User Tools

Site Tools


doc:howto:ddns.client

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:howto:ddns.client [2014/02/14 11:09]
nabilion
doc:howto:ddns.client [2015/04/15 12:31] (current)
micsu [Alerting]
Line 4: Line 4:
   * Tested with:   * Tested with:
     * OpenWrt Attitude Adjustment 12.09     * OpenWrt Attitude Adjustment 12.09
-    * OpenWrt Barrier Breaker ​r37816 +    * OpenWrt Barrier Breaker ​14.07 
 +  * New Version (2.x) with IPv6 support and many other options availible on: 
 +    * Chaos Calmer (trunk)
 ===== Introduction ===== ===== Introduction =====
  
Line 18: Line 19:
 Here is a list of suggested DDNS providers. Here is a list of suggested DDNS providers.
  
-  * http://dyndns.org   ​:!: needs credit card number, even for "​Trial"​ Account. ​ Free (with no credit card) if user donated back in 1998-2001+  * http://freedns.afraid.org :!: free but currently a [[https://​dev.openwrt.org/​ticket/​10192|workaround]] is needed - FIXME 
-  * http://changeip.com :!: dynamic dns is free +  * http://noip.com :!: free but requires annoying account confirmation every 30 days - FIXME 
-  * http://zoneedit.com :!: non-free +  * http://changeip.com :!: free 
-  * http://no-ip.com    still free =) +  * http://duckdns.org :!: free - generated config on site, or see the updated, [[doc:howto:ddns.client:​duckdns|sample config]] here
-  * http://freedns.afraid.org +  * http://system-ns.com :!: free 
-  * http://dnsdynamic.org +  * https://dns.he.net/ ​:!: free - if you have your own domain name, [[doc/howto/ddns.client/hurricaneelectricfreedns]]
-  * http://dyndns.fr +  * http://dnsdynamic.org  ​:!: free 
-  * http://dyndnspro.com +  * http://zoneedit.com :!: non-free (dns update by https required, curl needed. See [[http://wiki.openwrt.org/​doc/​howto/​ddns.client#​ssl_support|SSL support]].
-  * http://​dynamicdomain.net +  * http://​dyndns.org :!: non-free except if you donated in 1998-2001. 30-day free trial needs credit card number. 
-  * http://duckdns.org  free - generated config on site =) +  * http://​dyndns.fr :!: non-free
-  * http://system-ns.com  free +
-  * https://dns.he.netfree - if you have your own domain name, [[doc/​howto/​ddns.client/​hurricaneelectricfreedns]].+
   * Any other service that can update when some URL is accessed. ​ The script is quite versatile.   * Any other service that can update when some URL is accessed. ​ The script is quite versatile.
 +
 +A list of currently supported DDNS providers by ddns-scripts:​
 +  * **IPv4:** [[https://​github.com/​openwrt/​packages/​blob/​master/​net/​ddns-scripts/​files/​services|/​usr/​lib/​ddns/​services]]
 +  * **IPv6:** [[https://​github.com/​openwrt/​packages/​blob/​master/​net/​ddns-scripts/​files/​services_ipv6|/​usr/​lib/​ddns/​services_ipv6]] - :!: needs ddns-scripts V 2.x
  
 For a longer list of additional DDNS providers, see: For a longer list of additional DDNS providers, see:
Line 46: Line 49:
 Installing the package ''​luci-app-ddns''​ will automatically install the package ''​ddns-scripts'',​ which contains the scripts that actually update the dynamic DNS name (see below). Installing the package ''​luci-app-ddns''​ will automatically install the package ''​ddns-scripts'',​ which contains the scripts that actually update the dynamic DNS name (see below).
  
