docs: add link to newer version

2025-08-08 08:33:56 +02:00 · 2020-07-28 17:33:27 +02:00
28 changed files with 138 additions and 663 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -1,9 +0,0 @@
 root = true
 [*]
 indent_style = space
 indent_size = 2
 end_of_line = lf
 charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -1,41 +0,0 @@
 {
  extends: [
    "config:base",
    ":dependencyDashboard",
    ":prHourlyLimitNone",
    ":prConcurrentLimitNone",
    ":label(dependency-upgrade)",
  ],
  schedule: ["before 8am on thursday"],
  branchPrefix: "renovate-",
  dependencyDashboardHeader: "View repository job log [here](https://app.renovatebot.com/dashboard#github/cmur2/dyndnsd).",
  separateMinorPatch: true,
  commitMessagePrefix: "project: ",
  commitMessageAction: "update",
  commitMessageTopic: "{{depName}}",
  commitMessageExtra: "to {{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}",
  packageRules: [
    // Ruby dependencies are managed by depfu
    {
      matchManagers: ["bundler"],
      enabled: false,
    },
    // Commit message formats
    {
      matchDatasources: ["docker"],
      commitMessagePrefix: "docker: ",
    },
    {
      matchDatasources: ["github-actions"],
      commitMessagePrefix: "ci: ",
    },
  ],
  regexManagers: [
    {
      fileMatch: ["\.rb$", "^Rakefile$"],
      matchStrings: [
        "renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)\\s.*_version = '(?<currentValue>.*)'\\s"
      ]
    },
  ],
 }
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -1,49 +0,0 @@
 ---
 name: cd
 on:
  push:
    tags:
    - 'v*.*.*'
 jobs:
  release-dockerimage:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Extract dyndnsd version from tag name
      run: |
        echo "DYNDNSD_VERSION=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV
    - name: Wait for dyndnsd ${{ env.DYNDNSD_VERSION }} gem to be available
      run: |
        set +e
        for retry in $(seq 1 5); do
          echo "Checking if dyndnsd $DYNDNSD_VERSION gem is retrievable from rubygems.org (try #$retry)..."
          sudo gem install dyndnsd -v "$DYNDNSD_VERSION"
          if [ $? -eq 0 ]; then
            exit 0
          fi
          sleep 60
        done
        exit 1
    # https://github.com/marketplace/actions/build-and-push-docker-images
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v1
    - name: Login to Docker Hub
      uses: docker/login-action@v1
      with:
        username: cmur2
        password: ${{ secrets.DOCKER_TOKEN }}
    - name: Build and push Docker image for dyndnsd ${{ env.DYNDNSD_VERSION }}
      uses: docker/build-push-action@v2
      with:
        context: docker
        build-args: |
          DYNDNSD_VERSION=${{ env.DYNDNSD_VERSION }}
        push: true
        tags: cmur2/dyndnsd:v${{ env.DYNDNSD_VERSION }}
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,34 +0,0 @@
 ---
 name: ci
 on:
  push:
    branches: [master]
  pull_request:
    branches: [master]
  workflow_dispatch:
  schedule:
  - cron: '35 4 * * 4'  # weekly on thursday morning
 jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        ruby-version:
        - '2.5'
        - '2.6'
        - '2.7'
        - '3.0'
        - '3.1'
    steps:
    - uses: actions/checkout@v2
    - name: Set up Ruby ${{ matrix.ruby-version }}
      uses: ruby/setup-ruby@v1
      with:
        ruby-version: ${{ matrix.ruby-version }}
        bundler-cache: true  # runs 'bundle install' and caches installed gems automatically
    - name: Lint and Test
      run: |
        bundle exec rake ci
--- a/.github/workflows/dockerhub.yml
+++ b/.github/workflows/dockerhub.yml
@@ -1,19 +0,0 @@
 ---
 name: dockerhub
 on:
  schedule:
  - cron: '7 4 * * 4'  # weekly on thursday morning
  workflow_dispatch:
 jobs:
  pull-released-dockerimages:
    runs-on: ubuntu-latest
    steps:
    - name: Avoid stale tags by pulling
      run: |
        ALL_IMAGES="$(curl -s https://hub.docker.com/v2/repositories/cmur2/dyndnsd/tags?page_size=1000 | jq -r '.results[].name | "cmur2/dyndnsd:" + .' | grep -e 'cmur2/dyndnsd:v')"
        for image in $ALL_IMAGES; do
          echo "Pulling $image to avoid staleness..."
          docker pull "$image"
        done
--- a/.github/workflows/vulnscan.yml
+++ b/.github/workflows/vulnscan.yml
@@ -1,46 +0,0 @@
 ---
 name: vulnscan
 on:
  schedule:
  - cron: '7 4 * * 4'  # weekly on thursday morning
  workflow_dispatch:
 jobs:
  scan-released-dockerimages:
    runs-on: ubuntu-latest
    env:
      TRIVY_LIGHT: 'true'
      TRIVY_IGNORE_UNFIXED: 'true'
      TRIVY_REMOVED_PKGS: 'true'
    steps:
    - name: Install Trivy
      run: |
        mkdir -p $GITHUB_WORKSPACE/bin
        echo "$GITHUB_WORKSPACE/bin" >> "$GITHUB_PATH"
        curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b $GITHUB_WORKSPACE/bin
    - name: Download Trivy DB
      run: |
        trivy image --download-db-only
    - name: Scan vulnerabilities using Trivy
      env:
        TRIVY_SKIP_DIRS: 'usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock,usr/lib/ruby/gems/2.7.0/gems/jaeger-client-1.0.0/crossdock,usr/lib/ruby/gems/2.7.0/gems/jaeger-client-1.1.0/crossdock'
      run: |
        trivy --version
        # semver sorting as per https://stackoverflow.com/a/40391207/2148786
        ALL_IMAGES="$(curl -s https://hub.docker.com/v2/repositories/cmur2/dyndnsd/tags?page_size=1000 | jq -r '.results[].name | "cmur2/dyndnsd:" + .' | grep -e 'cmur2/dyndnsd:v' | sed '/-/!{s/$/_/}' | sort -r -V | sed 's/_$//')"
        EXIT_CODE=0
        set -e
        for major_version in $(seq 1 10); do
          for image in $ALL_IMAGES; do
            if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
              echo -e "\nScanning newest patch release $image of major v$major_version...\n"
              if ! trivy image --skip-update --exit-code 1 "$image"; then
                EXIT_CODE=1
              fi
              break
            fi
          done
        done
        exit "$EXIT_CODE"
--- a/.gitignore
+++ b/.gitignore
@@ -2,5 +2,3 @@
 *.lock
 pkg/*
 .yardoc
 hadolint
 trivy
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -1,13 +1,5 @@
 require:
 - rubocop-rake
 - rubocop-rspec
 AllCops:
-  TargetRubyVersion: '2.5'
+  TargetRubyVersion: '2.3'
  NewCops: enable
 Gemspec/RequireMFA:
  Enabled: false
 Layout/EmptyLineAfterGuardClause:
  Enabled: false
@@ -93,9 +85,3 @@ Style/SymbolArray:
 Style/TrailingCommaInArrayLiteral:
  Enabled: false
 RSpec/ExampleLength:
  Max: 20
 RSpec/MultipleExpectations:
  Max: 20
--- a/.travis.yml
+++ b/.travis.yml
@@ -0,0 +1,12 @@
 ---
 os: linux
 language: ruby
 rvm:
 - 2.7
 - 2.6
 - 2.5
 - 2.4
 - 2.3
 script:
 - bundle exec rake travis
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,135 +1,5 @@
 # Changelog
 ## 3.5.0 (January 8, 2021)
 IMPROVEMENTS:
 - add Ruby 3.1 support
 OTHER:
 - update base of Docker image to Alpine 3.15 (from 3.13.7 before, **Note:** please be aware of the quirks around [Alpine 3.14](https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.14.0#faccessat2))
 ## 3.4.8 (December 11th, 2021)
 OTHER:
 - re-release 3.4.7 to rebuild Docker image with security vulnerabilities fixes
 ## 3.4.7 (November 19th, 2021)
 OTHER:
 - re-release 3.4.6 to rebuild Docker image with security vulnerabilities fixes
 ## 3.4.6 (November 19th, 2021)
 OTHER:
 - re-release 3.4.5 to rebuild Docker image with security vulnerabilities fixes
 ## 3.4.5 (August 26th, 2021)
 OTHER:
 - re-release 3.4.4 to rebuild Docker image with security vulnerabilities fixes
 ## 3.4.4 (August 26th, 2021)
 OTHER:
 - re-release 3.4.3 to rebuild Docker image with security vulnerabilities fixes
 ## 3.4.3 (August 20th, 2021)
 OTHER:
 - re-release 3.4.2 to rebuild Docker image with security vulnerabilities fixes
 ## 3.4.2 (July 30, 2021)
 IMPROVEMENTS:
 - move from OpenTracing to OpenTelemetry for experimental tracing feature
 OTHER:
 - re-release 3.4.1 to rebuild Docker image with security vulnerabilities fixes
 - adopt Renovate for dependency updates
 ## 3.4.1 (April 15, 2021)
 OTHER:
 - update base of Docker image to Alpine 3.13.5 to fix security vulnerabilities
 ## 3.4.0 (April 2, 2021)
 IMPROVEMENTS:
 - **change** Docker image to run as non-root user `65534` by default, limits attack surface for security and gives OpenShift compatibility
 ## 3.3.3 (April 1, 2021)
 OTHER:
 - update base of Docker image to Alpine 3.13.4 to fix security vulnerabilities
 ## 3.3.2 (February 20, 2021)
 OTHER:
 - update to use `docker/build-push-action@v2` for releasing Docker image in GHA
 ## 3.3.1 (February 18, 2021)
 OTHER:
 - update base of Docker image to Alpine 3.13.2 to fix security vulnerabilities
 ## 3.3.0 (January 18, 2021)
 OTHER:
 - update base of Docker image to Alpine 3.13
 ## 3.2.0 (January 14, 2021)
 IMPROVEMENTS:
 - Add Ruby 3.0 support
 ## 3.1.3 (December 20, 2020)
 OTHER:
 - fix Docker image release process in Github Actions CI, 3.1.2 was not released as a Docker image
 ## 3.1.2 (December 20, 2020)
 OTHER:
 - fixes vulnerabilities in Docker image by using updated Alpine base image
 - start using Github Actions CI for tests and drop Travis CI
 ## 3.1.1 (October 3, 2020)
 IMPROVEMENTS:
 - Use webrick gem which contains fixes against [CVE-2020-25613](https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/)
 ## 3.1.0 (August 19, 2020)
 IMPROVEMENTS:
 - Add officially maintained [Docker image for dyndnsd](https://hub.docker.com/r/cmur2/dyndnsd)
 ## 3.0.0 (July 29, 2020)
 IMPROVEMENTS:
 - Drop EOL Ruby 2.4 and lower support, now minimum version supported is Ruby 2.5
 ## 2.3.1 (July 27, 2020)
 IMPROVEMENTS:
@@ -232,7 +102,7 @@ IMPROVEMENTS:
 IMPROVEMENTS:
- Support dropping privileges on startup, also affects external commands run
+- Support dropping priviliges on startup, also affects external commands run
 - Add [metriks](https://github.com/eric/metriks) support for basic metrics in the process title
 - Detach from child processes running external commands to avoid zombie processes
--- a/README.md
+++ b/README.md
@@ -1,9 +1,10 @@
 # dyndnsd.rb
-![ci](https://github.com/cmur2/dyndnsd/workflows/ci/badge.svg) [![Dependencies](https://badges.depfu.com/badges/4f25da8493f7a29f652ac892fbf9227b/overview.svg)](https://depfu.com/github/cmur2/dyndnsd)
+[![Build Status](https://travis-ci.org/cmur2/dyndnsd.svg?branch=dyndnsd-2.x)](https://travis-ci.org/cmur2/dyndnsd) [![Dependencies](https://badges.depfu.com/badges/4f25da8493f7a29f652ac892fbf9227b/overview.svg)](https://depfu.com/github/cmur2/dyndnsd)
 A small, lightweight and extensible DynDNS server written with Ruby and Rack.
