nicokaiser / dyndns Goto Github PK

A simple DynDNS server in PHP

License: MIT License

PHP 100.00%

dyndns's Introduction

Dyndns: a simple DynDNS server in PHP

This script takes the same parameters as the original dyndns.org server does. It can update a BIND DNS server via nsupdate.

As it uses the same syntax as the original DynDNS.org servers do, a dynamic DNS server equipped with this script can be used with DynDNS compatible clients without having to modify anything on the client side.

Features

This script handles DNS updates on the url

http://yourdomain.tld/?hostname=<domain>&myip=<ipaddr>

For security HTTP basic auth is used. You can create multiple users and assign host names for each user.

Installation

To be able to dynamically update the BIND DNS server, a DNS key must be generated with the command:

ddns-confgen

This command outputs instructions for your BIND installation. The generated key has to be added to the named.conf.local:

key "ddns-key" {
    algorithm hmac-sha256;
    secret "bvZ....K5A==";
};

and saved to a file which is referenced in index.php as "bind.keyfile". In the "zone" entry, you have to add an "update-policy":

zone "dyndns.example.com" {
    type master;
    file "db.dyndns.example.com";
    ...
    update-policy {
        grant ddns-key zonesub ANY;
    }
}

In this case, the zone is also called "dyndns.example.com". The (initial) db.dyndns.example.com file (located in BIND's cache directory) looks like this:

$TTL 1h
@ IN SOA dyndns.example.com. root.example.com. (
        2007111501      ; serial
        1h              ; refresh
        15m             ; retry
        7d              ; expiration
        1h              ; minimum
        )  
        NS <your dns server>

Remember to change access rights so BIND is able to write to this file. On Ubuntu the zone need to be in /var/lib/bind due to AppArmor.

PHP script configuration

The PHP script is called by the DynDNS client, it validates the input and calls "nsupdate" to finally update the DNS with the new data. Its configuration is rather simple, the user database is implemented as text file "dyndns.user" with each line containing

<user>:<password>

Where the password is crypt'ed like in Apache's htpasswd files. Use -d parameter to select the CRYPT encryption.

htpasswd -c -d conf/dyndns.user user1

Hosts are assigned to users in using the file "dyndns.hosts":

<host>:<user>(,<user>,<user>,...)

(So users can update multiple hosts, and a host can be updated by multiple users).

Installation via Composer

# Install Composer
curl -sS https://getcomposer.org/installer | php

# Add Dyndns as a dependency
php composer.phar require nicokaiser/dyndns:*

Then you can create a simple index.php with the configuration:

<?php

require 'vendor/autoload.php';

$dyndns = new Dyndns\Server();

// Configuration
$dyndns
  ->setConfig('hostsFile', __DIR__ . '/../conf/dyndns.hosts') // hosts database
  ->setConfig('userFile', __DIR__ . '/../conf/dyndns.user')   // user database
  ->setConfig('debug', true)  // enable debugging
  ->setConfig('debugFile', '/tmp/dyndns.log') // debug file
  ->setConfig('bind.keyfile', __DIR__ . '/../conf/dyn.example.com.key') // secret key for BIND nsupdate ("<keyname>:<secret>")
  ->setConfig('bind.server', 'localhost') // address of the BIND server
  ->setConfig('bind.zone', 'dyndns.example.com') // BIND zone for the updates
  ->setConfig('bind.ttl', '300') // TTL for DNS entries
;

$dyndns->init();

Usage

Authentication in URL:

http://username:[email protected]/?hostname=yourhostname&myip=ipaddress

Raw HTTP GET Request:

GET /?hostname=yourhostname&myip=ipaddress HTTP/1.0 
Host: yourdomain.tld 
Authorization: Basic base-64-authorization 
User-Agent: Company - Device - Version Number

Fragment base-64-authorization should be represented by Base 64 encoded username:password string.

Implemented fields

hostname Comma separated list of hostnames that you wish to update (up to 20 hostnames per request). This is a required field. Example: hostname=dynhost1.yourdomain.tld,dynhost2.yourdomain.tld
myip IP address to set for the update. Defaults to the best IP address the server can determine.

Return Codes

good The update was successful, and the hostname is now updated.
badauth The username and password pair do not match a real user.
notfqdn The hostname specified is not a fully-qualified domain name (not in the form hostname.dyndns.org or domain.com).
nohost The hostname specified does not exist in this user account (or is not in the service specified in the system parameter)
badagent The user agent was not sent or HTTP method is not permitted (we recommend use of GET request method).
dnserr DNS error encountered
911 There is a problem or scheduled maintenance on our side.

