- update base of Docker image to Alpine 3.19.0 (from 3.18.3 before)
## 3.9.2 (August 10th, 2023)
OTHER:
- update base of Docker image to Alpine 3.18.3 (from 3.18.2 before)
## 3.9.1 (July 6, 2023)
OTHER:
- update base of Docker image to Alpine 3.18.2 (from 3.18.0 before)
## 3.9.0 (June 8, 2023)
IMPROVEMENTS:
- Drop EOL Ruby 2.7 support, now minimum version supported is Ruby 3.0
## 3.8.2 (April 1st, 2023)
OTHER:
- update base of Docker image to Alpine 3.17.3 (from 3.17.2 before)
## 3.8.1 (March 2nd, 2023)
OTHER:
- update base of Docker image to Alpine 3.17.2 (from 3.17.1 before)
## 3.8.0 (January 13th, 2023)
IMPROVEMENTS:
- add Ruby 3.2 support
OTHER:
- update base of Docker image to Alpine 3.17.1 (from 3.17.0 before)
## 3.7.3 (December 29th, 2022)
OTHER:
- update base of Docker image to Alpine 3.17.0 (from 3.16.2 before)
## 3.7.2 (November 10th, 2022)
OTHER:
- re-release 3.7.1 to rebuild Docker image with security vulnerabilities fixes
## 3.7.1 (September 20th, 2022)
IMPROVEMENTS:
- fix [TypeError](https://github.com/cmur2/dyndnsd/issues/205) when user has no hosts configured
## 3.7.0 (September 16th, 2022)
IMPROVEMENTS:
- Update to Rack 3
## 3.6.2 (August 11th, 2022)
OTHER:
- update base of Docker image to Alpine 3.16.2 (from 3.16.1 before)
## 3.6.1 (July 21st, 2022)
OTHER:
- update base of Docker image to Alpine 3.16.1 (from 3.16.0 before)
## 3.6.0 (June 2nd, 2022)
IMPROVEMENTS:
- Drop EOL Ruby 2.6 and lower support, now minimum version supported is Ruby 2.7
OTHER:
- update base of Docker image to Alpine 3.16 (from 3.15.7 before)
## 3.5.3 (May 5th, 2022)
OTHER:
- re-release 3.5.2 to rebuild Docker image with security vulnerabilities fixes
## 3.5.2 (April 7th, 2022)
OTHER:
- re-release 3.5.1 to rebuild Docker image with security vulnerabilities fixes
## 3.5.1 (February 17th, 2022)
OTHER:
- re-release 3.5.0 to rebuild Docker image with security vulnerabilities fixes
## 3.5.0 (January 8th, 2022)
IMPROVEMENTS:
- add Ruby 3.1 support
OTHER:
- update base of Docker image to Alpine 3.15 (from 3.13.7 before, **Note:** please be aware of the quirks around [Alpine 3.14](https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2))
## 3.4.8 (December 11th, 2021)
OTHER:
- re-release 3.4.7 to rebuild Docker image with security vulnerabilities fixes
## 3.4.7 (November 19th, 2021)
OTHER:
- re-release 3.4.6 to rebuild Docker image with security vulnerabilities fixes
## 3.4.6 (November 19th, 2021)
OTHER:
- re-release 3.4.5 to rebuild Docker image with security vulnerabilities fixes
## 3.4.5 (August 26th, 2021)
OTHER:
- re-release 3.4.4 to rebuild Docker image with security vulnerabilities fixes
## 3.4.4 (August 26th, 2021)
OTHER:
- re-release 3.4.3 to rebuild Docker image with security vulnerabilities fixes
## 3.4.3 (August 20th, 2021)
OTHER:
- re-release 3.4.2 to rebuild Docker image with security vulnerabilities fixes
## 3.4.2 (July 30, 2021)
IMPROVEMENTS:
- move from OpenTracing to OpenTelemetry for experimental tracing feature
OTHER:
- re-release 3.4.1 to rebuild Docker image with security vulnerabilities fixes
- adopt Renovate for dependency updates
## 3.4.1 (April 15, 2021)
OTHER:
- update base of Docker image to Alpine 3.13.5 to fix security vulnerabilities
## 3.4.0 (April 2, 2021)
IMPROVEMENTS:
- **change** Docker image to run as non-root user `65534` by default, limits attack surface for security and gives OpenShift compatibility
## 3.3.3 (April 1, 2021)
OTHER:
- update base of Docker image to Alpine 3.13.4 to fix security vulnerabilities
## 3.3.2 (February 20, 2021)
OTHER:
@ -157,7 +346,7 @@ IMPROVEMENTS:
IMPROVEMENTS:
- Support dropping priviliges on startup, also affects external commands run
- Support dropping privileges on startup, also affects external commands run
- Add [metriks](https://github.com/eric/metriks) support for basic metrics in the process title
- Detach from child processes running external commands to avoid zombie processes
A small, lightweight and extensible DynDNS server written with Ruby and Rack.
