-
-
Notifications
You must be signed in to change notification settings - Fork 140
/
inadyn.conf.5
605 lines (587 loc) · 17.8 KB
/
inadyn.conf.5
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
.\" -*- nroff -*-
.\"
.\" Process this file with
.\" groff -man -Tascii foo.1
.\"
.\" Copyright 2005, by Shaul Karl.
.\" Copyright 2010-2020, by Joachim Wiberg.
.\"
.\" You may modify and distribute this document for any purpose, as
.\" long as this copyright notice remains intact.
.\"
.Dd February 20, 2020
.Dt INADYN 5 SMM
.Os
.Sh NAME
.Nm inadyn.conf
.Nd inadyn DDNS client configuration file
.Sh SYNOPSIS
.Nm /etc/inadyn.conf
.Sh DESCRIPTION
.Nm inadyn
is configured using a simple configuration file. The
.Dq #\&
character marks start of a comment to end of line. The \\ character can
be used as an escape character.
.Pp
.Bl -tag -width TERM
.It Cm verify-address = <true | false>
By default
.Nm inadyn
verifies both IPv4 and IPv6 addresses, making sure the address is a
valid Internet address. Invalid addresses are, e.g., link local,
loopback, multicast and known experimental addresses. For more
information, see RFC3330.
.Pp
IP address validation can be disabled by setting this option to
.Cm false .
.It Cm fake-address = <true | false>
When using SIGUSR1, to do a forced update, this option can be used to
fake an address update with a
.Dq random
address in the 203.0.113.0/24 range, example address range from RFC5737,
before updating with the actual IP address. This is completely outside
spec., but can be useful for people who very rarely, if ever, get an IP
address change. Because some DDNS service providers will not register
even a forced update if the IP is the same. As a result the user could
be deregistered as an inactive user.
.It Cm allow-ipv6 = <true | false>
.Nm Inadyn
can get an IPv6 address from an interface, or with an external checkip
script. This option controls if IPv6 addresses should be allowed or
discarded. By default this option is
.Ar false ,
i.e. any IPv6 addresses found are discarded.
.It Cm iface = IFNAME
Use network interface
.Nm IFNAME
as source of IP address changes instead of querying an external server.
With this option is enabled, the external IP check is disabled and
.Nm inadyn
will send DDNS updates using the IP address of the
.Nm IFNAME
network interface to
.Em all
DDNS providers listed in the configuration file. This can be useful to
register LAN IP addresses, or, when connected directly to a public IP
address, to speed up the IP check if the DDNS provider's check-ip
servers are slow to respond.
.Pp
This option can also be given as a command line option to
.Xr inadyn 8 ,
both serve a purpose, use whichever one works for you.
.It Cm iterations = <NUM | 0>
Set the number of DNS updates. The default is
.Ar 0 ,
which means infinity.
.It Cm period = SEC
How often the IP is checked, in seconds. Default: apxrox. 1 minute. Max:
10 days.
.It Cm forced-update = SEC
How often the IP should be updated even if it is not changed. The time
should be given in seconds. Default is equal to 30 days.
.It Cm secure-ssl = < true | false >
If the HTTPS certificate validation fails for a provider
.Nm inadyn
aborts the DDNS update before sending any credentials. When this
setting is disabled, i.e.
.Ar false ,
then
.Nm inadyn
will only issue a warning. By default this setting is enabled, because
security matters.
.It Cm broken-rtc = < true | false >
HTTPS certificates are only valid within specified time windows, so on
systems without hardware real-time clock and default bootup time far in
the past, false-positive validation fail is expected. When this setting
is enabled, i.e.
.Ar true ,
then
.Nm inadyn
will only issue a warning
that the certificate is not valid yet. By default this setting is
disabled, because security matters.
.It Cm ca-trust-file = FILE
By default
.Nm inadyn
uses the built-in path to the system's trusted CA certificates, both
GnuTLS and Open/LibreSSL support this. As a fall-back, in case the
API's to load CA certificates from the built-in path fails,
.Nm inadyn
also supports common default paths to Debian and RedHat CA bundles.
.Pp
This setting overrides the built-in paths and fallback locations and
provides a way to specify the path to a trusted set of CA certificates,
in PEM format, bundled into one file.
.It Cm user-agent = STRING
Specify the User-Agent string to send to the DDNS provider on checkip
and update requests. Some providers require this field to be set to a
specific string, some may be OK with "Mozilla/4.0". The default is to
send "inadyn/VERSION SUPPORTURL", where VERSION is the current
.Nm inadyn
version, and SUPPORTURL is the upstream support URL.
.Pp
This can also be set on a per-provider basis, see below custom and
provider section description.