 **Note:** a newer version of dyndnsd.rb is available on [branch master](https://github.com/cmur2/dyndnsd), see also the [changelog](https://github.com/cmur2/dyndnsd/blob/master/CHANGELOG.md).
 ## Description
@@ -64,49 +65,14 @@ users:
 Run dyndnsd.rb by:
-```bash
+	dyndnsd /path/to/config.yaml
 dyndnsd /path/to/config.yml
 ```
 ### Docker image
 There is an officially maintained [Docker image for dyndnsd](https://hub.docker.com/r/cmur2/dyndnsd) available at Dockerhub. The goal is to have a minimal secured image available (currently based on Alpine) that works well for the `zone_transfer_server` updater use case.
 Users can make extensions by deriving from the official Docker image or building their own.
 The Docker image consumes the same configuration file in YAML format as the gem, inside the container it needs to be mounted/available as `/etc/dyndnsd/config.yml`. The following YAML should be used as a base and extended with user's settings:
 ```yaml
 host: "0.0.0.0"
 port: 8080
 # omit the logfile: option so logging to STDOUT will happen automatically
 db: "/var/lib/dyndnsd/db.json"
 # User's settings for updater and permissions follow here!
 ```
 more ports might be needed depending on if DNS zone transfer is needed
 Run the Docker image exposing the DynDNS-API on host port 8080 via:
 ```bash
 docker run -d --name dyndnsd \
           -p 8080:8080 \
           -v /host/path/to/dyndnsd/config.yml:/etc/dyndnsd/config.yml \
           -v /host/ptherpath/to/dyndnsd/datadir:/var/lib/dyndnsd \
           cmur2/dyndnsd:vX.Y.Z
 ```
 *Note*: You may need to expose more than just port 8080 e.g. if you use the `zone_transfer_server` which can be done by appending additional `-p 5353:5353` flags to the `docker run` command.
 ## Using dyndnsd.rb with any nameserver via DNS zone transfers (AXFR)
 By using [DNS zone transfers via AXFR (RFC5936)](https://tools.ietf.org/html/rfc5936) any secondary nameserver can retrieve the DNS zone contents from dyndnsd.rb and serve them to clients.
 To speedup propagation after changes dyndnsd.rb can issue a [DNS NOTIFY (RFC1996)](https://tools.ietf.org/html/rfc1996) to inform the nameserver that the DNS zone contents changed and should be fetched even before the time indicated in the SOA record is up.
-Currently, dyndnsd.rb does not support any authentication for incoming DNS zone transfer request, so it should be isolated from the internet on these ports.
+Currently dyndnsd.rb does not support any authentication for incoming DNS zone transfer requests so it should be isolated from the internet on these ports.
 This approach has several advantages:
 - dyndnsd.rb can be used in *hidden primary* fashion isolated from client's DNS traffic and does not need to implement full nameserver features
@@ -151,7 +117,7 @@ users:
 NSD is a nice, open source, authoritative-only, low-memory DNS server that reads BIND-style zone files (and converts them into its own database) and has a simple configuration file.
-A feature NSD is lacking is the [Dynamic DNS update (RFC2136)](https://tools.ietf.org/html/rfc2136) functionality BIND offers, but one can fake it using the following dyndnsd.rb configuration:
+A feature NSD is lacking is the [Dynamic DNS update (RFC2136)](https://tools.ietf.org/html/rfc2136) functionality BIND offers but one can fake it using the following dyndnsd.rb configuration:
 ```yaml
 host: "0.0.0.0"
@@ -198,23 +164,23 @@ The update URL you want to tell your clients (humans or scripts ^^) consists of
 where:
 * the protocol depends on your (webserver/proxy) settings
-* `USER` and `PASSWORD` are needed for HTTP Basic Auth and valid combinations are defined in your config.yaml
+* USER and PASSWORD are needed for HTTP Basic Auth and valid combinations are defined in your config.yaml
-* `DOMAIN` should match what you defined in your config.yaml as domain but may be anything else when using a web server as proxy
+* DOMAIN should match what you defined in your config.yaml as domain but may be anything else when using a webserver as proxy
-* `PORT` depends on your (web server/proxy) settings
+* PORT depends on your (webserver/proxy) settings
-* `HOSTNAMES` is a required list of comma-separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
+* HOSTNAMES is a required list of comma-separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
-* `MYIP` is optional and the HTTP client's IP address will be used if missing
+* MYIP is optional and the HTTP client's IP address will be used if missing
-* `MYIP6` is optional but if present also requires presence of `MYIP`
+* MYIP6 is optional but if present also requires presence of MYIP
 ### IP address determination
 The following rules apply:
-* use any IP address provided via the `myip` parameter when present, or
+* use any IP address provided via the myip parameter when present, or
-* use any IP address provided via the `X-Real-IP` header e.g. when used behind HTTP reverse proxy such as nginx, or
+* use any IP address provided via the X-Real-IP header e.g. when used behind HTTP reverse proxy such as nginx, or
 * use any IP address used by the connecting HTTP client
-If you want to provide an additional IPv6 address as myip6 parameter, the `myip` parameter containing an IPv4 address has to be present, too! No automatism is applied then.
+If you want to provide an additional IPv6 address as myip6 parameter, the myip parameter containing an IPv4 address has to be present, too! No automatism is applied then.
 ### SSL, multiple listen ports
@@ -222,16 +188,14 @@ If you want to provide an additional IPv6 address as myip6 parameter, the `myip`
 Use a webserver as a proxy to handle SSL and/or multiple listen addresses and ports. DynDNS.com provides HTTP on port 80 and 8245 and HTTPS on port 443.
