wip: add steep and RBS

.github/renovate.json5

@@ -1,40 +0,0 @@
-{
-  extends: [
-    "config:base",
-    ":dependencyDashboard",
-    ":prHourlyLimitNone",
-    ":prConcurrentLimitNone",
-    ":label(dependency-upgrade)",
-  ],
-  schedule: ["before 8am on thursday"],
-  branchPrefix: "renovate-",
-  dependencyDashboardHeader: "View repository job log [here](https://app.renovatebot.com/dashboard#github/cmur2/dyndnsd).",
-  commitMessagePrefix: "project: ",
-  commitMessageAction: "update",
-  commitMessageTopic: "{{depName}}",
-  commitMessageExtra: "to {{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}",
-  packageRules: [
-    // Ruby dependencies are managed by depfu
-    {
-      matchManagers: ["bundler"],
-      enabled: false,
-    },
-    // Commit message formats
-    {
-      matchDatasources: ["docker"],
-      commitMessagePrefix: "docker: ",
-    },
-    {
-      matchDatasources: ["github-actions"],
-      commitMessagePrefix: "ci: ",
-    },
-  ],
-  regexManagers: [
-    {
-      fileMatch: ["\.rb$", "^Rakefile$"],
-      matchStrings: [
-        "renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s.*_version = '(?<currentValue>.*)'\\s"
-      ]
-    },
-  ],
-}

.github/workflows/cd.yml

@@ -11,39 +11,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-
     - name: Extract dyndnsd version from tag name
       run: |
         echo "DYNDNSD_VERSION=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV
-
-    - name: Wait for dyndnsd ${{ env.DYNDNSD_VERSION }} gem to be available
-      run: |
-        set +e
-        for retry in $(seq 1 5); do
-          echo "Checking if dyndnsd $DYNDNSD_VERSION gem is retrievable from rubygems.org (try #$retry)..."
-          sudo gem install dyndnsd -v "$DYNDNSD_VERSION"
-          if [ $? -eq 0 ]; then
-            exit 0
-          fi
-          sleep 60
-        done
-        exit 1
-
     # https://github.com/marketplace/actions/build-and-push-docker-images
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-
-    - name: Login to Docker Hub
-      uses: docker/login-action@v1
+    - name: Build and push Docker image for dyndnsd ${{ env.DYNDNSD_VERSION }}
+      uses: docker/build-push-action@v1
       with:
         username: cmur2
         password: ${{ secrets.DOCKER_TOKEN }}
-
-    - name: Build and push Docker image for dyndnsd ${{ env.DYNDNSD_VERSION }}
-      uses: docker/build-push-action@v2
-      with:
-        context: docker
-        build-args: |
-          DYNDNSD_VERSION=${{ env.DYNDNSD_VERSION }}
-        push: true
-        tags: cmur2/dyndnsd:v${{ env.DYNDNSD_VERSION }}
+        repository: cmur2/dyndnsd
+        path: docker
+        build_args: DYNDNSD_VERSION=${{ env.DYNDNSD_VERSION }}
+        tag_with_ref: true

.github/workflows/ci.yml

@@ -16,9 +16,6 @@ jobs:
     strategy:
       matrix:
         ruby-version:
-        - '2.5'
-        - '2.6'
-        - '2.7'
         - '3.0'
     steps:
     - uses: actions/checkout@v2
@@ -27,17 +24,6 @@ jobs:
       with:
         ruby-version: ${{ matrix.ruby-version }}
         bundler-cache: true  # runs 'bundle install' and caches installed gems automatically
-
     - name: Lint and Test
       run: |
         bundle exec rake ci
-
-    # https://github.com/marketplace/actions/build-and-push-docker-images
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-
-    - name: Test building Docker image for dyndnsd
-      uses: docker/build-push-action@v2
-      with:
-        context: .
-        file: docker/ci/Dockerfile

.rubocop.yml

@@ -3,7 +3,7 @@ require:
 - rubocop-rspec
 
 AllCops:
-  TargetRubyVersion: '2.5'
+  TargetRubyVersion: '3.0'
   NewCops: enable
 
 Layout/EmptyLineAfterGuardClause:

