README.md
1Internet Automated Dynamic DNS Client
2=====================================
3[![License Badge][]][License] [![GitHub Status][]][GitHub] [![Coverity Status][]][Coverity Scan]
4
5The latest release is always available from GitHub at
6> https://github.com/troglobit/inadyn/releases
7
8
9Table of Contents
10-----------------
11
12* [Introduction](#introduction)
13* [Supported Providers](#supported-providers)
14* [Configuration](#configuration)
15* [Custom DDNS Providers](#custom-ddns-providers)
16* [Build & Install](#build--install)
17* [Building from GIT](#building-from-git)
18* [Origin & References](#origin--references)
19
20
21Introduction
22------------
23
24Inadyn, or In-a-Dyn, is a small and simple Dynamic DNS, [DDNS][], client
25with HTTPS support. Commonly available in many GNU/Linux distributions,
26used in off the shelf routers and Internet gateways to automate the task
27of keeping your Internet name in sync with your public¹ IP address. It
28can also be used in installations with redundant (backup) connections to
29the Internet.
30
31Most people are unaware they share a pool of Internet addresses with
32other users of the same Internet Service Provider (ISP). Protocols like
33DHCP, PPPoE, or PPPoA are used to give you an address and a way to
34connect to the Internet, but usually not a way for others to connect to
35you. If you want to run an Internet server on such a connection you
36risk losing your IP address every time you reconnect, or as in the case
37of DHCP even when the lease is renegotiated.
38
39By using a DDNS client like `inadyn` you can register an Internet name
40with a DDNS provider, like [FreeDNS](http://freedns.afraid.org). The
41DDNS client updates your DNS record periodically and/or on demand when
42your IP address changes. Inadyn can maintain multiple host records with
43the same IP address, use a combination of a script, the address from an
44Internet-facing interface, or default to using the IP address change
45detector of the DDNS provider.
46
47__
48¹ Public IP address is the default, private addresses can also be used.
49
50
51Supported Providers
52-------------------
53
54Some of these services are free of charge for non-commercial use, some
55take a small fee, but also provide more domains to choose from.
56
57The following tier-one providers have dedicated "plugins", even though
58many share the original DynDNS plugin. Below is a list of known DDNS
59providers, ordered by the plugin that support them:
60
61 * <https://freedns.afraid.org>
62 * <https://www.nsupdate.info>
63 * <https://duckdns.org>
64 * <https://freemyip.com>
65 * <https://www.dyndns.org>, <https://dyn.com>
66 * <https://dns.he.net>
67 * <https://www.dnsomatic.com>
68 * <https://domains.google>
69 * <https://www.dynu.com>
70 * <https://www.loopia.com>
71 * <https://www.noip.com>
72 * <https://www.pubyun.com>, formerly <http://www.3322.org>
73 * <https://www.selfhost.de>
74 * <https://spdyn.de>
75 * <https://www.easydns.com>
76 * <https://www.tunnelbroker.net>
77 * <https://www.sitelutions.com>
78 * <https://www.dnsexit.com>, parent of <https://www.zoneedit.com>
79 * <https://www.changeip.com>
80 * <https://www.ovh.com>
81 * <https://www.strato.com>
82 * <https://www.dhis.org>
83 * <https://giradns.com>, <https://gira.de>
84 * <https://www.duiadns.net>
85 * <https://ddnss.de>
86 * <https://dynv6.com>
87 * <https://www.cloudxns.net>
88 * <https://www.dnspod.cn>
89 * <https://connect.yandex.ru>
90 * <https://www.cloudflare.com>
91
92DDNS providers not supported natively can be enabled using the custom,
93or generic, DDNS plugin. E.g. <https://www.namecheap.com>. See below
94for configuration examples.
95
96In-A-Dyn defaults to HTTPS, but not all providers may support this, so
97try disabling SSL for the update (`ssl = false`) or the checkip phase
98(`checkip-ssl = false`) in the `provider` section, in case you run into
99problems.