-### Startup
+### Init scripts
-There is a [Dockerfile](docs/Dockerfile) that can be used to build a Docker image for running dyndnsd.rb.
+The [Debian 6 init.d script](init.d/debian-6-dyndnsd) assumes that dyndnsd.rb is installed into the system ruby (no RVM support) and the config.yaml is at /opt/dyndnsd/config.yaml. Modify to your needs.
 The [Debian 6 init.d script](docs/debian-6-init-dyndnsd) assumes that dyndnsd.rb is installed into the system ruby (no RVM support) and the config.yaml is at /opt/dyndnsd/config.yaml. Modify to your needs.
 ### Monitoring
-For monitoring dyndnsd.rb uses the [metriks](https://github.com/eric/metriks) framework and exposes several metrics like the number of unauthenticated requests, requests that did (not) update a hostname, etc. By default, the most important metrics are shown in the [proctitle](https://github.com/eric/metriks#proc-title-reporter, butt you can also configure a [Graphite](https://graphiteapp.org/) backend for central monitoring or the [textfile_reporter](https://github.com/prometheus/node_exporter/#textfile-collector) which outputs Graphite-style metrics that are also compatible with Prometheus to a file.
+For monitoring dyndnsd.rb uses the [metriks](https://github.com/eric/metriks) framework and exposes several metrics like the number of unauthenticated requests, requests that did (not) update a hostname, etc. By default the most important metrics are shown in the [proctitle](https://github.com/eric/metriks#proc-title-reporter) but you can also configure a [Graphite](https://graphiteapp.org/) backend for central monitoring or the [textfile_reporter](https://github.com/prometheus/node_exporter/#textfile-collector) which outputs Graphite-style metrics that are also compatible with Prometheus to a file.
 ```yaml
 host: "0.0.0.0"
@@ -271,9 +235,9 @@ users:
 ### Tracing (experimental)
-For tracing, dyndnsd.rb is instrumented using the [OpenTelemetry](https://opentelemetry.io/docs/ruby/) framework and will emit span tracing data for the most important operations happening during the request/response cycle. Using an [instrumentation for Rack](https://github.com/open-telemetry/opentelemetry-ruby/tree/main/instrumentation/rack) allows handling incoming OpenTelemetry parent span information properly (when desired, turned off by default to reduce attack surface).
+For tracing, dyndnsd.rb is instrumented using the [OpenTracing](http://opentracing.io/) framework and will emit span tracing data for the most important operations happening during the request/response cycle. Using a middleware for Rack allows handling incoming OpenTracing span information properly.
-Currently, the [OpenTelemetry trace exporter](https://github.com/open-telemetry/opentelemetry-ruby/tree/main/exporter/jaeger) for [CNCF Jaeger](https://github.com/jaegertracing/jaeger) can be enabled via dyndnsd.rb configuration. Alternatively, you can also enable other exporters via the environment variable `OTEL_TRACES_EXPORTER`, e.g. `OTEL_TRACES_EXPORTER=console`.
+Currently only one OpenTracing-compatible tracer implementation named [CNCF Jaeger](https://github.com/jaegertracing/jaeger) can be configured to use with dyndnsd.rb.
 ```yaml
 host: "0.0.0.0"
@@ -282,9 +246,11 @@ db: "/opt/dyndnsd/db.json"
 domain: "dyn.example.org"
 # enable and configure tracing using the (currently only) tracer jaeger
 tracing:
-  trust_incoming_span: false # default value, change to accept incoming OpenTelemetry spans as parents
+  trust_incoming_span: false # default value, change to accept incoming OpenTracing spans as parents
-  service_name: "my.dyndnsd.identifier" # default unset, will be populated by OpenTelemetry
+  jaeger:
-  jaeger: true # enables the Jaeger AgentExporter
+    host: 127.0.0.1 # defaults for host and port of local jaeger-agent
    port: 6831
    service_name: "my.dyndnsd.identifier"
 # configure the updater, here we use command_with_bind_zone, params are updater-specific
 updater:
  name: "command_with_bind_zone"
--- a/73
+++ b/73
@@ -9,73 +9,16 @@ RSpec::Core::RakeTask.new(:spec)
 RuboCop::RakeTask.new
 Bundler::Audit::Task.new
 desc 'Should be run by developer once to prepare initial solargraph usage (fill caches etc.)'
 task :'solargraph:init' do
  sh 'solargraph download-core'
 end
 desc 'Run experimental solargraph type checker'
-task :solargraph do
+task :'solargraph:tc' do
  sh 'solargraph typecheck'
 end
-namespace :solargraph do
+task default: [:rubocop, :spec, 'bundle:audit']
  desc 'Should be run by developer once to prepare initial solargraph usage (fill caches etc.)'
  task :init do
    sh 'solargraph download-core'
  end
 end
-# renovate: datasource=github-tags depName=hadolint/hadolint
+task travis: [:default, :'solargraph:tc']
 hadolint_version = 'v2.8.0'
 # renovate: datasource=github-tags depName=aquasecurity/trivy
 trivy_version = 'v0.22.0'
 namespace :docker do
  ci_image = 'cmur2/dyndnsd:ci'
  desc 'Lint Dockerfile'
  task :lint do
    sh "if [ ! -e ./hadolint ]; then wget -q -O ./hadolint https://github.com/hadolint/hadolint/releases/download/#{hadolint_version}/hadolint-Linux-x86_64; fi"
    sh 'chmod a+x ./hadolint'
    sh './hadolint --ignore DL3018 docker/Dockerfile'
    sh './hadolint --ignore DL3018 --ignore DL3028 docker/ci/Dockerfile'
  end
  desc 'Build CI Docker image'
  task :build do
    sh 'docker build -t cmur2/dyndnsd:ci -f docker/ci/Dockerfile .'
