summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/templates/dns-dynamic/ddclient.conf.j233
-rw-r--r--data/templates/dns-dynamic/override.conf.j22
-rw-r--r--data/templates/mdns-repeater/override.conf.j27
-rw-r--r--debian/control2
-rw-r--r--interface-definitions/dns-dynamic.xml.in33
-rw-r--r--interface-definitions/dns-forwarding.xml.in30
-rw-r--r--interface-definitions/include/dns/dynamic-service-host-name-server.xml.i3
-rw-r--r--interface-definitions/include/dns/dynamic-service-wait-expiry-time.xml.i28
-rw-r--r--interface-definitions/include/dns/dynamic-service-zone.xml.i14
-rw-r--r--interface-definitions/include/dns/time-to-live.xml.i1
-rw-r--r--interface-definitions/include/version/dns-dynamic-version.xml.i2
-rw-r--r--interface-definitions/policy.xml.in9
-rwxr-xr-xsmoketest/scripts/cli/test_policy.py27
-rwxr-xr-xsmoketest/scripts/cli/test_service_dns_dynamic.py259
-rwxr-xr-xsrc/completion/list_ddclient_protocols.sh2
-rwxr-xr-xsrc/conf_mode/dns_dynamic.py65
-rwxr-xr-xsrc/conf_mode/service_mdns-repeater.py14
-rw-r--r--src/etc/systemd/system/avahi-daemon.service.d/override.conf8
-rwxr-xr-xsrc/migration-scripts/dns-dynamic/1-to-270
-rwxr-xr-xsrc/validators/ddclient-protocol2
20 files changed, 470 insertions, 141 deletions
diff --git a/data/templates/dns-dynamic/ddclient.conf.j2 b/data/templates/dns-dynamic/ddclient.conf.j2
index 3446a9d1b..356b8d0d0 100644
--- a/data/templates/dns-dynamic/ddclient.conf.j2
+++ b/data/templates/dns-dynamic/ddclient.conf.j2
@@ -13,61 +13,58 @@ web-skip{{ ipv }}='{{ web_options.skip }}', \
if{{ ipv }}={{ address }}, \
{% endif %}
{% endfor %}
-{# Other service options #}
-{% for k,v in kwargs.items() %}
-{% if v is vyos_defined %}
-{{ k }}={{ v }}{{ ',' if not loop.last }} \
-{% endif %}
+{# Other service options with special treatment for password #}
+{% for k,v in kwargs.items() if v is vyos_defined %}
+{{ k | replace('_', '-') }}={{ "'%s'" % (v) if k == 'password' else v }}{{ ',' if not loop.last }} \
{% endfor %}
{# Actual hostname for the service #}
{{ host }}
{% endmacro %}
### Autogenerated by dns_dynamic.py ###
-daemon={{ timeout }}
+daemon={{ interval }}
syslog=yes
ssl=yes
pid={{ config_file | replace('.conf', '.pid') }}
cache={{ config_file | replace('.conf', '.cache') }}
-{# Explicitly override global options for reliability #}
-web=googledomains {# ddclient default ('dyndns') doesn't support ssl and results in process lockup #}
-use=no {# ddclient default ('ip') results in confusing warning message in log #}
+{# ddclient default (web=dyndns) doesn't support ssl and results in process lockup #}
+web=googledomains
+{# ddclient default (use=ip) results in confusing warning message in log #}
+use=disabled
{% if address is vyos_defined %}
{% for address, service_cfg in address.items() %}
{% if service_cfg.rfc2136 is vyos_defined %}
{% for name, config in service_cfg.rfc2136.items() %}
{% if config.description is vyos_defined %}
-# {{ config.description }}
+# {{ config.description }}
{% endif %}
{% for host in config.host_name if config.host_name is vyos_defined %}
+
# RFC2136 dynamic DNS configuration for {{ name }}: [{{ config.zone }}, {{ host }}]
{# Don't append 'new-style' compliant suffix ('usev4', 'usev6', 'ifv4', 'ifv6' etc.)
