Customize DDNS settings for provider DeDyn / DeSec.io

Arise7521 · March 3, 2024, 7:23pm

TLDR: I'm straddling between asking how to create a PR effecting this change should look like and asking it as a feature for an end-user.

--
I insist in using DeSec.io because it's one of the few providers I've seen to support DNSSEC.

The problem is my DeSec.io provider but no matter what I do the provider does not accept my update:

ACTUAL extract from log file viewer tab in LuCI:
 201200       : #>/usr/bin/wget --hsts-file=/tmp/.wget-hsts -nv -t 1 -O /var/run/ddns/myddns_ipv4.dat -o /var/run/ddns/myddns_ipv4.err --bind-address=[IPv4] --ca-directory=/etc/ssl/certs --no-proxy 'https://update.dedyn.io/update?username=ddns&password=***PW***&hostname=[FQDN]&myipv4=[IPv4]&myipv6=preserve'
 201201 ERROR : GNU Wget Error: '6'
 201201       : failed: Invalid argument.
Username/Password Authentication Failed.

I don't know exactly which is the offending argument, maybe it's the use of username & password in the URL itself instead of headers? Anyway I've run some manual tests in CLI and the following updates work smoothly:

GOOD1:
wget -d --header="Authorization: Token [TOKEN]"https://update.dedyn.io/?hostname=[FQDN]&myipv4=[IPv4]&myipv6=[IPv6]"

GOOD2:
/usr/bin/wget --hsts-file=/tmp/.wget-hsts -nv -t 1 -O /var/run/ddns/myddns_ipv4.dat -o /var/run/ddns/myddns_ipv4.err --header="Authorization: Token [TOKEN]"  --ca-directory=/etc/ssl/certs --no-proxy 'https://update.dedyn.io/update?hostname=[FQDN]&myipv4=[IPv4]&preserve=true'

PS:
DeDyn.io is an alias for DeSec.io
[TOKEN] and ***PW*** are the same

Given DeSec.io is configured in https://github.com/openwrt/packages/blob/7b06b1d312ed3a43d2d030b55b6932a55365b5bd/net/ddns-scripts/files/usr/share/ddns/default/desec.io.json and there are a few examples in net/ddns-scripts/files/usr/lib/ddns/update_luadns_v1.sh where should I start investigating on how should I add this change?

I'm currently thinking of investigating how update_luadns_v1.sh works and/ or/ if desec.io.json can contain headers to be passed to WGET / cURL client

Are there any workarounds that would be preferred instead of making this as a PR?

AndrewZ · March 3, 2024, 7:36pm

Try the changes shown here:
https://openwrt.org/docs/guide-user/services/ddns/client#overview

Arise7521 · March 4, 2024, 5:32am

Am I wrong in reading the custom DDNS provider does not allow setting of the headers in the request? As I currently read the wiki, only cloudflare provider can set the RFC compliant Authorization Bearer Token Header -- as copied from the Cloudflare_com wiki entry

Arise7521 · March 6, 2024, 7:15pm

Unless I've passed the auth Token in --header="Authorization: Token ${__PASSW}" my DeSEC provider rejects my update. As such, I've settled on using this custom script with the ' -- custom -- ' provider:

#!/bin/ash
# Location: /root/bin/dyndns_desecio_v4.sh
# updates both IPv6 and IPv4
# mostly everything is hard coded except IPv4 which is received as $1

function http_get_basic_auth_header() {
  local __PASSW __HOST __IPV4
  # let me pretend these are not hard coded
  __PASSW=""
  __HOST=""
  __IPV4=$1
  __CAACERT_PATH=/etc/ssl/certs/ca-certificates.crt

  /usr/bin/wget -6 --hsts-file=/tmp/.wget-hsts -nv -t 1 \
    -O /var/run/ddns/myddns_ipv6.dat -o /var/run/ddns/myddns_ipv6.err \
    --header="Authorization: Token ${__PASSW}" \
    --ca-directory=${__CACERT_PATH} --no-proxy \
    "https://update.dedyn.io/update?hostname=${__HOST}&preserve=true"

  /usr/bin/wget --hsts-file=/tmp/.wget-hsts -nv -t 1 \
    -O /var/run/ddns/myddns_ipv4.dat -o /var/run/ddns/myddns_ipv4.err \
    --header="Authorization: Token ${__PASSW}" \
    --ca-directory=${__CACERT_PATH} --no-proxy \
    "https://update.dedyn.io/update?hostname=${__HOST}&myipv4=${__IPV4}&preserve=true"
}

http_get_basic_auth_header $1

Let me know if you have any comments / improvements

AndrewZ · March 6, 2024, 7:52pm

deSec works fine for me with the standard script without any modifications.

What ddns is doing here? You need to use your hostname (FQDN) in both Domain and Username fields in Luci DDNS configuration. Reference is here.

P.S. you may need to use the proper wget (wget-ssl) or install curl and enable it in global DDNS configuration.

system · March 16, 2024, 7:55pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.