CHANGELOG.md

@@ -1,52 +1,5 @@
 # Changelog
 
-## 3.4.3 (August 20th, 2021)
-
-OTHER:
-
-- re-release 3.4.2 to rebuild Docker image with security vulnerabilities fixes
-
-## 3.4.2 (July 30, 2021)
-
-IMPROVEMENTS:
-
-- move from OpenTracing to OpenTelemetry for experimental tracing feature
-
-OTHER:
-
-- re-release 3.4.1 to rebuild Docker image with security vulnerabilities fixes
-- adopt Renovate for dependency updates
-
-## 3.4.1 (April 15, 2021)
-
-OTHER:
-
-- update base of Docker image to Alpine 3.13.5 to fix security vulnerabilities
-
-## 3.4.0 (April 2, 2021)
-
-IMPROVEMENTS:
-
-- **change** Docker image to run as non-root user `65534` by default, limits attack surface for security and gives OpenShift compatibility
-
-## 3.3.3 (April 1, 2021)
-
-OTHER:
-
-- update base of Docker image to Alpine 3.13.4 to fix security vulnerabilities
-
-## 3.3.2 (February 20, 2021)
-
-OTHER:
-
-- update to use `docker/build-push-action@v2` for releasing Docker image in GHA
-
-## 3.3.1 (February 18, 2021)
-
-OTHER:
-
-- update base of Docker image to Alpine 3.13.2 to fix security vulnerabilities
-
 ## 3.3.0 (January 18, 2021)
 
 OTHER:
@@ -192,7 +145,7 @@ IMPROVEMENTS:
 
 IMPROVEMENTS:
 
-- Support dropping privileges on startup, also affects external commands run
+- Support dropping priviliges on startup, also affects external commands run
 - Add [metriks](https://github.com/eric/metriks) support for basic metrics in the process title
 - Detach from child processes running external commands to avoid zombie processes
 

README.md

@@ -75,7 +75,7 @@ There is an officially maintained [Docker image for dyndnsd](https://hub.docker.
 
 Users can make extensions by deriving from the official Docker image or building their own.
 
-The Docker image consumes the same configuration file in YAML format as the gem, inside the container it needs to be mounted/available as `/etc/dyndnsd/config.yml`. The following YAML should be used as a base and extended with user's settings:
+The Docker image consumes the same configuration file in YAML format as the gem, inside the container it needs to be mounted/available as `/etc/dyndnsd/config.yml`. the following YAML should be used as a base and extended with user's settings:
 
 ```yaml
 host: "0.0.0.0"
@@ -98,7 +98,7 @@ docker run -d --name dyndnsd \
            cmur2/dyndnsd:vX.Y.Z
 ```
 
-*Note*: You may need to expose more than just port 8080 e.g. if you use the `zone_transfer_server` which can be done by appending additional `-p 5353:5353` flags to the `docker run` command.
+*Note*: You may need to expose more then just port 8080 e.g. if you use the `zone_transfer_server` which can be done by appending additional `-p 5353:5353` flags to the `docker run` command.
 
 
 
@@ -106,7 +106,7 @@ docker run -d --name dyndnsd \
 
 By using [DNS zone transfers via AXFR (RFC5936)](https://tools.ietf.org/html/rfc5936) any secondary nameserver can retrieve the DNS zone contents from dyndnsd.rb and serve them to clients.
 To speedup propagation after changes dyndnsd.rb can issue a [DNS NOTIFY (RFC1996)](https://tools.ietf.org/html/rfc1996) to inform the nameserver that the DNS zone contents changed and should be fetched even before the time indicated in the SOA record is up.
-Currently, dyndnsd.rb does not support any authentication for incoming DNS zone transfer request, so it should be isolated from the internet on these ports.
+Currently dyndnsd.rb does not support any authentication for incoming DNS zone transfer requests so it should be isolated from the internet on these ports.
 
 This approach has several advantages:
 - dyndnsd.rb can be used in *hidden primary* fashion isolated from client's DNS traffic and does not need to implement full nameserver features
@@ -151,7 +151,7 @@ users:
 
 NSD is a nice, open source, authoritative-only, low-memory DNS server that reads BIND-style zone files (and converts them into its own database) and has a simple configuration file.
 