Contributors

@afrimberger (IPv6 support)

License

MIT

dyndns's People

Contributors

Stargazers

Watchers

dyndns's Issues

crypt() implementation

Hi there,

First things first:
Thank you for that very nice piece of software! Made me to finally join up github. =)

To the issue:
I had some problems with your implementation of the crypt() function, resulting in "badauth" all the time.

In Users.php (line 25) you check the user password like this:

$salt = substr($matches[2], 0, 2);
if (crypt($password, $salt) === $matches[2]) {
$this->debug('Login successful for user ' . $user);
return true;
}

According to the php documentation the given password should be checked using the complete stored hash as salt to avoid problems with different hashing algorithms. So i changed it that way:

if (crypt($password, $matches[2]) === $matches[2]) {
$this->debug('Login successful for user ' . $user);
return true;
}

Now when generating a password using htpasswd -d i had no problems.

See php documentation for crypt():
http://www.php.net/manual/en/function.crypt.php

Hope it might help.

Regards
FP

Replace eregi with preg_match

lib/Dyndns/Helper.php still uses eregi, which is deprecated with PHP 5.3.

Replace with preg_match:
http://www.devthought.com/2009/06/09/fix-ereg-is-deprecated-errors-in-php-53/

On Debian 9 and Ubuntu 18.04 shows dnserr

Hi!

I installed your code on a Debian 9 and Ubuntu 18.04 servers.

On both of those systems after a successfull zone update, the response is still "dnserr".

Bind log:

27-Jun-2018 06:16:15.169 client @0x7f574c0aa140 127.0.0.1#52362: updating zone 'example.coml/IN': deleting rrset at 'test.example.com' A
27-Jun-2018 06:16:15.169 client @0x7f574c0aa140 127.0.0.1#52362: updating zone 'example.com/IN': adding an RR at 'test.example.com' A 1.1.1.1

The dyndns.log did not created.

Cheers,
Attila

Add ip to "good" return code

Hey - great little piece of software you wrote there!
I just wanted to point out that some built-in DDNS clients require a more accurate "good" response. Namely all AVM router (FritzBox) which are quite common in Europe require the sucess response to also include the current IP.
So a small change in line 85 of Server.php to $this->returnCode('good '.$this->myIp); did the trick for me. I have no idea if such a change breaks any other clients but I would suggest to include the change in your code.

Possibility to add/delete user+passwords and domains in an admin interface

Hi, thanks for your dyndns project. Would it be possible to add a feature to add/delete/change users and their password and connected domains in an admin interface?

Thx,
FireFox

Use of ddclient

Hi,
if you try to use ddclient (protocol dyndns2) to update your dynamic DNS, you can see that the requested URL is something like this

GET /nic/update?system=dyndns&hostname=yourhost.example.com&myip=1.2.3.4 HTTP/1.0

If you put on the web server the index.php page you gave in the README.md, it would be necessary to implement a rewrite rule like this in a .htaccess file

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . /index.php [L]

Am I wrong?

I think it would be a good advice to have in the installation instructions.

Regards

mod_rewrite https not working

Hi Nico

First of all thank you very much for the great work!
I'm redirecting every request from http to https using mod_rewrite.
Do you know any issues using apaches mod_rewrite?

greets phil

But this part I does not understand what I need to do:

In this case, the zone is also called "dyndns.example.com". The (initial) db.dyndns.example.com file (located in BIND's cache directory) looks like this:

$TTL 1h
@ IN SOA dyndns.example.com. root.example.com. (
        2007111501      ; serial
        1h              ; refresh
        15m             ; retry
        7d              ; expiration
        1h              ; minimum
        )  
        NS <your dns server>
Remember to change access rights so BIND is able to write to this file. On Ubuntu the zone need to be in /var/lib/bind due to AppArmor.

I have a ubuntu server.

nicokaiser / dyndns Goto Github PK

dyndns's Introduction

Dyndns: a simple DynDNS server in PHP

Features

Installation

PHP script configuration

Installation via Composer

Usage

Implemented fields

Return Codes

Contributors

License

dyndns's People

Contributors

Stargazers

Watchers

Forkers

dyndns's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs