Dynamic DNS Option

[SeLLeRoNe]

Well, is not a DA issue because of those:

- If the main domain is the same for all (ex. whatever.mydyndnsdomain.tld) the user to access DNS of a single domain is just one (dyndns in my example script)
- If are more than one domain (ex. whateveer.mydyndnsdomaintld whatever2.myotherdydndnsdomain.tld) you can choose or to put both domain in same user, or use the admin level access that was as example on my pervious script).

Since those are just DNS and not webspace/mail/whatever, if the domain is just one, the user who own the domain is just one, and so the php page access that use the API is just one, the way you do interface/interact with end-user is different and would be better to use mysql as suggested instead of creating a user for each subdomain in directadmin.. waste of space and resources since it does only need DNS modifications.

Regards

 

[Richard G]

I understand. Didn't thing of it like that before. Thank you for explaining.

 

[kumphanartd]

ddns service provider emulator

I have follow instruction from above post and I try to create DDNS Server for DirectAdmin and emulate to be noip.com DDNS Server.

So far I modify as followed:
- use .htaccess and .htpasswd for username : password to run the index.php file
- hostname : username mapping is hardcoded in index.php file
- domain variable has been changed to hostname to emulate noip.com DDNS Server
- index.php has been placed in /nic/update folder of public_html to follow noip.com API instruction
- directadminusername : directadminpassword has been hard coded in index.php file



noip.com api to update the record is "http://{username}:{password}@{ServiceProviderHost}/nic/update?hostname={Domain to be updated}&myip={new ip}

In Huawei Router, I select as followed:

Domain Name: my_ddns_client.mydomain.com

Service Provider: noip.com

Host of the Service Provider: ddns_server.mydomain.com

Service Port: 80

Use Name: admin

Password: password



Huawei Router should create request as followed: "http://adminassword@ddns_server.mydomain.com/nic/update?hostname=my_ddns_client.mydomain.com&myip=newip"


If I do it from the Edge/Chrome browser, my ddns server is working normal. But if I use Huawei HG8247 router I see the request coming from Huawei router. But Huawei Router "Run State" for ddns record is said to be down and the record result in error. I would like to know if anyone can help me on how to debug of why huawei http massage reach directadmin php access log but does not update the ddns record. What is missing? And further reply to huawei router but not so neccessary.

Thanks & Best Regards,

Here is my code:

<?php
include("httpsocket.php");
$DIRECTADMINUSER="directadminuser";
$DIRECTADMINPASSWORD="directadminpassword";
$DIRECTADMINURL="www.directadminvirutualhost.com";
$DIRECTADMINPORT="2222";
// PASSWORD ARE STORED IN .htpasswd file.
// CREATE PASSWORD FOR THE FIRST TIME, PLEASE USE 'htpasswd -c .htpasswd username'
// ANY ADDITIONAL USERNAME omit '-c'

$SUBDOMAINOWNER = array("ddnsclient1"=>"user1","ddnsclient2"=>"user2","ddnsclient3"=>"user3");
$URI= $_SERVER['REQUEST_URI'];
//echo $URI.'<br />';
$USERLOGIN= $_SERVER['PHP_AUTH_USER'];
//echo $USERLOGIN.':'.$_SERVER['PHP_AUTH_PW'].'<br />';
$SUBDOMAIN=$_GET["hostname"];

$IP=$_SERVER['REMOTE_ADDR'];
//  echo 'User Input, Subdomain to be updated: '.$SUBDOMAIN.' With Login:'.$USERLOGIN.', Calling from IP: '.$IP.'<br />';
if (isset($SUBDOMAIN)) {
  $HOSTNAMEARRAY = explode(".",$SUBDOMAIN);
  $DOMAIN = $HOSTNAMEARRAY[1].".".$HOSTNAMEARRAY[2].".".$HOSTNAMEARRAY[3];
  $HOSTNAME = $HOSTNAMEARRAY[0];
  $ERROR=0;
  $DATABASEOWNER=$SUBDOMAINOWNER[$HOSTNAME];
//  echo 'Resolving IP '.$SUBDOMAIN.' resulting in '.gethostbyname($SUBDOMAIN).'<br />';
//  echo 'USER LOGIN: '.$PASSCODE.' comparing to DATABASE PASSCODE: '.$DATABASEPASSCODE.'<br />'; 
  if (($IP !== gethostbyname($SUBDOMAIN)) and ($USERLOGIN == $DATABASEOWNER)) {
//    print_r('In the Update Loop.<br />');
    $sock = new HTTPSocket;
    $sock->connect($DIRECTADMINURL,$DIRECTADMINPORT);	 
    $sock->set_login($DIRECTADMINUSER,$DIRECTADMINPASSWORD);
    $sock->set_method('POST');