-A feature NSD is lacking is the [Dynamic DNS update (RFC2136)](https://tools.ietf.org/html/rfc2136) functionality BIND offers, but one can fake it using the following dyndnsd.rb configuration:
+A feature NSD is lacking is the [Dynamic DNS update (RFC2136)](https://tools.ietf.org/html/rfc2136) functionality BIND offers but one can fake it using the following dyndnsd.rb configuration:
 
 ```yaml
 host: "0.0.0.0"
@@ -197,29 +197,29 @@ The update URL you want to tell your clients (humans or scripts ^^) consists of
 
 where:
 
-* the protocol depends on your (web server/proxy) settings
-* `USER` and `PASSWORD` are needed for HTTP Basic Auth and valid combinations are defined in your config.yaml
-* `DOMAIN` should match what you defined in your config.yaml as domain but may be anything else when using a web server as proxy
-* `PORT` depends on your (web server/proxy) settings
-* `HOSTNAMES` is a required list of comma-separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
-* `MYIP` is optional and the HTTP client's IP address will be used if missing
-* `MYIP6` is optional but if present also requires presence of `MYIP`
+* the protocol depends on your (webserver/proxy) settings
+* USER and PASSWORD are needed for HTTP Basic Auth and valid combinations are defined in your config.yaml
+* DOMAIN should match what you defined in your config.yaml as domain but may be anything else when using a webserver as proxy
+* PORT depends on your (webserver/proxy) settings
+* HOSTNAMES is a required list of comma-separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
+* MYIP is optional and the HTTP client's IP address will be used if missing
+* MYIP6 is optional but if present also requires presence of MYIP
 
 
 ### IP address determination
 
 The following rules apply:
 
-* use any IP address provided via the `myip` parameter when present, or
-* use any IP address provided via the `X-Real-IP` header e.g. when used behind HTTP reverse proxy such as nginx, or
+* use any IP address provided via the myip parameter when present, or
+* use any IP address provided via the X-Real-IP header e.g. when used behind HTTP reverse proxy such as nginx, or
 * use any IP address used by the connecting HTTP client
 
-If you want to provide an additional IPv6 address as myip6 parameter, the `myip` parameter containing an IPv4 address has to be present, too! No automatism is applied then.
+If you want to provide an additional IPv6 address as myip6 parameter, the myip parameter containing an IPv4 address has to be present, too! No automatism is applied then.
 
 
 ### SSL, multiple listen ports
 
-Use a web server as a proxy to handle SSL and/or multiple listen addresses and ports. DynDNS.com provides HTTP on port 80 and 8245 and HTTPS on port 443.
+Use a webserver as a proxy to handle SSL and/or multiple listen addresses and ports. DynDNS.com provides HTTP on port 80 and 8245 and HTTPS on port 443.
 
 
 ### Startup
@@ -231,7 +231,7 @@ The [Debian 6 init.d script](docs/debian-6-init-dyndnsd) assumes that dyndnsd.rb
 
 ### Monitoring
 
-For monitoring dyndnsd.rb uses the [metriks](https://github.com/eric/metriks) framework and exposes several metrics like the number of unauthenticated requests, requests that did (not) update a hostname, etc. By default, the most important metrics are shown in the [proctitle](https://github.com/eric/metriks#proc-title-reporter, butt you can also configure a [Graphite](https://graphiteapp.org/) backend for central monitoring or the [textfile_reporter](https://github.com/prometheus/node_exporter/#textfile-collector) which outputs Graphite-style metrics that are also compatible with Prometheus to a file.
+For monitoring dyndnsd.rb uses the [metriks](https://github.com/eric/metriks) framework and exposes several metrics like the number of unauthenticated requests, requests that did (not) update a hostname, etc. By default the most important metrics are shown in the [proctitle](https://github.com/eric/metriks#proc-title-reporter) but you can also configure a [Graphite](https://graphiteapp.org/) backend for central monitoring or the [textfile_reporter](https://github.com/prometheus/node_exporter/#textfile-collector) which outputs Graphite-style metrics that are also compatible with Prometheus to a file.
 
 ```yaml
 host: "0.0.0.0"
@@ -271,9 +271,9 @@ users:
 
 ### Tracing (experimental)
 
-For tracing, dyndnsd.rb is instrumented using the [OpenTelemetry](https://opentelemetry.io/docs/ruby/) framework and will emit span tracing data for the most important operations happening during the request/response cycle. Using an [instrumentation for Rack](https://github.com/open-telemetry/opentelemetry-ruby/tree/main/instrumentation/rack) allows handling incoming OpenTelemetry parent span information properly (when desired, turned off by default to reduce attack surface).
+For tracing, dyndnsd.rb is instrumented using the [OpenTracing](http://opentracing.io/) framework and will emit span tracing data for the most important operations happening during the request/response cycle. Using a middleware for Rack allows handling incoming OpenTracing span information properly.
 