to the properties since 'nsupdate' doesn't support that yet. #}
{{ render_config(host, address, service_cfg.web_options,
protocol='nsupdate', server=config.server, zone=config.zone,
password=config.key, ttl=config.ttl) }}
-
{% endfor %}
{% endfor %}
{% endif %}
{% if service_cfg.service is vyos_defined %}
{% for name, config in service_cfg.service.items() %}
{% if config.description is vyos_defined %}
-# {{ config.description }}
+# {{ config.description }}
{% endif %}
{% for host in config.host_name if config.host_name is vyos_defined %}
{% set ip_suffixes = ['v4', 'v6'] if config.ip_version == 'both'
- else (['v6'] if config.ip_version == 'ipv6' else ['']) %}
+ else [config.ip_version[2:]] %}
+
# Web service dynamic DNS configuration for {{ name }}: [{{ config.protocol }}, {{ host }}]
-{# For ipv4 only setup or legacy ipv6 setup, don't append 'new-style' compliant suffix
- ('usev4', 'ifv4', 'webv4' etc.) to the properties and instead live through the
- deprecation warnings for better compatibility with most ddclient protocols. #}
{{ render_config(host, address, service_cfg.web_options, ip_suffixes,
protocol=config.protocol, server=config.server, zone=config.zone,
- login=config.username, password=config.password) }}
-
+ login=config.username, password=config.password, ttl=config.ttl,
+ min_interval=config.wait_time, max_interval=config.expiry_time) }}
{% endfor %}
{% endfor %}
{% endif %}
diff --git a/data/templates/dns-dynamic/override.conf.j2 b/data/templates/dns-dynamic/override.conf.j2
index 6ca1b8a45..4a6851cef 100644
--- a/data/templates/dns-dynamic/override.conf.j2
+++ b/data/templates/dns-dynamic/override.conf.j2
@@ -7,4 +7,4 @@ After=vyos-router.service
PIDFile={{ config_file | replace('.conf', '.pid') }}
EnvironmentFile=
ExecStart=
-ExecStart=/usr/bin/ddclient -file {{ config_file }}
+ExecStart={{ vrf_command }}/usr/bin/ddclient -file {{ config_file }}
diff --git a/data/templates/mdns-repeater/override.conf.j2 b/data/templates/mdns-repeater/override.conf.j2
new file mode 100644
index 000000000..8c8187489
--- /dev/null
+++ b/data/templates/mdns-repeater/override.conf.j2
@@ -0,0 +1,7 @@
+[Unit]
+After=vyos-router.service
+ConditionPathExists={{ config_file }}
+
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/avahi-daemon --syslog --file {{ config_file }}
diff --git a/debian/control b/debian/control
index 42c0b580b..ae54d6ed6 100644
--- a/debian/control
+++ b/debian/control
@@ -48,7 +48,7 @@ Depends:
cron,
curl,
dbus,
- ddclient (>= 3.9.1),
+ ddclient (>= 3.11.1),
dropbear,
easy-rsa,
etherwake,
diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in
index 9f560b063..32c5af9b6 100644
--- a/interface-definitions/dns-dynamic.xml.in
+++ b/interface-definitions/dns-dynamic.xml.in
@@ -61,6 +61,7 @@
<children>
#include <include/generic-description.xml.i>
#include <include/dns/dynamic-service-host-name-server.xml.i>
+ #include <include/dns/dynamic-service-wait-expiry-time.xml.i>
<leafNode name="key">
<properties>
<help>File containing the TSIG secret key shared with remote DNS server</help>
@@ -74,18 +75,7 @@
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
- <leafNode name="zone">
- <properties>
- <help>Forwarding zone to be updated</help>
- <valueHelp>
- <format>txt</format>
- <description>RFC2136 Zone to be updated</description>
- </valueHelp>
- <constraint>
- <validator name="fqdn"/>
- </constraint>
- </properties>
- </leafNode>
+ #include <include/dns/dynamic-service-zone.xml.i>
</children>
</tagNode>
<tagNode name="service">
@@ -99,8 +89,10 @@
<children>
#include <include/generic-description.xml.i>
#include <include/dns/dynamic-service-host-name-server.xml.i>
+ #include <include/dns/dynamic-service-wait-expiry-time.xml.i>
#include <include/generic-username.xml.i>
#include <include/generic-password.xml.i>
+ #include <include/dns/time-to-live.xml.i>
<leafNode name="protocol">
<properties>
<help>ddclient protocol used for Dynamic DNS service</help>
@@ -112,15 +104,7 @@
</constraint>
</properties>
</leafNode>
- <leafNode name="zone">
- <properties>
- <help>DNS zone to update (not used by all protocols)</help>
- <valueHelp>
- <format>txt</format>
- <description>Name of DNS zone</description>
- </valueHelp>
- </properties>
- </leafNode>
+ #include <include/dns/dynamic-service-zone.xml.i>
<leafNode name="ip-version">
<properties>
<help>IP address version to use</help>
@@ -150,9 +134,9 @@
</tagNode>
</children>
</tagNode>
- <leafNode name="timeout">
+ <leafNode name="interval">
<properties>
- <help>Time in seconds to wait between DNS updates</help>
+ <help>Interval in seconds to wait between Dynamic DNS updates</help>
<valueHelp>
<format>u32:60-3600</format>
<description>Time in seconds</description>
@@ -160,10 +144,11 @@
<constraint>
<validator name="numeric" argument="--range 60-3600"/>
</constraint>
- <constraintErrorMessage>Timeout must be between 60 and 3600 seconds</constraintErrorMessage>
+ <constraintErrorMessage>Interval must be between 60 and 3600 seconds</constraintErrorMessage>
</properties>
<defaultValue>300</defaultValue>
</leafNode>
+ #include <include/interface/vrf.xml.i>
</children>
</node>
</children>
diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in
index c00051c47..5ca02acef 100644
--- a/interface-definitions/dns-forwarding.xml.in
+++ b/interface-definitions/dns-forwarding.xml.in
@@ -158,6 +158,9 @@
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
+ <leafNode name="ttl">
+ <defaultValue>300</defaultValue>
+ </leafNode>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
@@ -195,6 +198,9 @@
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
+ <leafNode name="ttl">
+ <defaultValue>300</defaultValue>
+ </leafNode>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
@@ -227,6 +233,9 @@
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
+ <leafNode name="ttl">
+ <defaultValue>300</defaultValue>
+ </leafNode>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
@@ -274,6 +283,9 @@
</children>
</tagNode>
#include <include/dns/time-to-live.xml.i>
+ <leafNode name="ttl">
+ <defaultValue>300</defaultValue>
+ </leafNode>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
@@ -302,6 +314,9 @@
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
+ <leafNode name="ttl">
+ <defaultValue>300</defaultValue>
+ </leafNode>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
@@ -334,6 +349,9 @@
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
+ <leafNode name="ttl">
+ <defaultValue>300</defaultValue>
+ </leafNode>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
@@ -364,6 +382,9 @@
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
+ <leafNode name="ttl">
+ <defaultValue>300</defaultValue>
+ </leafNode>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
@@ -393,6 +414,9 @@
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
+ <leafNode name="ttl">
+ <defaultValue>300</defaultValue>
+ </leafNode>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
@@ -477,6 +501,9 @@
</children>
</tagNode>
#include <include/dns/time-to-live.xml.i>
+ <leafNode name="ttl">
+ <defaultValue>300</defaultValue>
+ </leafNode>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
@@ -585,6 +612,9 @@
</children>
</tagNode>
#include <include/dns/time-to-live.xml.i>
+ <leafNode name="ttl">
+ <defaultValue>300</defaultValue>
+ </leafNode>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
diff --git a/interface-definitions/include/dns/dynamic-service-host-name-server.xml.i b/interface-definitions/include/dns/dynamic-service-host-name-server.xml.i
index ee1af2a36..9dd14f97c 100644
--- a/interface-definitions/include/dns/dynamic-service-host-name-server.xml.i
+++ b/interface-definitions/include/dns/dynamic-service-host-name-server.xml.i
@@ -4,8 +4,9 @@
<help>Hostname to register with Dynamic DNS service</help>
<constraint>
#include <include/constraint/host-name.xml.i>
+ <regex>(\@|\*)[-.A-Za-z0-9]*</regex>
</constraint>
- <constraintErrorMessage>Host-name must be alphanumeric and can contain hyphens</constraintErrorMessage>
+ <constraintErrorMessage>Host-name must be alphanumeric, can contain hyphens and can be prefixed with '@' or '*'</constraintErrorMessage>
<multi/>
</properties>
</leafNode>
diff --git a/interface-definitions/include/dns/dynamic-service-wait-expiry-time.xml.i b/interface-definitions/include/dns/dynamic-service-wait-expiry-time.xml.i
new file mode 100644
index 000000000..866690cbe
--- /dev/null
+++ b/interface-definitions/include/dns/dynamic-service-wait-expiry-time.xml.i
@@ -0,0 +1,28 @@
+<!-- include start from dns/dynamic-service-wait-expiry-time.xml.i -->
+<leafNode name="wait-time">
+ <properties>
+ <help>Time in seconds to wait between update attempts</help>
+ <valueHelp>
+ <format>u32:60-86400</format>
+ <description>Time in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 60-86400"/>
+ </constraint>
+ <constraintErrorMessage>Wait time must be between 60 and 86400 seconds</constraintErrorMessage>
+ </properties>
+</leafNode>
+<leafNode name="expiry-time">
+ <properties>
+ <help>Time in seconds for the hostname to be marked expired in cache</help>
+ <valueHelp>
+ <format>u32:300-2160000</format>
+ <description>Time in seconds</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 300-2160000"/>
+ </constraint>
+ <constraintErrorMessage>Expiry time must be between 300 and 2160000 seconds</constraintErrorMessage>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/dns/dynamic-service-zone.xml.i b/interface-definitions/include/dns/dynamic-service-zone.xml.i
new file mode 100644
index 000000000..0cc00468f
--- /dev/null
+++ b/interface-definitions/include/dns/dynamic-service-zone.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from dns/dynamic-service-zone.xml.i -->
+<leafNode name="zone">
+ <properties>
+ <help>DNS zone to be updated</help>
+ <valueHelp>
+ <format>txt</format>
+ <description>Name of DNS zone</description>
+ </valueHelp>
+ <constraint>
+ <validator name="fqdn"/>
+ </constraint>
+ </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/dns/time-to-live.xml.i b/interface-definitions/include/dns/time-to-live.xml.i
index 5c1a1472d..000eea108 100644
--- a/interface-definitions/include/dns/time-to-live.xml.i
+++ b/interface-definitions/include/dns/time-to-live.xml.i
