docs: add link to newer version

Guessing an existing user's name was enough to successfully authenticate.

.travis.yml

@@ -1,9 +1,5 @@
 language: ruby
-
 rvm:
-  - 2.0.0
+  - 2.4
+  - 2.1
   - 1.9.3
-  - 1.8.7
-
-gemfile:
-  - Gemfile

README.md

@@ -1,14 +1,18 @@
 # dyndnsd.rb
 
-[![Build Status](https://travis-ci.org/cmur2/dyndnsd.png)](https://travis-ci.org/cmur2/dyndnsd)
+[![Build Status](https://travis-ci.org/cmur2/dyndnsd.svg?branch=dyndnsd-1.x)](https://travis-ci.org/cmur2/dyndnsd)
 
 A small, lightweight and extensible DynDNS server written with Ruby and Rack.
 
+**Note:** a newer version of dyndnsd.rb is available on [branch master](https://github.com/cmur2/dyndnsd), see also the [changelog](https://github.com/cmur2/dyndnsd/blob/master/CHANGELOG.md).
+
 ## Description
 
-dyndnsd.rb is aimed to implement a small [DynDNS-compliant](http://dyn.com/support/developers/api/) server in Ruby. It has an integrated user and hostname database in it's configuration file that is used for authentication and authorization. Besides talking the DynDNS protocol it is able to invoke an so-called *updater*, a small Ruby module that takes care of supplying the current host => ip mapping to a DNS server.
+dyndnsd.rb aims to implement a small [DynDNS-compliant](https://help.dyn.com/remote-access-api/) server in Ruby supporting IPv4 and IPv6 addresses. It has an integrated user and hostname database in it's configuration file that is used for authentication and authorization. Besides talking the DynDNS protocol it is able to invoke an so-called *updater*, a small Ruby module that takes care of supplying the current host => ip mapping to a DNS server.
 
-The is currently one updater shipped with dyndnsd.rb `command_with_bind_zone` that writes out a zone file in BIND syntax onto the current system and invokes a user-supplied command afterwards that is assumed to trigger the DNS server (not necessarily BIND since it's zone files are read by other DNS servers too) to reload it's zone configuration.
+There is currently one updater shipped with dyndnsd.rb `command_with_bind_zone` that writes out a zone file in BIND syntax onto the current system and invokes a user-supplied command afterwards that is assumed to trigger the DNS server (not necessarily BIND since it's zone files are read by other DNS servers too) to reload it's zone configuration.
+
+Because of the mechanisms used dyndnsd.rb is known to work only on \*nix systems.
 
 ## General Usage
 
@@ -16,14 +20,15 @@ Install the gem:
 
