert $cacert "

Replace it with the following:

retrieve_prog="${retrieve_prog}-k "

Find this string of code:

retrieve_prog="${retrieve_prog}--capath $cacert "

Replace it with the following:

retrieve_prog="${retrieve_prog}-k "

Curl's https support is now broken and you can send your password to everyone claiming to be your ddns provider. This will also affect all other https communications from your router that use curl aside from ddns.

Using wget

If you want to stick to wget, then you should set SSL_CERT_DIR variable in /usr/lib/ddns/dynamic_dns_functions.sh before calling /usr/lib/ddns/dynamic_dns_updater.sh because /etc/profile is not sourced in daemon mode.

Using wget with self-signed SSL certificates

Note: this is also a workaround for the wget ssl bug mentioned on SSL and Certificates in wget#A Caveat

If your service provider uses a self-signed certificate, one options is to use the –no-check-certificate option with wget (read the disclaimer here: http://www.gnu.org/software/wget/manual/html_node/HTTPS-_0028SSL_002fTLS_0029-Options.html#HTTPS-_0028SSL_002fTLS_0029-Options).

Replace the retrieve_prog line in /usr/lib/ddns/dynamic_dns_updater.sh with this:

retrieve_prog="/usr/bin/wget --no-check-certificate -O - ";

An another workaround for wget's SSL bug and https://freedns.afraid.org (I've tested only this one.) is to install curl and replace the retrieve_prog line in /usr/lib/ddns/dynamic_dns_updater.sh with this:

retrieve_prog="/usr/bin/curl";

Using webif

FIXME

Packages

FIXME

updatedd updatedd-mod-dyndns updatedd-mod-noip luci webif

Other methods

DDNS scripts have been a surprisingly dynamic(lol) part of OpenWrt. There have been many other scripts and packages used.

doc/howto/ddns.client.txt · Last modified: 2015/07/02 20:56 by chris5560