@@ -10,6 +10,5 @@
<validator name="numeric" argument="--range 0-2147483647"/>
</constraint>
</properties>
- <defaultValue>300</defaultValue>
</leafNode>
<!-- include end -->
diff --git a/interface-definitions/include/version/dns-dynamic-version.xml.i b/interface-definitions/include/version/dns-dynamic-version.xml.i
index b25fc6e76..7bdb90a35 100644
--- a/interface-definitions/include/version/dns-dynamic-version.xml.i
+++ b/interface-definitions/include/version/dns-dynamic-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/dns-dynamic-version.xml.i -->
-<syntaxVersion component='dns-dynamic' version='1'></syntaxVersion>
+<syntaxVersion component='dns-dynamic' version='2'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in
index c470cfdb3..0d2ed9746 100644
--- a/interface-definitions/policy.xml.in
+++ b/interface-definitions/policy.xml.in
@@ -1446,9 +1446,18 @@
<format>u32:0-4294967295</format>
<description>Metric value</description>
</valueHelp>
+ <valueHelp>
+ <format>&lt;+/-rtt&gt;</format>
+ <description>Add or subtract round trip time</description>
+ </valueHelp>
+ <valueHelp>
+ <format>&lt;rtt&gt;</format>
+ <description>Round trip time</description>
+ </valueHelp>
<constraint>
<validator name="numeric" argument="--relative --"/>
<validator name="numeric" argument="--range 0-4294967295"/>
+ <regex>^[+|-]?rtt$</regex>
</constraint>
</properties>
</leafNode>
diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py
index 51a33f978..c21d8af4e 100755
--- a/smoketest/scripts/cli/test_policy.py
+++ b/smoketest/scripts/cli/test_policy.py
@@ -1107,6 +1107,33 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
'metric' : '-20',
},
},
+ '30': {
+ 'action': 'permit',
+ 'match': {
+ 'ip-nexthop-addr': ipv4_nexthop_address,
+ },
+ 'set': {
+ 'metric': 'rtt',
+ },
+ },
+ '40': {
+ 'action': 'permit',
+ 'match': {
+ 'ip-nexthop-addr': ipv4_nexthop_address,
+ },
+ 'set': {
+ 'metric': '+rtt',
+ },
+ },
+ '50': {
+ 'action': 'permit',
+ 'match': {
+ 'ip-nexthop-addr': ipv4_nexthop_address,
+ },
+ 'set': {
+ 'metric': '-rtt',
+ },
+ },
},
},
}
diff --git a/smoketest/scripts/cli/test_service_dns_dynamic.py b/smoketest/scripts/cli/test_service_dns_dynamic.py
index ee8a07b37..fe213a8ae 100755
--- a/smoketest/scripts/cli/test_service_dns_dynamic.py
+++ b/smoketest/scripts/cli/test_service_dns_dynamic.py
@@ -17,6 +17,8 @@
import os
import unittest
import tempfile
+import random
+import string
from base_vyostest_shim import VyOSUnitTestSHIM
@@ -24,16 +26,25 @@ from vyos.configsession import ConfigSessionError
from vyos.utils.process import cmd
from vyos.utils.process import process_running
+DDCLIENT_SYSTEMD_UNIT = '/run/systemd/system/ddclient.service.d/override.conf'
DDCLIENT_CONF = '/run/ddclient/ddclient.conf'
DDCLIENT_PID = '/run/ddclient/ddclient.pid'
+DDCLIENT_PNAME = 'ddclient'
base_path = ['service', 'dns', 'dynamic']
+server = 'ddns.vyos.io'
hostname = 'test.ddns.vyos.io'
zone = 'vyos.io'
+username = 'vyos_user'
password = 'paSS_@4ord'
+ttl = '300'
interface = 'eth0'
class TestServiceDDNS(VyOSUnitTestSHIM.TestCase):
+ def setUp(self):
+ # Always start with a clean CLI instance
+ self.cli_delete(base_path)
+
def tearDown(self):
# Check for running process
self.assertTrue(process_running(DDCLIENT_PID))
@@ -47,30 +58,38 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase):
# IPv4 standard DDNS service configuration
def test_01_dyndns_service_standard(self):
