cn/dyndnsd
1
0
Fork 0
mirror of https://github.com/cmur2/dyndnsd.git synced 2024-09-27 17:02:18 +02:00
Code Releases Activity

Compare commits

base: cn:master
Branches Tags
cn:master
cn:renovate-aquasecurity-trivy-0.x
cn:dependabot-bundler-opentelemetry-instrumentation-rack-gte-0.22-and-lt-0.25
cn:dependabot-bundler-opentelemetry-sdk-gte-1.2-and-lt-1.5
cn:dependabot-bundler-async-gte-1.31-and-lt-2.12
cn:dependabot-bundler-opentelemetry-exporter-jaeger-gte-0.22-and-lt-0.24
cn:depfu-update-rubocop-rspec-2.29.2
cn:depfu-update-rubocop-1.63.5
cn:depfu-update-async-2.11.0
cn:update-3.3
cn:try-rbs
cn:dyndnsd-2.x
cn:try-s2
cn:try-sorbet
cn:dyndnsd-1.x
cn:v3.10.0
cn:v3.9.2
cn:v3.9.1
cn:v3.9.0
cn:v3.8.2
cn:v3.8.1
cn:v3.8.0
cn:v3.7.3
cn:v3.7.2
cn:v3.7.1
cn:v3.7.0
cn:v3.6.2
cn:v3.6.1
cn:v3.6.0
cn:v3.5.3
cn:v3.5.2
cn:v3.5.1
cn:v3.5.0
cn:v3.4.8
cn:v3.4.7
cn:v3.4.6
cn:v3.4.5
cn:v3.4.4
cn:v3.4.3
cn:v3.4.2
cn:v3.4.1
cn:v3.4.0
cn:v3.3.3
cn:v3.3.2
cn:v3.3.2.rc1
cn:v3.3.1
cn:v3.3.0
cn:v3.2.0
cn:v3.1.3
cn:v3.1.2
cn:v3.1.1
cn:v3.1.0
cn:v3.1.0.rc1
cn:v3.0.0
cn:v2.3.1
cn:v2.3.0
cn:v2.2.0
cn:v2.1.1
cn:v2.1.0
cn:v2.0.0
cn:v2.0.0.rc2
cn:v2.0.0.rc1
cn:v1.6.1
cn:v1.6.0
cn:v1.5.0
cn:v1.4.0
cn:v1.3.0
cn:v1.2.2
cn:v1.2.1
cn:v1.2.0
cn:v1.1.0
cn:v1.0.0
cn:v0.0.4
cn:v0.0.3
cn:v0.0.2
..
compare: cn:v1.3.0
Branches Tags
cn:renovate-aquasecurity-trivy-0.x
cn:master
cn:dependabot-bundler-opentelemetry-instrumentation-rack-gte-0.22-and-lt-0.25
cn:dependabot-bundler-opentelemetry-sdk-gte-1.2-and-lt-1.5
cn:dependabot-bundler-async-gte-1.31-and-lt-2.12
cn:dependabot-bundler-opentelemetry-exporter-jaeger-gte-0.22-and-lt-0.24
cn:depfu-update-rubocop-rspec-2.29.2
cn:depfu-update-rubocop-1.63.5
cn:depfu-update-async-2.11.0
cn:update-3.3
cn:try-rbs
cn:dyndnsd-2.x
cn:try-s2
cn:try-sorbet
cn:dyndnsd-1.x
cn:v3.10.0
cn:v3.9.2
cn:v3.9.1
cn:v3.9.0
cn:v3.8.2
cn:v3.8.1
cn:v3.8.0
cn:v3.7.3
cn:v3.7.2
cn:v3.7.1
cn:v3.7.0
cn:v3.6.2
cn:v3.6.1
cn:v3.6.0
cn:v3.5.3
cn:v3.5.2
cn:v3.5.1
cn:v3.5.0
cn:v3.4.8
cn:v3.4.7
cn:v3.4.6
cn:v3.4.5
cn:v3.4.4
cn:v3.4.3
cn:v3.4.2
cn:v3.4.1
cn:v3.4.0
cn:v3.3.3
cn:v3.3.2
cn:v3.3.2.rc1
cn:v3.3.1
cn:v3.3.0
cn:v3.2.0
cn:v3.1.3
cn:v3.1.2
cn:v3.1.1
cn:v3.1.0
cn:v3.1.0.rc1
cn:v3.0.0
cn:v2.3.1
cn:v2.3.0
cn:v2.2.0
cn:v2.1.1
cn:v2.1.0
cn:v2.0.0
cn:v2.0.0.rc2
cn:v2.0.0.rc1
cn:v1.6.1
cn:v1.6.0
cn:v1.5.0
cn:v1.4.0
cn:v1.3.0
cn:v1.2.2
cn:v1.2.1
cn:v1.2.0
cn:v1.1.0
cn:v1.0.0
cn:v0.0.4
cn:v0.0.3
cn:v0.0.2

No commits in common. "master" and "v1.3.0" have entirely different histories.
master ... v1.3.0

39 changed files with 369 additions and 2200 deletions
Show Stats Expand all files Collapse all files

9
.editorconfig
View File

@ -1,9 +0,0 @@
root = true
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true

17
.github/actionlint-matcher.json vendored
View File

@ -1,17 +0,0 @@
{
"problemMatcher": [
{
"owner": "actionlint",
"pattern": [
{
"regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$",
"file": 1,
"line": 2,
"column": 3,
"message": 4,
"code": 5
}
]
}
]
}

13
.github/dependabot.yml vendored
View File

@ -1,13 +0,0 @@
---
version: 2
updates:
- package-ecosystem: "bundler"
directory: "/"
schedule:
interval: "weekly"
commit-message:
prefix: "gems"
labels: ["dependabot"]
open-pull-requests-limit: 10
pull-request-branch-name:
separator: "-"

42
.github/renovate.json5 vendored
View File

@ -1,42 +0,0 @@
{
extends: [
"config:recommended",
":dependencyDashboard",
":prHourlyLimitNone",
":prConcurrentLimitNone",
":label(dependency-upgrade)",
],
schedule: ["before 8am on thursday"],
branchPrefix: "renovate-",
dependencyDashboardHeader: "View repository job log [here](https://app.renovatebot.com/dashboard#github/cmur2/dyndnsd).",
separateMinorPatch: true,
commitMessagePrefix: "project: ",
commitMessageAction: "update",
commitMessageTopic: "{{depName}}",
commitMessageExtra: "to {{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}",
packageRules: [
// Ruby dependencies are managed by depfu
{
matchManagers: ["bundler"],
enabled: false,
},
// Commit message formats
{
matchDatasources: ["docker"],
commitMessagePrefix: "docker: ",
},
{
matchManagers: ["github-actions"],
commitMessagePrefix: "ci: ",
},
],
customManagers: [
{
customType: "regex",
fileMatch: ["\.rb$", "^Rakefile$"],
matchStrings: [
"renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s.*_version = '(?<currentValue>.*)'\\s"
]
},
],
}

51
.github/workflows/cd.yml vendored
View File

@ -1,51 +0,0 @@
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
---
name: cd
on:
push:
tags:
- 'v*.*.*'
jobs:
release-dockerimage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Extract dyndnsd version from tag name
run: |
echo "DYNDNSD_VERSION=${GITHUB_REF#refs/*/v}" >> "$GITHUB_ENV"
- name: Wait for dyndnsd ${{ env.DYNDNSD_VERSION }} gem to be available
run: |
set +e
for retry in $(seq 1 5); do
echo "Checking if dyndnsd $DYNDNSD_VERSION gem is retrievable from rubygems.org (try #$retry)..."
sudo gem install dyndnsd -v "$DYNDNSD_VERSION"
# shellcheck disable=SC2181
if [ $? -eq 0 ]; then
exit 0
fi
sleep 60
done
exit 1
# https://github.com/marketplace/actions/build-and-push-docker-images
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: cmur2
password: ${{ secrets.DOCKER_TOKEN }}
- name: Build and push Docker image for dyndnsd ${{ env.DYNDNSD_VERSION }}
uses: docker/build-push-action@v6
with:
context: docker
build-args: |
DYNDNSD_VERSION=${{ env.DYNDNSD_VERSION }}
push: true
tags: cmur2/dyndnsd:v${{ env.DYNDNSD_VERSION }}

55
.github/workflows/ci.yml vendored
View File

@ -1,55 +0,0 @@
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
---
name: ci
on:
push:
branches: [master]
pull_request:
branches: [master]
workflow_dispatch:
schedule:
- cron: '35 4 * * 4' # weekly on thursday morning
jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
ruby-version:
- '3.0'
- '3.1'
- '3.2'
- '3.3'
steps:
- uses: actions/checkout@v4
- name: Set up Ruby ${{ matrix.ruby-version }}
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby-version }}
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
- name: Lint and Test
run: |
bundle exec rake ci
actionlint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Check workflow files
run: |
echo "::add-matcher::.github/actionlint-matcher.json"
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
./actionlint
renovate-config-validator:
runs-on: ubuntu-latest
container:
image: ghcr.io/renovatebot/renovate
options: --user root
steps:
- uses: actions/checkout@v4
- name: Check Renovate config
run: renovate-config-validator --strict

20
.github/workflows/dockerhub.yml vendored
View File

@ -1,20 +0,0 @@
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
---
name: dockerhub
on:
schedule:
- cron: '7 4 * * 4' # weekly on thursday morning
workflow_dispatch:
jobs:
pull-released-dockerimages:
runs-on: ubuntu-latest
steps:
- name: Avoid stale tags by pulling
run: |
ALL_IMAGES="$(curl -s https://hub.docker.com/v2/repositories/cmur2/dyndnsd/tags?page_size=1000 | jq -r '.results[].name | "cmur2/dyndnsd:" + .' | grep -e 'cmur2/dyndnsd:v')"
for image in $ALL_IMAGES; do
echo "Pulling $image to avoid staleness..."
docker pull "$image"
done

46
.github/workflows/vulnscan.yml vendored
View File

@ -1,46 +0,0 @@
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
---
name: vulnscan
on:
schedule:
- cron: '7 4 * * 4' # weekly on thursday morning
workflow_dispatch:
jobs:
scan-released-dockerimages:
runs-on: ubuntu-latest
env:
TRIVY_IGNORE_UNFIXED: 'true'
TRIVY_REMOVED_PKGS: 'true'
steps:
- name: Install Trivy
run: |
mkdir -p "$GITHUB_WORKSPACE/bin"
echo "$GITHUB_WORKSPACE/bin" >> "$GITHUB_PATH"
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b "$GITHUB_WORKSPACE/bin"
- name: Download Trivy DB
run: |
trivy image --download-db-only
- name: Scan vulnerabilities using Trivy
env:
TRIVY_SKIP_DIRS: 'usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock,usr/lib/ruby/gems/2.7.0/gems/jaeger-client-1.0.0/crossdock,usr/lib/ruby/gems/2.7.0/gems/jaeger-client-1.1.0/crossdock'
run: |
trivy --version
# semver sorting as per https://stackoverflow.com/a/40391207/2148786
ALL_IMAGES="$(curl -s https://hub.docker.com/v2/repositories/cmur2/dyndnsd/tags?page_size=1000 | jq -r '.results[].name | "cmur2/dyndnsd:" + .' | grep -e 'cmur2/dyndnsd:v' | sed '/-/!{s/$/_/}' | sort -r -V | sed 's/_$//')"
EXIT_CODE=0
set -e
for major_version in $(seq 1 10); do
for image in $ALL_IMAGES; do
if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
echo -e "\nScanning newest patch release $image of major v$major_version...\n"
if ! trivy image --skip-db-update --scanners vuln --exit-code 1 "$image"; then
EXIT_CODE=1
fi
break
fi
done
done
exit "$EXIT_CODE"

3
.gitignore vendored
View File

@ -1,6 +1,3 @@
.DS_Store
*.lock
pkg/*
.yardoc
hadolint
trivy

104
.rubocop.yml
View File

@ -1,104 +0,0 @@
require:
- rubocop-rake
- rubocop-rspec
AllCops:
TargetRubyVersion: '3.0'
NewCops: enable
Gemspec/DevelopmentDependencies:
EnforcedStyle: gemspec
Gemspec/RequireMFA:
Enabled: false
Layout/EmptyLineAfterGuardClause:
Enabled: false
# allows nicer usage of private_class_method
Layout/EmptyLinesAroundArguments:
Enabled: false
Layout/HashAlignment:
Enabled: false
Layout/LeadingEmptyLines:
Enabled: false
Layout/LineLength:
Max: 200
Layout/SpaceInsideHashLiteralBraces:
Enabled: false
Metrics/AbcSize:
Enabled: false
Metrics/BlockLength:
Enabled: false
Metrics/ClassLength:
Enabled: false
Metrics/CyclomaticComplexity:
Enabled: false
Metrics/MethodLength:
Enabled: false
Metrics/PerceivedComplexity:
Enabled: false
Naming/MethodParameterName:
Enabled: false
Naming/MemoizedInstanceVariableName:
Enabled: false
Style/ConditionalAssignment:
Enabled: false
Style/Documentation:
Enabled: false
Style/FormatStringToken:
Enabled: false
Style/GuardClause:
Enabled: false
Style/HashEachMethods:
Enabled: true
Style/HashTransformKeys:
Enabled: true
Style/HashTransformValues:
Enabled: true
Style/IdenticalConditionalBranches:
Enabled: false
Style/IfUnlessModifier:
Enabled: false
Style/InverseMethods:
Enabled: false
Style/NegatedIf:
Enabled: false
Style/RescueModifier:
Enabled: false
Style/SymbolArray:
Enabled: false
Style/TrailingCommaInArrayLiteral:
Enabled: false
RSpec/ExampleLength:
Max: 20
RSpec/MultipleExpectations:
Max: 20

16
.solargraph.yml
View File

@ -1,16 +0,0 @@
---
include:
- "**/*.rb"
- "bin/dyndnsd"
exclude:
- spec/**/*
- test/**/*
- vendor/**/*
- ".bundle/**/*"
require: []
domains: []
reporters:
- rubocop
- require_not_found
require_paths: []
max_files: 5000

9
.travis.yml Normal file
View File

@ -0,0 +1,9 @@
language: ruby
rvm:
- 2.0.0
- 1.9.3
- 1.8.7
gemfile:
- Gemfile

357
CHANGELOG.md
View File

@ -1,357 +0,0 @@
# Changelog
## 3.10.0
IMPROVEMENTS:
- add Ruby 3.3 support
OTHER:
- update base of Docker image to Alpine 3.19.0 (from 3.18.3 before)
## 3.9.2 (August 10th, 2023)
OTHER:
- update base of Docker image to Alpine 3.18.3 (from 3.18.2 before)
## 3.9.1 (July 6, 2023)
OTHER:
- update base of Docker image to Alpine 3.18.2 (from 3.18.0 before)
## 3.9.0 (June 8, 2023)
IMPROVEMENTS:
- Drop EOL Ruby 2.7 support, now minimum version supported is Ruby 3.0
## 3.8.2 (April 1st, 2023)
OTHER:
- update base of Docker image to Alpine 3.17.3 (from 3.17.2 before)
## 3.8.1 (March 2nd, 2023)
OTHER:
- update base of Docker image to Alpine 3.17.2 (from 3.17.1 before)
## 3.8.0 (January 13th, 2023)
IMPROVEMENTS:
- add Ruby 3.2 support
OTHER:
- update base of Docker image to Alpine 3.17.1 (from 3.17.0 before)
## 3.7.3 (December 29th, 2022)
OTHER:
- update base of Docker image to Alpine 3.17.0 (from 3.16.2 before)
## 3.7.2 (November 10th, 2022)
OTHER:
- re-release 3.7.1 to rebuild Docker image with security vulnerabilities fixes
## 3.7.1 (September 20th, 2022)
IMPROVEMENTS:
- fix [TypeError](https://github.com/cmur2/dyndnsd/issues/205) when user has no hosts configured
## 3.7.0 (September 16th, 2022)
IMPROVEMENTS:
- Update to Rack 3
## 3.6.2 (August 11th, 2022)
OTHER:
- update base of Docker image to Alpine 3.16.2 (from 3.16.1 before)
## 3.6.1 (July 21st, 2022)
OTHER:
- update base of Docker image to Alpine 3.16.1 (from 3.16.0 before)
## 3.6.0 (June 2nd, 2022)
IMPROVEMENTS:
- Drop EOL Ruby 2.6 and lower support, now minimum version supported is Ruby 2.7
OTHER:
- update base of Docker image to Alpine 3.16 (from 3.15.7 before)
## 3.5.3 (May 5th, 2022)
OTHER:
- re-release 3.5.2 to rebuild Docker image with security vulnerabilities fixes
## 3.5.2 (April 7th, 2022)
OTHER:
- re-release 3.5.1 to rebuild Docker image with security vulnerabilities fixes
## 3.5.1 (February 17th, 2022)
OTHER:
- re-release 3.5.0 to rebuild Docker image with security vulnerabilities fixes
## 3.5.0 (January 8th, 2022)
IMPROVEMENTS:
- add Ruby 3.1 support
OTHER:
- update base of Docker image to Alpine 3.15 (from 3.13.7 before, **Note:** please be aware of the quirks around [Alpine 3.14](https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2))
## 3.4.8 (December 11th, 2021)
OTHER:
- re-release 3.4.7 to rebuild Docker image with security vulnerabilities fixes
## 3.4.7 (November 19th, 2021)
OTHER:
- re-release 3.4.6 to rebuild Docker image with security vulnerabilities fixes
## 3.4.6 (November 19th, 2021)
OTHER:
- re-release 3.4.5 to rebuild Docker image with security vulnerabilities fixes
## 3.4.5 (August 26th, 2021)
OTHER:
- re-release 3.4.4 to rebuild Docker image with security vulnerabilities fixes
## 3.4.4 (August 26th, 2021)
OTHER:
- re-release 3.4.3 to rebuild Docker image with security vulnerabilities fixes
## 3.4.3 (August 20th, 2021)
OTHER:
- re-release 3.4.2 to rebuild Docker image with security vulnerabilities fixes
## 3.4.2 (July 30, 2021)
IMPROVEMENTS:
- move from OpenTracing to OpenTelemetry for experimental tracing feature
OTHER:
- re-release 3.4.1 to rebuild Docker image with security vulnerabilities fixes
- adopt Renovate for dependency updates
## 3.4.1 (April 15, 2021)
OTHER:
- update base of Docker image to Alpine 3.13.5 to fix security vulnerabilities
## 3.4.0 (April 2, 2021)
IMPROVEMENTS:
- **change** Docker image to run as non-root user `65534` by default, limits attack surface for security and gives OpenShift compatibility
## 3.3.3 (April 1, 2021)
OTHER:
- update base of Docker image to Alpine 3.13.4 to fix security vulnerabilities
## 3.3.2 (February 20, 2021)
OTHER:
- update to use `docker/build-push-action@v2` for releasing Docker image in GHA
## 3.3.1 (February 18, 2021)
OTHER:
- update base of Docker image to Alpine 3.13.2 to fix security vulnerabilities
## 3.3.0 (January 18, 2021)
OTHER:
- update base of Docker image to Alpine 3.13
## 3.2.0 (January 14, 2021)
IMPROVEMENTS:
- Add Ruby 3.0 support
## 3.1.3 (December 20, 2020)
OTHER:
- fix Docker image release process in Github Actions CI, 3.1.2 was not released as a Docker image
## 3.1.2 (December 20, 2020)
OTHER:
- fixes vulnerabilities in Docker image by using updated Alpine base image
- start using Github Actions CI for tests and drop Travis CI
## 3.1.1 (October 3, 2020)
IMPROVEMENTS:
- Use webrick gem which contains fixes against [CVE-2020-25613](https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/)
## 3.1.0 (August 19, 2020)
IMPROVEMENTS:
- Add officially maintained [Docker image for dyndnsd](https://hub.docker.com/r/cmur2/dyndnsd)
## 3.0.0 (July 29, 2020)
IMPROVEMENTS:
- Drop EOL Ruby 2.4 and lower support, now minimum version supported is Ruby 2.5
## 2.3.1 (July 27, 2020)
IMPROVEMENTS:
- Fix annoying error message `log writing failed. can't be called from trap context` on shutdown by not attempting to log redundant information there
## 2.3.0 (July 20, 2020)
IMPROVEMENTS:
- Allow enabling debug logging
- Add updater that uses [DNS zone transfers via AXFR (RFC5936)](https://tools.ietf.org/html/rfc5936) to allow any secondary nameserver(s) to fetch the zone contents after (optionally) receiving a [DNS NOTIFY (RFC1996)](https://tools.ietf.org/html/rfc1996) request
## 2.2.0 (March 6, 2020)
IMPROVEMENTS:
- Refactor gemspec based on [recommendations](https://piotrmurach.com/articles/writing-a-ruby-gem-specification/) so tests are now excluded from gem and binaries move to `./exe` directory
- Adopt Ruby 2.3 frozen string literals for source code potentially reducing memory consumption
## 2.1.1 (March 1, 2020)
IMPROVEMENTS:
- Fix potential `nil` cases detected by [Sorbet](https://sorbet.org) including refactorings
## 2.1.0 (March 1, 2020)
IMPROVEMENTS:
- Add Ruby 2.7 support
- Add [solargraph](https://github.com/castwide/solargraph) to dev tooling as Ruby Language Server usable e.g. for IDEs (used solargraph version not compatible with Ruby 2.7 as bundler-audit 0.6.x requires old `thor` gem)
- Document code using YARD tags, e.g. for type information and better code completion
## 2.0.0 (January 25, 2019)
IMPROVEMENTS:
- Drop Ruby 2.2 and lower support
- Better protocol compliance by returning `badauth` in response body on HTTP 401 errors
- Better code maintainability by refactorings
- Update dependencies, mainly `rack` to new major version 2
- Add Ruby 2.5 and Ruby 2.6 support
- Add experimental [OpenTracing](https://opentracing.io/) support with [CNCF Jaeger](https://github.com/jaegertracing/jaeger)
- Support host offlining by deleting the associated DNS records
- Add textfile reporter to write Graphite-style metrics (also compatible with [Prometheus](https://prometheus.io/)) into a file
## 1.6.1 (October 31, 2017)
IMPROVEMENTS:
- Fix broken password check affecting all previous releases
## 1.6.0 (December 7, 2016)
IMPROVEMENTS:
- Support providing an IPv6 address in addition to a IPv4 for the same hostname
## 1.5.0 (November 30, 2016)
IMPROVEMENTS:
- Drop Ruby 1.8.7 support
- Pin `json` gem to allow supporting Ruby 1.9.3
- Support determining effective client IP address also from `X-Real-IP` header
## 1.4.0 (November 27, 2016)
IMPROVEMENTS:
- Pin `rack` gem to allow supporting Ruby versions < 2.2.2
- Support IPv6 addresses
## 1.3.0 (October 8, 2013)
IMPROVEMENTS:
- Handle `SIGTERM` \*nix signal properly and shutdown the daemon
## 1.2.2 (June 8, 2013)
IMPROVEMENTS:
- Add proper logging to the provided init script for dyndnsd.rb
## 1.2.1 (June 5, 2013)
IMPROVEMENTS:
- Fix bug in previous release related to metrics preventing startup
## 1.2.0 (May 29, 2013)
IMPROVEMENTS:
- Support sending metrics to graphite via undocumented `graphite:` section in configuration file
## 1.1.0 (April 30, 2013)
IMPROVEMENTS:
- Support dropping privileges on startup, also affects external commands run
- Add [metriks](https://github.com/eric/metriks) support for basic metrics in the process title
- Detach from child processes running external commands to avoid zombie processes
## 1.0.0 (April 28, 2013)
NEW FEATURES:
- Initial 1.0 release

