Reply
Highlighted
New Member
Posts: 11
Registered: ‎08-14-2013
Kudos: 7

Dynamic DNS - Add he.net

I would love to see support for he.net DDNS. he.net uses the dyndns2 protocol, which is supported by ddclient.

 

he.net has a per-host ddns key which you set through their panel. The username is the same as the host name, so instead of needing host/username/password, you actually only need host and password. The URL is

 

http://[DOMAIN]:[DDNS KEY]@dyn.dns.he.net/nic/update?hostname=[DOMAIN]

 

The command could be

set service dns dynamic interface eth0 service he 

 

With possible completions:

  host-name Hostname registered with DDNS service [REQUIRED]

  password Password for DDNS service [REQUIRED]

  server Server to send DDNS update to (IP address|hostname) (by default dyn.dns.he.net)

New Member
Posts: 11
Registered: ‎08-14-2013
Kudos: 7

Re: Dynamic DNS - Add he.net

The attached patch works, and DDNS updates work fine. This is the simplest possible patch I came up with, although it'd be nice if it was possible to remove the user name as it is the same as the domain name with he.net.

 

Attachment
Regular Member
Posts: 345
Registered: ‎01-06-2013
Kudos: 83
Solutions: 10

Re: Dynamic DNS - Add he.net

Would be nice to see support but I think most people here just use dnsomatic for there DNS updating needs.

My Gear: EdgeRouter Lite, EdgeRouter X - SFP, TOUGHSwitch, AirCam, Unifi - AC LR, Unifi - AC Lite, UAP x2
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5429
Solutions: 1656
Contributions: 2

Re: Dynamic DNS - Add he.net


idave wrote:

The attached patch works, and DDNS updates work fine. This is the simplest possible patch I came up with, although it'd be nice if it was possible to remove the user name as it is the same as the domain name with he.net.


 Thanks for providing the patch. Looks like it adds "he" as an additional "service". Did you have to change anything else? Could you verify what is the ddclient config file generated with this patch?

Emerging Member
Posts: 55
Registered: ‎07-03-2013
Kudos: 20
Solutions: 3

Re: Dynamic DNS - Add he.net

I run dyndns service to update my ipv6 tunnel from he.net with the info provided along.

 

HE.net added support for Dyn-compliant endpoint updates some twhile ago so that equipment talking this spec can very easily update your tunnel endpoint.

server: ipv4.tunnelbroker.net/nic/update (ipv4 is important here, don't remove it. It doesn't seem to work if you specify https:// in the begining.)
login: Your Tunnelbroker.net username
password: Tunnel specific authentication key (under Advanced on the tunnel information page) if one is set, otherwise your Tunnelbroker.net password.
hostname:

  • Numeric tunnel ID (xxxxxx 6-digit number)
  • Numeric tunnel ID in "tunnel#.tunnelbroker.net" (This host does not actually exist)
  • Tunnel reverse host, aka "user-#.tunnel.tserv#.loc#.ipv6.he.net"

You can also manually call the needed URLs:

  • To auto-detect your IPv4 address:
Code: [Select]
https://<USERNAME>:<PASSWORD>@ipv4.tunnelbroker.net/nic/update?hostname=<TUNNEL_ID>
https://ipv4.tunnelbroker.net/nic/update?username=<USERNAME>&password=<PASSWORD>&hostname=<TUNNEL_ID...
  • To manually specific your IPv4 address:
Code: [Select]
https://<USERNAME>:<PASSWORD>@ipv4.tunnelbroker.net/nic/update?hostname=<TUNNEL_ID>&myip=<IP ADDRESS>
https://ipv4.tunnelbroker.net/nic/update?username=<USERNAME>&password=<PASSWORD>&hostname=<TUNNEL_ID... ADDRESS

 The configuration I'm running now with dyndns update client works fine just by specifying the right update URL without the HTTPS:// in the begining. e.g. ipv4.tunnelbroker.net/nic/update?hostname=xxxxxx

where 'xxxxxx' is the tunnel id provided by he tunnelbroker.