-After ''​luci-app-ddns''​ is installed, just press any other link on the Openwrt LuCI WebUI, and the page will refresh itself and Dynamic DNS will appear under Services > Dynamic DNS. If those tabs don't show up, reboot the router.+After ''​luci-app-ddns''​ is installed, just press any other link on the Openwrt LuCI WebUI, and the page will refresh itself and Dynamic DNS will appear under Services > Dynamic DNS. If those tabs don't show up, run ''/​etc/​init.d/​uhttpd restart'',​ delete ''/​tmp/​luci-indexcache''​ or reboot the router
 + 
 +Beginning ddns-scripts Version 1.0.0-23 you need to enable ''​ddns''​ service in "​System"​-"​Startup"​ or run: ''/​etc/​init.d/​ddns enable''​ to enable updates being send on reboot and hotplug events.
  
 ==== Step 2: Configuration ==== ==== Step 2: Configuration ====
Line 60: Line 65:
 | Hostname | The DNS name to update (this name must already be registered with the the DDNS service) | your.domain.name | | Hostname | The DNS name to update (this name must already be registered with the the DDNS service) | your.domain.name |
 | Username | Username of your DDNS service account | yourusername | | Username | Username of your DDNS service account | yourusername |
-| Password | Password of your DDNS service account ​(ensure ​this password does not have "​$1"​ or $ with any number following in it, as this breaks the script| yourpassword |+| Password | Password of your DDNS service account. Ensure ​this password does **not** have "​$1"​ or $ with any number following in it, as this **breaks** the script. **For freedns.afraid.org,​ [[ddns.client#​Specific settings for freedns.afraid.org|read below]]**. ​| yourpassword |
 | Source of IP address | This tells the script how to determine your interface external IP address. See below for a description. | Usually "​network"​ | | Source of IP address | This tells the script how to determine your interface external IP address. See below for a description. | Usually "​network"​ |
 | Network/​Interface/​URL | This will be named based on the section of "​Source of IP address"​. Select the network, interface physical name, or type in the URL to use to determine the external IP address. | Usually "​wan"​ | | Network/​Interface/​URL | This will be named based on the section of "​Source of IP address"​. Select the network, interface physical name, or type in the URL to use to determine the external IP address. | Usually "​wan"​ |
-| Check for changed IP every | Self Explanatory | 10 |+| Check for changed IP every | Self Explanatory. Checks below 5 minutes make no sence because from testing, it takes this time until the global DNS servers be in sync | 10 |
 | Check-time unit | The unit for the value above | min | | Check-time unit | The unit for the value above | min |
 | Force update every | Even if the detected external IP address has not changed, update the DDNS name anyway after this time interval | 72 | | Force update every | Even if the detected external IP address has not changed, update the DDNS name anyway after this time interval | 72 |
Line 70: Line 75:
 Click "Save & Apply" to save changes. Click "Save & Apply" to save changes.
  