2
Gemfile
View File

@ -1,5 +1,3 @@
# frozen_string_literal: true
source 'https://rubygems.org'
gemspec

235
README.md
View File

@ -1,22 +1,16 @@
# dyndnsd.rb
![ci](https://github.com/cmur2/dyndnsd/workflows/ci/badge.svg)
[![Build Status](https://travis-ci.org/cmur2/dyndnsd.png)](https://travis-ci.org/cmur2/dyndnsd)
A small, lightweight and extensible DynDNS server written with Ruby and Rack.
## Description
dyndnsd.rb aims to implement a small [DynDNS-compliant](https://help.dyn.com/remote-access-api/) server in Ruby supporting IPv4 and IPv6 addresses. It has an integrated user and hostname database in its configuration file that is used for authentication and authorization. Besides talking the DynDNS protocol it is able to invoke a so-called *updater*, a small Ruby module that takes care of supplying the current hostname => ip mapping to a DNS server.
dyndnsd.rb is aimed to implement a small [DynDNS-compliant](http://dyn.com/support/developers/api/) server in Ruby. It has an integrated user and hostname database in it's configuration file that is used for authentication and authorization. Besides talking the DynDNS protocol it is able to invoke an so-called *updater*, a small Ruby module that takes care of supplying the current host => ip mapping to a DNS server.
There are currently two updaters shipped with dyndnsd.rb:
- `zone_transfer_server` that uses [DNS zone transfers via AXFR (RFC5936)](https://tools.ietf.org/html/rfc5936) to allow any secondary nameserver(s) to fetch the zone contents after (optionally) receiving a [DNS NOTIFY (RFC1996)](https://tools.ietf.org/html/rfc1996) request
- `command_with_bind_zone` that writes out a zone file in BIND syntax onto the current system and invokes a user-supplied command afterwards that is assumed to trigger the DNS server (not necessarily BIND since its zone files are read by other DNS servers, too) to reload its zone configuration
Because of the mechanisms used, dyndnsd.rb is known to work only on \*nix systems.
See the [changelog](CHANGELOG.md) before upgrading. The older version 1.x of dyndnsd.rb is still available on [branch dyndnsd-1.x](https://github.com/cmur2/dyndnsd/tree/dyndnsd-1.x).
The is currently one updater shipped with dyndnsd.rb `command_with_bind_zone` that writes out a zone file in BIND syntax onto the current system and invokes a user-supplied command afterwards that is assumed to trigger the DNS server (not necessarily BIND since it's zone files are read by other DNS servers too) to reload it's zone configuration.
Because of the mechanisms used dyndnsd.rb is known to work only on *nix systems.
## General Usage
@ -29,16 +23,14 @@ Create a configuration file in YAML format somewhere:
```yaml
# listen address and port
host: "0.0.0.0"
port: 80
# optional: drop privileges in case you want to but you may need sudo for external commands
port: "80"
# optional: drop priviliges in case you want to but you may need sudo for external commands
user: "nobody"
group: "nogroup"
# logfile is optional, logs to STDOUT otherwise
# logfile is optional, logs to STDOUT else
logfile: "dyndnsd.log"
# internal database file
# interal database file
db: "db.json"
# enable debug mode?
debug: false
# all hostnames are required to be cool-name.example.org
domain: "example.org"
# configure the updater, here we use command_with_bind_zone, params are updater-specific
@ -64,98 +56,17 @@ users:
Run dyndnsd.rb by:
```bash
dyndnsd /path/to/config.yml
```
dyndnsd /path/to/config.yaml
## Using dyndnsd.rb with [NSD](https://www.nlnetlabs.nl/nsd/)
### Docker image
NSD is a nice opensource, authoritative-only, low-memory DNS server that reads BIND-style zone files (and converts them into it's own database) and has a simple config file.
There is an officially maintained [Docker image for dyndnsd](https://hub.docker.com/r/cmur2/dyndnsd) available at Dockerhub. The goal is to have a minimal secured image available (currently based on Alpine) that works well for the `zone_transfer_server` updater use case.
Users can make extensions by deriving from the official Docker image or building their own.
The Docker image consumes the same configuration file in YAML format as the gem, inside the container it needs to be mounted/available as `/etc/dyndnsd/config.yml`. The following YAML should be used as a base and extended with user's settings:
A feature NSD is lacking is the [Dynamic DNS update](https://tools.ietf.org/html/rfc2136) functionality BIND offers but one can fake it using the following dyndnsd.rb config:
```yaml
host: "0.0.0.0"
port: 8080
# omit the logfile: option so logging to STDOUT will happen automatically
db: "/var/lib/dyndnsd/db.json"
# User's settings for updater and permissions follow here!
```
more ports might be needed depending on if DNS zone transfer is needed
Run the Docker image exposing the DynDNS-API on host port 8080 via:
```bash
docker run -d --name dyndnsd \
-p 8080:8080 \
-v /host/path/to/dyndnsd/config.yml:/etc/dyndnsd/config.yml \
-v /host/ptherpath/to/dyndnsd/datadir:/var/lib/dyndnsd \
cmur2/dyndnsd:vX.Y.Z
```
*Note*: You may need to expose more than just port 8080 e.g. if you use the `zone_transfer_server` which can be done by appending additional `-p 5353:5353` flags to the `docker run` command.
## Using dyndnsd.rb with any nameserver via DNS zone transfers (AXFR)
By using [DNS zone transfers via AXFR (RFC5936)](https://tools.ietf.org/html/rfc5936) any secondary nameserver can retrieve the DNS zone contents from dyndnsd.rb and serve them to clients.
To speedup propagation after changes dyndnsd.rb can issue a [DNS NOTIFY (RFC1996)](https://tools.ietf.org/html/rfc1996) to inform the nameserver that the DNS zone contents changed and should be fetched even before the time indicated in the SOA record is up.
Currently, dyndnsd.rb does not support any authentication for incoming DNS zone transfer request, so it should be isolated from the internet on these ports.
This approach has several advantages:
- dyndnsd.rb can be used in *hidden primary* fashion isolated from client's DNS traffic and does not need to implement full nameserver features
- any existing, production-grade, caching, geo-replicated nameserver setup can be used to pull DNS zone contents from the *hidden primary* dyndnsd.rb and serve it to clients
- any nameserver(s) and dyndnsd.rb do not need to be located on the same host
Example dyndnsd.rb configuration:
```yaml
host: "0.0.0.0"
port: 8245 # the DynDNS.com alternative HTTP port
db: "/opt/dyndnsd/db.json"
domain: "dyn.example.org"
updater:
name: "zone_transfer_server"
params:
# endpoint(s) to listen for incoming zone transfer (AXFR) requests, default 0.0.0.0@53
server_listens:
- 127.0.0.1@5300
# where to send DNS NOTIFY request(s) to on zone content change
send_notifies:
- '127.0.0.1'
# TTL for all records in the zone (in seconds)
zone_ttl: 300 # 5m
# zone's NS record(s) (at least one)
zone_nameservers:
- "dns.example.org."
# info for zone's SOA record
zone_email_address: "admin.example.org."
# zone's additional A/AAAA records
zone_additional_ips:
- "127.0.0.1"
users:
foo:
password: "secret"
hosts:
- foo.example.org
```
## Using dyndnsd.rb with [NSD](https://www.nlnetlabs.nl/projects/nsd/about/)
NSD is a nice, open source, authoritative-only, low-memory DNS server that reads BIND-style zone files (and converts them into its own database) and has a simple configuration file.
A feature NSD is lacking is the [Dynamic DNS update (RFC2136)](https://tools.ietf.org/html/rfc2136) functionality BIND offers, but one can fake it using the following dyndnsd.rb configuration:
```yaml
host: "0.0.0.0"
port: 8245 # the DynDNS.com alternative HTTP port
port: "8245" # the DynDNS.com alternative HTTP port
db: "/opt/dyndnsd/db.json"
domain: "dyn.example.org"
updater:
@ -175,137 +86,39 @@ users:
foo:
password: "secret"
hosts:
- foo.example.org
- foo.example.org
```
Start dyndnsd.rb before NSD to make sure the zone file exists else NSD complains.
## Using dyndnsd.rb with X
Please provide ideas if you are using dyndnsd.rb with other DNS servers :)
## Advanced topics
### Update URL
The update URL you want to tell your clients (humans or scripts ^^) consists of the following
http[s]://[USER]:[PASSWORD]@[DOMAIN]:[PORT]/nic/update?hostname=[HOSTNAMES]&myip=[MYIP]&myip6=[MYIP6]
http[s]://[USER]:[PASSWORD]@[DOMAIN]:[PORT]/nic/update?hostname=[HOSTNAMES]&myip=[MYIP]
where:
* the protocol depends on your (web server/proxy) settings
* `USER` and `PASSWORD` are needed for HTTP Basic Auth and valid combinations are defined in your config.yaml
* `DOMAIN` should match what you defined in your config.yaml as domain but may be anything else when using a web server as proxy
* `PORT` depends on your (web server/proxy) settings
* `HOSTNAMES` is a required list of comma-separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
* `MYIP` is optional and the HTTP client's IP address will be used if missing
* `MYIP6` is optional but if present also requires presence of `MYIP`
### IP address determination
The following rules apply:
* use any IP address provided via the `myip` parameter when present, or
* use any IP address provided via the `X-Real-IP` header e.g. when used behind HTTP reverse proxy such as nginx, or
* use any IP address used by the connecting HTTP client
If you want to provide an additional IPv6 address as myip6 parameter, the `myip` parameter containing an IPv4 address has to be present, too! No automatism is applied then.
* the protocol depends on your (webserver/proxy) settings
* USER and PASSWORD are needed for HTTP Basic Auth and valid combinations are defined in your config.yaml
* DOMAIN should match what you defined in your config.yaml as domain but may be anything else when using a webserver as proxy
* PORT depends on your (webserver/proxy) settings
* HOSTNAMES is a required list of comma separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
* MYIP is optional and the HTTP client's address will be used if missing
### SSL, multiple listen ports
Use a web server as a proxy to handle SSL and/or multiple listen addresses and ports. DynDNS.com provides HTTP on port 80 and 8245 and HTTPS on port 443.
Use a webserver as a proxy to handle SSL and/or multiple listen addresses and ports. DynDNS.com provides HTTP on port 80 and 8245 and HTTPS on port 443.
### Init scripts
### Startup
There is a [Dockerfile](docs/Dockerfile) that can be used to build a Docker image for running dyndnsd.rb.