@ -75,7 +75,7 @@ There is an officially maintained [Docker image for dyndnsd](https://hub.docker.
Users can make extensions by deriving from the official Docker image or building their own.
The Docker image consumes the same configuration file in YAML format as the gem, inside the container it needs to be mounted/available as `/etc/dyndnsd/config.yml`. the following YAML should be used as a base and extended with user's settings:
The Docker image consumes the same configuration file in YAML format as the gem, inside the container it needs to be mounted/available as `/etc/dyndnsd/config.yml`. The following YAML should be used as a base and extended with user's settings:
```yaml
host: "0.0.0.0"
@ -98,7 +98,7 @@ docker run -d --name dyndnsd \
cmur2/dyndnsd:vX.Y.Z
```
*Note*: You may need to expose more then just port 8080 e.g. if you use the `zone_transfer_server` which can be done by appending additional `-p 5353:5353` flags to the `docker run` command.
*Note*: You may need to expose more than just port 8080 e.g. if you use the `zone_transfer_server` which can be done by appending additional `-p 5353:5353` flags to the `docker run` command.
@ -106,7 +106,7 @@ docker run -d --name dyndnsd \
By using [DNS zone transfers via AXFR (RFC5936)](https://tools.ietf.org/html/rfc5936) any secondary nameserver can retrieve the DNS zone contents from dyndnsd.rb and serve them to clients.
To speedup propagation after changes dyndnsd.rb can issue a [DNS NOTIFY (RFC1996)](https://tools.ietf.org/html/rfc1996) to inform the nameserver that the DNS zone contents changed and should be fetched even before the time indicated in the SOA record is up.
Currently dyndnsd.rb does not support any authentication for incoming DNS zone transfer requests so it should be isolated from the internet on these ports.
Currently, dyndnsd.rb does not support any authentication for incoming DNS zone transfer request, so it should be isolated from the internet on these ports.
This approach has several advantages:
- dyndnsd.rb can be used in *hidden primary* fashion isolated from client's DNS traffic and does not need to implement full nameserver features
@ -151,7 +151,7 @@ users:
NSD is a nice, open source, authoritative-only, low-memory DNS server that reads BIND-style zone files (and converts them into its own database) and has a simple configuration file.
A feature NSD is lacking is the [Dynamic DNS update (RFC2136)](https://tools.ietf.org/html/rfc2136) functionality BIND offers but one can fake it using the following dyndnsd.rb configuration:
A feature NSD is lacking is the [Dynamic DNS update (RFC2136)](https://tools.ietf.org/html/rfc2136) functionality BIND offers, but one can fake it using the following dyndnsd.rb configuration:
```yaml
host: "0.0.0.0"
@ -197,29 +197,29 @@ The update URL you want to tell your clients (humans or scripts ^^) consists of
where:
* the protocol depends on your (webserver/proxy) settings
* USER and PASSWORD are needed for HTTP Basic Auth and valid combinations are defined in your config.yaml
* DOMAIN should match what you defined in your config.yaml as domain but may be anything else when using a webserver as proxy
* PORT depends on your (webserver/proxy) settings
* HOSTNAMES is a required list of comma-separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
* MYIP is optional and the HTTP client's IP address will be used if missing
* MYIP6 is optional but if present also requires presence of MYIP
* the protocol depends on your (webserver/proxy) settings
* `USER` and `PASSWORD` are needed for HTTP Basic Auth and valid combinations are defined in your config.yaml
* `DOMAIN` should match what you defined in your config.yaml as domain but may be anything else when using a webserver as proxy
* `PORT` depends on your (webserver/proxy) settings
* `HOSTNAMES` is a required list of comma-separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
* `MYIP` is optional and the HTTP client's IP address will be used if missing
* `MYIP6` is optional but if present also requires presence of `MYIP`
### IP address determination
The following rules apply:
* use any IP address provided via the myip parameter when present, or
* use any IP address provided via the X-Real-IP header e.g. when used behind HTTP reverse proxy such as nginx, or
* use any IP address provided via the `myip` parameter when present, or
* use any IP address provided via the `X-Real-IP` header e.g. when used behind HTTP reverse proxy such as nginx, or
* use any IP address used by the connecting HTTP client
If you want to provide an additional IPv6 address as myip6 parameter, the myip parameter containing an IPv4 address has to be present, too! No automatism is applied then.