-=== Further details === +=== Specific settings for freedns.afraid.org ​=== 
-  * freedns.afraid.org ​specific settings: +    * You must **NOT** set your account password in the "​password" ​field. ​On the contrary, go to http://​freedns.afraid.org/​dynamic/,​ login, click "​Direct URL". On the location bar of your browser, copy the the authorisation tokenthe part after http://​freedns.afraid.org/​dynamic/​update.php? ​url. and paste it in the password field.
-    * leave the username ​field empty. +
-    * put the authorisation token from the update url (the part after http://​freedns.afraid.org/​dynamic/​update.php?​in the password field.+
     * DO enter the host into the Hostname field. Although it is not used for the update, it //is// used to check the host's current IP address (via ''​nslookup''​).     * DO enter the host into the Hostname field. Although it is not used for the update, it //is// used to check the host's current IP address (via ''​nslookup''​).
 +
 +=== Further details ===
 +  * **A full list of supported settings (some not supported by LuCI WebUI) and their description you will find [[doc:​uci:​ddns|in UCI documentation]].**
   * Source of IP address ("​ip_source"​ in the configuration file)   * Source of IP address ("​ip_source"​ in the configuration file)
     * The "​ip_source"​ option can be "​network",​ "​interface",​ "​script"​ or "​web",​ with "​network"​ as the default     * The "​ip_source"​ option can be "​network",​ "​interface",​ "​script"​ or "​web",​ with "​network"​ as the default
Line 80: Line 86:
     * If "​ip_source"​ is "​interface"​ you specify a hardware interface (e.g. "​eth1"​) and whatever the current ip of this interface is will be associated with the domain when an update is performed.     * If "​ip_source"​ is "​interface"​ you specify a hardware interface (e.g. "​eth1"​) and whatever the current ip of this interface is will be associated with the domain when an update is performed.
     * If "​ip_source"​ is "​script"​ you specify a script to obtain ip address. The "​ip_script"​ option should contain path to your script. This option is not available through the LuCI web interface.     * If "​ip_source"​ is "​script"​ you specify a script to obtain ip address. The "​ip_script"​ option should contain path to your script. This option is not available through the LuCI web interface.
-    * The last possibility is that "​ip_source"​ is "​web",​ which means that in order to obtain our ip address we will connect to a website (specified in the URL field), and use the first valid ip address listed on that page. Use this option ​of the OpenWrt device is behind a NAT device and does not have a real external IP address assigned to the WAN interface being monitored. The correct URL will depend on the DDNS service being used. Check with the service'​s documentation to determine if they offer this feature and, if so, what the correct URL is.+    * The last possibility is that "​ip_source"​ is "​web",​ which means that in order to obtain our ip address we will connect to a website (specified in the URL field), and use the first valid ip address listed on that page. Use this option ​if the OpenWrt device is behind a NAT device and does not have a real external IP address assigned to the WAN interface being monitored. The correct URL will depend on the DDNS service being used. Check with the service'​s documentation to determine if they offer this feature and, if so, what the correct URL is.
       * For the DynDNS service, the URL is [[http://​checkip.dyndns.org]]       * For the DynDNS service, the URL is [[http://​checkip.dyndns.org]]
       * Multiple URLs can be used by separating the entries with a space.       * Multiple URLs can be used by separating the entries with a space.
Line 89: Line 95:
   * The simplest option is to reboot the router. This will automatically start the scripts as part of the normal interface startup process.   * The simplest option is to reboot the router. This will automatically start the scripts as part of the normal interface startup process.
   * If a reboot should be avoided, the scripts can be started manually by generating a hotplug event from the command line (see below for details)   * If a reboot should be avoided, the scripts can be started manually by generating a hotplug event from the command line (see below for details)
 +  * Beginning ddns-scripts Version 1.0.0-23 you need to enable //​**ddns**//​ service in "​System"​-"​Startup"​ to enable updates being send on reboot and hotplug events.
 +  * You can also start/​stop/​restart the service without reboot or generating a hotplug event.
  