The [Debian 6 init.d script](docs/debian-6-init-dyndnsd) assumes that dyndnsd.rb is installed into the system ruby (no RVM support) and the config.yaml is at /opt/dyndnsd/config.yaml. Modify to your needs.
### Monitoring
For monitoring dyndnsd.rb uses the [metriks](https://github.com/eric/metriks) framework and exposes several metrics like the number of unauthenticated requests, requests that did (not) update a hostname, etc. By default, the most important metrics are shown in the [proctitle](https://github.com/eric/metriks#proc-title-reporter, butt you can also configure a [Graphite](https://graphiteapp.org/) backend for central monitoring or the [textfile_reporter](https://github.com/prometheus/node_exporter/#textfile-collector) which outputs Graphite-style metrics that are also compatible with Prometheus to a file.
```yaml
host: "0.0.0.0"
port: 8245 # the DynDNS.com alternative HTTP port
db: "/opt/dyndnsd/db.json"
domain: "dyn.example.org"
# configure the Graphite backend to be used instead of proctitle
graphite:
host: localhost # defaults for host and port of a carbon server
port: 2003
prefix: "my.graphite.metrics.naming.structure.dyndnsd"
# OR configure the textfile reporter instead of Graphite/proctitle
textfile:
file: /path/to/file.prom
prefix: "my.graphite.metrics.naming.structure.dyndnsd"
# configure the updater, here we use command_with_bind_zone, params are updater-specific
updater:
name: "command_with_bind_zone"
params:
zone_file: "dyn.zone"
command: "echo 'Hello'"
ttl: "5m"
dns: "dns.example.org."
email_addr: "admin.example.org."
# user database with hostnames a user is allowed to update
users:
# 'foo' is username, 'secret' the password
foo:
password: "secret"
hosts:
- foo.example.org
- bar.example.org
test:
password: "ihavenohosts"
```
### Tracing (experimental)
For tracing, dyndnsd.rb is instrumented using the [OpenTelemetry](https://opentelemetry.io/docs/ruby/) framework and will emit span tracing data for the most important operations happening during the request/response cycle. Using an [instrumentation for Rack](https://github.com/open-telemetry/opentelemetry-ruby/tree/main/instrumentation/rack) allows handling incoming OpenTelemetry parent span information properly (when desired, turned off by default to reduce attack surface).
Currently, the [OpenTelemetry trace exporter](https://github.com/open-telemetry/opentelemetry-ruby/tree/main/exporter/jaeger) for [CNCF Jaeger](https://github.com/jaegertracing/jaeger) can be enabled via dyndnsd.rb configuration. Alternatively, you can also enable other exporters via the environment variable `OTEL_TRACES_EXPORTER`, e.g. `OTEL_TRACES_EXPORTER=console`.
```yaml
host: "0.0.0.0"
port: 8245 # the DynDNS.com alternative HTTP port
db: "/opt/dyndnsd/db.json"
domain: "dyn.example.org"
# enable and configure tracing using the (currently only) tracer jaeger
tracing:
trust_incoming_span: false # default value, change to accept incoming OpenTelemetry spans as parents
service_name: "my.dyndnsd.identifier" # default unset, will be populated by OpenTelemetry
jaeger: true # enables the Jaeger AgentExporter
# configure the updater, here we use command_with_bind_zone, params are updater-specific
updater:
name: "command_with_bind_zone"
params:
zone_file: "dyn.zone"
command: "echo 'Hello'"
ttl: "5m"
dns: "dns.example.org."
email_addr: "admin.example.org."
# user database with hostnames a user is allowed to update
users:
# 'foo' is username, 'secret' the password
foo:
password: "secret"
hosts:
- foo.example.org
- bar.example.org
test:
password: "ihavenohosts"
```
The [Debian 6 init.d script](init.d/debian-6-dyndnsd) assumes that dyndnsd.rb is installed into the system ruby (no RVM support) and the config.yaml is at /opt/dyndnsd/config.yaml. Modify to your needs.
## License

70
Rakefile
View File

@ -1,74 +1,6 @@
# frozen_string_literal: true
require 'bundler/gem_tasks'
require 'rspec/core/rake_task'
require 'rubocop/rake_task'
require 'bundler/audit/task'
RSpec::Core::RakeTask.new(:spec)
RuboCop::RakeTask.new
Bundler::Audit::Task.new
desc 'Run experimental solargraph type checker'
task :solargraph do
sh 'solargraph typecheck'
end
# renovate: datasource=github-tags depName=hadolint/hadolint
hadolint_version = 'v2.12.0'
# renovate: datasource=github-tags depName=aquasecurity/trivy
trivy_version = 'v0.54.1'
namespace :docker do
ci_image = 'cmur2/dyndnsd:ci'
desc 'Lint Dockerfile'
task :lint do
sh "if [ ! -e ./hadolint ]; then wget -q -O ./hadolint https://github.com/hadolint/hadolint/releases/download/#{hadolint_version}/hadolint-Linux-x86_64; fi"
sh 'chmod a+x ./hadolint'
sh './hadolint --ignore DL3018 docker/Dockerfile'
sh './hadolint --ignore DL3018 --ignore DL3028 docker/ci/Dockerfile'
end
desc 'Build CI Docker image'
task :build do
sh 'docker build -t cmur2/dyndnsd:ci -f docker/ci/Dockerfile .'
end
desc 'Scan CI Docker image for vulnerabilities'
task :scan do
ver = trivy_version.gsub('v', '')
sh "if [ ! -e ./trivy ]; then wget -q -O - https://github.com/aquasecurity/trivy/releases/download/v#{ver}/trivy_#{ver}_Linux-64bit.tar.gz | tar -xzf - trivy; fi"
sh "./trivy image #{ci_image}"
end
desc 'End-to-end test the CI Docker image'
task :e2e do
sh <<~SCRIPT
echo -n '{}' > e2e/db.json
chmod a+w e2e/db.json
SCRIPT
sh "docker run -d --name=dyndnsd-ci -v $(pwd)/e2e:/etc/dyndnsd -p 8080:8080 -p 5353:5353 #{ci_image}"
sh 'sleep 5'
puts '----------------------------------------'
# `dig` needs `sudo apt-get install -y -q dnsutils`
sh <<~SCRIPT
curl -s -o /dev/null -w '%{http_code}' 'http://localhost:8080/' | grep -q '401'
curl -s 'http://foo:secret@localhost:8080/nic/update?hostname=foo.dyn.example.org&myip=1.2.3.4' | grep -q 'good'
curl -s 'http://foo:secret@localhost:8080/nic/update?hostname=foo.dyn.example.org&myip=1.2.3.4' | grep -q 'nochg'
dig +short AXFR 'dyn.example.org' @127.0.0.1 -p 5353 | grep -q '1.2.3.4'
SCRIPT
puts '----------------------------------------'
sh <<~SCRIPT
docker logs dyndnsd-ci
docker container rm -f -v dyndnsd-ci
rm e2e/db.json
SCRIPT
end
end
task default: [:rubocop, :spec, 'bundle:audit', :solargraph]
desc 'Run all tasks desired for CI'
task ci: [:default, 'docker:lint', :build, 'docker:build', 'docker:e2e']
task :default => :spec

4
bin/dyndnsd Executable file
View File

@ -0,0 +1,4 @@
require 'dyndnsd'
Dyndnsd::Daemon.run!

22
docker/Dockerfile
View File

@ -1,22 +0,0 @@
FROM alpine:3.20.3
EXPOSE 5353 8080
ARG DYNDNSD_VERSION
RUN apk --no-cache add openssl ca-certificates && \
apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
apk --no-cache add --virtual .build-deps linux-headers ruby-dev build-base tzdata && \
gem install --no-document dyndnsd -v ${DYNDNSD_VERSION} && \
rm -rf /usr/lib/ruby/gems/*/cache/ && \
# set timezone to Berlin
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
apk del .build-deps
# Follow the principle of least privilege: run as unprivileged user.
# Running as non-root enables running this image in platforms like OpenShift
# that do not allow images running as root.
# User ID 65534 is usually user 'nobody'.
USER 65534
ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]

22
docker/ci/Dockerfile
View File

@ -1,22 +0,0 @@
FROM alpine:3.20.3
EXPOSE 5353 8080
COPY pkg/dyndnsd-*.gem /tmp/dyndnsd.gem
RUN apk --no-cache add openssl ca-certificates && \
apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
apk --no-cache add --virtual .build-deps linux-headers ruby-dev build-base tzdata && \
gem install --no-document /tmp/dyndnsd.gem && \
rm -rf /usr/lib/ruby/gems/*/cache/ && \
# set timezone to Berlin
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
apk del .build-deps
# Follow the principle of least privilege: run as unprivileged user.
# Running as non-root enables running this image in platforms like OpenShift
# that do not allow images running as root.
# User ID 65534 is usually user 'nobody'.
USER 65534
ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]

50
dyndnsd.gemspec
View File

@ -1,49 +1,31 @@
# frozen_string_literal: true
require_relative 'lib/dyndnsd/version'
$:.push File.expand_path("../lib", __FILE__)
require 'dyndnsd/version'
Gem::Specification.new do |s|
s.name = 'dyndnsd'
s.name = 'dyndnsd'
s.version = Dyndnsd::VERSION
s.summary = 'dyndnsd.rb'
s.description = 'A small, lightweight and extensible DynDNS server written with Ruby and Rack.'
s.author = 'Christian Nicolai'
s.author = 'Christian Nicolai'
s.email = 'chrnicolai@gmail.com'
s.license = 'Apache License Version 2.0'
s.homepage = 'https://github.com/cmur2/dyndnsd'
s.homepage = 'https://github.com/cmur2/dyndnsd'
s.license = 'Apache-2.0'
s.metadata = {
'bug_tracker_uri' => "#{s.homepage}/issues",
'changelog_uri' => "#{s.homepage}/blob/master/CHANGELOG.md",
'source_code_uri' => s.homepage
}
s.files = `git ls-files`.split($/)
s.test_files = s.files.grep(%r{^(test|spec|features)/})
s.files = `git ls-files -z`.split("\x0").select do |f|
f.match(%r{^(init.d|lib)/})
end
s.require_paths = ['lib']
s.bindir = 'exe'
s.executables = ['dyndnsd']
s.extra_rdoc_files = Dir['README.md', 'CHANGELOG.md', 'LICENSE']
s.required_ruby_version = '>= 3.0'
s.add_runtime_dependency 'rack'
s.add_runtime_dependency 'json'
s.add_runtime_dependency 'metriks'
s.add_dependency 'async', '~> 1.31.0'
s.add_dependency 'async-dns', '~> 1.3.0'
s.add_dependency 'metriks'
s.add_dependency 'opentelemetry-exporter-jaeger', '~> 0.22.0'
s.add_dependency 'opentelemetry-instrumentation-rack', '~> 0.22.0'
s.add_dependency 'opentelemetry-sdk', '~> 1.2.0'
s.add_dependency 'rack', '~> 3.0'
s.add_dependency 'rackup', '~> 2'
s.add_dependency 'webrick', '>= 1.6.1'
s.add_development_dependency 'bundler'
s.add_development_dependency 'bundler-audit', '~> 0.9.0'
s.add_development_dependency 'rack-test'
s.add_development_dependency 'bundler', '~> 1.3'
s.add_development_dependency 'rake'
s.add_development_dependency 'rspec'
s.add_development_dependency 'rubocop', '~> 1.66.0'
s.add_development_dependency 'rubocop-rake', '~> 0.6.0'
s.add_development_dependency 'rubocop-rspec', '~> 3.0.1'
s.add_development_dependency 'solargraph', '~> 0.49.0'
s.add_development_dependency 'rack-test'
end

31
e2e/config.yml
View File

@ -1,31 +0,0 @@
---
host: "0.0.0.0"
port: 8080
db: /etc/dyndnsd/db.json
debug: false
domain: dyn.example.org
#responder: RestStyle
updater:
name: zone_transfer_server
params:
server_listens:
- 0.0.0.0@5353
#send_notifies:
#- 10.0.2.15@53
zone_ttl: 300 # 5m
zone_nameservers:
- dns1.example.org.
- dns2.example.org.
zone_email_address: admin.example.org.
zone_additional_ips:
- "127.0.0.1"