100
101*HTTPS is enabled by default* since it protects your credentials from
102being snooped and reduces the risk of someone hijacking your account.
103
104
105Configuration
106-------------
107
108In-A-Dyn supports updating several DDNS servers, several accounts even on
109different DDNS providers. The following `/etc/inadyn.conf` example show
110how this can be done. To verify your configuration, without starting the
111daemon, use:
112
113 inadyn --check-config
114
115This looks for the default `.conf` file, to check any file, use:
116
117 inadyn --check-config -f /path/to/file.conf
118
119### Example
120
121 # In-A-Dyn v2.0 configuration file format
122 period = 300
123 user-agent = Mozilla/5.0
124
125 # The FreeDNS username must be in lower case
126 # The password (max 16 chars) is case sensitive
127 provider freedns {
128 username = lower-case-username
129 password = case-sensitive-pwd
130 hostname = some.example.com
131 }
132
133 # We override checkip server with the In-a-dyn built-in 'default',
134 # api.ipify.org, for details on this, see below.
135 provider freemyip {
136 password = YOUR_TOKEN
137 hostname = YOUR_DOMAIN.freemyip.com
138 checkip-server = default
139 }
140
141 provider dyn {
142 ssl = false
143 username = charlie
144 password = snoopy
145 hostname = { peanuts, woodstock }
146 user-agent = Mozilla/4.0
147 }
148
149 provider duckdns.org {
150 username = YOUR_TOKEN
151 password = noPasswordForDuckdns
152 hostname = YOUR_DOMAIN.duckdns.org
153 }
154
155 # With multiple usernames at the same provider, index with :#
156 provider no-ip.com:1 {
157 username = ian
158 password = secret
159 hostname = flemming.no-ip.com
160 user-agent = inadyn/2.2
161 }
162
163 # With multiple usernames at the same provider, index with :#
164 provider no-ip.com:2 {
165 username = james
166 password = bond
167 hostname = spectre.no-ip.com
168 checkip-ssl = false
169 checkip-server = api.ipify.org
170 }
171
172 # With multiple usernames at the same provider, index with :#
173 provider no-ip.com:3 {
174 username = spaceman
175 password = bowie
176 hostname = spaceman.no-ip.com
177 checkip-command = "/sbin/ifconfig eth0 | grep 'inet6 addr'"
178 }
179
180 # Google Domains - notice use of '@' to update root entry
181 provider domains.google.com:1 {
182 hostname = @.mydomain.com
183 username = your_username
184 password = your_password
185 }
186 # Wildcard subdomains - notice the quotes (required!)
187 provider domains.google.com:2 {
188 hostname = "*.mydomain.com"
189 username = your_username
190 password = your_password
191 }
192
193 # Note: hostname == update-key from Advanced tab in the Web UI
194 provider tunnelbroker.net {
195 username = futurekid
196 password = dreoadsad/+dsad21321 # update-key-in-advanced-tab
197 hostname = 1234534245321 # tunnel-id
198 }
199
200 provider dynv6.com {
201 username = your_token
202 password = n/a
203 hostname = { host1.dynv6.net, host2.dynv6.net }
204 }
205
206 provider cloudxns.net {
207 username = your_api_key
208 password = your_secret_key
209 hostname = yourhost.example.com
210 }
211
212 provider dnspod.cn {
213 username = your_api_id
214 password = your_api_token
215 hostname = yourhost.example.com
216 }
217
218 # Create a unique custom API token with the following permissions:
219 # -> Zone.Zone - Read, Zone.DNS - Edit.
220 provider cloudflare.com {
221 username = zone.name
222 password = api_token_important_read_comment
223 hostname = hostname.zone.name
224 ttl = 1 # optional, value of 1 is 'automatic'.
225 proxied = false # optional.
226 }
227
228Notice how the config has three different users of the No-IP provider --
229this is achieved by appending a `:ID` to the provider name.
230
231We also define a custom cache directory, default is to use `/var/cache`.