 ==== Step 4: You're done! ==== ==== Step 4: You're done! ====
Line 182: Line 190:
 root@OpenWrt:​~#​ uci set ddns.myddns.enabled=1 root@OpenWrt:​~#​ uci set ddns.myddns.enabled=1
 root@OpenWrt:​~#​ uci commit ddns root@OpenWrt:​~#​ uci commit ddns
-</​code>​ 
- 
-=== Configuration example for noip.com === 
- 
-An example for **noip.com** service that updates via pinging web url: 
-<​code>​ 
-config ​ service "​myddns"​ 
- option enabled ​         "​1"​ 
- option interface ​       "​wan"​ 
- option service_name ​    "​no-ip.com"​ 
- option force_interval ​  "​72"​ 
- option force_unit ​      "​hours"​ 
- option check_interval ​  "​10"​ 
- option check_unit ​      "​minutes"​ 
- option username ​        "​USERNAME"​ 
- option password ​        "​PASSWORD"​ 
- option ip_source ​       "​web"​ 
- option ip_url ​          "​http://​[USERNAME]:​[PASSWORD]@dynupdate.no-ip.com/​nic/​update?​hostname=[DOMAIN]&​myip=[IP]"​ 
- option domain ​          "​DOMAIN.no-ip.org"​ 
-</​code>​ 
- 
-=== Configuration example for dyndns.fr ​ === 
- 
- ​**dyndns.fr** service that updates via pinging web url: 
-<​code>​ 
-config ​ service "​myddns"​ 
- option enabled ​         "​1"​ 
- option interface ​       "​wan"​ 
- option service_name ​    "​dyndns.fr"​ 
- option force_interval ​  "​72"​ 
- option force_unit ​      "​hours"​ 
- option check_interval ​  "​10"​ 
- option check_unit ​      "​minutes"​ 
- option username ​        "​USERNAME"​ 
- option password ​        "​PASSWORD"​ 
- option ip_source ​       "​web"​ 
- option ip_url ​          "​http://​[DOMAIN]:​[PASSWORD]@dyndns.dyndns.fr/​update.php?​hostname=[DOMAIN]&​myip=[IP]"​ 
- option domain ​          "​DOMAIN.dyndns.fr"​ 
-</​code>​ 
-=== Configuration example for dyndnspro.com ​ === 
- 
- ​**dyndnspro.com** service that updates via pinging web url: 
-<​code>​ 
-config ​ service "​myddns"​ 
- option enabled ​         "​1"​ 
- option interface ​       "​wan"​ 
- option service_name ​    "​dyndnspro.com"​ 
- option force_interval ​  "​72"​ 
- option force_unit ​      "​hours"​ 
- option check_interval ​  "​10"​ 
- option check_unit ​      "​minutes"​ 
- option username ​        "​USERNAME"​ 
- option password ​        "​PASSWORD"​ 
- option ip_source ​       "​web"​ 
- option ip_url ​          "​http://​[DOMAIN]:​[PASSWORD]@dyndns.dyndnspro.com/​update.php?​hostname=[DOMAIN]&​myip=[IP]"​ 
- option domain ​          "​DOMAIN.dyndnspro.com"​ 
-</​code>​ 
- 
-=== Configuration example for dynamicdomain.net ​ === 
- 
- ​**dynamicdomain.net** service that updates via pinging web url: 
-<​code>​ 
-config ​ service "​myddns"​ 
- option enabled ​         "​1"​ 
- option interface ​       "​wan"​ 
- option service_name ​    "​dynamicdomain.net"​ 
- option force_interval ​  "​72"​ 
- option force_unit ​      "​hours"​ 
- option check_interval ​  "​10"​ 
- option check_unit ​      "​minutes"​ 
- option username ​        "​USERNAME"​ 
- option password ​        "​PASSWORD"​ 
- option ip_source ​       "​web"​ 
- option ip_url ​          "​http://​[DOMAIN]:​[PASSWORD]@dyndns.dynamicdomain.net/​update.php?​hostname=[DOMAIN]&​myip=[IP]"​ 
- option domain ​          "​DOMAIN.dynamicdomain.net"​ 
-</​code>​ 
- 
- 
-=== Configuration for duckdns.org === 
-**As of 2013 this is now a completely free Dynamic DNS provider.** 
-== Add Duck DNS to ''​services''​ == 
-The reason you want to add Duck DNS to the ''​services''​ file is because this will allow you to configure other ddns services if needed, and it allows for proper https usage with ''​curl''​. 
-Edit ''/​usr/​lib/​ddns/​services''​ and add this to the end of the file: 
-<​code>​ 
-# Duck DNS 
-"​duckdns.org" ​         "​http://​www.duckdns.org/​update?​domains=[DOMAIN]&​token=[PASSWORD]&​ip=[IP]"​ 
-</​code>​ 
-== Duck DNS https (SSL) Support == 
-[[duckdns.org]] uses a CA that is either self-signed,​ or not listed in the Curl CA bundle. ''​curl''​ will throw error 60 when trying to update over https. The only way I was able to get ''​curl''​ to update Duck DNS over https was to have ''​curl''​ ignore certificate checks with ''​curl -k''​. Modify ''/​usr/​lib/​ddns/​dynamic_dns_updater.sh''​ as follows: 
- 
-Find this string of code: 
-<​code>​ 
-retrieve_prog="​${retrieve_prog}--cacert $cacert " 
-</​code>​ 
-Replace it with this: 
-<​code>​ 
-retrieve_prog="​${retrieve_prog}-k " 
-</​code>​ 
-Find this string of code: 
-<​code>​ 
-retrieve_prog="​${retrieve_prog}--capath $cacert " 
-</​code>​ 
-Replace it with this: 
-<​code>​ 
-retrieve_prog="​${retrieve_prog}-k " 
-</​code>​ 
- 
-== Duck DNS ddns-scripts ''​config''​ example == 
-Uncomment use_https and cacert if you want to use https (SSL). 
-<​code>​ 
-config service "​myddns"​ 
-        option enabled ​         "​1"​ 
-        option interface ​       "​wan"​ 
-        option service_name ​    "​duckdns.org"​ 
-        option domain ​          "​DOMAIN"​ 
-        option username ​        "​LEAVE BLANK" 
-        option password ​        "​xxxxxxx-your-token-xxxx-xxxxxxxxxxxx"​ 
-        option force_interval ​  "​12"​ 
-        option force_unit ​      "​hours"​ 
-        option check_interval ​  "​10"​ 
-        option check_unit ​      "​minutes"​ 
-        option ip_source ​       "​web"​ 
-        option ip_url ​          "​http://​wtfismyip.com/​text"​ 
-       #​option use_https ​       "​1"​ 
-       #​option cacert ​          "/​etc/​ssl/​certs/​cacert.pem"​ 
 </​code>​ </​code>​
  