 	gem install dyndnsd
 
-(Optionally install the `json` gem too if you're on Ruby 1.8.)
-
 Create a configuration file in YAML format somewhere:
 
 ```yaml
 # listen address and port
 host: "0.0.0.0"
 port: "80"
+# optional: drop priviliges in case you want to but you may need sudo for external commands
+user: "nobody"
+group: "nogroup"
 # logfile is optional, logs to STDOUT else
 logfile: "dyndnsd.log"
 # interal database file
@@ -109,13 +114,23 @@ where:
 * HOSTNAMES is a required list of comma separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
 * MYIP is optional and the HTTP client's address will be used if missing
 
+### IP address determination
+
+The following rules apply:
+
+* use any IP address provided via the myip parameter when present, or
+* use any IP address provided via the X-Real-IP header e.g. when used behind HTTP reverse proxy such as nginx, or
+* use any IP address used by the connecting HTTP client
+
+If you want to provide an additional IPv6 address as myip6 parameter the myip parameter containing an IPv4 address has to be present, too! No automatism is applied then.
+
 ### SSL, multiple listen ports
 
 Use a webserver as a proxy to handle SSL and/or multiple listen addresses and ports. DynDNS.com provides HTTP on port 80 and 8245 and HTTPS on port 443.
 
 ### Init scripts
 
-The [Debian 6 init.d script](init.d/debian-6-dyndnsd) assumes that dyndnsd.rb is installed into the system ruby (no RVM support) and the config.yaml is at /opt/dyndnsd/config.yaml.
+The [Debian 6 init.d script](init.d/debian-6-dyndnsd) assumes that dyndnsd.rb is installed into the system ruby (no RVM support) and the config.yaml is at /opt/dyndnsd/config.yaml. Modify to your needs.
 
 ## License
 

dyndnsd.gemspec

@@ -20,10 +20,11 @@ Gem::Specification.new do |s|
 
   s.executables = ['dyndnsd']
 
-  s.add_runtime_dependency 'rack'
+  s.add_runtime_dependency 'rack', '~> 1.6'
   s.add_runtime_dependency 'json'
+  s.add_runtime_dependency 'metriks'
 
-  s.add_development_dependency 'bundler', '~> 1.3'
+  s.add_development_dependency 'bundler'
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec'
   s.add_development_dependency 'rack-test'

init.d/debian-6-dyndnsd

@@ -23,18 +23,21 @@ case "$1" in
   start)
     log_daemon_msg "Starting dyndnsd.rb" "dyndnsd"
     start-stop-daemon --start --quiet --oknodo --make-pidfile --pidfile "/var/run/dyndnsd.pid" --background --exec $DAEMON -- $DAEMON_OPTS
+    log_end_msg $?
     ;;
   stop)
     log_daemon_msg "Stopping dyndnsd.rb" "dyndnsd"
     start-stop-daemon --stop --quiet --oknodo --pidfile "/var/run/dyndnsd.pid"
+    log_end_msg $?
     ;;
   restart|force-reload)
     log_daemon_msg "Restarting dyndnsd.rb" "dyndnsd"
     start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile "/var/run/dyndsd.pid"
     start-stop-daemon --start --quiet --oknodo --make-pidfile --pidfile "/var/run/dyndnsd.pid" --background --exec $DAEMON -- $DAEMON_OPTS
+    log_end_msg $?
     ;;
   *)
-    echo "Usage: $0 {start|stop|restart|force-reload}" >&2
-    exit 1
+    log_action_msg "Usage: $0 {start|stop|restart|force-reload}"
+    exit 2
     ;;
 esac

lib/dyndnsd.rb

@@ -1,10 +1,13 @@
 #!/usr/bin/env ruby
 
+require 'etc'
 require 'logger'
 require 'ipaddr'
 require 'json'
 require 'yaml'
 require 'rack'
+require 'metriks'
+require 'metriks/reporter/graphite'
 
 require 'dyndnsd/generator/bind'
 require 'dyndnsd/updater/command_with_bind_zone'
@@ -41,11 +44,11 @@ module Dyndnsd
       @db['hosts'] ||= {}
       (@db.save; update) if @db.changed?
     end
-    
+
     def update
       @updater.update(@db)
     end
-    
+
     def is_fqdn_valid?(hostname)
       return false if hostname.length < @domain.length + 2
       return false if not hostname.end_with?(@domain)
@@ -53,61 +56,88 @@ module Dyndnsd
       return false if not name.match(/^[a-zA-Z0-9_-]+\.$/)
       true
     end
-    
+
     def call(env)
       return @responder.response_for_error(:method_forbidden) if env["REQUEST_METHOD"] != "GET"
       return @responder.response_for_error(:not_found) if env["PATH_INFO"] != "/nic/update"