-Currently, the [OpenTelemetry trace exporter](https://github.com/open-telemetry/opentelemetry-ruby/tree/main/exporter/jaeger) for [CNCF Jaeger](https://github.com/jaegertracing/jaeger) can be enabled via dyndnsd.rb configuration. Alternatively, you can also enable other exporters via the environment variable `OTEL_TRACES_EXPORTER`, e.g. `OTEL_TRACES_EXPORTER=console`.
+Currently only one OpenTracing-compatible tracer implementation named [CNCF Jaeger](https://github.com/jaegertracing/jaeger) can be configured to use with dyndnsd.rb.
 
 ```yaml
 host: "0.0.0.0"
@@ -282,9 +282,11 @@ db: "/opt/dyndnsd/db.json"
 domain: "dyn.example.org"
 # enable and configure tracing using the (currently only) tracer jaeger
 tracing:
-  trust_incoming_span: false # default value, change to accept incoming OpenTelemetry spans as parents
-  service_name: "my.dyndnsd.identifier" # default unset, will be populated by OpenTelemetry
-  jaeger: true # enables the Jaeger AgentExporter
+  trust_incoming_span: false # default value, change to accept incoming OpenTracing spans as parents
+  jaeger:
+    host: 127.0.0.1 # defaults for host and port of local jaeger-agent
+    port: 6831
+    service_name: "my.dyndnsd.identifier"
 # configure the updater, here we use command_with_bind_zone, params are updater-specific
 updater:
   name: "command_with_bind_zone"

Rakefile

@@ -21,15 +21,24 @@ namespace :solargraph do
   end
 end
 
-# renovate: datasource=github-tags depName=hadolint/hadolint
-hadolint_version = 'v2.6.0'
-
 desc 'Run hadolint for Dockerfile linting'
 task :hadolint do
-  sh "docker run --rm -i hadolint/hadolint:#{hadolint_version} hadolint --ignore DL3018 - < docker/Dockerfile"
+  sh 'docker run --rm -i hadolint/hadolint:v1.18.0 hadolint --ignore DL3018 - < docker/Dockerfile'
 end
 
-task default: [:rubocop, :spec, 'bundle:audit', :solargraph]
+desc 'Run experimental steep type checker'
+task :steep do
+  sh 'steep check'
+end
+
+namespace :steep do
+  desc 'Output coverage stats from steep'
+  task :stats do
+    sh 'steep stats --log-level=fatal | awk -F\',\' \'{ printf "%-50s %-9s %-12s %-14s %-10s\n", $2, $3, $4, $5, $7 }\''
+  end
+end
+
+task default: [:rubocop, :spec, 'bundle:audit', :solargraph, :steep]
 
 desc 'Run all tasks desired for CI'
-task ci: ['solargraph:init', :default, :hadolint, :build]
+task ci: ['solargraph:init', :default, :hadolint]

Steepfile

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+target :lib do
+  signature 'sig'
+
+  check 'lib'
+  ignore 'lib/dyndnsd/updater/zone_transfer_server.rb'
+
+  library 'date'
+  library 'forwardable'
+end

docker/Dockerfile

@@ -1,22 +1,15 @@
-FROM alpine:3.13.5
+FROM alpine:3.13
 
 EXPOSE 5353 8080
 
-ARG DYNDNSD_VERSION
+ARG DYNDNSD_VERSION=3.0.0
 
-RUN apk --no-cache add openssl ca-certificates apk-tools && \
+RUN apk --no-cache add openssl ca-certificates && \
     apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
-    apk --no-cache add --virtual .build-deps linux-headers ruby-dev build-base tzdata && \
+    apk --no-cache add --virtual .build-deps ruby-dev build-base tzdata && \
     gem install --no-document dyndnsd -v ${DYNDNSD_VERSION} && \
-    rm -rf /usr/lib/ruby/gems/*/cache/ && \
     # set timezone to Berlin
     cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
     apk del .build-deps
 
-# Follow the principle of least privilege: run as unprivileged user.
-# Running as non-root enables running this image in platforms like OpenShift
-# that do not allow images running as root.
-# User ID 65534 is usually user 'nobody'.
-USER 65534
-
 ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]

docker/ci/Dockerfile

@@ -1,22 +0,0 @@
-FROM alpine:3.13.5
-
-EXPOSE 5353 8080
-
-COPY pkg/dyndnsd-*.gem /tmp/dyndnsd.gem
-
-RUN apk --no-cache add openssl ca-certificates && \
-    apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
-    apk --no-cache add --virtual .build-deps linux-headers ruby-dev build-base tzdata && \
-    gem install --no-document /tmp/dyndnsd.gem && \
-    rm -rf /usr/lib/ruby/gems/*/cache/ && \
-    # set timezone to Berlin
-    cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
-    apk del .build-deps
-
-# Follow the principle of least privilege: run as unprivileged user.
