OPNsense Forum

English Forums => General Discussion => Topic started by: Tubs on May 06, 2020, 05:07:54 am

Title: os-rfc2136 - documentation?
Post by: Tubs on May 06, 2020, 05:07:54 am
Hello,

is there a documentation available for plugin os-rfc2136 (dynamic DNS updates)?

I am searching for some more details about the logic how updates are getting triggered.
I noticed a strange behavior when I did some tests to find the answers to my questions above. I changed the IP manually on DNS server to see what doing something and when. Nothing.
Title: Re: os-rfc2136 - documentation?
Post by: franco on May 06, 2020, 03:04:47 pm
The RFC 2136 ist mostly curated for historic reasons. Like it's DynDNS counterpart it is not well documented and in need to a proper rewrite using MVC, but for RFC 2136 in particular we have no information about its user base that would make working on it a possibiility.

Long story short, the code is all there is. At least now as a plugin the code is easier to trace vs. when it was integrated into core.


Cheers,
Franco
Title: Re: os-rfc2136 - documentation?
Post by: Tubs on May 07, 2020, 02:35:19 am
Thanks’ for the answer.


Abandoned and waiting for its death, is my interpretation of this explanation.
The user base might be limited to home users as this is the place where you can find dynamic IPs. But when you are running your own DNS server, dynamic IP update by rfc 2136 it is a great feature. In comparison to DynDNS There is no need for additional code or a full webserver on DNS server side.

A small improvement idea to increase the user base. Add some more words to the title of the plugin. I only found this feature by chance. As home user I was not aware about the meaning of “rfc 2136”. But “dynamic update” everybody can associate with a function.

Title: Re: os-rfc2136 - documentation?
Post by: rcmcronny on May 11, 2020, 12:21:34 pm
For the user base:  I use it also with my own DNS Setup :)
Title: Re: os-rfc2136 - documentation?
Post by: Tubs on May 11, 2020, 12:51:38 pm
For me, in the current version the plugin is not a reliable solution. Sometimes the plugin is reporting success but update was not done on DNS side. No second trial seems to be done.

I see potential in this plugin and I would be happy to see an improved version in the near future.

(PowerDNS does not support dynamic update by "simple command" over the API. And the API is to complex to get it integrated in OPNsense dyndns plugin. Therefore, I see the rfc 2136 method as best solution in combination with PowerDNS if you do not want to webserver + php only for dns update on the DNS server.)
Title: Re: os-rfc2136 - documentation?
Post by: rcmcronny on May 11, 2020, 12:56:44 pm
For me the plugin works reliable with my PDNS Server.
Title: Re: os-rfc2136 - documentation?
Post by: Tubs on May 11, 2020, 02:53:55 pm
Are you dining something special or are you using the plugin out of the box?

In my case it sometimes fails after reboot of OPNsense. After reboot I get a new IP and the plugin reports success. But no update done. For IP updated during running OPNsense I did not observed failures.
Title: Re: os-rfc2136 - documentation?
Post by: rcmcronny on May 11, 2020, 02:55:42 pm
Hmm, i have done nothing special. Plain Config out of the box.
I am using it on a german 1+1 VDSL (based on German Telekom VDSL). So i get every day a new ip mostly
Title: Re: os-rfc2136 - documentation?
Post by: Tubs on May 11, 2020, 03:49:02 pm
Do you get a new IP when you reboot the OPNsense box? This is the case for me as the OPN sense box also handles the PPPoE connection over the VDSL modem. And this is the situation I do have the issue with the rfc 2136 plugin. Normal IP updates are not so often. This seems to run fine.
Title: Re: os-rfc2136 - documentation?
Post by: rcmcronny on May 11, 2020, 04:00:32 pm
Yes, i do also use the pppoe of OPN sense and get a new ip, the update happens after that and to date seems to work correctly , every time i check it.

The vlan 7 tagging is done on the modem (draytek vigor 130 in my case), opnsense uses a dedicated ethernet interface without any tagging itself. But i don't think, this is causing this.
Best would be, to get more informations, on why its not updating as it should client and/or serverside if possible.
Perhaps you could rule out your dns server, if you test it with another service , i thought there was a rfc2136 service free of use somewhere, but i do not remember.
Ronny

Edit: i think it was: https://www.nsupdate.info/
Title: Re: os-rfc2136 - documentation?
Post by: Tubs on May 11, 2020, 04:10:43 pm
Also no VPN tagging on OPNsense for me.

Thank you.
I will check when I find some time.
At least good to know that in a similar set-up is is working somewhere else.
Title: Re: os-rfc2136 - documentation?
Post by: lelik67 on June 23, 2020, 09:05:48 pm
There is no "Key algorithm" box. I need to put HMAC-SHA512.
Am I missing it (box) somehow, or  how should I proceed?
Title: Re: os-rfc2136 - documentation?
Post by: rcmcronny on June 24, 2020, 10:51:00 am
Hi,

i have an old hmac-md5 key, and the tooltip mentions md5 only, but i would suggest, try it and give feedback, if it works or not  ? :)

Ronny
Title: Re: os-rfc2136 - documentation?
Post by: lelik67 on June 25, 2020, 05:45:33 pm
Of course it does not work. Why even suggesting to try?
For nsupdate from bind-utils package you have to either use option -y algorithm:keyname:keyvalue or -k keyfilename option. I.e.
$ nsupdate -y hmac-sha512:keyname:keyvalue

or

$ nsupdate -k Kkeyname.+165+0316.private

$ cat Kkeyname.+165+0316.private
Private-key-format: v1.3
Algorithm: 165 (HMAC_SHA512)
Key: keyvalue
Bits: AAA=
Title: Re: os-rfc2136 - documentation?
Post by: lelik67 on June 30, 2020, 09:18:21 pm
I fixed my local copy of pugins.inc.d/rfc2136.inc and it's now working for me with HMAC-SHA512.
The fix was to introduce $keyalgo variable hardcoded to "hmac-sha512" and to replace two key old format with one key new format generated key by tsig-keygen.

Is this plugin has an owner or at least a temporary caretaker, who is willing to add a dropdown menu "key algorithm" to services_rfc2136.php & services_rfc2136_edit.php? If yes, then rfc2136.inc could be easily modified to dynamically use whatever algorithm the user had chosen.

On a side note, I cannot find a crontab entry to check if ip has changed, let say every 1 hour.
Is it a bug or there is another mechanism to trigger the check?

Title: Re: os-rfc2136 - documentation?
Post by: wurmloch on February 27, 2021, 11:06:20 pm
Quote
The user base might be limited to home users as this is the place where you can find dynamic IPs. But when you are running your own DNS server, dynamic IP update by rfc 2136 it is a great feature.

user base +1
I use dynamic dns by rfc2136 on all my boxes and would really appreciate a current and up-to-date module/plugin.

Uwe