-      
+
       params = Rack::Utils.parse_query(env["QUERY_STRING"])
-      
+
       return @responder.response_for_error(:hostname_missing) if not params["hostname"]
-      
+
       hostnames = params["hostname"].split(',')
-      
+
       # Check if hostname match rules
       hostnames.each do |hostname|
         return @responder.response_for_error(:hostname_malformed) if not is_fqdn_valid?(hostname)
       end
-      
+
       user = env["REMOTE_USER"]
-      
+
       hostnames.each do |hostname|
         return @responder.response_for_error(:host_forbidden) if not @users[user]['hosts'].include? hostname
       end
-      
-      # no myip?
-      if not params["myip"]
-        params["myip"] = env["REMOTE_ADDR"]
+
+      myip = nil
+
+      if params.has_key?("myip6")
+        # require presence of myip parameter as valid IPAddr (v4) and valid myip6
+        return @responder.response_for_error(:host_forbidden) if not params["myip"]
+        begin
+          IPAddr.new(params["myip"], Socket::AF_INET)
+          IPAddr.new(params["myip6"], Socket::AF_INET6)
+
+          # myip will be an array
+          myip = [params["myip"], params["myip6"]]
+        rescue ArgumentError
+          return @responder.response_for_error(:host_forbidden)
+        end
+      else
+        # fallback value, always present
+        myip = env["REMOTE_ADDR"]
+
+        # check whether X-Real-IP header has valid IPAddr
+        if env.has_key?("HTTP_X_REAL_IP")
+          begin
+            IPAddr.new(env["HTTP_X_REAL_IP"])
+            myip = env["HTTP_X_REAL_IP"]
+          rescue ArgumentError
+          end
+        end
+
+        # check whether myip parameter has valid IPAddr
+        if params.has_key?("myip")
+          begin
+            IPAddr.new(params["myip"])
+            myip = params["myip"]
+          rescue ArgumentError
+          end
+        end
       end
-      
-      # malformed myip?
-      begin
-        IPAddr.new(params["myip"], Socket::AF_INET)
-      rescue ArgumentError
-        params["myip"] = env["REMOTE_ADDR"]
-      end
-      
-      myip = params["myip"]
-      
+
+      Metriks.meter('requests.valid').mark
       Dyndnsd.logger.info "Request to update #{hostnames} to #{myip} for user #{user}"
-      
+
       changes = []
       hostnames.each do |hostname|
         if (not @db['hosts'].include? hostname) or (@db['hosts'][hostname] != myip)
           changes << :good
           @db['hosts'][hostname] = myip
+          Metriks.meter('requests.good').mark
         else
           changes << :nochg
+          Metriks.meter('requests.nochg').mark
         end
       end
-      
+
       if @db.changed?
         @db['serial'] += 1
         Dyndnsd.logger.info "Committing update ##{@db['serial']}"
         @db.save
         update
+        Metriks.meter('updates.committed').mark
       end
-      
+
       @responder.response_for_changes(changes, myip)
     end
 
@@ -123,31 +153,59 @@ module Dyndnsd
         puts "Config file not found!"
         exit 1
       end
-      
+
       puts "DynDNSd version #{Dyndnsd::VERSION}"
       puts "Using config file #{config_file}"
 
       config = YAML::load(File.open(config_file, 'r') { |f| f.read })
-      
+
       if config['logfile']
         Dyndnsd.logger = Logger.new(config['logfile'])
       else
         Dyndnsd.logger = Logger.new(STDOUT)
       end
-      
+
       Dyndnsd.logger.progname = "dyndnsd"
       Dyndnsd.logger.formatter = LogFormatter.new
 
       Dyndnsd.logger.info "Starting..."
 
+      # drop privs (first change group than user)
+      Process::Sys.setgid(Etc.getgrnam(config['group']).gid) if config['group']
+      Process::Sys.setuid(Etc.getpwnam(config['user']).uid) if config['user']
+
+      # configure metriks
+      if config['graphite']
+        host = config['graphite']['host'] || 'localhost'
+        port = config['graphite']['port'] || 2003
+        options = {}
+        options[:prefix] = config['graphite']['prefix'] if config['graphite']['prefix']
+        reporter = Metriks::Reporter::Graphite.new(host, port, options)