232In our case `/mnt` is a system specific persistent store for caching
233your IP address as reported to each provider. Inadyn use this to ensure
234you are not locked out of your account for excessive updates, which may
235happen if your device Internet gateway running inadyn gets stuck in a
236reboot loop, or similar.
237
238However, for the caching mechanism to be 100% foolproof the system clock
239must be set correctly -- if you have issues with the system clock not
240being set properly at boot, e.g. pending receipt of an NTP message, use
241the command line option `--startup-delay=SEC`. To tell `inadyn` it is
242OK to proceed before the `SEC` timeout, use `SIGUSR2`.
243
244The last system defined is the IPv6 <https://tunnelbroker.net> service
245provided by Hurricane Electric. Here `hostname` is set to the tunnel ID
246and password **must** be the *Update key* found in the *Advanced*
247configuration tab.
248
249Sometimes the default `checkip-server` for a DDNS provider can be very
250slow to respond, to this end In-a-dyn now support overriding it with a
251custom one, or a custom command. The easiest way to change it is to set
252`checkip-server = default`, triggering In-a-dyn to use `api.ipify.org`,
253which it also use for custom DDNS providers. See the man pages, or the
254below section, for more information.
255
256Some providers require using a specific browser to send updates, this
257can be worked around using the `user-agent = STRING` setting, as shown
258above. It is available both on a global and on a per-provider level.
259
260**NOTE:** In a multi-user server setup, make sure to chmod your `.conf`
261 to 600 (read-write only by you/root) to protect against other users
262 reading your DDNS server credentials.
263
264
265Custom DDNS Providers
266---------------------
267
268In addition to the default DDNS providers supported by Inadyn, custom
269DDNS providers can be defined in the config file. Use `custom {}` in
270instead of the `provider {}` section used in examples above.
271
272In-A-Dyn use HTTP basic authentication (base64 encoded) to communicate
273username and password to the server. If you do not have a username
274and/or password, you can leave these fields out. Basic authentication,
275will still be used in communication with the server, but with empty
276username and password.
277
278A custom DDNS provider can be setup like this:
279
280 custom example {
281 username = myuser
282 password = mypass
283 checkip-server = checkip.example.com
284 checkip-path = /
285 ddns-server = update.example.com
286 ddns-path = "/update?hostname="
287 hostname = myhostname.example.net
288 }
289
290For <https://www.namecheap.com> it can look as follows. Notice how the
291hostname syntax differs from above:
292
293 custom namecheap {
294 username = YOURDOMAIN.TLD
295 password = mypass
296 ddns-server = dynamicdns.park-your-domain.com
297 ddns-path = "/update?domain=%u&password=%p&host=%h"
298 hostname = { "@", "www", "test" }
299 }
300
301Here three hostnames are updated, one HTTP GET update request for every
302listed hostname. Some providers, like FreeDNS, support setting up CNAME
303records (aliases) to reduce the amount of records you need to update.
304FreeDNS even default to linking multiple records to the same update,
305which may be very confusing if you want each DNS record to be updated
306from a unique IP address -- make sure to *check your settings at the
307DDNS provider*!
308
309The generic plugin can also be used with providers that require the
310client's new IP address in the update request. Here is an example of
311how this can be done if we *pretend* that <http://dyn.com> is not
312supported by inadyn. The `ddns-path` differs between providers and is
313something you must figure out. The support pages sometimes list this
314under an API section, or similar.
315
316 # This emulates dyndns.org
317 custom dyn {
318 username = DYNUSERNAME
319 password = DYNPASSWORD
320 ddns-server = members.dyndns.org
321 ddns-path = "/nic/update?hostname=%h.dyndns.org&myip=%i"
322 hostname = { YOURHOST, alias }
323 }
324
325Here a fully custom `ddns-path` with format specifiers are used, see the
326`inadyn.conf(5)` man page for details on this.