 

Is there any reason why the router can't update through https? Are my updates being sent over to the update server in plain text that would allow a man-in-middle attack?

New Member
Posts: 3
Registered: ‎10-02-2014
Kudos: 1

Re: Dynamic DNS - Add he.net

This would be cool if we could get this integrated. Currently, I have a script running via task-scheduler that takes care of updating it for me:

 

#!/bin/bash

DOMAIN="domain.tld"
PASSWORD="some_password"

# IPv4 update
/usr/bin/curl -4 "http://$DOMAIN:$PASSWORD@dyn.dns.he.net/nic/update?hostname=$DOMAIN" >> /dev/null 2>&1
IPV4STATUS=$?

# IPv4 error
if [[ $IPV4STATUS -ne 0 ]]; then
        echo "IPv4 DNS update failed, return code: $IPV4STATUS" | logger -p cron.err
fi

# IPv6 update
/usr/bin/curl -6 "http://$DOMAIN:$PASSWORD@dyn.dns.he.net/nic/update?hostname=$DOMAIN" >> /dev/null 2>&1
IPV6STATUS=$?

# IPv6 error
if [[ $IPV6STATUS -ne 0 ]]; then
        echo "IPv6 DNS update failed, return code: $IPV6STATUS" | logger -p cron.err
fi

# Exit bad/good
if [[ $IPV4STATUS -ne 0 || $IPV6STATUS -ne 0 ]]; then
        exit 1
else
        exit 0
fi

 

Regular Member
Posts: 320
Registered: ‎06-08-2013
Kudos: 159
Solutions: 16

Re: Dynamic DNS - Add he.net

Is there an issue I'm missing here? I've had he.net DDNS working for over a year without patching the OS...

New Member
Posts: 11
Registered: ‎08-14-2013
Kudos: 7

Re: Dynamic DNS - Add he.net

@Mephi: It works if you use the 'dyndns' service, i.e. "set service dns dynamic interface eth0 service dyndns..." But if you do that, it means that you're using the dyndns "slot", and if you have both he and dyndns you can't use both at the same time.

 

@Adrao: You're right, we should add both he-dns and he-tb.

 

@UBNT-ancheng:

#
# autogenerated by vyatta-dynamic-dns.pl on Sun Nov 16 16:13:58 GMT 2014
#
daemon=1m
syslog=yes
ssl=yes
pid=/var/run/ddclient/ddclient_eth0.pid
cache=/var/cache/ddclient/ddclient_eth0.cache
use=if, if=eth0


server=dyn.dns.he.net,protocol=he
max-interval=28d
login=[hostname]
password='[password]'
[hostname]

 

Emerging Member
Posts: 55
Registered: ‎07-03-2013
Kudos: 20
Solutions: 3

Re: Dynamic DNS - Add he.net

Thanks for the clarification, it looks like the update to he uses ssl Man Very Happy I was concerned that by using the 'dyndns' service slot with he-tb settings my updates were being sent in plain http text to he, instead of using ssl and https.
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5429
Solutions: 1656
Contributions: 2

Re: Dynamic DNS - Add he.net


idave wrote:

@UBNT-ancheng:

#
# autogenerated by vyatta-dynamic-dns.pl on Sun Nov 16 16:13:58 GMT 2014
#
daemon=1m
syslog=yes
ssl=yes
pid=/var/run/ddclient/ddclient_eth0.pid
cache=/var/cache/ddclient/ddclient_eth0.cache
use=if, if=eth0


server=dyn.dns.he.net,protocol=he
max-interval=28d
login=[hostname]
password='[password]'
[hostname]

 


Thanks for verifying the config. So just to confirm how the patch works, it adds the "he" service which results in "protocol=he" in the ddclient config file, then since "protocol=he" is not valid, ddclient falls back to the default "dyndns2", which is what HE supports?