+        reporter.start
+      else
+        reporter = Metriks::Reporter::ProcTitle.new
+        reporter.add 'good', 'sec' do
+          Metriks.meter('requests.good').mean_rate
+        end
+        reporter.add 'nochg', 'sec' do
+          Metriks.meter('requests.nochg').mean_rate
+        end
+        reporter.start
+      end
+
+      # configure daemon
       db = Database.new(config['db'])
       updater = Updater::CommandWithBindZone.new(config['domain'], config['updater']['params']) if config['updater']['name'] == 'command_with_bind_zone'
       responder = Responder::DynDNSStyle.new
-      
+
+      # configure rack
       app = Daemon.new(config, db, updater, responder)
       app = Rack::Auth::Basic.new(app, "DynDNS") do |user,pass|
-        allow = (config['users'].has_key? user) and (config['users'][user]['password'] == pass)
-        Dyndnsd.logger.warn "Login failed for #{user}" if not allow
+        allow = ((config['users'].has_key? user) and (config['users'][user]['password'] == pass))
+        if not allow
+          Dyndnsd.logger.warn "Login failed for #{user}"
+          Metriks.meter('requests.auth_failed').mark
+        end
         allow
       end
 
@@ -155,6 +213,10 @@ module Dyndnsd
         Dyndnsd.logger.info "Quitting..."
         Rack::Handler::WEBrick.shutdown
       end
+      Signal.trap('TERM') do
+        Dyndnsd.logger.info "Quitting..."
+        Rack::Handler::WEBrick.shutdown
+      end
 
       Rack::Handler::WEBrick.run app, :Host => config['host'], :Port => config['port']
     end

lib/dyndnsd/generator/bind.rb

@@ -18,9 +18,13 @@ module Dyndnsd
         out << "@ IN SOA #{@dns} #{@email_addr} ( #{zone['serial']} 3h 5m 1w 1h )"
         out << "@ IN NS #{@dns}"
         out << ""
-        zone['hosts'].each do |hostname,ip|
-          name = hostname.chomp('.' + @domain)
-          out << "#{name} IN A #{ip}"
+        zone['hosts'].each do |hostname,ips|
+          (ips.is_a?(Array) ? ips : [ips]).each do |ip|
+            ip = IPAddr.new(ip).native
+            type = ip.ipv6? ? "AAAA" : "A"
+            name = hostname.chomp('.' + @domain)
+            out << "#{name} IN #{type} #{ip}"
+          end
         end
         out << ""
         out << @additional_zone_content

lib/dyndnsd/responder/dyndns_style.rb

@@ -11,9 +11,9 @@ module Dyndnsd
         return [200, {"Content-Type" => "text/plain"}, ["nohost"]] if state == :host_forbidden
         return [200, {"Content-Type" => "text/plain"}, ["notfqdn"]] if state == :hostname_malformed
       end
-      
+
       def response_for_changes(states, ip)
-        body = states.map { |state| "#{state} #{ip}" }.join("\n")
+        body = states.map { |state| "#{state} #{ip.is_a?(Array) ? ip.join(' ') : ip}" }.join("\n")
         return [200, {"Content-Type" => "text/plain"}, [body]]
       end
     end

lib/dyndnsd/responder/rest_style.rb

@@ -11,9 +11,9 @@ module Dyndnsd
         return [403, {"Content-Type" => "text/plain"}, ["Forbidden"]] if state == :host_forbidden
         return [422, {"Content-Type" => "text/plain"}, ["Hostname malformed"]] if state == :hostname_malformed
       end
-      
+
       def response_for_changes(states, ip)
-        body = states.map { |state| state == :good ? "Changed to #{ip}" : "No change needed for #{ip}" }.join("\n")
+        body = states.map { |state| state == :good ? "Changed to #{ip.is_a?(Array) ? ip.join(' ') : ip}" : "No change needed for #{ip.is_a?(Array) ? ip.join(' ') : ip}" }.join("\n")
         return [200, {"Content-Type" => "text/plain"}, [body]]
       end
     end

lib/dyndnsd/updater/command_with_bind_zone.rb

@@ -15,6 +15,8 @@ module Dyndnsd
         pid = fork do
           exec @command
         end
+        # detach so children don't become zombies
+        Process.detach(pid)
       end
     end
   end

lib/dyndnsd/version.rb

@@ -1,4 +1,4 @@
 
 module Dyndnsd
-  VERSION = "1.0.0"
+  VERSION = "1.6.1"
 end

spec/daemon_spec.rb

@@ -2,11 +2,11 @@ require 'spec_helper'
 
 describe Dyndnsd::Daemon do
   include Rack::Test::Methods
-  
+
   def app
     Dyndnsd.logger = Logger.new(STDOUT)