    // Set TTL to 60 seconds
    $sock->query("/CMD_API_DNS_CONTROL?domain=".$DOMAIN."&action=ttl&ttl_select=custom&ttl=60");
    if (!strstr($sock->fetch_body(),"error=0")) $ERROR=1;
   // Remove old A record
   $sock->query("/CMD_API_DNS_CONTROL?domain=".$DOMAIN."&action=select&arecs0=name=".$HOSTNAME."&value=".gethostbyname("$HOSTNAME"));
   if (!strstr($sock->fetch_body(),"error=0")) $ERROR=1;
   // Create new A record
    $sock->query("/CMD_API_DNS_CONTROL?domain=".$DOMAIN."&action=add&type=A&name=".$HOSTNAME."&value=".$IP);
    if (!strstr($sock->fetch_body(),"error=0")) $ERROR=1;
    if ($ERROR == 0) print("good ".$IP); else print ("911");
  }
  else print("nochg ".$IP."<br />");
}
else print("nohost<br />");
?>

 

[kumphanartd]

I found what I think is the cause of preventing huawei router from register the new address.

Apache instruct browser that submit http://{username}:{password}@domain.com/nic/update?hostname=xxxx ask it to redirect to new address http://{username}:{password}@domain.com/nic/update/?hostname=xxxx (with "/" after /nic/update)

I now try to find how to handle missing "/" at the end of /nic/update without redirecting.
And also .htaccess does not work as it create a pop up for usernameassword, now I end up handle usernameassword in php ocde

Anybody has a quick answer for me how to solve it would be very appreciate.

 

[kumphanartd]

I now solve the "/" extra requirement by using apache rewrite rule.

RewriteRule ^/nic/update /nic/update/index.php [L]

And it solve the redirect problem.
TCPDUMP now showing Apache reply "good <new ip>" buy huawei router still do not recognize the answer. Will keep looking for more clue.

The .htaccess still need pop up to key in Usernameassword. Any help is highly appreciate.

 

[kumphanartd]

I reply to this thread with another message and wait for the moderator to approve. When I add below message, I no longer need approval. But it might confuse other user what I am seeing below.

I finally figure out that if I put the file in virtualhost_public_html/nic/update/index.php and use the api provide from no-ip.com.
http://{username}:{password}@www.virtual_domain.com/nic/update?hostname=ddns_hostname_to_be_update(&myip=new_ip)
Apache will redirect the request to
http://{username}:{password}@www.virtual_domain.com/nic/update/?hostname=ddns_hostname_to_be_update(&myip=new_ip)
with extra "/" after /nic/update and this prevent huawei router from process the request further.
I then add to apache config for virtual_host_config

RewriteRule ^/nic/update /nic/update/index.php [L]

so that there is not redirect instruction back to huawei router. The update proceed and finish. But the status on the router not change. And now today router status is "UP". So now Directadmin can act as ddns no-ip.com server.

Only remaining issue that I do not yet try is use .htaccess to process {username}:{password}. Now I use the php code to handle it.

I now solve the "/" extra requirement by using apache rewrite rule.

RewriteRule ^/nic/update /nic/update/index.php [L]

And it solve the redirect problem.
TCPDUMP now showing Apache reply "good <new ip>" buy huawei router still do not recognize the answer. Will keep looking for more clue.

The .htaccess still need pop up to key in Usernameassword. Any help is highly appreciate.