  end
  desc 'Scan CI Docker image for vulnerabilities'
  task :scan do
    ver = trivy_version.gsub('v', '')
    sh "if [ ! -e ./trivy ]; then wget -q -O - https://github.com/aquasecurity/trivy/releases/download/v#{ver}/trivy_#{ver}_Linux-64bit.tar.gz | tar -xzf - trivy; fi"
    sh "./trivy #{ci_image}"
  end
  desc 'End-to-end test the CI Docker image'
  task :e2e do
    sh <<~SCRIPT
      echo -n '{}' > e2e/db.json
      chmod a+w e2e/db.json
    SCRIPT
    sh "docker run -d --name=dyndnsd-ci -v $(pwd)/e2e:/etc/dyndnsd -p 8080:8080 -p 5353:5353 #{ci_image}"
    sh 'sleep 1'
    puts '----------------------------------------'
    # `dig` needs `sudo apt-get install -y -q dnsutils`
    sh <<~SCRIPT
      curl -s -o /dev/null -w '%{http_code}' 'http://localhost:8080/' | grep -q '401'
      curl -s 'http://foo:secret@localhost:8080/nic/update?hostname=foo.dyn.example.org&myip=1.2.3.4' | grep -q 'good'
      curl -s 'http://foo:secret@localhost:8080/nic/update?hostname=foo.dyn.example.org&myip=1.2.3.4' | grep -q 'nochg'
      dig +short AXFR 'dyn.example.org' @127.0.0.1 -p 5353 | grep -q '1.2.3.4'
    SCRIPT
    puts '----------------------------------------'
    sh <<~SCRIPT
      docker logs dyndnsd-ci
      docker container rm -f -v dyndnsd-ci
      rm e2e/db.json
    SCRIPT
  end
 end
 task default: [:rubocop, :spec, 'bundle:audit', :solargraph]
 desc 'Run all tasks desired for CI'
 task ci: ['solargraph:init', :default, 'docker:lint', :build, 'docker:build', 'docker:e2e']
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,22 +0,0 @@
 FROM alpine:3.15.0
 EXPOSE 5353 8080
 ARG DYNDNSD_VERSION
 RUN apk --no-cache add openssl ca-certificates && \
    apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
    apk --no-cache add --virtual .build-deps linux-headers ruby-dev build-base tzdata && \
    gem install --no-document dyndnsd -v ${DYNDNSD_VERSION} && \
    rm -rf /usr/lib/ruby/gems/*/cache/ && \
    # set timezone to Berlin
    cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
    apk del .build-deps
 # Follow the principle of least privilege: run as unprivileged user.
 # Running as non-root enables running this image in platforms like OpenShift
 # that do not allow images running as root.
 # User ID 65534 is usually user 'nobody'.
 USER 65534
 ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]
--- a/docker/ci/Dockerfile
+++ b/docker/ci/Dockerfile
@@ -1,22 +0,0 @@
 FROM alpine:3.15.0
 EXPOSE 5353 8080
 COPY pkg/dyndnsd-*.gem /tmp/dyndnsd.gem
 RUN apk --no-cache add openssl ca-certificates && \
    apk --no-cache add ruby ruby-etc ruby-io-console ruby-json ruby-webrick && \
    apk --no-cache add --virtual .build-deps linux-headers ruby-dev build-base tzdata && \
    gem install --no-document /tmp/dyndnsd.gem && \
    rm -rf /usr/lib/ruby/gems/*/cache/ && \
    # set timezone to Berlin
    cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime && \
    apk del .build-deps
 # Follow the principle of least privilege: run as unprivileged user.
 # Running as non-root enables running this image in platforms like OpenShift
 # that do not allow images running as root.
 # User ID 65534 is usually user 'nobody'.
 USER 65534
 ENTRYPOINT ["dyndnsd", "/etc/dyndnsd/config.yml"]
--- a/dyndnsd.gemspec
+++ b/dyndnsd.gemspec
@@ -25,24 +25,20 @@ Gem::Specification.new do |s|
  s.executables = ['dyndnsd']
  s.extra_rdoc_files = Dir['README.md', 'CHANGELOG.md', 'LICENSE']
-  s.required_ruby_version = '>= 2.5'
+  s.required_ruby_version = '>= 2.3'
-  s.add_runtime_dependency 'async', '~> 1.30.0'
+  s.add_runtime_dependency 'async-dns', '~> 1.2.0'
-  s.add_runtime_dependency 'async-dns', '~> 1.3.0'
+  s.add_runtime_dependency 'jaeger-client', '~> 0.10.0'
  s.add_runtime_dependency 'metriks'
-  s.add_runtime_dependency 'opentelemetry-exporter-jaeger', '~> 0.20.0'
+  s.add_runtime_dependency 'opentracing', '~> 0.5.0'
  s.add_runtime_dependency 'opentelemetry-instrumentation-rack', '~> 0.20.0'
  s.add_runtime_dependency 'opentelemetry-sdk', '~> 1.0.0.rc2'
  s.add_runtime_dependency 'rack', '~> 2.0'
-  s.add_runtime_dependency 'webrick', '>= 1.6.1'
+  s.add_runtime_dependency 'rack-tracer', '~> 0.9.0'
  s.add_development_dependency 'bundler'
-  s.add_development_dependency 'bundler-audit', '~> 0.9.0'
+  s.add_development_dependency 'bundler-audit', '~> 0.7.0'
  s.add_development_dependency 'rack-test'
  s.add_development_dependency 'rake'
  s.add_development_dependency 'rspec'
-  s.add_development_dependency 'rubocop', '~> 1.24.0'
+  s.add_development_dependency 'rubocop', '~> 0.81.0'
-  s.add_development_dependency 'rubocop-rake', '~> 0.6.0'
+  s.add_development_dependency 'solargraph'
  s.add_development_dependency 'rubocop-rspec', '~> 2.7.0'
  s.add_development_dependency 'solargraph', '~> 0.44.0'
 end
--- a/e2e/config.yml
+++ b/e2e/config.yml
@@ -1,31 +0,0 @@
 ---
 host: "0.0.0.0"
 port: 8080
 db: /etc/dyndnsd/db.json
 debug: false
 domain: dyn.example.org
 #responder: RestStyle
 updater:
  name: zone_transfer_server
  params:
    server_listens:
    - 0.0.0.0@5353
    #send_notifies:
    #- 10.0.2.15@53
    zone_ttl: 300  # 5m
    zone_nameservers:
    - dns1.example.org.