     Dyndnsd.logger.level = Logger::UNKNOWN
-    
+
     config = {
       'domain' => 'example.org',
       'users' => {
@@ -20,123 +20,187 @@ describe Dyndnsd::Daemon do
     updater = Dyndnsd::Updater::Dummy.new
     responder = Dyndnsd::Responder::DynDNSStyle.new
     app = Dyndnsd::Daemon.new(config, db, updater, responder)
-    
+
     Rack::Auth::Basic.new(app, "DynDNS") do |user,pass|
       (config['users'].has_key? user) and (config['users'][user]['password'] == pass)
     end
   end
-  
+
   it 'requires authentication' do
     get '/'
-    last_response.status.should == 401
-    
+    expect(last_response.status).to eq(401)
+
     pending 'Need to find a way to add custom body on 401 responses'
-    last_response.should be_ok 'badauth'
+    expect(last_response).not_to be_ok
+    expect(last_response.body).to eq('badauth')
   end
-  
+
   it 'only supports GET requests' do
     authorize 'test', 'secret'
     post '/nic/update'
-    last_response.status.should == 405
+    expect(last_response.status).to eq(405)
   end
-  
-  it 'provides only the /nic/update' do
+
+  it 'provides only the /nic/update URL' do
     authorize 'test', 'secret'
     get '/other/url'
-    last_response.status.should == 404
+    expect(last_response.status).to eq(404)
   end
-  
+
   it 'requires the hostname query parameter' do
     authorize 'test', 'secret'
     get '/nic/update'
-    last_response.should be_ok
-    last_response.body.should == 'notfqdn'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('notfqdn')
   end
 
   it 'supports multiple hostnames in request' do
     authorize 'test', 'secret'
+
     get '/nic/update?hostname=foo.example.org,bar.example.org&myip=1.2.3.4'
-    last_response.should be_ok
-    last_response.body.should == "good 1.2.3.4\ngood 1.2.3.4"
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq("good 1.2.3.4\ngood 1.2.3.4")
+
+    get '/nic/update?hostname=foo.example.org,bar.example.org&myip=2001:db8::1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq("good 2001:db8::1\ngood 2001:db8::1")
   end
 
   it 'rejects request if one hostname is invalid' do
     authorize 'test', 'secret'
-    
+
     get '/nic/update?hostname=test'
-    last_response.should be_ok
-    last_response.body.should == 'notfqdn'
-    
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('notfqdn')
+
     get '/nic/update?hostname=test.example.com'
-    last_response.should be_ok
-    last_response.body.should == 'notfqdn'
-    
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('notfqdn')
+
     get '/nic/update?hostname=test.example.org.me'
-    last_response.should be_ok
-    last_response.body.should == 'notfqdn'
-    
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('notfqdn')
+
     get '/nic/update?hostname=foo.test.example.org'
-    last_response.should be_ok
-    last_response.body.should == 'notfqdn'
-    
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('notfqdn')
+
     get '/nic/update?hostname=in%20valid.example.org'
-    last_response.should be_ok
-    last_response.body.should == 'notfqdn'
-    
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('notfqdn')
+
     get '/nic/update?hostname=valid.example.org,in.valid.example.org'
-    last_response.should be_ok
-    last_response.body.should == 'notfqdn'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('notfqdn')
   end
-  
+
   it 'rejects request if user does not own one hostname' do
     authorize 'test', 'secret'
     get '/nic/update?hostname=notmyhost.example.org'
-    last_response.should be_ok
-    last_response.body.should == 'nohost'
-    
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nohost')
+
     get '/nic/update?hostname=foo.example.org,notmyhost.example.org'
-    last_response.should be_ok
-    last_response.body.should == 'nohost'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nohost')
   end
-  
-  it 'updates a host on change' do
-    authorize 'test', 'secret'
-    
-    get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
-    last_response.should be_ok
-    