327
328When using the generic plugin you should first inspect the response from
329the DDNS provider. By default Inadyn looks for a `200 HTTP` response OK
330code and the strings `"good"`, `"OK"`, `"true"`, or `"updated"` in the
331HTTP response body. If the DDNS provider returns something else you can
332add a list of possible `ddns-response = { Arrr, kilroy }`, or just a
333single `ddns-response = Cool` -- if your provider does give any response
334then use `ddns-response = ""`.
335
336If your DDNS provider does not provide you with a `checkip-server`, you
337can use other services, like http://ipify.org, which is the default if
338you do not specify one for your custom provider config:
339
340 checkip-server = api.ipify.org
341
342or even use a script or command:
343
344 checkip-command = /sbin/ifconfig eth0 | grep 'inet addr'
345
346These two settings can also be used in standard `provider{}` sections.
347
348**Note:** `hostname` is required, even if everything is encoded in the
349`ddns-path`! The given hostname is appended to the `ddns-path` used for
350updates, unless you use the `append-myip` setting, in which case your IP
351address will be appended instead. When using `append-myip` you probably
352need to encode your DNS hostname in the `ddns-path` instead, as is done
353in the last example above.
354
355
356Build & Install
357---------------
358
359### Debian/Ubuntu
360
361 curl -sS https://deb.troglobit.com/pubkey.gpg | sudo apt-key add -
362 echo "deb [arch=amd64] https://deb.troglobit.com/debian stable main" | sudo tee /etc/apt/sources.list.d/troglobit.list
363 sudo apt-get update && sudo apt-get install inadyn
364
365### Docker
366
367Automatically built images available here:
368
369* https://hub.docker.com/r/troglobit/inadyn
370
371A Dockerfile is provided to simplify building and running `inadyn`.
372
373 docker build -t inadyn:latest .
374 docker run --rm -v "$PWD/inadyn.conf:/etc/inadyn.conf" inadyn:latest
375
376### Homebrew (macOS)
377
378To run the latest stable version on macOS, type:
379
380 brew install inadyn
381
382To run the latest version from the master branch, install the git tap instead:
383
384 brew install --HEAD troglobit/inadyn/inadyn
385
386Either of these will install all dependencies.
387
388### Building from Source
389
390First download the latest official In-A-Dyn release from GitHub:
391
392* https://github.com/troglobit/inadyn/releases
393
394In-A-Dyn requires a few libraries to build. The build system searches
395for them, in their required versions, using the `pkg-config` tool:
396
397* [libConfuse][] (3.0+)
398* [LibreSSL][], [OpenSSL][], or [GnuTLS][]
399
400They are available from most UNIX distributions as pre-built packages.
401Make sure to install the `-dev` or `-devel` package of the distribution
402packages when building Inadyn. On Debian/Ubuntu (derivatives):
403
404 $ sudo apt install gnutls-dev libconfuse-dev
405
406To build you also need a C compiler, the `pkg-config` tool, and make:
407
408 $ sudo apt install build-essential pkg-config
409
410When building with HTTPS (SSL/TLS) support, make sure to also install
411the `ca-certificates` package on your system, otherwise Inadyn will not
412be able to validate the DDNS provider's HTTPS certificates.
413
414### Configure & Build
415
416The GNU Configure & Build system use `/usr/local` as the default install
417prefix. In many cases this is useful, but this means the configuration
418files and cache files will also use that same prefix. Most users have
419come to expect those files in `/etc/` and `/var/run/` and configure has
420a few useful options that are recommended to use:
421
422 $ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
423 $ make -j5
424 $ sudo make install-strip
425
426You may want to remove the `--prefix=/usr` option.
427
428### SSL/TLS Support
429
430By default inadyn tries to build with GnuTLS for HTTPS support. GnuTLS
431is the recommended SSL library to use on UNIX distributions which do not
432provide OpenSSL/LibreSSL as a system library. However, when OpenSSL or
433LibreSSL is available as a system library, for example in many embedded
434systems:
435
436 ./configure --enable-openssl
437
438To completely disable inadyn HTTPS support (not recommended!):
439
440 ./configure --disable-ssl
441
442For more details on the OpenSSL and GNU GPL license issue, see:
443
444* <https://lists.debian.org/debian-legal/2004/05/msg00595.html>
445* <https://people.gnome.org/~markmc/openssl-and-the-gpl>
446
447### RedHat, Fedora, CentOS
448
449On some systems the default configure installation path, `/usr/local`,
450is disabled and not searched by tools like `ldconfig` and `pkg-config`.