- "::1"
users:
foo:
password: "secret"
hosts:
- foo.dyn.example.org
- bar.dyn.example.org

6
exe/dyndnsd
View File

@ -1,6 +0,0 @@
#!/usr/bin/env ruby
# frozen_string_literal: true
require 'dyndnsd'
Dyndnsd::Daemon.run!

0
docs/debian-6-init-dyndnsd → init.d/debian-6-dyndnsd Executable file → Normal file
View File

373
lib/dyndnsd.rb
View File

@ -1,276 +1,156 @@
# frozen_string_literal: true
#!/usr/bin/env ruby
require 'date'
require 'etc'
require 'logger'
require 'ipaddr'
require 'json'
require 'yaml'
require 'rack'
require 'rackup'
require 'metriks'
require 'opentelemetry/instrumentation/rack'
require 'opentelemetry/sdk'
require 'metriks/reporter/graphite'
require 'dyndnsd/generator/bind'
require 'dyndnsd/updater/command_with_bind_zone'
require 'dyndnsd/updater/zone_transfer_server'
require 'dyndnsd/responder/dyndns_style'
require 'dyndnsd/responder/rest_style'
require 'dyndnsd/database'
require 'dyndnsd/helper'
require 'dyndnsd/textfile_reporter'
require 'dyndnsd/version'
module Dyndnsd
# @return [Logger]
def self.logger
@logger
end
# @param logger [Logger]
# @return [Logger]
def self.logger=(logger)
@logger = logger
end
class LogFormatter
# @param lvl [Object]
# @param _time [DateTime]
# @param _progname [String]
# @param msg [Object]
# @return [String]
def call(lvl, _time, _progname, msg)
format("[%s] %-5s %s\n", Time.now.strftime('%Y-%m-%d %H:%M:%S'), lvl, msg.to_s)
def call(lvl, time, progname, msg)
"[%s] %-5s %s\n" % [Time.now.strftime('%Y-%m-%d %H:%M:%S'), lvl, msg.to_s]
end
end
class Daemon
# @param config [Hash{String => Object}]
# @param db [Dyndnsd::Database]
# @param updater [#update]
def initialize(config, db, updater)
def initialize(config, db, updater, responder)
@users = config['users']
@domain = config['domain']
@db = db
@updater = updater
@responder = responder
@db.load
@db['serial'] ||= 1
@db['hosts'] ||= {}
(@db.save; update) if @db.changed?
end
def update
@updater.update(@db)
if @db.changed?
@db.save
end
end
# @param username [String]
# @param password [String]
# @return [Boolean]
def authorized?(username, password)
Helper.span('check_authorized') do |span|
span.set_attribute('enduser.id', username)
allow = Helper.user_allowed?(username, password, @users)
if !allow
Dyndnsd.logger.warn "Login failed for #{username}"
Metriks.meter('requests.auth_failed').mark
end
allow
end
def is_fqdn_valid?(hostname)
return false if hostname.length < @domain.length + 2
return false if not hostname.end_with?(@domain)
name = hostname.chomp(@domain)
return false if not name.match(/^[a-zA-Z0-9_-]+\.$/)
true
end
# @param env [Hash{String => String}]
# @return [Array{Integer,Hash{String => String},Array<String>}]
def call(env)
return [422, {'X-DynDNS-Response' => 'method_forbidden'}, []] if env['REQUEST_METHOD'] != 'GET'
return [422, {'X-DynDNS-Response' => 'not_found'}, []] if env['PATH_INFO'] != '/nic/update'
return @responder.response_for_error(:method_forbidden) if env["REQUEST_METHOD"] != "GET"
return @responder.response_for_error(:not_found) if env["PATH_INFO"] != "/nic/update"
params = Rack::Utils.parse_query(env["QUERY_STRING"])
return @responder.response_for_error(:hostname_missing) if not params["hostname"]
hostnames = params["hostname"].split(',')
# Check if hostname match rules
hostnames.each do |hostname|
return @responder.response_for_error(:hostname_malformed) if not is_fqdn_valid?(hostname)
end
user = env["REMOTE_USER"]
hostnames.each do |hostname|
return @responder.response_for_error(:host_forbidden) if not @users[user]['hosts'].include? hostname
end
handle_dyndns_request(env)
# no myip?
if not params["myip"]
params["myip"] = env["REMOTE_ADDR"]
end
# malformed myip?
begin
IPAddr.new(params["myip"], Socket::AF_INET)
rescue ArgumentError
params["myip"] = env["REMOTE_ADDR"]
end
myip = params["myip"]
Metriks.meter('requests.valid').mark
Dyndnsd.logger.info "Request to update #{hostnames} to #{myip} for user #{user}"
changes = []
hostnames.each do |hostname|
if (not @db['hosts'].include? hostname) or (@db['hosts'][hostname] != myip)
changes << :good
@db['hosts'][hostname] = myip
Metriks.meter('requests.good').mark
else
changes << :nochg
Metriks.meter('requests.nochg').mark
end
end
if @db.changed?
@db['serial'] += 1
Dyndnsd.logger.info "Committing update ##{@db['serial']}"
@db.save
update
Metriks.meter('updates.committed').mark
end
@responder.response_for_changes(changes, myip)
end
# @return [void]
def self.run!
if ARGV.length != 1
puts 'Usage: dyndnsd config_file'
puts "Usage: dyndnsd config_file"
exit 1
end
config_file = ARGV[0]
if !File.file?(config_file)
puts 'Config file not found!'
if not File.file?(config_file)
puts "Config file not found!"
exit 1
end
puts "DynDNSd version #{Dyndnsd::VERSION}"
puts "Using config file #{config_file}"
config = YAML.safe_load_file(config_file)
setup_logger(config)
Dyndnsd.logger.info 'Starting...'
# drop privileges as soon as possible
# NOTE: first change group than user
if config['group']
group = Etc.getgrnam(config['group'])
Process::Sys.setgid(group.gid) if group
end
if config['user']
user = Etc.getpwnam(config['user'])
Process::Sys.setuid(user.uid) if user
end
setup_traps
setup_monitoring(config)
setup_tracing(config)
setup_rack(config)
end
private
# @param params [Hash{String => String}]
# @return [Array<String>]
def extract_v4_and_v6_address(params)
return [] if !(params['myip'])
begin
IPAddr.new(params['myip'], Socket::AF_INET)
IPAddr.new(params['myip6'], Socket::AF_INET6)
[params['myip'], params['myip6']]
rescue ArgumentError
[]
end
end
# @param env [Hash{String => String}]
# @param params [Hash{String => String}]
# @return [Array<String>]
def extract_myips(env, params)
# require presence of myip parameter as valid IPAddr (v4) and valid myip6
return extract_v4_and_v6_address(params) if params.key?('myip6')
# check whether myip parameter has valid IPAddr
return [params['myip']] if params.key?('myip') && Helper.ip_valid?(params['myip'])
# check whether X-Real-IP header has valid IPAddr
return [env['HTTP_X_REAL_IP']] if env.key?('HTTP_X_REAL_IP') && Helper.ip_valid?(env['HTTP_X_REAL_IP'])
# fallback value, always present
[env['REMOTE_ADDR']]
end
# @param hostnames [String]
# @param myips [Array<String>]
# @return [Array<Symbol>]
def process_changes(hostnames, myips)
changes = []
Helper.span('process_changes') do |span|
span.set_attribute('dyndnsd.hostnames', hostnames.join(','))
hostnames.each do |hostname|
# myips order is always deterministic
if myips.empty? && @db['hosts'].include?(hostname)
@db['hosts'].delete(hostname)
changes << :good
Metriks.meter('requests.good').mark
elsif Helper.changed?(hostname, myips, @db['hosts'])
@db['hosts'][hostname] = myips
changes << :good
Metriks.meter('requests.good').mark
else
changes << :nochg
Metriks.meter('requests.nochg').mark
end
end
end
changes
end
# @return [void]
def update_db
@db['serial'] += 1
Dyndnsd.logger.info "Committing update ##{@db['serial']}"
@updater.update(@db)
@db.save
Metriks.meter('updates.committed').mark
end
# @param env [Hash{String => String}]
# @return [Array{Integer,Hash{String => String},Array<String>}]
def handle_dyndns_request(env)
params = Rack::Utils.parse_query(env['QUERY_STRING'])
# require hostname parameter
return [422, {'X-DynDNS-Response' => 'hostname_missing'}, []] if !(params['hostname'])
hostnames = params['hostname'].split(',')
# check for invalid hostnames
invalid_hostnames = hostnames.select { |h| !Helper.fqdn_valid?(h, @domain) }
return [422, {'X-DynDNS-Response' => 'hostname_malformed'}, []] if invalid_hostnames.any?
# we can trust this information since user was authorized by middleware
user = env['REMOTE_USER']
# check for hostnames that the user does not own
forbidden_hostnames = hostnames - @users[user].fetch('hosts', [])
return [422, {'X-DynDNS-Response' => 'host_forbidden'}, []] if forbidden_hostnames.any?
if params['offline'] == 'YES'
myips = []
else
myips = extract_myips(env, params)
# require at least one IP to update
return [422, {'X-DynDNS-Response' => 'host_forbidden'}, []] if myips.empty?
end
Metriks.meter('requests.valid').mark
Dyndnsd.logger.info "Request to update #{hostnames} to #{myips} for user #{user}"
changes = process_changes(hostnames, myips)
update_db if @db.changed?
[200, {'X-DynDNS-Response' => 'success'}, [changes, myips]]
end
# SETUP
# @param config [Hash{String => Object}]
# @return [void]
private_class_method def self.setup_logger(config)
config = YAML::load(File.open(config_file, 'r') { |f| f.read })
if config['logfile']
Dyndnsd.logger = Logger.new(config['logfile'])
else
Dyndnsd.logger = Logger.new($stdout)
Dyndnsd.logger = Logger.new(STDOUT)
end
Dyndnsd.logger.progname = 'dyndnsd'
Dyndnsd.logger.progname = "dyndnsd"
Dyndnsd.logger.formatter = LogFormatter.new
Dyndnsd.logger.level = config['debug'] ? Logger::DEBUG : Logger::INFO
OpenTelemetry.logger = Dyndnsd.logger
end
Dyndnsd.logger.info "Starting..."
# drop privs (first change group than user)
Process::Sys.setgid(Etc.getgrnam(config['group']).gid) if config['group']
Process::Sys.setuid(Etc.getpwnam(config['user']).uid) if config['user']
# @return [void]
private_class_method def self.setup_traps
Signal.trap('INT') do
Rackup::Handler::WEBrick.shutdown
end
Signal.trap('TERM') do
Rackup::Handler::WEBrick.shutdown
end
end
# @param config [Hash{String => Object}]
# @return [void]
private_class_method def self.setup_monitoring(config)
# configure metriks
if config['graphite']
host = config['graphite']['host'] || 'localhost'
@ -279,12 +159,6 @@ module Dyndnsd
options[:prefix] = config['graphite']['prefix'] if config['graphite']['prefix']
reporter = Metriks::Reporter::Graphite.new(host, port, options)
reporter.start
elsif config['textfile']
file = config['textfile']['file'] || '/tmp/dyndnsd-metrics.prom'
options = {}
options[:prefix] = config['textfile']['prefix'] if config['textfile']['prefix']
reporter = Dyndnsd::TextfileReporter.new(file, options)
reporter.start
else
reporter = Metriks::Reporter::ProcTitle.new
reporter.add 'good', 'sec' do
@ -295,64 +169,33 @@ module Dyndnsd
end
reporter.start
end
end
# @param config [Hash{String => Object}]
# @return [void]
private_class_method def self.setup_tracing(config)
# by default do not try to emit any traces until the user opts in
ENV['OTEL_TRACES_EXPORTER'] ||= 'none'
# configure OpenTelemetry
OpenTelemetry::SDK.configure do |c|
if config.dig('tracing', 'jaeger')
require 'opentelemetry/exporter/jaeger'
c.add_span_processor(
OpenTelemetry::SDK::Trace::Export::BatchSpanProcessor.new(