    - dns2.example.org.
    zone_email_address: admin.example.org.
    zone_additional_ips:
    - "127.0.0.1"
    - "::1"
 users:
  foo:
    password: "secret"
    hosts:
    - foo.dyn.example.org
    - bar.dyn.example.org
--- a/docs/debian-6-init-dyndnsd
+++ b/docs/debian-6-init-dyndnsd
--- a/lib/dyndnsd.rb
+++ b/lib/dyndnsd.rb
@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 require 'date'
 require 'etc'
 require 'logger'
 require 'ipaddr'
@@ -8,9 +7,9 @@ require 'json'
 require 'yaml'
 require 'rack'
 require 'metriks'
 require 'opentelemetry/instrumentation/rack'
 require 'opentelemetry/sdk'
 require 'metriks/reporter/graphite'
 require 'opentracing'
 require 'rack/tracer'
 require 'dyndnsd/generator/bind'
 require 'dyndnsd/updater/command_with_bind_zone'
@@ -69,7 +68,7 @@ module Dyndnsd
    # @return [Boolean]
    def authorized?(username, password)
      Helper.span('check_authorized') do |span|
-        span.set_attribute('enduser.id', username)
+        span.set_tag('dyndnsd.user', username)
        allow = Helper.user_allowed?(username, password, @users)
        if !allow
@@ -81,7 +80,7 @@ module Dyndnsd
    end
    # @param env [Hash{String => String}]
-    # @return [Array{Integer,Hash{String => String},Array<String>}]
+    # @return [Array{Integer,Hash{String => String},Array{String}}]
    def call(env)
      return [422, {'X-DynDNS-Response' => 'method_forbidden'}, []] if env['REQUEST_METHOD'] != 'GET'
      return [422, {'X-DynDNS-Response' => 'not_found'}, []] if env['PATH_INFO'] != '/nic/update'
@@ -106,13 +105,13 @@ module Dyndnsd
      puts "DynDNSd version #{Dyndnsd::VERSION}"
      puts "Using config file #{config_file}"
-      config = YAML.safe_load(File.read(config_file))
+      config = YAML.safe_load(File.open(config_file, 'r', &:read))
      setup_logger(config)
      Dyndnsd.logger.info 'Starting...'
-      # drop privileges as soon as possible
+      # drop priviliges as soon as possible
      # NOTE: first change group than user
      if config['group']
        group = Etc.getgrnam(config['group'])
@@ -135,7 +134,7 @@ module Dyndnsd
    private
    # @param params [Hash{String => String}]
-    # @return [Array<String>]
+    # @return [Array{String}]
    def extract_v4_and_v6_address(params)
      return [] if !(params['myip'])
      begin
@@ -149,7 +148,7 @@ module Dyndnsd
    # @param env [Hash{String => String}]
    # @param params [Hash{String => String}]
-    # @return [Array<String>]
+    # @return [Array{String}]
    def extract_myips(env, params)
      # require presence of myip parameter as valid IPAddr (v4) and valid myip6
      return extract_v4_and_v6_address(params) if params.key?('myip6')
@@ -165,12 +164,12 @@ module Dyndnsd
    end
    # @param hostnames [String]
-    # @param myips [Array<String>]
+    # @param myips [Array{String}]
-    # @return [Array<Symbol>]
+    # @return [Array{Symbol}]
    def process_changes(hostnames, myips)
      changes = []
      Helper.span('process_changes') do |span|
-        span.set_attribute('dyndnsd.hostnames', hostnames.join(','))
+        span.set_tag('dyndnsd.hostnames', hostnames.join(','))
        hostnames.each do |hostname|
          # myips order is always deterministic
@@ -201,7 +200,7 @@ module Dyndnsd
    end
    # @param env [Hash{String => String}]
-    # @return [Array{Integer,Hash{String => String},Array<String>}]
+    # @return [Array{Integer,Hash{String => String},Array{String}}]
    def handle_dyndns_request(env)
      params = Rack::Utils.parse_query(env['QUERY_STRING'])
@@ -246,14 +245,12 @@ module Dyndnsd
      if config['logfile']
        Dyndnsd.logger = Logger.new(config['logfile'])
      else
-        Dyndnsd.logger = Logger.new($stdout)
+        Dyndnsd.logger = Logger.new(STDOUT)
      end
      Dyndnsd.logger.progname = 'dyndnsd'
      Dyndnsd.logger.formatter = LogFormatter.new
      Dyndnsd.logger.level = config['debug'] ? Logger::DEBUG : Logger::INFO
      OpenTelemetry.logger = Dyndnsd.logger
    end
    # @return [void]
@@ -298,31 +295,16 @@ module Dyndnsd
    # @param config [Hash{String => Object}]
    # @return [void]
    private_class_method def self.setup_tracing(config)
-      # by default do not try to emit any traces until the user opts in
+      # configure OpenTracing
      ENV['OTEL_TRACES_EXPORTER'] ||= 'none'
      # configure OpenTelemetry
      OpenTelemetry::SDK.configure do |c|
      if config.dig('tracing', 'jaeger')
-          require 'opentelemetry/exporter/jaeger'
+        require 'jaeger/client'
-          c.add_span_processor(
+        host = config['tracing']['jaeger']['host'] || '127.0.0.1'
-            OpenTelemetry::SDK::Trace::Export::BatchSpanProcessor.new(
+        port = config['tracing']['jaeger']['port'] || 6831
-              OpenTelemetry::Exporter::Jaeger::AgentExporter.new
+        service_name = config['tracing']['jaeger']['service_name'] || 'dyndnsd'
        OpenTracing.global_tracer = Jaeger::Client.build(
          host: host, port: port, service_name: service_name, flush_interval: 1
        )
          )
        end
        if config.dig('tracing', 'service_name')
          c.service_name = config['tracing']['service_name']
        end
        c.service_version = Dyndnsd::VERSION
        c.use('OpenTelemetry::Instrumentation::Rack')