.It Cm custom some@identifier {}
The
.Cm custom{}
and
.Cm provider{}
sections are very similar, except that the custom section allows
customizing the DDNS update server details. For more details, see the
description for
.Cm provider{} ,
below.
.It Cm provider email@ddns-service.tld[:ID] {}
The
.Cm custom{}
and
.Cm provider{}
sections are very similar, except that the custom section allows
customizing the DDNS update server details. See below list for
supported DDNS providers and their
.Cm email@ddns-service.tld
identifiers.
.Pp
To support multiple users of the same DDNS provider, append
.Pa [:ID]
to the provider name. The
.Pa ID
can be any free form string or number as long as the combination is
unique.
.Pp
Common settings in custom{} and provider{} sections are:
.Pp
.Bl -tag -width TERM
.It Cm include("/path/to/file")
Include settings from another file, supports tilde expansion, e.g.
.Pa ~/.freedns.pw .
Any custom{} or provider{} setting can be included, and any amount of
include statements may be used.
.It Cm ssl = <true | false>
Use HTTPS, both when checking for IP changes and updating the DNS
record. Default is to use HTTPS (true).
.It Cm username = USERNAME.
The username, if applicable. This might be referred to as hash by some providers.
.It Cm password = PASSWORD
The password, if applicable.
.It Cm iface = IFNAME
Same as the global setting, but only for this provider. For more information, see above.
.It Cm checkip-server = <default | checkip.example.com[:port]>
This setting allows overriding the provider's default checkip server.
The
.Cm default
keyword resolves to the built-in default,
.Cm "http://ifconfig.me/ip" ,
which affect not only this setting, but also
.Cm checkip-path
and
.Cm checkip-ssl .
Any other value is the server name to query periodically for IP address
changes. The optional
.Pa :port
argument defaults to
.Ar 443 ,
see
.Cm checkip-ssl
for details.
.Pp
This is an optional setting. For
.Cm provider{}
sections it defaults to a pre-defined
.Cm checkip-server
and
.Cm checkip-path
for the given DDNS provider. For
.Cm custom()
DDNS setups it defaults to the built-in default (abvove).
.It Cm checkip-path = "/some/checkip/url?param=value"
Optional server path and query string for check IP server, defaults to "/". When the
.Cm checkip-server
is set to
.Cm default ,
this setting is ignored.
.It Cm checkip-ssl = <true | false>
This setting usually follows the
.Cm ssl
setting, but can be used to disable HTTPS for the IP address check.
This might be needed for some providers that only support HTTPS for the
DNS record update.
.Pp
However, when a custom
.Cm checkip-server
is defined for a provider, this setting does
.Em not
follow the
.Cm ssl
setting. Default is to use HTTPS (true).
.It Cm checkip-command = "/path/to/shell/command [optional args]"
Shell command, or script, for IP address update checking. The command
must output a text with the IP address to its standard output. The
following environment variables are set:
.Bl -tag -width TERM
.It INADYN_PROVIDER
contains the DDNS provider's full name in form
.Cm email@ddns-service.tld
.It INADYN_USER
contains user's name
.El
.Pp
.Pa Example:
.Bd -unfilled -offset indent
checkip-command = "/sbin/ifconfig eth0 | grep 'inet addr'"
.Ed
.Pp
.Nm Inadyn
will use the first occurrence in the command's output that looks like an
address. Both IPv4 and IPv6 addresses are supported.
.It Cm hostname = HOSTNAME
.It Cm hostname = { "HOSTNAME1.name.tld", "HOSTNAME2.name.tld" }
Your hostname alias. To list multiple names, use the second form.
.It Cm user-agent = STRING
Same as the global setting, but only for this provider. If omitted it
defaults to the global setting, which if unset uses the default
.Nm inadyn
user agent string. For more information, see above.
.It Cm wildcard = <true | false>
Enable domain name wildcarding of your domain name, for DDNS providers
that support this, e.g. easydns.com and loopia.com. This means that
anything typed before your hostname, e.g. www. or ftp., is also updated
when your IP changes. Default: disabled. For
.Nm inadyn
< 1.96.3 wildcarding was enabled by default.
.It Cm ttl = SEC
Time to live of your domain name. Only works with supported DDNS providers, e.g. cloudflare.com.
.It Cm proxied = <true | false>
Proxy DNS origin via provider's CDN network. Only works with supported DDNS providers, e.g. cloudflare.com. Default: false
.El
.It Cm provider [email@]ddns-service[.tld] {}
Either a unique substring matching the provider, or or one of the exact
matches to the following unique provider names:
.Pp
.Bl -tag -width TERM -compact
.It Cm default@freedns.afraid.org
.Aq https://freedns.afraid.org
.It Cm ipv4@nsupdate.info
.Aq https://nsupdate.info
.It Cm ipv6@nsupdate.info
.Aq https://nsupdate.info
.It Cm default@duckdns.org
.Aq https://duckdns.org
.It Cm default@freemyip.com
.Aq https://freemyip.com
.It Cm default@loopia.com
.Aq https://www.loopia.com
.It Cm default@dyndns.org
Connect to
.Aq https://www.dyndns.org ,
i.e.,
.Aq https://dyn.com
.It Cm default@noip.com
.Aq https://www.noip.com
.It Cm default@no-ip.com
Handled by
.Cm default@noip.com
plugin.