 

[arjena]

Just tried the script and it works flawlessly. I can curl from my Pi every half hour or so to reflect any changes my isp forces upon me.
But of course, since it changes the record in my domain setup as if I just added a new (sub)domain, it takes a long time for the change to propogate. As I recall, when I use a service like no-ip the change is almost instant.
Is there any way to make this faster? Since this is only for 'private use' (home automation and such) I don't need all the dns-servers around the world to update, just the ones I'm using (does that make sense?). On my computer I can add my VPS's dns. That works pretty fast. But on my sensors/switches I can often add only one dns. So if there is a way to force a specific dns server to update first I could use that server on all my IOT things. But I guess that's too much to ask.
And another question, the script sets the TTL to 60 seconds, far less than the default 14400. Is that a problem in any way? There must be a reason default is set to 4 hours?

 

[Richard G]

I read this with great interest. I was looking for a solution for a long time but since I'm no scripter that's a bit of an issue.
I was trying to do this a couple of years ago, but then something came in between and I forgot all about it. Still I would love to use it.

However, I can see changes from Sellerone's version. Is it also safe? I would love to use it privately but I do like the dns-servers to be updated, at least in our own country so I can reach it when I'm with friends or on holidays.

The TTL is set to 60 seconds because then it will change and propagate within a minute instead of every 4 hours. So it should in fact not take a lot of time to propagete.
I guess it's set to 4 hours to prevent flooding DNS servers or something like that. Not sure. Setting it to 60 seconds should be no problem.

 

[arjena]

What do you mean with 'I can see changes from Sellerone's version'? Do you have changes in mind or are you referring to kumhanartd's version?
I used Sellerone's script just like he posted (the second one). Is it safe? No. Anyone who has access to this script can change the ip for a domain listed under the user. That is why the script should be in a protected directory. I also use this just for IOT purposes, so i created a domain (and user) with a couple of subdomains for the various locations I need access to. If someone manages to get access to the script and changes the IP for one of the subdomains it will prevent some sensor from working but nothing else.
I'm also working on an update script to run on a pi that will check every 30 minutes or so if the IP is still current. If not, it will run Sellerone's script. If the current IP still corresponds to the subdomain it will run a second script that only resets the TTL to default.

 

[Richard G]

Do you have changes in mind or are you referring to kumhanartd's version?

Yes I've seen some changes in Kumhanartd's version compared to the one from Sellerone. Since you replied almost directly below it without referring to Sellerone, I presumed you used Kumhanartd's script.

It's good you made clear now you used Sellerone's version. However I would like it in my router and can't use it when it's not safe in that case.

 

[arjena]

I can see the confusion ;-).
The script is running on your server. So if you want your router to keep the records up to date you'll have to find a way to make your router call the script. I think that is what Kumhanardt does and why he adapted the script to his needs.
What are your concerns about safety? I don't think it makes any difference in safety how you call the script. You should of course use https to call the script, otherwise your username/password (the ones for the password protected directory where your script resides) wil be send as plain text (I think, not an expert at all). But like I said, safety is relative. When someone gains access to your script the worst they can do is change your IP. Login details (for your Directadmin account) are in the php script on your server and are not readable from the outside.

Groeten,

Arjen

 

[Richard G]

I also think Kumhanardt adapted the script to his needs.
I've seen Sellerone write this:

i've edited it back to the original since it also set TTL to 60 seconds and is more secure.

Which says "more secure. So in fact I should ask Kumhanardt if he retained this security with his adjustments. I'm no scripter so several things in the script I just don't understand what it says.

But when reading your comment I presume those things are good enough. Indeed if somebody would get access they could only change the ip, no big issue.

Thank you!

 

[arjena]

Yes, the first script Sellerone published uses the admin login, so once you have those credentials you have access to all users and domains on the server. When you use the login for the owner of the (sub)domain you narrow the risk of somebody stealing the logins. Even if that risk is very small to begin with.
I still want to write that script that sets TTL back to default, I don't want to keep it at 60secs indefinitely. So far finding the time to do so is the most difficult bit...