Remove dependency on dns-manager and use dnspython directly instead
This commit is contained in:
51
README.md
51
README.md
@@ -1,6 +1,6 @@
|
||||
# DDNS Service
|
||||
|
||||
Dynamic DNS update service with CLI administration. Accepts HTTP(S) requests to update DNS A/AAAA records using the dns-manager library.
|
||||
Dynamic DNS update service with CLI administration. Accepts HTTP(S) requests to update DNS A/AAAA records using RFC 2136 dynamic updates.
|
||||
|
||||
## Features
|
||||
|
||||
@@ -49,7 +49,7 @@ pip install -r requirements.txt
|
||||
### Dependencies
|
||||
|
||||
- Python 3.11+
|
||||
- dns-manager
|
||||
- dnspython
|
||||
- peewee
|
||||
- argon2-cffi
|
||||
- pymysql (for MariaDB support)
|
||||
@@ -81,9 +81,16 @@ ssl_key_file = "/etc/ddns-service/key.pem" # required if ssl = true
|
||||
path = "/var/lib/ddns-service/ddns.db" # required for sqlite
|
||||
|
||||
[dns_service]
|
||||
# manager_config_file = "/etc/dns-manager/config.yml" # default
|
||||
# dns_server = "localhost" # default: "localhost" (DNS server for RFC 2136 updates)
|
||||
# dns_port = 53 # default: 53
|
||||
# dns_timeout = 5 # default: 5 (seconds)
|
||||
# ddns_default_key_file = "/etc/ddns-service/ddns.key" # optional, BIND TSIG key file
|
||||
# cleanup_interval = 60 # default: 60 (seconds, expired records cleanup)
|
||||
|
||||
# Per-zone TSIG key overrides (optional)
|
||||
# [dns_service.zone_keys]
|
||||
# "dyn.example.com" = "/etc/ddns-service/dyn-example.key"
|
||||
|
||||
[defaults]
|
||||
# dns_ttl = 60 # default: 60
|
||||
# expiry_ttl = 3600 # default: 3600
|
||||
@@ -104,6 +111,44 @@ from_address = "ddns@example.com" # required if email.enabled
|
||||
# cleanup_interval = 60 # default: 60 (seconds, rate limiter cleanup)
|
||||
```
|
||||
|
||||
### TSIG Authentication
|
||||
|
||||
For secure DNS updates, configure TSIG authentication:
|
||||
|
||||
1. Generate key on BIND server:
|
||||
```bash
|
||||
tsig-keygen -a hmac-sha256 ddns-key > /etc/bind/ddns.key
|
||||
```
|
||||
|
||||
2. Include in `named.conf` and configure zone:
|
||||
```
|
||||
include "/etc/bind/ddns.key";
|
||||
|
||||
zone "dyn.example.com" {
|
||||
type master;
|
||||
file "/var/lib/bind/dyn.example.com.zone";
|
||||
update-policy {
|
||||
grant ddns-key zonesub ANY;
|
||||
};
|
||||
};
|
||||
```
|
||||
|
||||
3. Copy key file to ddns-service host and configure:
|
||||
```toml
|
||||
[dns_service]
|
||||
ddns_default_key_file = "/etc/ddns-service/ddns.key"
|
||||
```
|
||||
|
||||
Key file format (generated by `tsig-keygen`):
|
||||
```
|
||||
key "ddns-key" {
|
||||
algorithm hmac-sha256;
|
||||
secret "base64-encoded-secret";
|
||||
};
|
||||
```
|
||||
|
||||
Without TSIG authentication, the DNS server must allow updates based on IP address (via `allow-update` directive).
|
||||
|
||||
### Endpoints
|
||||
|
||||
Configure one or more HTTP endpoints. If no endpoints are defined, a default endpoint at `/update` is created with standard parameter names.
|
||||
|
||||
Reference in New Issue
Block a user