Line 333: Line 216:
 </​code>​ </​code>​
  
-Note that with the namecheap protocol, the ''​username''​ option is translated to the ''​host''​ argument in the update request. ​ Therefore, it should be the hostname on the DNS record, **not** the username that you use to log into the namecheap.com site.  In this example, the script will update the '​@'​ (full domain) DNS A-record. ​ To update a subdomain A-record, enter the name of the subdomain instead. ​ To get your password, log into the namecheap.com site, enter the management console for the domain, and click the ''​Dynamic DNS''​ menu option.+Note that with the namecheap protocol, the ''​username''​ option is translated to the ''​host''​ argument in the update request. ​ Therefore, it should be the hostname on the DNS record, **not** the username that you use to log into the namecheap.com site.  In this example, the script will update the '​@'​ (full domain) DNS A-record. ​ To update a subdomain A-record, enter the name of the subdomain instead. ​ To get your password, log into the namecheap.com site, enter the management console for the domain, and click the ''​Dynamic DNS''​ menu option. ​  
 + 
 +Make a record for each subdomain. ​ Using Luci, enter a label for the subdomain into the Add field (near lower left of page)and click the (+), or hand edit the /​etc/​config/​ddns file and add a new stanza. ​  
 + 
 +Example /​etc/​config/​ddns records to update two subdomains at namecheap:​ 
 +<​code>​ 
 +config service '​myddns'​ 
 +        option interface '​wan'​ 
 +        option force_unit '​hours'​ 
 +        option check_interval '​20'​ 
 +        option check_unit '​minutes'​ 
 +        option retry_interval '​60'​ 
 +        option retry_unit '​seconds'​ 
 +        option password '​YourNamecheapDDNSpassword'​ 
 +        option enabled '​1'​ 
 +        option ip_source '​interface'​ 
 +        option ip_interface '​pppoe-wan'​ 
 +        option service_name '​namecheap.com'​ 
 +        option force_interval '​72'​ 
 +        option domain '​Your.Domain'​ 
 +        option username '​www'​ 
 + 
 +config service '​mail'​ 
 +        option interface '​wan'​ 
 +        option force_unit '​hours'​ 
 +        option check_interval '​20'​ 
 +        option check_unit '​minutes'​ 
 +        option retry_interval '​60'​ 
 +        option retry_unit '​seconds'​ 
 +        option password '​YourNamecheapDDNSpassword'​ 
 +        option enabled '​1'​ 
 +        option ip_source '​interface'​ 
 +        option ip_interface '​pppoe-wan'​ 
 +        option service_name '​namecheap.com'​ 
 +        option force_interval '​24'​ 
 +        option domain '​Your.Domain'​ 
 +        option username '​mail'​ 
 + 
 +</​code>​ 
 + 
 +You can hand test the records for '​www'​ and '​mail',​ labeled '​myddns'​ and '​mail'​ with: 
 +<​code>​ 
 +/​usr/​lib/​ddns/​dynamic_dns_updater.sh myddns 
 +/​usr/​lib/​ddns/​dynamic_dns_updater.sh mail 
 +</​code>​ 
 + 
 +Look at the return XML and see that the Error Count is 0 to validate a successful update. Check each record, one at a time. Use <​Ctrl-C>​ to kill the test daemons. 
 + 
 +Example for the LUCI form : 
 +<​code>​ 
 +Enable = <​checked>​ 
 +Hostname = '​example.com'​ 
 +username = '​www'​ 
 +password = '​xxx-your-specific-ddns-pass-xx'​ 
 +Source of IP address = '​URL'​ 
 +URL = '​http://​dynamicdns.park-your-domain.com/​update?'​ 
 +</​code>​
  
