Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNSExit: Updater breaks when provided with a zone and a non-identical hostname (bug) #673

Closed
jortkoopmans opened this issue May 19, 2024 · 3 comments · Fixed by #674
Closed

DNSExit: Updater breaks when provided with a zone and a non-identical hostname (bug) #673

jortkoopmans opened this issue May 19, 2024 · 3 comments · Fixed by #674

Comments

@jortkoopmans
Copy link
Contributor

Description

When a configuration is provided with a zone and a hostname that is not identical to the zone, the updater fails. This issue was introduced with the implementation of the dnsexit provider, due to a misunderstanding of how the dnsexit API expects updates for 'subdomains'. This bug has been confirmed via the report here: opnsense/plugins

Steps to reproduce

  1. Provide a configuration with a zone and a hostname that is not identical to the zone.
  2. Run the updater.

Expected behavior

The updater should produce the following JSON call for host host1.myroot.publicvm.com on zone myroot.publicvm.com:

{
"domain":"myroot.publicvm.com",
"apikey":"myApiKey"
"update":
  [{
    "ttl":5,
    "type":"A",
    "content":"1.2.3.4",
     "name":"host1"
   }]
}

Actual behavior

Currently, the name field is identical to the full hostname, which does not work.
Note that for calls with identical name and zone, this does work, as does an empty name with a zone that contains a root hostname (i.e. myroot.publicvm.com)

Proposed solution

The issue can be fixed by:

  • Only providing the 'hostname' part on the name field in the update block, by trimming it from the zone (if provided).
  • Ensuring that this fix does not break other use cases (simple hostname only, without zone, hostname and zone being equal). Also handling ipv4 and ipv6 which must be done in a single call.

I will propose a solution shortly.
@jortkoopmans jortkoopmans mentioned this issue May 19, 2024
Merged
@DiSHTiX DiSHTiX mentioned this issue May 22, 2024
Open
3 tasks
@rhansen
Copy link
Member

rhansen commented May 28, 2024
edited

@jortkoopmans

Currently, the name field is identical to the full hostname, which does not work.

So the documentation at https://dnsexit.com/dns/dns-api/ is wrong? Their documentation explicitly says that it is OK to either include or exclude the domain (zone). If their documentation is wrong, please also file a bug report with them to fix their documentation or their service.

Note that for calls with identical name and zone, this does work, as does an empty name with a zone that contains a root hostname (i.e. myroot.publicvm.com)

#674 uses the full host name for name when the zone setting equals the host name. Please confirm that that is the preferred behavior.

@DiSHTiX
Copy link

DiSHTiX commented May 30, 2024

@jortkoopmans

Currently, the name field is identical to the full hostname, which does not work.

So the documentation at https://dnsexit.com/dns/dns-api/ is wrong? Their documentation explicitly says that it is OK to either include or exclude the domain (zone). If their documentation is wrong, please also file a bug report with them to fix their documentation or their service.

Note that for calls with identical name and zone, this does work, as does an empty name with a zone that contains a root hostname (i.e. myroot.publicvm.com)

#674 uses the full host name for name when the zone setting equals the host name. Please confirm that that is the preferred behavior.

This only works for updating the top-level ddns domain ie. myroot.publicvm.com.
For subdomains ie. amsterdam.myroot.publicvm.com requires the 'zone' = 'myroot.publicvm.com' but currently the script tries to use 'amsterdam.myroot.publicvm.com' which fails as it does not exist.

Its better explained here, incl. response from DNSexit themselves.
#opnsense/plugins#3712 (comment)

@rhansen
Copy link
Member

rhansen commented May 30, 2024

These are the cases (JSON to DNSExit) I need to understand:

  • domain = "domain.publicvm.com" and name = "": This IS supported, and updates domain.publicvm.com.
  • domain = "domain.publicvm.com" and name = "domain.publicvm.com": This IS supported, and updates domain.publicvm.com.
  • domain = "domain.publicvm.com" and name = "host.domain.publicvm.com": This is NOT supported, contrary to DNSExit's own documentation.
  • domain = "domain.publicvm.com" and name = "host": This IS supported, and updates host.domain.publicvm.com.
  • domain = "host.domain.publicvm.com" and name = "host.domain.publicvm.com". This IS supported, and updates host.domain.publicvm.com.
  • domain = "host.domain.publicvm.com" and name = "". This IS supported, and updates host.domain.publicvm.com.

@DiSHTiX Can you confirm that the above is complete and correct?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix DNSExit provider when provided with a zone and a non-identical hostname jortkoopmans/ddclient
3 participants
@jortkoopmans @rhansen @DiSHTiX