 

Could you also elaborate on the details of the he-dns and he-tb configs? As mentioned before, ultimately I think the problem here is that the original design of the config syntax is not optimal and prevents the use of multiple services if they use the same protocol, and we should find a way to address that. Thanks for spending the time and looking into this!

Regular Member
Posts: 563
Registered: ‎04-18-2013
Kudos: 333
Solutions: 45

Re: Dynamic DNS - Add he.net

@UBNT-ancheng You are on track here with the request.. I also frequently need to use both HE (TB) and DynDNS at the same time, so I run into the same issue.

 

HE-DNS and HE-TB both use the DynDNS protocol, so they work just fine using the dyndns configuration tree, but that prevents you from using dyndns at the same time, since you can only specify 1 dyndns config item.

 

To do this with dyndns, you just set it up as you would normally, but specify a different server.  The other problem with doing this is that if you update it at all using the GUI, your custom server gets blown away.

Established Member
Posts: 889
Registered: ‎10-12-2012
Kudos: 863
Solutions: 39
Contributions: 1

Re: Dynamic DNS - Add he.net

[ Edited ]

UBNT-ancheng wrote:
As mentioned before, ultimately I think the problem here is that the original design of the config syntax is not optimal and prevents the use of multiple services if they use the same protocol, and we should find a way to address that.

 

This is exactly the issue. The problem is in the config syntax. You will fight this problem forever (everytime a new provider comes along) unless you change the syntax structure. 

 

Perhaps instead of setting

 dns {
     dynamic {
         interface eth0 {
             	service afraid {
                 	host-name my.domain.com
                 	login user
                 	password pass
             	}
             	service dyndns {
                 	host-name domain.tunnel.tserv15.lax1.ipv6.he.net
                 	login user
                 	password pass
                 	server ipv4.tunnelbroker.net
             	}
         }
     }
}


It should be something like

 dns {
     dynamic {
         interface eth0 {
		name my_name1{
             		service afraid {
                 		host-name my.domain.com
                 		login user
                 		password pass
             		}
             		service dyndns {
                 		host-name domain.tunnel.tserv15.lax1.ipv6.he.net
                 		login user
                 		password pass
                 		server ipv4.tunnelbroker.net
             		}
		}
		name my_name2{
             		service dyndns {
                 		host-name my_other.domain.com
                 		login user
                 		password pass
             		}

		}
         }
     }
}

 

Much like a firewall ruleset name. That way you could include dyndns twice using a seperate dynamic dns ruleset name.

Regular Member
Posts: 563
Registered: ‎04-18-2013
Kudos: 333
Solutions: 45

Re: Dynamic DNS - Add he.net

+1 on @Blooze suggestion.  It would perfectly do what I frequently want to do.

New Member
Posts: 11
Registered: ‎08-14-2013
Kudos: 7

Re: Dynamic DNS - Add he.net

[ Edited ]

UBNT-ancheng wrote:

Thanks for verifying the config. So just to confirm how the patch works, it adds the "he" service which results in "protocol=he" in the ddclient config file, then since "protocol=he" is not valid, ddclient falls back to the default "dyndns2", which is what HE supports?

 

Could you also elaborate on the details of the he-dns and he-tb configs? As mentioned before, ultimately I think the problem here is that the original design of the config syntax is not optimal and prevents the use of multiple services if they use the same protocol, and we should find a way to address that. Thanks for spending the time and looking into this!


I am not sure how this patch works. It just does. I am no Vyatta expert...

 

he-dns and he-tb are two services by he that provide two different things:

- he-dns is Dynamic DNS in the traditional sense

- he-tb is an IPv6 tunnel broker service

 

Both rely in the dyndns protocol to update client IPs.

 

(+1 on @Blooze's solution)

Member
Posts: 137
Registered: ‎11-16-2013
Kudos: 55
Solutions: 5

Re: Dynamic DNS - Add he.net

You can look at this thread for my hack:

 

I kept it seperate from actual DDNS config.