OpenTelemetry::Exporter::Jaeger::AgentExporter.new
)
)
end
if config.dig('tracing', 'service_name')
c.service_name = config['tracing']['service_name']
end
c.service_version = Dyndnsd::VERSION
c.use('OpenTelemetry::Instrumentation::Rack')
end
if !config.dig('tracing', 'trust_incoming_span')
OpenTelemetry.propagation = OpenTelemetry::Context::Propagation::NoopTextMapPropagator.new
end
end
# @param config [Hash{String => Object}]
# @return [void]
private_class_method def self.setup_rack(config)
# configure daemon
db = Database.new(config['db'])
case config.dig('updater', 'name')
when 'command_with_bind_zone'
updater = Updater::CommandWithBindZone.new(config['domain'], config.dig('updater', 'params'))
when 'zone_transfer_server'
updater = Updater::ZoneTransferServer.new(config['domain'], config.dig('updater', 'params'))
end
daemon = Daemon.new(config, db, updater)
updater = Updater::CommandWithBindZone.new(config['domain'], config['updater']['params']) if config['updater']['name'] == 'command_with_bind_zone'
responder = Responder::DynDNSStyle.new
# configure rack
app = Rack::Auth::Basic.new(daemon, 'DynDNS', &daemon.method(:authorized?))
if config['responder'] == 'RestStyle'
app = Responder::RestStyle.new(app)
else
app = Responder::DynDNSStyle.new(app)
app = Daemon.new(config, db, updater, responder)
app = Rack::Auth::Basic.new(app, "DynDNS") do |user,pass|
allow = (config['users'].has_key? user) and (config['users'][user]['password'] == pass)
if not allow
Dyndnsd.logger.warn "Login failed for #{user}"
Metriks.meter('requests.auth_failed').mark
end
allow
end
app = OpenTelemetry::Instrumentation::Rack::Middlewares::TracerMiddleware.new(app)
Signal.trap('INT') do
Dyndnsd.logger.info "Quitting..."
Rack::Handler::WEBrick.shutdown
end
Signal.trap('TERM') do
Dyndnsd.logger.info "Quitting..."
Rack::Handler::WEBrick.shutdown
end
Rackup::Handler::WEBrick.run app, Host: config['host'], Port: config['port']
Rack::Handler::WEBrick.run app, :Host => config['host'], :Port => config['port']
end
end
end

23
lib/dyndnsd/database.rb
View File

@ -1,37 +1,30 @@
# frozen_string_literal: true
require 'forwardable'
module Dyndnsd
class Database
extend Forwardable
def_delegators :@db, :[], :[]=, :each, :has_key?
# @param db_file [String]
def initialize(db_file)
@db_file = db_file
end
# @return [void]
def load
if File.file?(@db_file)
@db = JSON.parse(File.read(@db_file, mode: 'r'))
@db = JSON.load(File.open(@db_file, 'r') { |f| f.read })
else
@db = {}
end
@db_hash = @db.hash
end
# @return [void]
def save
Helper.span('database_save') do |_span|
File.open(@db_file, 'w') { |f| JSON.dump(@db, f) }
@db_hash = @db.hash
end
File.open(@db_file, 'w') { |f| JSON.dump(@db, f) }
@db_hash = @db.hash
end
# @return [Boolean]
def changed?
@db_hash != @db.hash
end

37
lib/dyndnsd/generator/bind.rb
View File

@ -1,39 +1,30 @@
# frozen_string_literal: true
module Dyndnsd
module Generator
class Bind
# @param domain [String]
# @param updater_params [Hash{String => Object}]
def initialize(domain, updater_params)
def initialize(domain, config)
@domain = domain
@ttl = updater_params['ttl']
@dns = updater_params['dns']
@email_addr = updater_params['email_addr']
@additional_zone_content = updater_params['additional_zone_content']
@ttl = config['ttl']
@dns = config['dns']
@email_addr = config['email_addr']
@additional_zone_content = config['additional_zone_content']
end
# @param db [Dyndnsd::Database]
# @return [String]
def generate(db)
def generate(zone)
out = []
out << "$TTL #{@ttl}"
out << "$ORIGIN #{@domain}."
out << ''
out << "@ IN SOA #{@dns} #{@email_addr} ( #{db['serial']} 3h 5m 1w 1h )"
out << ""
out << "@ IN SOA #{@dns} #{@email_addr} ( #{zone['serial']} 3h 5m 1w 1h )"
out << "@ IN NS #{@dns}"
out << ''
db['hosts'].each do |hostname, ips|
ips.each do |ip|
ip = IPAddr.new(ip).native
type = ip.ipv6? ? 'AAAA' : 'A'
name = hostname.chomp(".#{@domain}")
out << "#{name} IN #{type} #{ip}"
end
out << ""
zone['hosts'].each do |hostname,ip|
name = hostname.chomp('.' + @domain)
out << "#{name} IN A #{ip}"
end
out << ''
out << ""
out << @additional_zone_content
out << ''
out << ""
out.join("\n")
end
end

62
lib/dyndnsd/helper.rb
View File

@ -1,62 +0,0 @@
# frozen_string_literal: true
require 'ipaddr'
module Dyndnsd
class Helper
# @param hostname [String]
# @param domain [String]
# @return [Boolean]
def self.fqdn_valid?(hostname, domain)
return false if hostname.length < domain.length + 2
return false if !hostname.end_with?(domain)
name = hostname.chomp(domain)
return false if !name.match(/^[a-zA-Z0-9_-]+\.$/)
true
end
# @param ip [String]
# @return [Boolean]
def self.ip_valid?(ip)
IPAddr.new(ip)
true
rescue ArgumentError
false
end
# @param username [String]
# @param password [String]
# @param users [Hash]
# @return [Boolean]
def self.user_allowed?(username, password, users)
(users.key? username) && (users[username]['password'] == password)
end
# @param hostname [String]
# @param myips [Array]
# @param hosts [Hash]
# @return [Boolean]
def self.changed?(hostname, myips, hosts)
# myips order is always deterministic
((!hosts.include? hostname) || (hosts[hostname] != myips)) && !myips.empty?
end
# @param operation [String]
# @param block [Proc]
# @return [void]
def self.span(operation, &block)
tracer = OpenTelemetry.tracer_provider.tracer(Dyndnsd.name, Dyndnsd::VERSION)
tracer.in_span(
operation,
attributes: {'component' => 'dyndnsd'},
kind: :server
) do |span|
Dyndnsd.logger.debug "Creating span ID #{span.context.hex_span_id} for trace ID #{span.context.hex_trace_id}"
block.call(span)
rescue StandardError => e
span.record_exception(e)
raise e
end
end
end
end

75
lib/dyndnsd/responder/dyndns_style.rb
View File

@ -1,71 +1,20 @@
# frozen_string_literal: true
module Dyndnsd
module Responder
class DynDNSStyle
# @param app [#call]
def initialize(app)
@app = app
def response_for_error(state)
# general http errors
return [405, {"Content-Type" => "text/plain"}, ["Method Not Allowed"]] if state == :method_forbidden
return [404, {"Content-Type" => "text/plain"}, ["Not Found"]] if state == :not_found
# specific errors
return [200, {"Content-Type" => "text/plain"}, ["notfqdn"]] if state == :hostname_missing
return [200, {"Content-Type" => "text/plain"}, ["nohost"]] if state == :host_forbidden
return [200, {"Content-Type" => "text/plain"}, ["notfqdn"]] if state == :hostname_malformed
end
# @param env [Hash{String => String}]
# @return [Array{Integer,Hash{String => String},Array<String>}]
def call(env)
@app.call(env).tap do |status_code, headers, body|
if headers.key?('X-DynDNS-Response')
return decorate_dyndnsd_response(status_code, headers, body)
else
return decorate_other_response(status_code, headers, body)
end
end
end
private
# @param status_code [Integer]
# @param headers [Hash{String => String}]
# @param body [Array<String>]
# @return [Array{Integer,Hash{String => String},Array<String>}]
def decorate_dyndnsd_response(status_code, headers, body)
case status_code
when 200
[200, {'Content-Type' => 'text/plain'}, [get_success_body(body[0], body[1])]]
when 422
error_response_map[headers['X-DynDNS-Response']]
end
end
# @param status_code [Integer]
# @param headers [Hash{String => String}]
# @param _body [Array<String>]
# @return [Array{Integer,Hash{String => String},Array<String>}]
def decorate_other_response(status_code, headers, _body)
case status_code
when 400
[status_code, headers, ['Bad Request']]
when 401
[status_code, headers, ['badauth']]
end
end
# @param changes [Array<Symbol>]
# @param myips [Array<String>]
# @return [String]
def get_success_body(changes, myips)
changes.map { |change| "#{change} #{myips.join(' ')}" }.join("\n")
end
# @return [Hash{String => Object}]
def error_response_map
{
# general http errors
'method_forbidden' => [405, {'Content-Type' => 'text/plain'}, ['Method Not Allowed']],
'not_found' => [404, {'Content-Type' => 'text/plain'}, ['Not Found']],
# specific errors
'hostname_missing' => [200, {'Content-Type' => 'text/plain'}, ['notfqdn']],
'hostname_malformed' => [200, {'Content-Type' => 'text/plain'}, ['notfqdn']],
'host_forbidden' => [200, {'Content-Type' => 'text/plain'}, ['nohost']]
}
def response_for_changes(states, ip)
body = states.map { |state| "#{state} #{ip}" }.join("\n")
return [200, {"Content-Type" => "text/plain"}, [body]]
end
end
end

75
lib/dyndnsd/responder/rest_style.rb
View File

@ -1,71 +1,20 @@
# frozen_string_literal: true
module Dyndnsd
module Responder
class RestStyle
# @param app [#call]
def initialize(app)
@app = app
def response_for_error(state)
# general http errors
return [405, {"Content-Type" => "text/plain"}, ["Method Not Allowed"]] if state == :method_forbidden
return [404, {"Content-Type" => "text/plain"}, ["Not Found"]] if state == :not_found
# specific errors
return [422, {"Content-Type" => "text/plain"}, ["Hostname missing"]] if state == :hostname_missing
return [403, {"Content-Type" => "text/plain"}, ["Forbidden"]] if state == :host_forbidden
return [422, {"Content-Type" => "text/plain"}, ["Hostname malformed"]] if state == :hostname_malformed
end
# @param env [Hash{String => String}]
# @return [Array{Integer,Hash{String => String},Array<String>}]
def call(env)
@app.call(env).tap do |status_code, headers, body|
if headers.key?('X-DynDNS-Response')
return decorate_dyndnsd_response(status_code, headers, body)
else
return decorate_other_response(status_code, headers, body)
end
end
end
private
# @param status_code [Integer]
# @param headers [Hash{String => String}]
# @param body [Array<String>]
# @return [Array{Integer,Hash{String => String},Array<String>}]
def decorate_dyndnsd_response(status_code, headers, body)
case status_code
when 200
[200, {'Content-Type' => 'text/plain'}, [get_success_body(body[0], body[1])]]
when 422
error_response_map[headers['X-DynDNS-Response']]
end
end
# @param status_code [Integer]
# @param headers [Hash{String => String}]
# @param _body [Array<String>]
# @return [Array{Integer,Hash{String => String},Array<String>}]
def decorate_other_response(status_code, headers, _body)
case status_code
when 400
[status_code, headers, ['Bad Request']]
when 401
[status_code, headers, ['Unauthorized']]
end
end
# @param changes [Array<Symbol>]
# @param myips [Array<String>]
# @return [String]
def get_success_body(changes, myips)
changes.map { |change| change == :good ? "Changed to #{myips.join(' ')}" : "No change needed for #{myips.join(' ')}" }.join("\n")
end
# @return [Hash{String => Object}]
def error_response_map
{
# general http errors
'method_forbidden' => [405, {'Content-Type' => 'text/plain'}, ['Method Not Allowed']],