      end
      if !config.dig('tracing', 'trust_incoming_span')
        OpenTelemetry.propagation = OpenTelemetry::Context::Propagation::NoopTextMapPropagator.new
      end
    end
@@ -348,7 +330,8 @@ module Dyndnsd
        app = Responder::DynDNSStyle.new(app)
      end
-      app = OpenTelemetry::Instrumentation::Rack::Middlewares::TracerMiddleware.new(app)
+      trust_incoming_span = config.dig('tracing', 'trust_incoming_span') || false
      app = Rack::Tracer.new(app, trust_incoming_span: trust_incoming_span)
      Rack::Handler::WEBrick.run app, Host: config['host'], Port: config['port']
    end
--- a/lib/dyndnsd/generator/bind.rb
+++ b/lib/dyndnsd/generator/bind.rb
@@ -27,7 +27,7 @@ module Dyndnsd
          ips.each do |ip|
            ip = IPAddr.new(ip).native
            type = ip.ipv6? ? 'AAAA' : 'A'
-            name = hostname.chomp(".#{@domain}")
+            name = hostname.chomp('.' + @domain)
            out << "#{name} IN #{type} #{ip}"
          end
        end
--- a/lib/dyndnsd/helper.rb
+++ b/lib/dyndnsd/helper.rb
@@ -45,17 +45,24 @@ module Dyndnsd
    # @param block [Proc]
    # @return [void]
    def self.span(operation, &block)
-      tracer = OpenTelemetry.tracer_provider.tracer(Dyndnsd.name, Dyndnsd::VERSION)
+      scope = OpenTracing.start_active_span(operation)
-      tracer.in_span(
+      span = scope.span
-        operation,
+      span.set_tag('component', 'dyndnsd')
-        attributes: {'component' => 'dyndnsd'},
+      span.set_tag('span.kind', 'server')
-        kind: :server
+      begin
      ) do |span|
        Dyndnsd.logger.debug "Creating span ID #{span.context.hex_span_id} for trace ID #{span.context.hex_trace_id}"
        block.call(span)
      rescue StandardError => e
-        span.record_exception(e)
+        span.set_tag('error', true)
-        raise e
+        span.log_kv(
          event: 'error',
          'error.kind': e.class.to_s,
          'error.object': e,
          message: e.message,
          stack: e.backtrace&.join("\n") || ''
        )
        raise
      ensure
        scope.close
      end
    end
  end
--- a/lib/dyndnsd/responder/dyndns_style.rb
+++ b/lib/dyndnsd/responder/dyndns_style.rb
@@ -9,7 +9,7 @@ module Dyndnsd
      end
      # @param env [Hash{String => String}]
-      # @return [Array{Integer,Hash{String => String},Array<String>}]
+      # @return [Array{Integer,Hash{String => String},Array{String}}]
      def call(env)
        @app.call(env).tap do |status_code, headers, body|
          if headers.key?('X-DynDNS-Response')
@@ -24,32 +24,30 @@ module Dyndnsd
      # @param status_code [Integer]
      # @param headers [Hash{String => String}]
-      # @param body [Array<String>]
+      # @param body [Array{String}]
-      # @return [Array{Integer,Hash{String => String},Array<String>}]
+      # @return [Array{Integer,Hash{String => String},Array{String}}]
      def decorate_dyndnsd_response(status_code, headers, body)
-        case status_code
+        if status_code == 200
        when 200
          [200, {'Content-Type' => 'text/plain'}, [get_success_body(body[0], body[1])]]
-        when 422
+        elsif status_code == 422
          error_response_map[headers['X-DynDNS-Response']]
        end
      end
      # @param status_code [Integer]
      # @param headers [Hash{String => String}]
-      # @param _body [Array<String>]
+      # @param _body [Array{String}]
-      # @return [Array{Integer,Hash{String => String},Array<String>}]
+      # @return [Array{Integer,Hash{String => String},Array{String}}]
      def decorate_other_response(status_code, headers, _body)
-        case status_code
+        if status_code == 400
        when 400
          [status_code, headers, ['Bad Request']]
-        when 401
+        elsif status_code == 401
          [status_code, headers, ['badauth']]
        end
      end
-      # @param changes [Array<Symbol>]
+      # @param changes [Array{Symbol}]
-      # @param myips [Array<String>]
+      # @param myips [Array{String}]
      # @return [String]
      def get_success_body(changes, myips)
        changes.map { |change| "#{change} #{myips.join(' ')}" }.join("\n")
--- a/lib/dyndnsd/responder/rest_style.rb
+++ b/lib/dyndnsd/responder/rest_style.rb
@@ -9,7 +9,7 @@ module Dyndnsd
      end
      # @param env [Hash{String => String}]
-      # @return [Array{Integer,Hash{String => String},Array<String>}]
+      # @return [Array{Integer,Hash{String => String},Array{String}}]
      def call(env)
        @app.call(env).tap do |status_code, headers, body|
          if headers.key?('X-DynDNS-Response')
@@ -24,32 +24,30 @@ module Dyndnsd
      # @param status_code [Integer]
      # @param headers [Hash{String => String}]
-      # @param body [Array<String>]
+      # @param body [Array{String}]
-      # @return [Array{Integer,Hash{String => String},Array<String>}]
+      # @return [Array{Integer,Hash{String => String},Array{String}}]
      def decorate_dyndnsd_response(status_code, headers, body)
-        case status_code
+        if status_code == 200
        when 200
          [200, {'Content-Type' => 'text/plain'}, [get_success_body(body[0], body[1])]]
-        when 422
+        elsif status_code == 422
          error_response_map[headers['X-DynDNS-Response']]
        end
      end