-    get '/nic/update?hostname=foo.example.org&myip=1.2.3.40'
-    last_response.should be_ok
-    last_response.body.should == 'good 1.2.3.40'
-  end
-  
-  it 'returns no change' do
-    authorize 'test', 'secret'
-    
-    get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
-    last_response.should be_ok
-    
-    get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
-    last_response.should be_ok
-    last_response.body.should == 'nochg 1.2.3.4'
-  end
-  
-  it 'outputs status per hostname' do
+
+  it 'updates a host on IP change' do
     authorize 'test', 'secret'
 
     get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
-    last_response.should be_ok
-    last_response.body.should == 'good 1.2.3.4'
-    
-    get '/nic/update?hostname=foo.example.org,bar.example.org&myip=1.2.3.4'
-    last_response.should be_ok
-    last_response.body.should == "nochg 1.2.3.4\ngood 1.2.3.4"
+    expect(last_response).to be_ok
+
+    get '/nic/update?hostname=foo.example.org&myip=1.2.3.40'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 1.2.3.40')
+
+    get '/nic/update?hostname=foo.example.org&myip=2001:db8::1'
+    expect(last_response).to be_ok
+
+    get '/nic/update?hostname=foo.example.org&myip=2001:db8::10'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 2001:db8::10')
   end
-  
-  it 'uses clients remote address if myip not specified' do
+
+  it 'returns IP no change' do
+    authorize 'test', 'secret'
+
+    get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
+    expect(last_response).to be_ok
+
+    get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nochg 1.2.3.4')
+
+    get '/nic/update?hostname=foo.example.org&myip=2001:db8::1'
+    expect(last_response).to be_ok
+
+    get '/nic/update?hostname=foo.example.org&myip=2001:db8::1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nochg 2001:db8::1')
+  end
+
+  it 'outputs IP status per hostname' do
+    authorize 'test', 'secret'
+
+    get '/nic/update?hostname=foo.example.org&myip=1.2.3.4'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 1.2.3.4')
+
+    get '/nic/update?hostname=foo.example.org,bar.example.org&myip=1.2.3.4'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq("nochg 1.2.3.4\ngood 1.2.3.4")
+
+    get '/nic/update?hostname=foo.example.org&myip=2001:db8::1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 2001:db8::1')
+
+    get '/nic/update?hostname=foo.example.org,bar.example.org&myip=2001:db8::1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq("nochg 2001:db8::1\ngood 2001:db8::1")
+  end
+
+  it 'uses clients remote IP address if myip not specified' do
     authorize 'test', 'secret'
     get '/nic/update?hostname=foo.example.org'
-    last_response.should be_ok
-    last_response.body.should == 'good 127.0.0.1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 127.0.0.1')
+  end
+
+  it 'uses clients remote IP address from X-Real-IP header if behind proxy' do
+    authorize 'test', 'secret'
+
+    get '/nic/update?hostname=foo.example.org', '', 'HTTP_X_REAL_IP' => '10.0.0.1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 10.0.0.1')
+
+    get '/nic/update?hostname=foo.example.org', '', 'HTTP_X_REAL_IP' => '2001:db8::1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 2001:db8::1')
+  end
+
+  it 'supports an IPv4 and an IPv6 address in one request' do
+    authorize 'test', 'secret'
+
+    get '/nic/update?hostname=foo.example.org&myip=1.2.3.4&myip6=2001:db8::1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq("good 1.2.3.4 2001:db8::1")
+
+    get '/nic/update?hostname=foo.example.org&myip=BROKENIP&myip6=2001:db8::1'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nohost')
+
+    get '/nic/update?hostname=foo.example.org&myip=1.2.3.4&myip6=BROKENIP'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nohost')
+
+    get '/nic/update?hostname=foo.example.org&myip6=2001:db8::10'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('nohost')
+
+    get '/nic/update?hostname=foo.example.org&myip=1.2.3.40'
+    expect(last_response).to be_ok
+    expect(last_response.body).to eq('good 1.2.3.40')
   end
 end