-# Running as non-root enables running this image in platforms like OpenShift
-# that do not allow images running as root.
-# User ID 65534 is usually user 'nobody'.
-USER 65534
-
-ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]

dyndnsd.gemspec

@@ -25,23 +25,24 @@ Gem::Specification.new do |s|
   s.executables = ['dyndnsd']
   s.extra_rdoc_files = Dir['README.md', 'CHANGELOG.md', 'LICENSE']
 
-  s.required_ruby_version = '>= 2.5'
+  s.required_ruby_version = '>= 3.0'
 
   s.add_runtime_dependency 'async-dns', '~> 1.2.0'
+  s.add_runtime_dependency 'jaeger-client', '~> 1.1.0'
   s.add_runtime_dependency 'metriks'
-  s.add_runtime_dependency 'opentelemetry-exporter-jaeger', '~> 0.20.0'
-  s.add_runtime_dependency 'opentelemetry-instrumentation-rack', '~> 0.19.0'
-  s.add_runtime_dependency 'opentelemetry-sdk', '~> 1.0.0.rc2'
+  s.add_runtime_dependency 'opentracing', '~> 0.5.0'
   s.add_runtime_dependency 'rack', '~> 2.0'
+  s.add_runtime_dependency 'rack-tracer', '~> 0.9.0'
   s.add_runtime_dependency 'webrick', '>= 1.6.1'
 
   s.add_development_dependency 'bundler'
-  s.add_development_dependency 'bundler-audit', '~> 0.8.0'
+  s.add_development_dependency 'bundler-audit', '~> 0.7.0'
   s.add_development_dependency 'rack-test'
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec'
-  s.add_development_dependency 'rubocop', '~> 1.19.0'
-  s.add_development_dependency 'rubocop-rake', '~> 0.6.0'
-  s.add_development_dependency 'rubocop-rspec', '~> 2.4.0'
-  s.add_development_dependency 'solargraph', '~> 0.43.0'
+  s.add_development_dependency 'rubocop', '~> 1.7.0'
+  s.add_development_dependency 'rubocop-rake', '~> 0.5.1'
+  s.add_development_dependency 'rubocop-rspec', '~> 2.1.0'
+  s.add_development_dependency 'solargraph', '~> 0.40.0'
+  s.add_development_dependency 'steep', '~> 0.39.0'
 end

lib/dyndnsd.rb

@@ -8,9 +8,9 @@ require 'json'
 require 'yaml'
 require 'rack'
 require 'metriks'
-require 'opentelemetry/instrumentation/rack'
-require 'opentelemetry/sdk'
 require 'metriks/reporter/graphite'
+require 'opentracing'
+require 'rack/tracer'
 
 require 'dyndnsd/generator/bind'
 require 'dyndnsd/updater/command_with_bind_zone'
@@ -69,7 +69,7 @@ module Dyndnsd
     # @return [Boolean]
     def authorized?(username, password)
       Helper.span('check_authorized') do |span|
-        span.set_attribute('enduser.id', username)
+        span.set_tag('dyndnsd.user', username)
 
         allow = Helper.user_allowed?(username, password, @users)
         if !allow
@@ -112,7 +112,7 @@ module Dyndnsd
 
       Dyndnsd.logger.info 'Starting...'
 
-      # drop privileges as soon as possible
+      # drop priviliges as soon as possible
       # NOTE: first change group than user
       if config['group']
         group = Etc.getgrnam(config['group'])
@@ -170,7 +170,7 @@ module Dyndnsd
     def process_changes(hostnames, myips)
       changes = []
       Helper.span('process_changes') do |span|
-        span.set_attribute('dyndnsd.hostnames', hostnames.join(','))
+        span.set_tag('dyndnsd.hostnames', hostnames.join(','))
 
         hostnames.each do |hostname|
           # myips order is always deterministic
@@ -252,8 +252,6 @@ module Dyndnsd
       Dyndnsd.logger.progname = 'dyndnsd'
       Dyndnsd.logger.formatter = LogFormatter.new
       Dyndnsd.logger.level = config['debug'] ? Logger::DEBUG : Logger::INFO
-
-      OpenTelemetry.logger = Dyndnsd.logger
     end
 
     # @return [void]
@@ -278,7 +276,7 @@ module Dyndnsd
         reporter = Metriks::Reporter::Graphite.new(host, port, options)
         reporter.start
       elsif config['textfile']
-        file = config['textfile']['file'] || '/tmp/dyndnsd-metrics.prom'
+        file = (config['textfile']['file'] || '/tmp/dyndnsd-metrics.prom').to_s
         options = {}
         options[:prefix] = config['textfile']['prefix'] if config['textfile']['prefix']
         reporter = Dyndnsd::TextfileReporter.new(file, options)
@@ -298,31 +296,16 @@ module Dyndnsd
     # @param config [Hash{String => Object}]
     # @return [void]
     private_class_method def self.setup_tracing(config)
-      # by default do not try to emit any traces until the user opts in
-      ENV['OTEL_TRACES_EXPORTER'] ||= 'none'
+      # configure OpenTracing
+      if config.dig('tracing', 'jaeger')