'not_found' => [404, {'Content-Type' => 'text/plain'}, ['Not Found']],
# specific errors
'hostname_missing' => [422, {'Content-Type' => 'text/plain'}, ['Hostname missing']],
'hostname_malformed' => [422, {'Content-Type' => 'text/plain'}, ['Hostname malformed']],
'host_forbidden' => [403, {'Content-Type' => 'text/plain'}, ['Forbidden']]
}
def response_for_changes(states, ip)
body = states.map { |state| state == :good ? "Changed to #{ip}" : "No change needed for #{ip}" }.join("\n")
return [200, {"Content-Type" => "text/plain"}, [body]]
end
end
end

122
lib/dyndnsd/textfile_reporter.rb
View File

@ -1,122 +0,0 @@
# frozen_string_literal: true
# Adapted from https://github.com/eric/metriks-graphite/blob/master/lib/metriks/reporter/graphite.rb
require 'metriks'
module Dyndnsd
class TextfileReporter
# @return [String]
attr_reader :file
# @param file [String]
# @param options [Hash{Symbol => Object}]
def initialize(file, options = {})
@file = file
@prefix = options[:prefix]
@registry = options[:registry] || Metriks::Registry.default
@interval = options[:interval] || 60
@on_error = options[:on_error] || proc { |ex| } # default: ignore errors
end
# @return [void]
def start
@thread ||= Thread.new do
loop do
sleep @interval
Thread.new do
write
rescue StandardError => e
@on_error[e] rescue nil
end
end
end
end
# @return [void]
def stop
@thread&.kill
@thread = nil
end
# @return [void]
def restart
stop
start
end
# @return [void]
def write
File.open(@file, 'w') do |f|
@registry.each do |name, metric|
case metric
when Metriks::Meter
write_metric f, name, metric, [
:count, :one_minute_rate, :five_minute_rate,
:fifteen_minute_rate, :mean_rate
]
when Metriks::Counter
write_metric f, name, metric, [
:count
]
when Metriks::UtilizationTimer
write_metric f, name, metric, [
:count, :one_minute_rate, :five_minute_rate,
:fifteen_minute_rate, :mean_rate,
:min, :max, :mean, :stddev,
:one_minute_utilization, :five_minute_utilization,
:fifteen_minute_utilization, :mean_utilization
], [
:median, :get_95th_percentile
]
when Metriks::Timer
write_metric f, name, metric, [
:count, :one_minute_rate, :five_minute_rate,
:fifteen_minute_rate, :mean_rate,
:min, :max, :mean, :stddev
], [
:median, :get_95th_percentile
]
when Metriks::Histogram
write_metric f, name, metric, [
:count, :min, :max, :mean, :stddev
], [
:median, :get_95th_percentile
]
end
end
end
end
# @param file [String]
# @param base_name [String]
# @param metric [Object]
# @param keys [Array<Symbol>]
# @param snapshot_keys [Array<Symbol>]
# @return [void]
def write_metric(file, base_name, metric, keys, snapshot_keys = [])
time = Time.now.to_i
base_name = base_name.to_s.gsub(/ +/, '_')
base_name = "#{@prefix}.#{base_name}" if @prefix
keys.flatten.each do |key|
name = key.to_s.gsub(/^get_/, '')
value = metric.send(key)
file.write("#{base_name}.#{name} #{value} #{time}\n")
end
unless snapshot_keys.empty?
snapshot = metric.snapshot
snapshot_keys.flatten.each do |key|
name = key.to_s.gsub(/^get_/, '')
value = snapshot.send(key)
file.write("#{base_name}.#{name} #{value} #{time}\n")
end
end
end
end
end

39
lib/dyndnsd/updater/command_with_bind_zone.rb
View File

@ -1,35 +1,22 @@
# frozen_string_literal: true
module Dyndnsd
module Updater
class CommandWithBindZone
# @param domain [String]
# @param updater_params [Hash{String => Object}]
def initialize(domain, updater_params)
@zone_file = updater_params['zone_file']
@command = updater_params['command']
@generator = Generator::Bind.new(domain, updater_params)
def initialize(domain, config)
@zone_file = config['zone_file']
@command = config['command']
@generator = Generator::Bind.new(domain, config)
end
# @param db [Dyndnsd::Database]
# @return [void]
def update(db)
# do not regenerate zone file (assumed to be persistent) if DB did not change
return if !db.changed?
Helper.span('updater_update') do |span|
span.set_attribute('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
# write zone file in bind syntax
File.write(@zone_file, @generator.generate(db))
# call user-defined command
pid = fork do
exec @command
end
# detach so children don't become zombies
Process.detach(pid) if pid
def update(zone)
# write zone file in bind syntax
File.open(@zone_file, 'w') { |f| f.write(@generator.generate(zone)) }
# call user-defined command
pid = fork do
exec @command
end
# detach so children don't become zombies
Process.detach(pid)
end
end
end

158
lib/dyndnsd/updater/zone_transfer_server.rb
View File

@ -1,158 +0,0 @@
# frozen_string_literal: true
require 'resolv'
require 'securerandom'
require 'async/dns'
module Dyndnsd
module Updater
class ZoneTransferServer
DEFAULT_SERVER_LISTENS = ['0.0.0.0@53'].freeze
# @param domain [String]
# @param updater_params [Hash{String => Object}]
def initialize(domain, updater_params)
@domain = domain
@server_listens = self.class.parse_endpoints(updater_params['server_listens'] || DEFAULT_SERVER_LISTENS)
@notify_targets = (updater_params['send_notifies'] || []).map { |e| self.class.parse_endpoints([e]) }
@zone_rr_ttl = updater_params['zone_ttl']
@zone_nameservers = updater_params['zone_nameservers'].map { |n| Resolv::DNS::Name.create(n) }
@zone_email_address = Resolv::DNS::Name.create(updater_params['zone_email_address'])
@zone_additional_ips = updater_params['zone_additional_ips'] || []
@server = ZoneTransferServerHelper.new(@server_listens, @domain)
# run Async::DNS server in background thread
Thread.new do
@server.run
end
end
# @param db [Dyndnsd::Database]
# @return [void]
def update(db)
Helper.span('updater_update') do |span|
span.set_attribute('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
soa_rr = Resolv::DNS::Resource::IN::SOA.new(
@zone_nameservers[0], @zone_email_address,
db['serial'],
10_800, # 3h
300, # 5m
604_800, # 1w
3_600 # 1h
)
default_options = {ttl: @zone_rr_ttl}
# array containing all resource records for an AXFR request in the right order
rrs = []
# AXFR responses need to start with zone's SOA RR
rrs << [soa_rr, default_options]
# return RRs for all of the zone's nameservers
@zone_nameservers.each do |ns|
rrs << [Resolv::DNS::Resource::IN::NS.new(ns), default_options]
end
# return A/AAAA RRs for all additional IPv4s/IPv6s for the domain itself
@zone_additional_ips.each do |ip|
rrs << [create_addr_rr_for_ip(ip), default_options]
end
# return A/AAAA RRs for the dyndns hostnames
db['hosts'].each do |hostname, ips|
ips.each do |ip|
rrs << [create_addr_rr_for_ip(ip), default_options.merge({name: hostname})]
end
end
# AXFR responses need to end with zone's SOA RR again
rrs << [soa_rr, default_options]
# point Async::DNS server thread's variable to this new RR array
@server.axfr_rrs = rrs
# only send DNS NOTIFY if there really was a change
if db.changed?
send_dns_notify
end
end
end
# converts into suitable parameter form for Async::DNS::Resolver or Async::DNS::Server
#
# @param endpoint_list [Array<String>]
# @return [Array{Array{Object}}]
def self.parse_endpoints(endpoint_list)
endpoint_list.map { |addr_string| addr_string.split('@') }
.map { |addr_parts| [addr_parts[0], addr_parts[1].to_i || 53] }
.map { |addr| [:tcp, :udp].map { |type| [type] + addr } }
.flatten(1)
end
private
# creates correct Resolv::DNS::Resource object for IP address type
#
# @param ip_string [String]
# @return [Resolv::DNS::Resource::IN::A,Resolv::DNS::Resource::IN::AAAA]
def create_addr_rr_for_ip(ip_string)
ip = IPAddr.new(ip_string).native
if ip.ipv6?
Resolv::DNS::Resource::IN::AAAA.new(ip.to_s)
else
Resolv::DNS::Resource::IN::A.new(ip.to_s)
end
end
# https://tools.ietf.org/html/rfc1996
#
# @return [void]
def send_dns_notify
Async::Reactor.run do
@notify_targets.each do |notify_target|
target = Async::DNS::Resolver.new(notify_target)
# assemble DNS NOTIFY message
request = Resolv::DNS::Message.new(SecureRandom.random_number(2**16))
request.opcode = Resolv::DNS::OpCode::Notify
request.add_question("#{@domain}.", Resolv::DNS::Resource::IN::SOA)
_response = target.dispatch_request(request)
end
end
end
end
class ZoneTransferServerHelper < Async::DNS::Server
attr_accessor :axfr_rrs
def initialize(endpoints, domain)
super(endpoints, logger: Dyndnsd.logger)
@domain = domain
end
# @param name [String]
# @param resource_class [Resolv::DNS::Resource]
# Since solargraph cannot parse this: param transaction [Async::DNS::Transaction]
# @return [void]
def process(name, resource_class, transaction)
if name != @domain || resource_class != Resolv::DNS::Resource::Generic::Type252_Class1
transaction.fail!(:NXDomain)
return
end
# https://tools.ietf.org/html/rfc5936
transaction.append_question!
@axfr_rrs.each do |rr|
transaction.add([rr[0]], rr[1])
end
end
end
end
end

3
lib/dyndnsd/version.rb
View File

@ -1,5 +1,4 @@
# frozen_string_literal: true
module Dyndnsd
VERSION = '3.9.2'
VERSION = "1.3.0"
end

142
spec/daemon_spec.rb Normal file
View File

@ -0,0 +1,142 @@
require 'spec_helper'
describe Dyndnsd::Daemon do
include Rack::Test::Methods
def app
Dyndnsd.logger = Logger.new(STDOUT)
Dyndnsd.logger.level = Logger::UNKNOWN
config = {
'domain' => 'example.org',
'users' => {
'test' => {
'password' => 'secret',
'hosts' => ['foo.example.org', 'bar.example.org']
}
}
}
db = Dyndnsd::DummyDatabase.new({})
updater = Dyndnsd::Updater::Dummy.new
responder = Dyndnsd::Responder::DynDNSStyle.new
app = Dyndnsd::Daemon.new(config, db, updater, responder)
Rack::Auth::Basic.new(app, "DynDNS") do |user,pass|
(config['users'].has_key? user) and (config['users'][user]['password'] == pass)
end
end
it 'requires authentication' do
get '/'
last_response.status.should == 401
pending 'Need to find a way to add custom body on 401 responses'
last_response.should be_ok 'badauth'
end
it 'only supports GET requests' do
authorize 'test', 'secret'
post '/nic/update'
last_response.status.should == 405
end
it 'provides only the /nic/update URL' do
authorize 'test', 'secret'
get '/other/url'
last_response.status.should == 404
end
it 'requires the hostname query parameter' do
authorize 'test', 'secret'
get '/nic/update'
last_response.should be_ok
last_response.body.should == 'notfqdn'
end
it 'supports multiple hostnames in request' do
authorize 'test', 'secret'
get '/nic/update?hostname=foo.example.org,bar.example.org&myip=1.2.3.4'
last_response.should be_ok
last_response.body.should == "good 1.2.3.4\ngood 1.2.3.4"
end
it 'rejects request if one hostname is invalid' do
authorize 'test', 'secret'
get '/nic/update?hostname=test'
last_response.should be_ok
last_response.body.should == 'notfqdn'