If you want to provide an additional IPv6 address as myip6 parameter, the `myip` parameter containing an IPv4 address has to be present, too! No automatism is applied then.
### SSL, multiple listen ports
Use a webserver as a proxy to handle SSL and/or multiple listen addresses and ports. DynDNS.com provides HTTP on port 80 and 8245 and HTTPS on port 443.
Use a webserver as a proxy to handle SSL and/or multiple listen addresses and ports. DynDNS.com provides HTTP on port 80 and 8245 and HTTPS on port 443.
### Startup
@ -231,7 +231,7 @@ The [Debian 6 init.d script](docs/debian-6-init-dyndnsd) assumes that dyndnsd.rb
### Monitoring
For monitoring dyndnsd.rb uses the [metriks](https://github.com/eric/metriks) framework and exposes several metrics like the number of unauthenticated requests, requests that did (not) update a hostname, etc. By default the most important metrics are shown in the [proctitle](https://github.com/eric/metriks#proc-title-reporter) but you can also configure a [Graphite](https://graphiteapp.org/) backend for central monitoring or the [textfile_reporter](https://github.com/prometheus/node_exporter/#textfile-collector) which outputs Graphite-style metrics that are also compatible with Prometheus to a file.
For monitoring dyndnsd.rb uses the [metriks](https://github.com/eric/metriks) framework and exposes several metrics like the number of unauthenticated requests, requests that did (not) update a hostname, etc. By default, the most important metrics are shown in the [proctitle](https://github.com/eric/metriks#proc-title-reporter, butt you can also configure a [Graphite](https://graphiteapp.org/) backend for central monitoring or the [textfile_reporter](https://github.com/prometheus/node_exporter/#textfile-collector) which outputs Graphite-style metrics that are also compatible with Prometheus to a file.
```yaml
host: "0.0.0.0"
@ -271,9 +271,9 @@ users:
### Tracing (experimental)
For tracing, dyndnsd.rb is instrumented using the [OpenTracing](http://opentracing.io/) framework and will emit span tracing data for the most important operations happening during the request/response cycle. Using a middleware for Rack allows handling incoming OpenTracing span information properly.
For tracing, dyndnsd.rb is instrumented using the [OpenTelemetry](https://opentelemetry.io/docs/ruby/) framework and will emit span tracing data for the most important operations happening during the request/response cycle. Using an [instrumentation for Rack](https://github.com/open-telemetry/opentelemetry-ruby/tree/main/instrumentation/rack) allows handling incoming OpenTelemetry parent span information properly (when desired, turned off by default to reduce attack surface).
Currently only one OpenTracing-compatible tracer implementation named [CNCF Jaeger](https://github.com/jaegertracing/jaeger) can be configured to use with dyndnsd.rb.
Currently, the [OpenTelemetry trace exporter](https://github.com/open-telemetry/opentelemetry-ruby/tree/main/exporter/jaeger) for [CNCF Jaeger](https://github.com/jaegertracing/jaeger) can be enabled via dyndnsd.rb configuration. Alternatively, you can also enable other exporters via the environment variable `OTEL_TRACES_EXPORTER`, e.g. `OTEL_TRACES_EXPORTER=console`.
```yaml
host: "0.0.0.0"
@ -282,11 +282,9 @@ db: "/opt/dyndnsd/db.json"
domain: "dyn.example.org"
# enable and configure tracing using the (currently only) tracer jaeger
tracing:
trust_incoming_span: false # default value, change to accept incoming OpenTracing spans as parents
jaeger:
host: 127.0.0.1 # defaults for host and port of local jaeger-agent
port: 6831
service_name: "my.dyndnsd.identifier"
trust_incoming_span: false # default value, change to accept incoming OpenTelemetry spans as parents
service_name: "my.dyndnsd.identifier" # default unset, will be populated by OpenTelemetry
jaeger: true # enables the Jaeger AgentExporter
# configure the updater, here we use command_with_bind_zone, params are updater-specific
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.