451So if configure fails to find the libConfuse libraries, or the `.pc`
452files, create the file `/etc/ld.so.conf.d/local.conf` with this content:
453
454 /usr/local/lib
455
456update the linker cache:
457
458 sudo ldconfig -v |egrep libconfuse
459
460and run the Inadyn configure script like this:
461
462 PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure
463
464### Integration with systemd
465
466For systemd integration you need to install `pkg-config`, which helps
467the Inadyn build system figure out the systemd paths. When installed
468simply call `systemctl` to enable and start `inadyn`:
469
470 $ sudo systemctl enable inadyn.service
471 $ sudo systemctl start inadyn.service
472
473Check that it started properly by inspecting the system log, or:
474
475 $ sudo systemctl status inadyn.service
476
477### Embedded applications
478
479When built into a router, some features aren't usually used and can be disabled
480to save space. The configure option `--enable-reduced` will build such a
481reduced-functionality binary. Currently, this disables verbose log messages and
482error strings and eliminates config file checking & some backward compatibility.
483
484
485Building from GIT
486-----------------
487
488If you want to contribute, or simply just try out the latest but
489unreleased features, then you need to know a few things about the
490[GNU build system][buildsystem]:
491
492- `configure.ac` and a per-directory `Makefile.am` are key files
493- `configure` and `Makefile.in` are generated from `autogen.sh`,
494 they are not stored in GIT but automatically generated for the
495 release tarballs
496- `Makefile` is generated by `configure` script
497
498To build from GIT; clone the repository and run the `autogen.sh` script.
499This requires the GNU tools `automake`, `autoconf` and `libtool` to be
500installed on your system. Released tarballs do not require these tools.
501
502 $ sudo apt install git automake autoconf
503
504Then you can clone the repository and create the `configure` script,
505which is not part of the GIT repo:
506
507 git clone https://github.com/troglobit/inadyn.git
508 cd inadyn/
509 ./autogen.sh
510 ./configure && make
511
512Building from GIT requires, at least, the previously mentioned library
513dependencies. GIT sources are a moving target and are not recommended
514for production systems, unless you know what you are doing!
515
516
517Origin & References
518-------------------
519
520This is the continuation of Narcis Ilisei's [original][] INADYN. Now
521maintained by [Joachim Wiberg][]. Please file bug reports, or send
522pull requests for bug fixes and proposed extensions at [GitHub][].
523
524[original]: http://www.inatech.eu/inadyn/
525[DDNS]: http://en.wikipedia.org/wiki/Dynamic_DNS
526[tunnelbroker]: https://tunnelbroker.net/
527[Christian Eyrich]: http://eyrich-net.org/programmiertes.html
528[Joachim Wiberg]: http://troglobit.com
529[libConfuse]: https://github.com/martinh/libconfuse
530[LibreSSL]: http://www.libressl.org/
531[OpenSSL]: https://www.openssl.org/
532[GnuTLS]: http://www.gnutls.org/
533[GitHub]: https://github.com/troglobit/inadyn
534[buildsystem]: https://airs.com/ian/configure/
535[License]: https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html
536[License Badge]: https://img.shields.io/badge/License-GPL%20v2-blue.svg
537[GitHub]: https://github.com/troglobit/inadyn/actions/workflows/build.yml/
538[GitHub Status]: https://github.com/troglobit/inadyn/actions/workflows/build.yml/badge.svg
539[Coverity Scan]: https://scan.coverity.com/projects/2981
540[Coverity Status]: https://scan.coverity.com/projects/2981/badge.svg
541