- ddns = ['address', interface, 'service']
+ svc_path = ['address', interface, 'service']
services = {'cloudflare': {'protocol': 'cloudflare'},
- 'freedns': {'protocol': 'freedns', 'username': 'vyos_user'},
- 'zoneedit': {'protocol': 'zoneedit1', 'username': 'vyos_user'}}
+ 'freedns': {'protocol': 'freedns', 'username': username},
+ 'zoneedit': {'protocol': 'zoneedit1', 'username': username}}
for svc, details in services.items():
- # Always start with a clean CLI instance
- self.cli_delete(base_path)
-
- self.cli_set(base_path + ddns + [svc, 'host-name', hostname])
- self.cli_set(base_path + ddns + [svc, 'password', password])
- self.cli_set(base_path + ddns + [svc, 'zone', zone])
+ self.cli_set(base_path + svc_path + [svc, 'host-name', hostname])
+ self.cli_set(base_path + svc_path + [svc, 'password', password])
+ self.cli_set(base_path + svc_path + [svc, 'zone', zone])
+ self.cli_set(base_path + svc_path + [svc, 'ttl', ttl])
for opt, value in details.items():
- self.cli_set(base_path + ddns + [svc, opt, value])
+ self.cli_set(base_path + svc_path + [svc, opt, value])
- # commit changes
+ # 'zone' option is supported and required by 'cloudfare', but not 'freedns' and 'zoneedit'
+ self.cli_set(base_path + svc_path + [svc, 'zone', zone])
if details['protocol'] == 'cloudflare':
pass
else:
- # zone option does not work on all protocols, an exception is
- # raised for all others
+ # exception is raised for unsupported ones
with self.assertRaises(ConfigSessionError):
self.cli_commit()
- self.cli_delete(base_path + ddns + [svc, 'zone', zone])
+ self.cli_delete(base_path + svc_path + [svc, 'zone'])
+
+ # 'ttl' option is supported by 'cloudfare', but not 'freedns' and 'zoneedit'
+ self.cli_set(base_path + svc_path + [svc, 'ttl', ttl])
+ if details['protocol'] == 'cloudflare':
+ pass
+ else:
+ # exception is raised for unsupported ones
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ self.cli_delete(base_path + svc_path + [svc, 'ttl'])
# commit changes
self.cli_commit()
@@ -79,9 +98,9 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase):
ddclient_conf = cmd(f'sudo cat {DDCLIENT_CONF}')
# default value 300 seconds
self.assertIn(f'daemon=300', ddclient_conf)
- self.assertIn(f'use=if', ddclient_conf)
- self.assertIn(f'if={interface}', ddclient_conf)
- self.assertIn(f'password={password}', ddclient_conf)
+ self.assertIn(f'usev4=ifv4', ddclient_conf)
+ self.assertIn(f'ifv4={interface}', ddclient_conf)
+ self.assertIn(f'password=\'{password}\'', ddclient_conf)
for opt in details.keys():
if opt == 'username':
@@ -93,63 +112,80 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase):
# IPv6 only DDNS service configuration
def test_02_dyndns_service_ipv6(self):
- timeout = '60'
- ddns = ['address', interface, 'service', 'dynv6']
+ interval = '60'
+ svc_path = ['address', interface, 'service', 'dynv6']
proto = 'dyndns2'
- user = 'none'
- password = 'paSS_4ord'
- srv = 'ddns.vyos.io'
ip_version = 'ipv6'
+ wait_time = '600'
+ expiry_time_good = '3600'
+ expiry_time_bad = '360'
+
+ self.cli_set(base_path + ['interval', interval])
+ self.cli_set(base_path + svc_path + ['ip-version', ip_version])
+ self.cli_set(base_path + svc_path + ['protocol', proto])
+ self.cli_set(base_path + svc_path + ['server', server])
+ self.cli_set(base_path + svc_path + ['username', username])
+ self.cli_set(base_path + svc_path + ['password', password])