 

Dynamic IPv6 Tunnel to Hurricane Electric

 

 

Ubiquiti Employee
Posts: 110
Registered: ‎10-07-2014
Kudos: 119
Solutions: 10

Re: Dynamic DNS - Add he.net

+1 to this request.  I don't have static IPs anymore.

Jon Bane
Director of IT and Security
New Member
Posts: 2
Registered: ‎11-19-2015
Kudos: 3

Re: Dynamic DNS - Add he.net

[ Edited ]

Hello,

 

This thread helped me a lot, I tested the CLI configurations, and that gave me a sight to a full graphical solution for getting a HE.net dynamic DNS condfiguration:

 

On EdgeRouter Lite v1.7.0 :: Services -> DNS -> Dynamic DNS:

 

Interface: eth0 (this is my WAN interface)

Web: - (blank)

Web-skip: (blank)

 

Service: custom (I typed "HE" on text box at the right)

Hostname: <myhost.mydomainname.com>

Hostname: <myhost.mydomainname.com>

Password: <password (key) for myhost.mydomainname.com>

Protocol: dyndns2

Server: dyn.dns.he.net

 

As said before, unless you really need to use dyndns2 on another config (IMHO most cases don't), this is the simpliest sollution for most users (which probably don't have much CLI/config/programming skills) Smiley Wink

 

Regards!

New Member
Posts: 10
Registered: ‎03-13-2016
Kudos: 3

Re: Dynamic DNS - Add he.net

[ Edited ]

donpool wrote:

Interface: eth0 (this is my WAN interface)

Web: - (blank)

Web-skip: (blank)

 

Service: custom (I typed "HE" on text box at the right)

Hostname: <myhost.mydomainname.com>

Hostname: <myhost.mydomainname.com>

Password: <password (key) for myhost.mydomainname.com>

Protocol: dyndns2

Server: dyn.dns.he.net

 


Thanks, that's good info to have.  I just tried that and it fails to save for some reason.  I'm on the next version though, EdgeRouter Lite v1.8.0

 

Fails with the message:  Failed to apply the configuration

 

::sadface::

 

Back to the CLI

__________________________

 

EDIT: This DID APPLY successfully from the web interface...

but only when my WAN port had connectivity to the interweb tubes:

                The configuration has been applied successfully

 

 

New Member
Posts: 2
Registered: ‎05-31-2016

Re: Dynamic DNS - Add he.net

[ Edited ]

I can get a similar configuration for HS DNS to apply, but DDNS isn't working.  I keep getting the noconnect error:

 

bret@leaf:~$ update dns dynamic interface eth1
bret@leaf:~$ show dns dynamic status 
interface    : eth1
ip address   : 
host-name    : leaf.bret.io
last update  : Thu Jan  1 00:00:00 1970
update-status: noconnect

Here is my config:

 

bret@leaf# show service dns dynamic interface eth1 
 service custom-hedns {
     host-name leaf.bret.io
     login leaf.bret.io
     password xxxxxxxxxxxxxxxx
     protocol dyndns2
     server dyn.dns.he.net
 }

Any ideas?
I spelled the server wrong.  Dho!

 

This only seems to update the IPv4 address.  Any ideas how to update the IPv6 address too?

Regular Member
Posts: 320
Registered: ‎06-08-2013
Kudos: 159
Solutions: 16

Re: Dynamic DNS - Add he.net

Assuming that Ubiquity are using ddclient under the hood, that still doesn't support IPv6.

 

There are details for a patched version here: http://blog.belodedenko.me/2013/07/dynamic-ipv6-updates-using-ddclient-for.html

 

The thing to note (for me at least) is that I don't actually use DDNS to access my router, just the services on servers behind it. So in that case I needed the patched ddclient on those servers updating the domain with their public IPv6 address.

 

Matt

 

 

Reply