 ===== Manually starting ddns-scripts ===== ===== Manually starting ddns-scripts =====
Line 354: Line 293:
 start_daemon_for_all_ddns_sections "​wan"​ start_daemon_for_all_ddns_sections "​wan"​
 exit exit
 +</​code>​
 +
 +  * Beginning ddns-scripts Version 1.0.0-23
 +    * simply enable/​disable start/​stop/​restart like every other service
 +
 +<​code>​
 +root@OpenWrt:​~#​ /​etc/​init.d/​ddns enable
 +root@OpenWrt:​~#​ /​etc/​init.d/​ddns start
 </​code>​ </​code>​
  
Line 359: Line 306:
  
   * Verify the ddns-scripts interface monitor script is running   * Verify the ddns-scripts interface monitor script is running
-    ​* One instance of this script should be running for each ddns-scripts configuration defined+  ​* One instance of this script should be running for each ddns-scripts configuration defined
  
 <​code>​ <​code>​
Line 373: Line 320:
     * For ddns-scripts ver. 1.0.0-21 (the version OpenWrt Attitude Adjustment 12.09), the line numbers to look for are after original lines 294 and 325     * For ddns-scripts ver. 1.0.0-21 (the version OpenWrt Attitude Adjustment 12.09), the line numbers to look for are after original lines 294 and 325
     * If OpenWrt is configured to send syslog output to a remote syslog server (see [[doc/​howto/​log.overview]]),​ that server can be configured to perform various alerting actions     * If OpenWrt is configured to send syslog output to a remote syslog server (see [[doc/​howto/​log.overview]]),​ that server can be configured to perform various alerting actions
 +  * Since Marius Gedminas'​s post isn't available anymore at the link above, here is an alternative solution:
 +    * open file /​usr/​lib/​ddns/​dynamic_dns_functions.sh for editing
 +    * insert a new if condition into verbose_echo() function
 +    * if [ -n "​$ddns_logfile"​ ]
 +    * then
 +    *      echo $1 >> $ddns_logfile
 +    * fi
 +    * modify the ddns config file via UCI:
 +    * uci set ddns.myddns.ddns_logfile=/​tmp/​log/​ddns.log
 +    * uci commit ddns
 +    * /​etc/​init.d/​ddns restart
  