+ self.cli_set(base_path + svc_path + ['host-name', hostname])
+ self.cli_set(base_path + svc_path + ['wait-time', wait_time])
- self.cli_set(base_path + ['timeout', timeout])
- self.cli_set(base_path + ddns + ['ip-version', ip_version])
- self.cli_set(base_path + ddns + ['protocol', proto])
- self.cli_set(base_path + ddns + ['server', srv])
- self.cli_set(base_path + ddns + ['username', user])
- self.cli_set(base_path + ddns + ['password', password])
- self.cli_set(base_path + ddns + ['host-name', hostname])
+ # expiry-time must be greater than wait-time, exception is raised otherwise
+ self.cli_set(base_path + svc_path + ['expiry-time', expiry_time_bad])
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ self.cli_set(base_path + svc_path + ['expiry-time', expiry_time_good])
# commit changes
self.cli_commit()
# Check the generating config parameters
ddclient_conf = cmd(f'sudo cat {DDCLIENT_CONF}')
- self.assertIn(f'daemon={timeout}', ddclient_conf)
+ self.assertIn(f'daemon={interval}', ddclient_conf)
self.assertIn(f'usev6=ifv6', ddclient_conf)
self.assertIn(f'ifv6={interface}', ddclient_conf)
self.assertIn(f'protocol={proto}', ddclient_conf)
- self.assertIn(f'server={srv}', ddclient_conf)
- self.assertIn(f'login={user}', ddclient_conf)
- self.assertIn(f'password={password}', ddclient_conf)
+ self.assertIn(f'server={server}', ddclient_conf)
+ self.assertIn(f'login={username}', ddclient_conf)
+ self.assertIn(f'password=\'{password}\'', ddclient_conf)
+ self.assertIn(f'min-interval={wait_time}', ddclient_conf)
+ self.assertIn(f'max-interval={expiry_time_good}', ddclient_conf)
# IPv4+IPv6 dual DDNS service configuration
def test_03_dyndns_service_dual_stack(self):
- ddns = ['address', interface, 'service']
- services = {'cloudflare': {'protocol': 'cloudflare', 'zone': 'vyos.io'},
- 'freedns': {'protocol': 'freedns', 'username': 'vyos_user'}}
- password = 'vyos_pass'
+ svc_path = ['address', interface, 'service']
+ services = {'cloudflare': {'protocol': 'cloudflare', 'zone': zone},
+ 'freedns': {'protocol': 'freedns', 'username': username},
+ 'google': {'protocol': 'googledomains', 'username': username}}
ip_version = 'both'
- for svc, details in services.items():
- # Always start with a clean CLI instance
- self.cli_delete(base_path)
-
- self.cli_set(base_path + ddns + [svc, 'host-name', hostname])
- self.cli_set(base_path + ddns + [svc, 'password', password])
- self.cli_set(base_path + ddns + [svc, 'ip-version', ip_version])
+ for name, details in services.items():
+ self.cli_set(base_path + svc_path + [name, 'host-name', hostname])
+ self.cli_set(base_path + svc_path + [name, 'password', password])
for opt, value in details.items():
- self.cli_set(base_path + ddns + [svc, opt, value])
+ self.cli_set(base_path + svc_path + [name, opt, value])
+
+ # Dual stack is supported by 'cloudfare' and 'freedns' but not 'googledomains'
+ # exception is raised for unsupported ones
+ self.cli_set(base_path + svc_path + [name, 'ip-version', ip_version])
+ if details['protocol'] not in ['cloudflare', 'freedns']:
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ self.cli_delete(base_path + svc_path + [name, 'ip-version'])
# commit changes
self.cli_commit()
# Check the generating config parameters
ddclient_conf = cmd(f'sudo cat {DDCLIENT_CONF}')
- self.assertIn(f'usev4=ifv4', ddclient_conf)
- self.assertIn(f'usev6=ifv6', ddclient_conf)
