I'm interested in adding support in LEDE for updating DDNS records on Amazon Web Services Route53 DNS service. Up until now indeed it was difficult to directly update Route53 since their Python-based CLI tool brings in too many dependencies, and their REST API is an abomination that requires lots of authentication key signature calculations. Any other solution requires an intermediate service external to the LEDE device.
To that end, I recently started working on implementing the simple REST API call using as little dependencies as possible - source can be found on Github https://github.com/yuvadm/route53-ddns
Current script depends on
curl (HTTP/S client),
openssl-util (HMAC-SHA256 for API signature) and
ca-bundle (CA certs) - roughly 1.5MB of packages, reasonable on a modern device. However, I believe this can be further reduced:
- Installing AWS CA cert only
- Boldly going where no one has gone before and implementing HMAC in bash, and using builtin
- Any lighterweight option other than
Eventually I'm interested in supporting Route53 as a proper DDNS provider so I can do:
config 'service' 'route53'
option 'service_name' 'route53.amazonaws.com'
option 'enabled' '1'
option 'domain' 'foo.example.com'
option 'aws_access_key_id' 'xxxxxxxxxxxxxxxxxx'
option 'aws_secret_access_key' 'xxxxxxxxxxxxxxxxxxxx'
option 'hosted_zone_id' 'ABCDEFGHIJKL'
Thoughts on how to continue development? Is there a reasonable roadmap for including this in LEDE?
Looking on existing ddns-scripts package https://github.com/openwrt/packages/tree/master/net/ddns-scripts there are already additional service scripts for godaddy.com, cloudflare.com and others for updates with provider specific protocols.
If you like, your script and it's dependencies could be included into the ddns-script package as additional service easily.
- all shell scripts inside OpenWrt/LEDE using #!/bin/sh instead of bash.
- the script is parsed by dynamic_dns_functions.sh inside send_update() function
- ddns-scripts also support IPv6, if DDNS provider and your script does
- you should (re)use already existing UCI settings (compatible with luci-app-ddns) for Route53 service
option service_name "route53-v?"
option lookup_host "your host/domain" (also used by nslookup etc. )
option domain "your hosted_zone_id" (parameter used for provider update only
option username "your aws_access_key_id"
option password "your aws_secret_access_key"
inside services/services_ipv6 you set something like
or you use custom service settings (remove option service_name) and set
option update_script 'path/to/your/script.sh'
you should include a v? version information, if provider api changes (as done by cloudflair.com)
Since I was interested in this, I have created a pull request:
Note that @yuvadm as relicensed his script under GPLv2 to be compatible with the rest of the packaging, this pull request is basically taking his script and packaging it as @chris5560 has suggested.
Please consider this script, and feel free to suggest any changes needed.