+        require 'jaeger/client'
 
-      # configure OpenTelemetry
-      OpenTelemetry::SDK.configure do |c|
-        if config.dig('tracing', 'jaeger')
-          require 'opentelemetry/exporter/jaeger'
-
-          c.add_span_processor(
-            OpenTelemetry::SDK::Trace::Export::BatchSpanProcessor.new(
-              OpenTelemetry::Exporter::Jaeger::AgentExporter.new
-            )
-          )
-        end
-
-        if config.dig('tracing', 'service_name')
-          c.service_name = config['tracing']['service_name']
-        end
-
-        c.service_version = Dyndnsd::VERSION
-        c.use('OpenTelemetry::Instrumentation::Rack')
-      end
-
-      if !config.dig('tracing', 'trust_incoming_span')
-        OpenTelemetry.propagation = OpenTelemetry::Context::Propagation::NoopTextMapPropagator.new
+        host = config['tracing']['jaeger']['host'] || '127.0.0.1'
+        port = config['tracing']['jaeger']['port'] || 6831
+        service_name = config['tracing']['jaeger']['service_name'] || 'dyndnsd'
+        OpenTracing.global_tracer = Jaeger::Client.build(
+          host: host, port: port, service_name: service_name, flush_interval: 1
+        )
       end
     end
 
@@ -348,7 +331,8 @@ module Dyndnsd
         app = Responder::DynDNSStyle.new(app)
       end
 
-      app = OpenTelemetry::Instrumentation::Rack::Middlewares::TracerMiddleware.new(app)
+      trust_incoming_span = config.dig('tracing', 'trust_incoming_span') || false
+      app = Rack::Tracer.new(app, trust_incoming_span: trust_incoming_span)
 
       Rack::Handler::WEBrick.run app, Host: config['host'], Port: config['port']
     end

lib/dyndnsd/helper.rb

@@ -45,17 +45,24 @@ module Dyndnsd
     # @param block [Proc]
     # @return [void]
     def self.span(operation, &block)
-      tracer = OpenTelemetry.tracer_provider.tracer(Dyndnsd.name, Dyndnsd::VERSION)
-      tracer.in_span(
-        operation,
-        attributes: {'component' => 'dyndnsd'},
-        kind: :server
-      ) do |span|
-        Dyndnsd.logger.debug "Creating span ID #{span.context.hex_span_id} for trace ID #{span.context.hex_trace_id}"
+      scope = OpenTracing.start_active_span(operation)
+      span = scope.span
+      span.set_tag('component', 'dyndnsd')
+      span.set_tag('span.kind', 'server')
+      begin
         block.call(span)
       rescue StandardError => e
-        span.record_exception(e)
+        span.set_tag('error', true)
+        span.log_kv(
+          event: 'error',
+          'error.kind': e.class.to_s,
+          'error.object': e,
+          message: e.message,
+          stack: e.backtrace&.join("\n") || ''
+        )
         raise e
+      ensure
+        scope.close
       end
     end
   end

lib/dyndnsd/responder/dyndns_style.rb

@@ -33,6 +33,7 @@ module Dyndnsd
         when 422
           error_response_map[headers['X-DynDNS-Response']]
         end
+        # TODO: possible nil response!
       end
 
       # @param status_code [Integer]
@@ -46,6 +47,7 @@ module Dyndnsd
         when 401
           [status_code, headers, ['badauth']]
         end
+        # TODO: possible nil response!
       end
 
       # @param changes [Array<Symbol>]

lib/dyndnsd/responder/rest_style.rb

@@ -33,6 +33,7 @@ module Dyndnsd
         when 422
           error_response_map[headers['X-DynDNS-Response']]
         end
+        # TODO: possible nil response!
       end
 
       # @param status_code [Integer]
@@ -46,6 +47,7 @@ module Dyndnsd
         when 401
           [status_code, headers, ['Unauthorized']]
         end
+        # TODO: possible nil response!
       end
 
       # @param changes [Array<Symbol>]

lib/dyndnsd/textfile_reporter.rb

@@ -91,7 +91,7 @@ module Dyndnsd
       end
     end
 
-    # @param file [String]
+    # @param file [File]
     # @param base_name [String]
     # @param metric [Object]
     # @param keys [Array<Symbol>]

lib/dyndnsd/updater/command_with_bind_zone.rb

@@ -18,7 +18,7 @@ module Dyndnsd
         return if !db.changed?
 
         Helper.span('updater_update') do |span|
-          span.set_attribute('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
+          span.set_tag('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
 
           # write zone file in bind syntax