.It Cm default@easydns.com
.Aq https://www.easydns.com
.It Cm default@dnsomatic.com
.Aq https://www.dnsomatic.com
.It Cm dyndns@he.net
.Aq https://dns.he.net
.It Cm default@tunnelbroker.net
IPv6
.Aq https://www.tunnelbroker.net
by Hurricane Electric.
.It Cm default@sitelutions.com
.Aq https://www.sitelutions.com
.It Cm default@dnsexit.com
.Aq https://www.dnsexit.com
.It Cm default@zoneedit.com
.Aq https://zoneedit.com
.It Cm default@changeip.com
.Aq https://www.changeip.com
.It Cm default@dhis.org
.Aq https://www.dhis.org
.It Cm default@domains.google.com
.Aq https://domains.google
.It Cm default@ovh.com
.Aq https://www.ovh.com
.It Cm default@gira.de
.Aq https://giradns.com
.It Cm default@duiadns.net
.Aq https://www.duiadns.net
.It Cm default@ddnss.de
.Aq https://ddnss.de
.It Cm default@dynv6.com
.Aq https://dynv6.com
.It Cm default@ipv4.dynv6.com
.Aq https://ipv4.dynv6.com
.It Cm default@spdyn.de
.Aq https://spdyn.de
.It Cm default@strato.com
.Aq https://www.strato.com
.It Cm default@cloudxns.net
.Aq https://www.cloudxns.net
.It Cm dyndns@3322.org
.Aq https://www.3322.org
.It Cm default@dnspod.cn
.Aq https://www.dnspod.cn
.It Cm default@dynu.com
.Aq https://www.dynu.com
.It Cm default@selfhost.de
.Aq https://www.selfhost.de
.It Cm default@pdd.yandex.ru
.Aq https://connect.yandex.ru
.It Cm default@cloudflare.com
.Aq https://www.cloudflare.com
.It Cm default@goip.de
.Aq https://www.goip.de
.El
.It Cm custom some@identifier {}
Specific to the custom provider section are the following settings:
.Pp
.Bl -tag -width TERM
.It Cm ddns-server = update.example.com
DDNS server name, not the full URL.
.It Cm ddns-path = "/update?domain="
DDNS server path. By default the hostname is appended to the path,
unless
.Cm append-myip=true
is set. Alternatively,
.Xr printf 3
like format specifiers may be used for
a fully customizable HTTP GET update request. The following format
specifiers are currently supported:
.Pp
.Bl -tag -width TERM -compact
.It Cm %u
username
.It Cm %p
password, if HTTP basic auth is not used
.It Cm %h
hostname
.It Cm %i
IP address
.El
.Pp
With the following example:
.Bd -unfilled -offset indent
username = myuser
password = mypass
ddns-path = "/update?user=%u&password=%p&domain=%h&myip=%i"
hostname = YOURDOMAIN.TLD
.Ed
.Pp
the resulting update URL would be expanded to
.Bd -unfilled -offset indent
/update?user=myuser&password=mypass&domain=YOURDOMAIN.TLD&myip=1.2.3.4
.Ed
.Pp
However, the password is usually never sent in clear text in the HTTP
GET URL. Most DDNS providers instead rely on HTTP basic auth., which
.Nm inadyn
always relays to the server in the HTTP header of update requests.
.Nm
v2.1 and later defaults to HTTPS to protect your credentials, but some
providers still do not support HTTPS.
.It Cm append-myip = true
Append your current IP to the the DDNS server update path. By default
this setting is false and the hostname is appended. Unless the
.Cm ddns-path
is given with format specifiers, in which case this setting is unused.
.El
.El
.Sh EXAMPLES
Worth noting below is how two different user accounts can use the same
DDNS provider, No-IP.com, by using the concept of instances ':N'.
