Nsupdate (DDNS for bind): How to use?

I would like to use the DDNS function of IPFire with my bind9 name server, thus using plain “nsupdate”. It doesn’t seem obvious to me, what to fill in the fields of IPFire to make it work. The fields are:
Hostname, Username and Password

I am missing to set the algorithm and key length and key name, like HMAC-SHA512 and 512 bytes. The complete information of a key looks like:
keyname.example.net. IN KEY 512 3 165 SomeEncryptedStringEndingIn==

Can someone please tell me how to use the IPFire form with nsupdate?

Hi @phloggu

Welcome to the IPFire community.

I believe that if you want to use nsupdate to submit ddns update requests to your bind server you will need to look at running nsupdate on the command line and providing whatever inputs are required there.

The nsupdate man page might help.

1 Like

The dropdown has an entry “nsupdate”, there is also python code in IPFire to treat nsupdate requests (which I did not understand enough to figure out what to enter in the fields), so I guess it should work somehow…

If I use the CLI, as you suggest, e.g. using a dhcp-exit-hook to run a script, is that update save (do my changes to IPFire remain in the system, when I upgrade IPFire)?

I had never noticed that before! Unfortunately my knowledge on python is close to non-existent.It might make sense for you to join the dev mailing list and ask the question there. You will more likely get hold of the IPFire ddns expert there.

I believe so. The problem usually only occurs when changes are made to existing IPFire config files. Those can be overwritten when an update is done or the WUI screen involved is updated. So your script file would be no problem. You might need to include it in the include.user backup file.

It would depend on how the dhcp-exit-hook would be triggered. I am not familiar about its usage. If that needs to have changes in the dhcp.conf file then you should put them in
The contents of this file get appended onto dhcp.conf and the file stays intact over updates and WUI modifications and it is backed up with the backup page.

1 Like

I dived deeper into the python code and I found the problem. It is reported on IPFire’s Bugzilla under #12837. Until this is solved, I do not see how the nsupdate provider can be used.

For the moment I use a bash script* to do the job. It was easy to use a dhcpcd exit hook to start the script: it need a link in the right directory. Use

locate dhcpcd | grep hook

to find dhcpcd’s hook directory and place a soft link there pointing to your script. The script needs to react on the reason of a call (positional parameter 1) and gets the IP in positional paramter 2. See the scripts already there for an example, especially what are good reasons to set or delete an DDNS address.

*) I wrote my own, which has some quirks, it’s not (yet?) intended for public use. You may find others that are more robust, tested and supported.

Adrian - when your script is ready for public use, please share.

I recently merged different scripts into one and I did not test it good enough since. You may download and see yourself: https://ente.limmat.ch/ftp/pub/software/bash/ddnsupdate/

On the Server side (in BIND9’s /etc/bind/named.conf.local) you need to allow nsupdate to update the A record of your dynamic host’s name. See the comments in letsencrypt_acme_dns-01_challenge_hook, a hook script for dehydrated, to get an idea how to allow such a modification. The description is for modifying TXT records, since the ACME challenge from dehydrated needs to do that, You would want an A and/or an AAAA record to allow your modification to happen.