 ===== Debugging ===== ===== Debugging =====
Line 392: Line 350:
 </​code>​ </​code>​
  
-===== Tweaks ​=====+===== Provider specifics ​=====
  
-Full API documentation available herehttps://www.dyndns.com/developers/specs/syntax.html+==== duckdns.org ==== 
 +Inside LuCI web UI select **--custom--** and fill in the other options accordingly\\ 
 +:!Be sure to install the ssl certificates in /etc/ssl/​certs/​ca-bundle.pem as stated in the instructions for openwrt on https://duckdns.org/install.jsp \\ 
 +If duckdns'​ instructions still say download ca-bundle.crt,​ replace '​crt'​ with '​pem'​. ca-bundle.crt doesn'​t exist.\\ 
 +Additional use update_url and settings from below because otherwise updates fails.\\ 
 +Last tested: 2015-03-16
  
 +<​code>​
 +# option service_name ​ ''​
 +option update_url ​   '​http://​www.duckdns.org/​update?​domains=[USERNAME]&​token=[PASSWORD]&​ip=[IP]'​
 +option domain ​       '[Your FQDN]'
 +option username ​     '[Your Host without "​.duckdns.org"​]'​
 +option password ​     '[Your token]'​
 +option use_https ​    '​1'​
 +option cacert ​       '/​etc/​ssl/​certs/​cacert.pem'​
 +</​code>​
 +
 +==== other ====
 To enable wildcard domains (*.foo.dyndns.org) on dyndns.org, replace the line in ''/​usr/​lib/​ddns/​services''​ with:<​code>​ To enable wildcard domains (*.foo.dyndns.org) on dyndns.org, replace the line in ''/​usr/​lib/​ddns/​services''​ with:<​code>​
 "​dyndns.org" ​           "​http://​[USERNAME]:​[PASSWORD]@members.dyndns.org/​nic/​update?​wildcard=ON&​hostname=[DOMAIN]&​myip=[IP]"​ "​dyndns.org" ​           "​http://​[USERNAME]:​[PASSWORD]@members.dyndns.org/​nic/​update?​wildcard=ON&​hostname=[DOMAIN]&​myip=[IP]"​
Line 429: Line 403:
  ​with:<​code>​  ​with:<​code>​
 "​no-ip.org" ​           "​http://​[USERNAME]:​[PASSWORD]@dynupdate.no-ip.com/​nic/​update?​hostname=[DOMAIN]&​myip=[IP]"​ "​no-ip.org" ​           "​http://​[USERNAME]:​[PASSWORD]@dynupdate.no-ip.com/​nic/​update?​hostname=[DOMAIN]&​myip=[IP]"​
-</​code>​ 
- 
-To add dyndns protocol compatible services like duckdns.org,​ add a line in ''/​usr/​lib/​ddns/​services''​ 
- ​with:<​code>​ 
-"​duckdns.org" ​         "​http://​www.duckdns.org/​update?​domains=[DOMAIN]&​token=[PASSWORD]&​ip=[IP]"​ 
 </​code>​ </​code>​
  