get '/nic/update?hostname=test.example.com'
last_response.should be_ok
last_response.body.should == 'notfqdn'
get '/nic/update?hostname=test.example.org.me'
last_response.should be_ok
last_response.body.should == 'notfqdn'
get '/nic/update?hostname=foo.test.example.org'
last_response.should be_ok
last_response.body.should == 'notfqdn'
get '/nic/update?hostname=in%20valid.example.org'
last_response.should be_ok
last_response.body.should == 'notfqdn'
get '/nic/update?hostname=valid.example.org,in.valid.example.org'
last_response.should be_ok
last_response.body.should == 'notfqdn'
end
it 'rejects request if user does not own one hostname' do
authorize 'test', 'secret'
get '/nic/update?hostname=notmyhost.example.org'
last_response.should be_ok
last_response.body.should == 'nohost'
get '/nic/update?hostname=foo.example.org,notmyhost.example.org'
last_response.should be_ok
last_response.body.should == 'nohost'
end
it 'updates a host on IPv4 change' do
authorize 'test', 'secret'
get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
last_response.should be_ok
get '/nic/update?hostname=foo.example.org&myip=1.2.3.40'
last_response.should be_ok
last_response.body.should == 'good 1.2.3.40'
end
it 'returns IPv4 no change' do
authorize 'test', 'secret'
get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
last_response.should be_ok
get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
last_response.should be_ok
last_response.body.should == 'nochg 1.2.3.4'
end
it 'outputs IPv4 status per hostname' do
authorize 'test', 'secret'
get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
last_response.should be_ok
last_response.body.should == 'good 1.2.3.4'
get '/nic/update?hostname=foo.example.org,bar.example.org&myip=1.2.3.4'
last_response.should be_ok
last_response.body.should == "nochg 1.2.3.4\ngood 1.2.3.4"
end
it 'uses clients remote IPv4 address if myip not specified' do
authorize 'test', 'secret'
get '/nic/update?hostname=foo.example.org'
last_response.should be_ok
last_response.body.should == 'good 127.0.0.1'
end
end

251
spec/dyndnsd/daemon_spec.rb
View File

@ -1,251 +0,0 @@
# frozen_string_literal: true
require_relative '../spec_helper'
describe Dyndnsd::Daemon do
include Rack::Test::Methods
def app
Dyndnsd.logger = Logger.new($stdout)
Dyndnsd.logger.level = Logger::UNKNOWN
config = {
'domain' => 'example.org',
'users' => {
'test' => {
'password' => 'secret',
'hosts' => ['foo.example.org', 'bar.example.org']
},
'test2' => {
'password' => 'ihavenohosts'
}
}
}
db = Dyndnsd::DummyDatabase.new({})
updater = Dyndnsd::Updater::Dummy.new
daemon = Dyndnsd::Daemon.new(config, db, updater)
app = Rack::Auth::Basic.new(daemon, 'DynDNS', &daemon.method(:authorized?))
Dyndnsd::Responder::DynDNSStyle.new(app)
end
it 'requires authentication' do
get '/'
expect(last_response.status).to eq(401)
expect(last_response.body).to eq('badauth')
end
it 'requires configured correct credentials' do
authorize 'test', 'wrongsecret'
get '/'
expect(last_response.status).to eq(401)
expect(last_response.body).to eq('badauth')
end
it 'only supports GET requests' do
authorize 'test', 'secret'
post '/nic/update'
expect(last_response.status).to eq(405)
end
it 'provides only the /nic/update URL' do
authorize 'test', 'secret'
get '/other/url'
expect(last_response.status).to eq(404)
end
it 'requires the hostname query parameter' do
authorize 'test', 'secret'
get '/nic/update'
expect(last_response).to be_ok
expect(last_response.body).to eq('notfqdn')
end
it 'supports multiple hostnames in request' do
authorize 'test', 'secret'
get '/nic/update?hostname=foo.example.org,bar.example.org&myip=1.2.3.4'
expect(last_response).to be_ok
expect(last_response.body).to eq("good 1.2.3.4\ngood 1.2.3.4")
get '/nic/update?hostname=foo.example.org,bar.example.org&myip=2001:db8::1'
expect(last_response).to be_ok
expect(last_response.body).to eq("good 2001:db8::1\ngood 2001:db8::1")
end
it 'rejects request if one hostname is invalid' do
authorize 'test', 'secret'
get '/nic/update?hostname=test'
expect(last_response).to be_ok
expect(last_response.body).to eq('notfqdn')
get '/nic/update?hostname=test.example.com'
expect(last_response).to be_ok
expect(last_response.body).to eq('notfqdn')
get '/nic/update?hostname=test.example.org.me'
expect(last_response).to be_ok
expect(last_response.body).to eq('notfqdn')
get '/nic/update?hostname=foo.test.example.org'
expect(last_response).to be_ok
expect(last_response.body).to eq('notfqdn')
get '/nic/update?hostname=in%20valid.example.org'
expect(last_response).to be_ok
expect(last_response.body).to eq('notfqdn')
get '/nic/update?hostname=valid.example.org,in.valid.example.org'
expect(last_response).to be_ok
expect(last_response.body).to eq('notfqdn')
end
it 'rejects request if user does not own any hostnames' do
authorize 'test2', 'ihavenohosts'
get '/nic/update?hostname=doesnotexisthost.example.org'
expect(last_response).to be_ok
expect(last_response.body).to eq('nohost')
end
it 'rejects request if user does not own one hostname' do
authorize 'test', 'secret'
get '/nic/update?hostname=notmyhost.example.org'
expect(last_response).to be_ok
expect(last_response.body).to eq('nohost')
get '/nic/update?hostname=foo.example.org,notmyhost.example.org'
expect(last_response).to be_ok
expect(last_response.body).to eq('nohost')
end
it 'updates a host on IP change' do
authorize 'test', 'secret'
get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
expect(last_response).to be_ok
get '/nic/update?hostname=foo.example.org&myip=1.2.3.40'
expect(last_response).to be_ok
expect(last_response.body).to eq('good 1.2.3.40')
get '/nic/update?hostname=foo.example.org&myip=2001:db8::1'
expect(last_response).to be_ok
get '/nic/update?hostname=foo.example.org&myip=2001:db8::10'
expect(last_response).to be_ok
expect(last_response.body).to eq('good 2001:db8::10')
end
it 'returns IP no change' do
authorize 'test', 'secret'
get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
expect(last_response).to be_ok
get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
expect(last_response).to be_ok
expect(last_response.body).to eq('nochg 1.2.3.4')
get '/nic/update?hostname=foo.example.org&myip=2001:db8::1'
expect(last_response).to be_ok
get '/nic/update?hostname=foo.example.org&myip=2001:db8::1'
expect(last_response).to be_ok
expect(last_response.body).to eq('nochg 2001:db8::1')
end
it 'outputs IP status per hostname' do
authorize 'test', 'secret'
get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
expect(last_response).to be_ok
expect(last_response.body).to eq('good 1.2.3.4')
get '/nic/update?hostname=foo.example.org,bar.example.org&myip=1.2.3.4'
expect(last_response).to be_ok
expect(last_response.body).to eq("nochg 1.2.3.4\ngood 1.2.3.4")
get '/nic/update?hostname=foo.example.org&myip=2001:db8::1'
expect(last_response).to be_ok
expect(last_response.body).to eq('good 2001:db8::1')
get '/nic/update?hostname=foo.example.org,bar.example.org&myip=2001:db8::1'
expect(last_response).to be_ok
expect(last_response.body).to eq("nochg 2001:db8::1\ngood 2001:db8::1")
end
it 'offlines a host' do
authorize 'test', 'secret'
get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
expect(last_response).to be_ok
expect(last_response.body).to eq('good 1.2.3.4')
get '/nic/update?hostname=foo.example.org&offline=YES'
expect(last_response).to be_ok
expect(last_response.body).to eq('good ')
get '/nic/update?hostname=foo.example.org&offline=YES'
expect(last_response).to be_ok
expect(last_response.body).to eq('nochg ')
get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
expect(last_response).to be_ok
expect(last_response.body).to eq('good 1.2.3.4')
get '/nic/update?hostname=foo.example.org&myip=1.2.3.4&offline=YES'
expect(last_response).to be_ok
expect(last_response.body).to eq('good ')
get '/nic/update?hostname=foo.example.org&myip=1.2.3.4&offline=YES'
expect(last_response).to be_ok
expect(last_response.body).to eq('nochg ')
end
it 'uses clients remote IP address if myip not specified' do
authorize 'test', 'secret'
get '/nic/update?hostname=foo.example.org'
expect(last_response).to be_ok
expect(last_response.body).to eq('good 127.0.0.1')
end
it 'uses clients remote IP address from X-Real-IP header if behind proxy' do
authorize 'test', 'secret'
get '/nic/update?hostname=foo.example.org', '', 'HTTP_X_REAL_IP' => '10.0.0.1'
expect(last_response).to be_ok
expect(last_response.body).to eq('good 10.0.0.1')
get '/nic/update?hostname=foo.example.org', '', 'HTTP_X_REAL_IP' => '2001:db8::1'
expect(last_response).to be_ok
expect(last_response.body).to eq('good 2001:db8::1')
end
it 'supports an IPv4 and an IPv6 address in one request' do
authorize 'test', 'secret'
get '/nic/update?hostname=foo.example.org&myip=1.2.3.4&myip6=2001:db8::1'
expect(last_response).to be_ok
expect(last_response.body).to eq('good 1.2.3.4 2001:db8::1')
get '/nic/update?hostname=foo.example.org&myip=BROKENIP&myip6=2001:db8::1'
expect(last_response).to be_ok
expect(last_response.body).to eq('nohost')
get '/nic/update?hostname=foo.example.org&myip=1.2.3.4&myip6=BROKENIP'
expect(last_response).to be_ok
expect(last_response.body).to eq('nohost')
get '/nic/update?hostname=foo.example.org&myip6=2001:db8::10'
expect(last_response).to be_ok
expect(last_response.body).to eq('nohost')
get '/nic/update?hostname=foo.example.org&myip=1.2.3.40'
expect(last_response).to be_ok
expect(last_response.body).to eq('good 1.2.3.40')
end
end

6
spec/spec_helper.rb
View File

@ -1,10 +1,8 @@
# frozen_string_literal: true
require 'rubygems'
require 'bundler/setup'
require 'rack/test'
require 'dyndnsd'
require_relative 'support/dummy_database'
require_relative 'support/dummy_updater'
require 'support/dummy_database'
require 'support/dummy_updater'

5
spec/support/dummy_database.rb
View File

@ -1,11 +1,10 @@
# frozen_string_literal: true
require 'forwardable'
module Dyndnsd
class DummyDatabase
extend Forwardable
def_delegators :@db, :[], :[]=, :each, :has_key?
def initialize(db_init)
@ -26,3 +25,5 @@ module Dyndnsd
end
end
end

1
spec/support/dummy_updater.rb
View File

@ -1,4 +1,3 @@
# frozen_string_literal: true
module Dyndnsd
module Updater

13
upgrade-version.sh
View File

@ -1,13 +0,0 @@
#!/bin/bash -eux
sed -i "s/$1/$2/g" lib/dyndnsd/version.rb
release_date=$(LC_ALL=en_US.utf8 date +"%B %-d, %Y")
if grep "## $2 (" CHANGELOG.md; then
true
elif grep "## $2" CHANGELOG.md; then
sed -i "s/## $2/## $2 ($release_date)/g" CHANGELOG.md
else
echo "## $2 ($release_date)" >> CHANGELOG.md
fi