.Bd -unfilled -offset indent
period = 300
# Dyn.com
provider dyndns.org {
username = account1
password = secret1
hostname = { "my.example.com", "other.example.org" }
}
# FreeDNS. Remember the username must be in lower case
# and password (max 16 chars) is case sensitive.
provider freedns {
username = lower-case-username
password = case-sensitive-pwd
hostname = some.example.com
}
# No-IP.com #1
# With multiple usernames at the same provider, index with :#
provider no-ip.com:1 {
checkip-server = "dynamic.zoneedit.com"
checkip-path = "/checkip.html"
checkip-ssl = false
username = account21
password = secret21
hostname = example.no-ip.com
}
# No-IP.com #2
provider no-ip.com:2 {
username = account22
password = secret22
hostname = another.no-ip.com
}
# Google Domains - notice use of '@' to update root entry
provider domains.google.com:1 {
hostname = @.mydomain.com
username = your_username
password = your_password
}
# Wildcard subdomains - notice the quoutes (required!)
provider domains.google.com:2 {
hostname = "*.mydomain.com"
username = your_username
password = your_password
}
# Loopia
provider loopia.com {
wildcard = true
username = account3
password = secret3
hostname = example.com
}
# ddnss.de
provider ddnss.de {
username = your_username
password = your_password
hostname = your_host.ddnss.de
}
# spdyn.de
provider spdyn.de {
username = your_username
password = your_password
hostname = your_host.spdyn.de
}
# www.strato.com
provider strato.com {
username = your_username
password = your_password
hostname = example.com
}
# dynv6.com update using a custom checkip-command, which works
# if you have access to an Internet-connected interface. Make
# sure to verify the command works on your system first
allow-ipv6 = true # required option for IPv6 atm.
provider default@dynv6.com {
username = your_token
password = not_used
hostname = { my.dynv6.net } # second host with comma
checkip-command = "/sbin/ip -6 addr | grep inet6 | awk -F '[ \t]+|/' '{print $3}' | grep -v ^::1 | grep -v ^fe80"
}
# IPv6 account at https://tunnelbroker.net
provider tunnelbroker.net {
username = xyzzy
password = update-key-in-advanced-tab
hostname = tunnel-id
}
# www.freemyip.com
provider freemyip.com {
password = your_token
hostname = your_hostname.freemyip.com
}
# www.cloudxns.net
provider cloudxns.net {
username = your_api_key
password = your_secret_key
hostname = yourhost.example.com
}
# www.dnspod.cn
provider dnspod.cn {
username = your_api_id
password = your_api_token
hostname = yourhost.example.com
}
# www.cloudflare.com
provider cloudflare.com {
username = zone.name
password = api_token # Create a unique custom api token with the following permissions: Zone.Zone - Read, Zone.DNS - Edit.
hostname = hostname.zone.name
ttl = 1 # optional, value of 1 is 'automatic'.
proxied = false # optional.
}
# www.goip.de
provider goip.de {
username = username
password = password
hostname = hostname.goip.de
}
# www.namecheap.com
custom namecheap {
username = YOURDOMAIN.TLD
password = mypass
ddns-server = dynamicdns.park-your-domain.com
ddns-path = "/update?domain=%u&password=%p&host=%h"
hostname = { "@", "www", "test" }
}
# Generic example, check all details for your provider!
custom example {
username = myuser
password = mypass
checkip-server = checkip.example.com
checkip-path = /
checkip-ssl = false
ddns-server = update.example.com
ddns-path = "/update?hostname="
hostname = myhostname.example.net
}
.Ed
.Pp
As of Inadyn 1.99.14 the generic plugin can also be used with providers
that require the client's IP in the update request, which for example
.Aq https://dyn.com
requires:
.Bd -unfilled -offset indent
# This emulates dyndns.org
custom dyn.com {
username = DYNUSERNAME
password = DYNPASSWORD
ddns-server = members.dyndns.org
ddns-path = "/nic/update?hostname=YOURHOST.dyndns.org&myip="
append-myip = true
hostname = YOURHOST
}
.Ed
.Pp
Notice the use of
.Nm append-myip
which differs from above previous examples. Without this option set the
default (backwards compatible) behavior is to append the hostname.
.Pp
An alternative, and perhaps more intuitive approach introduced in Inadyn
v2.0, is to use the
.Xr printf 3
like format specifiers mentioned previously. The same example look like
this:
.Bd -unfilled -offset indent
# This emulates dyndns.org
custom dyn.com {
ssl = false
username = DYNUSERNAME
password = DYNPASSWORD
ddns-server = members.dyndns.org
ddns-path = "/nic/update?hostname=%h.dyndns.org&myip=%i"
hostname = YOURHOST
}
.Ed
.Sh "SEE ALSO"
.Xr inadyn 8
.Pp
The
.Nm inadyn
home page is
.Aq https://github.com/troglobit/inadyn
.Sh AUTHORS
This manual page was initially written for the
.Em Debian GNU/Linux
system by
.An -nosplit
.An Shaul Karl Aq mailto:shaul@debian.org .
Currently maintained by
.An -nosplit
.An Joachim Wiberg Aq mailto:troglobit@gmail.com .