Line 457: Line 426:
 ===== SSL support ===== ===== SSL support =====
  
-By default ''​ddns-scripts''​ uses ''​wget''​ for DNS updates over http, and ''​curl''​ for DNS updates over https (SSL). ​In order for ''​ddns-scripts''​ to perform DNS updates over https (SSL), you will need to install the ''​curl''​ package, and add the appropriate root certificate for your ddns provider.+By default ''​ddns-scripts''​ uses BusyBox buildin ​''​wget''​ for DNS updates over http, it does not support ​https (SSL). ​\\  
 +To perform DNS updates over https (SSL), you will need to install the ''​wget''​ or ''​curl''​ package, and add the appropriate root certificate for your ddns provider. ​\\ 
 +If both //''​wget''//​ and //''​curl''//​ packages are installed, ddns-scripts will use //''​wget''//​ for communication. 
 +You can either follow the instructions at [[wget-ssl-certs|SSL and Certificates in wget]] or install ''​curl''​ and see the correct way below. \\ \\ 
 +:!: since Barrier Breaker 14.07 you can simplify installation using: 
 +  * //''​wget''//​ - Version >= 1.16-1 **OR**  
 +  * //''​curl''//​ - Version >= 7.38.0-1 **AND**  
 +  * //''​ca-certificates''//​ - Version >= 20141019 
 +packages. Inside DDNS configuration you need (LuCI accordingly):​ \\ 
 +<​code>​ 
 +option use_https '​1'​ 
 +option cacert ​   '/​etc/​ssl/​certs'​ 
 +</​code>​
  
-Busybox provides its own version of ''​wget'';​ however, it does not support https (SSL). You can either follow the instructions at [[wget-ssl-certs|SSL and Certificates in wget]] or install ''​curl''​ and see the correct way below. 
  
 ====The correct way using curl ==== ====The correct way using curl ====
 +(  :!: This curl section didn't work for me, I've created a description of what worked for me here:​[[https://​forum.openwrt.org/​viewtopic.php?​id=55599|Setup DDNS with GratisDNS]])
 +
 There is no need to modify ''/​usr/​lib/​ddns/​services''​. Automatic change of URI scheme from ''​http''​ to ''​https''​ is controlled by the ''​use_https''​ variable. Install ''​curl''​ and add the following to ''/​etc/​config/​ddns''​ (replace ''​cacert''​ path to the correct one, either a file or a directory): There is no need to modify ''/​usr/​lib/​ddns/​services''​. Automatic change of URI scheme from ''​http''​ to ''​https''​ is controlled by the ''​use_https''​ variable. Install ''​curl''​ and add the following to ''/​etc/​config/​ddns''​ (replace ''​cacert''​ path to the correct one, either a file or a directory):
  
Line 503: Line 485:
 </​code>​ </​code>​
  
-If your ddns provider uses a self-signed certificate,​ or if the certificate issuer is not listed in the curl CA bundle, ''​curl''​ will throw error code 60 and not open a connection to the ddns provider. To fix this, you must modify ''/​usr/​lib/​ddns/​dynamic_dns_updater.sh''​ as such:+If your ddns provider uses a self-signed certificate,​ or if the certificate issuer is not listed in the curl CA bundle, ''​curl''​ will throw error code 60 and not open a connection to the ddns provider. To fix this, demand your ddns provider to send you the right certificate
  
-**Warning:​** This allows ''​curl''​ to connect to https sites without SSL certificates. Only do this if no other options are available, and if you ultimately trust your ddns provider.+If you don't care, you can break curl to accept any certificate by editing ''/​usr/​lib/​ddns/​dynamic_dns_updater.sh''​. 
 + 
 +**Warning:​** This allows ''​curl''​ to connect to https sites without SSL certificates. Only do this if no other options are available, and if you ultimately trust your ddns provider ​and everyone else on the internet (DONT DO IT, YOU BREAK CURL and could use http without ssl just the same. COMMENT: This section on breaking curl should be deleted, it is not good advice. I edited it instead of deleting it because I just registered and don't dare to correct/​delete too much at once. Please also note the last sentence below the instructions on what breaking curl's ssl support means.)
  
 Find this string of code: Find this string of code:
Line 526: Line 510:
 retrieve_prog="​${retrieve_prog}-k " retrieve_prog="​${retrieve_prog}-k "
 </​code>​ </​code>​
 +
 +Curl's https support is now broken and you can send your password to everyone claiming to be your ddns provider. This will also affect all other https communications from your router that use curl aside from ddns.
  
 ====Using wget==== ====Using wget====
doc/howto/ddns.client.1392372546.txt.bz2 · Last modified: 2014/02/14 11:09 by nabilion