      # @param status_code [Integer]
      # @param headers [Hash{String => String}]
-      # @param _body [Array<String>]
+      # @param _body [Array{String}]
-      # @return [Array{Integer,Hash{String => String},Array<String>}]
+      # @return [Array{Integer,Hash{String => String},Array{String}}]
      def decorate_other_response(status_code, headers, _body)
-        case status_code
+        if status_code == 400
        when 400
          [status_code, headers, ['Bad Request']]
-        when 401
+        elsif status_code == 401
          [status_code, headers, ['Unauthorized']]
        end
      end
-      # @param changes [Array<Symbol>]
+      # @param changes [Array{Symbol}]
-      # @param myips [Array<String>]
+      # @param myips [Array{String}]
      # @return [String]
      def get_success_body(changes, myips)
        changes.map { |change| change == :good ? "Changed to #{myips.join(' ')}" : "No change needed for #{myips.join(' ')}" }.join("\n")
--- a/lib/dyndnsd/textfile_reporter.rb
+++ b/lib/dyndnsd/textfile_reporter.rb
@@ -18,7 +18,7 @@ module Dyndnsd
      @registry  = options[:registry] || Metriks::Registry.default
      @interval  = options[:interval] || 60
-      @on_error  = options[:on_error] || proc { |ex| } # default: ignore errors
+      @on_error  = options[:on_error] || proc { |ex| }
    end
    # @return [void]
@@ -28,6 +28,7 @@ module Dyndnsd
          sleep @interval
          Thread.new do
            begin
              write
            rescue StandardError => e
              @on_error[e] rescue nil
@@ -35,6 +36,7 @@ module Dyndnsd
          end
        end
      end
    end
    # @return [void]
    def stop
@@ -94,8 +96,8 @@ module Dyndnsd
    # @param file [String]
    # @param base_name [String]
    # @param metric [Object]
-    # @param keys [Array<Symbol>]
+    # @param keys [Array{Symbol}]
-    # @param snapshot_keys [Array<Symbol>]
+    # @param snapshot_keys [Array{Symbol}]
    # @return [void]
    def write_metric(file, base_name, metric, keys, snapshot_keys = [])
      time = Time.now.to_i
--- a/lib/dyndnsd/updater/command_with_bind_zone.rb
+++ b/lib/dyndnsd/updater/command_with_bind_zone.rb
@@ -18,10 +18,10 @@ module Dyndnsd
        return if !db.changed?
        Helper.span('updater_update') do |span|
-          span.set_attribute('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
+          span.set_tag('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
          # write zone file in bind syntax
-          File.write(@zone_file, @generator.generate(db))
+          File.open(@zone_file, 'w') { |f| f.write(@generator.generate(db)) }
          # call user-defined command
          pid = fork do
            exec @command
--- a/lib/dyndnsd/updater/zone_transfer_server.rb
+++ b/lib/dyndnsd/updater/zone_transfer_server.rb
@@ -35,7 +35,7 @@ module Dyndnsd
      # @return [void]
      def update(db)
        Helper.span('updater_update') do |span|
-          span.set_attribute('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
+          span.set_tag('dyndnsd.updater.name', self.class.name&.split('::')&.last || 'None')
          soa_rr = Resolv::DNS::Resource::IN::SOA.new(
            @zone_nameservers[0], @zone_email_address,
@@ -85,7 +85,7 @@ module Dyndnsd
      # converts into suitable parameter form for Async::DNS::Resolver or Async::DNS::Server
      #
-      # @param endpoint_list [Array<String>]
+      # @param endpoint_list [Array{String}]
      # @return [Array{Array{Object}}]
      def self.parse_endpoints(endpoint_list)
        endpoint_list.map { |addr_string| addr_string.split('@') }
@@ -139,7 +139,7 @@ module Dyndnsd
      # @param name [String]
      # @param resource_class [Resolv::DNS::Resource]
-      # Since solargraph cannot parse this: param transaction [Async::DNS::Transaction]
+      # @param transaction [Async::DNS::Transaction]
      # @return [void]
      def process(name, resource_class, transaction)
        if name != @domain || resource_class != Resolv::DNS::Resource::Generic::Type252_Class1
--- a/lib/dyndnsd/version.rb
+++ b/lib/dyndnsd/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Dyndnsd
-  VERSION = '3.5.0'
+  VERSION = '2.3.1'
 end
--- a/spec/dyndnsd/daemon_spec.rb
+++ b/spec/dyndnsd/daemon_spec.rb
@@ -1,12 +1,12 @@
 # frozen_string_literal: true
-require_relative '../spec_helper'
+require_relative 'spec_helper'
 describe Dyndnsd::Daemon do
  include Rack::Test::Methods
  def app
-    Dyndnsd.logger = Logger.new($stdout)
+    Dyndnsd.logger = Logger.new(STDOUT)
    Dyndnsd.logger.level = Logger::UNKNOWN
    config = {
@@ -24,7 +24,9 @@ describe Dyndnsd::Daemon do
    app = Rack::Auth::Basic.new(daemon, 'DynDNS', &daemon.method(:authorized?))
-    Dyndnsd::Responder::DynDNSStyle.new(app)
+    app = Dyndnsd::Responder::DynDNSStyle.new(app)
    Rack::Tracer.new(app, trust_incoming_span: false)
  end
  it 'requires authentication' do
--- a/upgrade-version.sh
+++ b/upgrade-version.sh
@@ -1,13 +0,0 @@
 #!/bin/bash -eux
 sed -i "s/$1/$2/g" lib/dyndnsd/version.rb
 release_date=$(LC_ALL=en_US.utf8 date +"%B %-d, %Y")
 if grep "## $2 (" CHANGELOG.md; then
    true
 elif grep "## $2" CHANGELOG.md; then
    sed -i "s/## $2/## $2 ($release_date)/g" CHANGELOG.md
 else
    echo "## $2 ($release_date)" >> CHANGELOG.md
 fi