           File.open(@zone_file, 'w') { |f| f.write(@generator.generate(db)) }

lib/dyndnsd/updater/zone_transfer_server.rb

@@ -35,7 +35,7 @@ module Dyndnsd
       # @return [void]
       def update(db)
         Helper.span('updater_update') do |span|
-          span.set_attribute('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
+          span.set_tag('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
 
           soa_rr = Resolv::DNS::Resource::IN::SOA.new(
             @zone_nameservers[0], @zone_email_address,

lib/dyndnsd/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dyndnsd
-  VERSION = '3.4.3'
+  VERSION = '3.3.0'
 end

sig/dyndnsd.rbs

@@ -0,0 +1,69 @@
+module Dyndnsd
+  type config = Hash[String, untyped]
+  type env = Hash[String, String]
+  type headers = Hash[String, String]
+  type response = Array[int | Hash[string, string] | Array[string]]
+
+  interface _App
+    def call: (env env) -> response
+  end
+
+
+  # @return [Logger]
+  def self.logger: () -> untyped
+
+  # @param logger [Logger]
+  # @return [Logger]
+  def self.logger=: (untyped logger) -> untyped
+
+  class LogFormatter
+    # @param lvl [Object]
+    # @param _time [DateTime]
+    # @param _progname [String]
+    # @param msg [Object]
+    # @return [String]
+    def call: (untyped lvl, DateTime _time, String _progname, untyped msg) -> String
+  end
+
+  class Daemon
+    # @param config [Hash{String => Object}]
+    # @param db [Dyndnsd::Database]
+    # @param updater [#update]
+    def initialize: (untyped config, untyped db, untyped updater) -> void
+
+    # @param username [String]
+    # @param password [String]
+    # @return [Boolean]
+    def authorized?: (String username, String password) -> bool
+
+    def call: (env env) -> response
+
+    def self.run!: () -> void
+
+    private
+
+    # @param params [Hash{String => String}]
+    # @return [Array<String>]
+    def extract_v4_and_v6_address: (untyped params) -> (::Array[untyped] | untyped)
+
+    # @param env [Hash{String => String}]
+    # @param params [Hash{String => String}]
+    # @return [Array<String>]
+    def extract_myips: (untyped env, untyped params) -> (untyped | ::Array[untyped])
+
+    # @param hostnames [String]
+    # @param myips [Array<String>]
+    # @return [Array<Symbol>]
+    def process_changes: (untyped hostnames, untyped myips) -> untyped
+
+    def update_db: () -> void
+
+    def handle_dyndns_request: (env env) -> response
+
+    def self.setup_logger: (config config) -> void
+    def self.setup_traps: () -> void
+    def self.setup_monitoring: (config config) -> void
+    def self.setup_tracing: (config config) -> void
+    def self.setup_rack: (config config) -> void
+  end
+end

sig/dyndnsd/database.rbs

@@ -0,0 +1,21 @@
+module Dyndnsd
+  class Database
+    extend Forwardable
+
+    def initialize: (string db_file) -> void
+
+    def load: () -> void
+
+    def save: () -> void
+
+    def changed?: () -> bool
+
+    def []: (string key) -> untyped
+
+    def []=: (string key, untyped value) -> void
+
+    def each: () { (string key, untyped value) -> void } -> void
+
+    def has_key?: (string key) -> bool
+  end
+end

sig/dyndnsd/generator/bind.rbs

@@ -0,0 +1,9 @@
+module Dyndnsd
+  module Generator
+    class Bind
+      def initialize: (String domain, Hash[String, untyped] updater_params) -> void
+
+      def generate: (Dyndnsd::Database db) -> string
+    end
+  end
+end

sig/dyndnsd/helper.rbs

@@ -0,0 +1,32 @@
+module Dyndnsd
+  type users = Hash[String, Hash[String, String]]
+  type hosts = Hash[String, Array[String]]
+
+  class Helper
+    # @param hostname [String]
+    # @param domain [String]
+    # @return [Boolean]
+    def self.fqdn_valid?: (String hostname, String domain) -> bool
+
+    # @param ip [String]
+    # @return [Boolean]
+    def self.ip_valid?: (String ip) -> bool
+
+    # @param username [String]
+    # @param password [String]
+    # @param users [Hash]
+    # @return [Boolean]
+    def self.user_allowed?: (String username, String password, users users) -> bool
+
+    # @param hostname [String]
+    # @param myips [Array]
+    # @param hosts [Hash]
+    # @return [Boolean]
+    def self.changed?: (String hostname, Array[String] myips, hosts hosts) -> bool
+
+    # @param operation [String]
