This simple app, lets you dynamicaly update a DNS record on Gandi registrar using any Cisco router, Cisco ASA firewall (with some restrictions) or device that is able to send its pubblic IP and fqdn (hostname + domain name) through a GET or POST request like dd-wrt, openwrt pfsense, freenas, Synology and many others.
- Install bottlepy
pip install bottle - Rename or copy 'config-test.json' to 'config.json'.
Default config looks like this:
{"port":"8080",
"bind":"0.0.0.0",
"apikey":"your_gandi_apy_key",
"logging":{
"log_enable":"false",
"log_level":"INFO",
"log_file":"./gandi-dyndns.log"}
}port- The HTTP port to listen onbind- The address that should be bound to for comunication. By default, this is "0.0.0.0", meaning gandi-dyndns will bind to all addresses on the local machine.apikey- Gandi apikeylog_enable- Enable or Disable logging to filelog_level- Log level to enable, possible values are: INFO, and DEBUGlog_file- Log file relative or absolute path
In this example, we suppose you want to manage router.example.com
-
You must have a zone file on you gandi account named as your domain. e.g. example.com needs a zone file called example.com, if you don't have it, create it and link it to your example.com domain here
-
Now edit the zone just created and add a new A record for the router subdomain:
| Field | Value | |
|---|---|---|
| Type | A | |
| TTL | 5 | minutes |
| Name | router | |
| Value | 127.0.0.1 |
- Once done, click on the button
use this versionto make the new zone file active.
Simply run the script
./gandi-dyndns.py./gandi-dyndns.py -c configfileThis app accepts one optional parameter -c, --config that defines the location of the config file, by default this config file has to be in the same directory where gandi-dyndns.py is.
Now your router, firewall or network appliance (for info about how to configure a cisco ASA firewall check the config section) can send updates to gandi-dyndns using GET or POST methods and the app will do the rest.
$machine_IP/DNS_name:$port/nic_update?ip=$IP&fqdn=$domain
To test the app manually (be aware that this may update your DNS name) issue this from your terminal:
curl -i "http:localhost:8080/nic_update?ip=1.1.1.1&fqdn=router.example.comOr if you want to simulate a POST request:
curl -i -X POST "http:localhost:8080/nic_update?ip=1.1.1.1&fqdn=router.example.comfqdnThis parameter is required and has to be the full FQDN of the device you want to update. e.g. router.example.comipThis parameter is optional and accepts only pubblic IP's. If none is supplied, the source address that generated the request is considered. This helps clients behind NAT or not able to send their IP to be used as well.
- 200 => All good, 200 is given after updating the IP on Gandi and when there is no need to do so.
- 400 => Bad request, some parameters are missing, not formatted correctly or the provided IP is not a pubblic one.
- 404 => Not found, No domain found associated with the Gandi API, zone file missing or A record not found into the zone file.
You can monitor if the app is up and running by simply send GET or POST requests to '/ping'
curl -i "http://localhost:8080/ping"
HTTP/1.0 200 OK
Date: Mon, 10 Apr 2017 22:05:08 GMT
Content-Length: 12
Server: gandi-dyndns
Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
I'am alive!Cisco ASA firewalls currently do not natively support DDNS Updates for HTTP-Based Protocols like routers do. This simple hack is the only way I found to overcome this:
On your ASA firewall, under config terminal mode, issue these two commands:
auto-update poll-period 30 5 1
auto-update server http://server:8080/nic_update?fqdn=router.example.com source outside
Note: Before entering the question mark (?) character, press the control (Ctrl) key and the v key together on your keyboard. This will allow you to enter the ? without the software interpreting the ? as a help query.
What your firewall will basically do is sending a POST request to your server that is running gandi-ddns every 30 minutes using the outside interface, if the request fails, it will try to send it again every minute for 5 times. Ip value is missing from the URL, so gandi will be updated with the source address of the request.
Details about the above commands can be found here
- You must have a zone file on you gandi account named as your domain. e.g. example.com needs a zone file called example.com
- You can manage as many domains and subdomain as you want, but they all have to be owned by the same apikey.
- You will notice that gandi-dyndns sometimes needs quite a lot of time to respond with a 200 (~2s.), this is due to the slow nature of the Gandi API's.
- HTTPS is not available yet
- Tested under Unix & Mac OS X using python 2.7.x