+    # @param block [Proc]
+    # @return [void]
+    def self.span: (String operation) { (untyped) -> untyped } -> untyped
+  end
+end

sig/dyndnsd/responder/dyndns_style.rbs

@@ -0,0 +1,19 @@
+module Dyndnsd
+  module Responder
+    class DynDNSStyle
+      def initialize: (_App app) -> void
+
+      def call: (env env) -> response?
+
+      private
+
+      def decorate_dyndnsd_response: (int status_code, headers headers, Array[untyped] body) -> response?
+
+      def decorate_other_response: (int status_code, headers headers, Array[untyped] _body) -> response?
+
+      def get_success_body: (Array[Symbol] changes, Array[string] myips) -> string
+
+      def error_response_map: () -> Hash[string, response]
+    end
+  end
+end

sig/dyndnsd/responder/rest_style.rbs

@@ -0,0 +1,19 @@
+module Dyndnsd
+  module Responder
+    class RestStyle
+      def initialize: (_App app) -> void
+
+      def call: (env env) -> response?
+
+      private
+
+      def decorate_dyndnsd_response: (int status_code, headers headers, Array[untyped] body) -> response?
+
+      def decorate_other_response: (int status_code, headers headers, Array[untyped] _body) -> response?
+
+      def get_success_body: (Array[Symbol] changes, Array[string] myips) -> string
+
+      def error_response_map: () -> Hash[string, response]
+    end
+  end
+end

sig/dyndnsd/textfile_reporter.rbs

@@ -0,0 +1,17 @@
+module Dyndnsd
+  class TextfileReporter
+    attr_reader file: String
+
+    def initialize: (String file, ?Hash[Symbol, untyped] options) -> void
+
+    def start: () -> void
+
+    def stop: () -> void
+
+    def restart: () -> void
+
+    def write: () -> void
+
+    def write_metric: (File file, String base_name, untyped metric, Array[Symbol] keys, Array[Symbol] snapshot_keys) -> void
+  end
+end

sig/dyndnsd/updater/command_with_bind_zone.rbs

@@ -0,0 +1,9 @@
+module Dyndnsd
+  module Updater
+    class CommandWithBindZone
+      def initialize: (String domain, Hash[String, untyped] updater_params) -> void
+
+      def update: (Dyndnsd::Database db) -> void
+    end
+  end
+end

sig/dyndnsd/updater/zone_transfer_server.rbs

@@ -0,0 +1,39 @@
+module Dyndnsd
+  module Updater
+    class ZoneTransferServer
+      DEFAULT_SERVER_LISTENS: Array[String]
+
+      def initialize: (String domain, Hash[String, untyped] updater_params) -> void
+
+      def update: (Dyndnsd::Database db) -> void
+
+      # converts into suitable parameter form for Async::DNS::Resolver or Async::DNS::Server
+      #
+      # @param endpoint_list [Array<String>]
+      # @return [Array{Array{Object}}]
+      def self.parse_endpoints: (Array[String] endpoint_list) -> Array[Array[untyped]]
+
+      private
+
+      # creates correct Resolv::DNS::Resource object for IP address type
+      #
+      # @param ip_string [String]
+      # @return [Resolv::DNS::Resource::IN::A,Resolv::DNS::Resource::IN::AAAA]
+      def create_addr_rr_for_ip: (String ip_string) -> untyped
+
+      def send_dns_notify: () -> void
+    end
+
+    class ZoneTransferServerHelper #< Async::DNS::Server
+      attr_accessor axfr_rrs: untyped
+
+      def initialize: (untyped endpoints, String domain) -> void
+
+      # @param name [String]
+      # @param resource_class [Resolv::DNS::Resource]
+      # Since solargraph cannot parse this: param transaction [Async::DNS::Transaction]
+      # @return [void]
+      def process: (String name, untyped resource_class, untyped transaction) -> void
+    end
+  end
+end

sig/dyndnsd/version.rbs

@@ -0,0 +1,3 @@
+module Dyndnsd
+  VERSION: ::String
+end

spec/dyndnsd/daemon_spec.rb

@@ -24,7 +24,9 @@ describe Dyndnsd::Daemon do
 
     app = Rack::Auth::Basic.new(daemon, 'DynDNS', &daemon.method(:authorized?))
 
-    Dyndnsd::Responder::DynDNSStyle.new(app)
+    app = Dyndnsd::Responder::DynDNSStyle.new(app)
+
+    Rack::Tracer.new(app, trust_incoming_span: false)
   end
 
   it 'requires authentication' do

upgrade-version.sh

@@ -1,13 +0,0 @@
-#!/bin/bash -eux
-
-sed -i "s/$1/$2/g" lib/dyndnsd/version.rb
-
-release_date=$(LC_ALL=en_US.utf8 date +"%B %-d, %Y")
-
-if grep "## $2 (" CHANGELOG.md; then
-    true
-elif grep "## $2" CHANGELOG.md; then
-    sed -i "s/## $2/## $2 ($release_date)/g" CHANGELOG.md
-else
-    echo "## $2 ($release_date)" >> CHANGELOG.md
-fi