- self.assertIn(f'ifv4={interface}', ddclient_conf)
- self.assertIn(f'ifv6={interface}', ddclient_conf)
- self.assertIn(f'password={password}', ddclient_conf)
+ if details['protocol'] not in ['cloudflare', 'freedns']:
+ self.assertIn(f'usev4=ifv4', ddclient_conf)
+ self.assertIn(f'ifv4={interface}', ddclient_conf)
+ else:
+ self.assertIn(f'usev4=ifv4', ddclient_conf)
+ self.assertIn(f'usev6=ifv6', ddclient_conf)
+ self.assertIn(f'ifv4={interface}', ddclient_conf)
+ self.assertIn(f'ifv6={interface}', ddclient_conf)
+ self.assertIn(f'password=\'{password}\'', ddclient_conf)
for opt in details.keys():
if opt == 'username':
@@ -161,19 +197,16 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase):
def test_04_dyndns_rfc2136(self):
# Check if DDNS service can be configured and runs
- ddns = ['address', interface, 'rfc2136', 'vyos']
- srv = 'ns1.vyos.io'
- zone = 'vyos.io'
- ttl = '300'
+ svc_path = ['address', interface, 'rfc2136', 'vyos']
with tempfile.NamedTemporaryFile(prefix='/config/auth/') as key_file:
key_file.write(b'S3cretKey')
- self.cli_set(base_path + ddns + ['server', srv])
- self.cli_set(base_path + ddns + ['zone', zone])
- self.cli_set(base_path + ddns + ['key', key_file.name])
- self.cli_set(base_path + ddns + ['ttl', ttl])
- self.cli_set(base_path + ddns + ['host-name', hostname])
+ self.cli_set(base_path + svc_path + ['server', server])
+ self.cli_set(base_path + svc_path + ['zone', zone])
+ self.cli_set(base_path + svc_path + ['key', key_file.name])
+ self.cli_set(base_path + svc_path + ['ttl', ttl])
+ self.cli_set(base_path + svc_path + ['host-name', hostname])
# commit changes
self.cli_commit()
@@ -183,10 +216,114 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase):
self.assertIn(f'use=if', ddclient_conf)
self.assertIn(f'if={interface}', ddclient_conf)
self.assertIn(f'protocol=nsupdate', ddclient_conf)
- self.assertIn(f'server={srv}', ddclient_conf)
+ self.assertIn(f'server={server}', ddclient_conf)
self.assertIn(f'zone={zone}', ddclient_conf)
- self.assertIn(f'password={key_file.name}', ddclient_conf)
+ self.assertIn(f'password=\'{key_file.name}\'', ddclient_conf)
self.assertIn(f'ttl={ttl}', ddclient_conf)
+ def test_05_dyndns_hostname(self):
+ # Check if DDNS service can be configured and runs
+ svc_path = ['address', interface, 'service', 'namecheap']
+ proto = 'namecheap'
+ hostnames = ['@', 'www', hostname, f'@.{hostname}']
+
+ for name in hostnames:
+ self.cli_set(base_path + svc_path + ['protocol', proto])
+ self.cli_set(base_path + svc_path + ['server', server])
+ self.cli_set(base_path + svc_path + ['username', username])
+ self.cli_set(base_path + svc_path + ['password', password])
+ self.cli_set(base_path + svc_path + ['host-name', name])
+
+ # commit changes
+ self.cli_commit()
+
+ # Check the generating config parameters
+ ddclient_conf = cmd(f'sudo cat {DDCLIENT_CONF}')
+ self.assertIn(f'protocol={proto}', ddclient_conf)
+ self.assertIn(f'server={server}', ddclient_conf)
+ self.assertIn(f'login={username}', ddclient_conf)
+ self.assertIn(f'password=\'{password}\'', ddclient_conf)
+ self.assertIn(f'{name}', ddclient_conf)
+
+ def test_06_dyndns_web_options(self):
+ # Check if DDNS service can be configured and runs
+ base_path_iface = base_path + ['address', interface]
+ base_path_web = base_path + ['address', 'web']
+ svc_path_iface = base_path_iface + ['service', 'cloudflare']
+ svc_path_web = base_path_web + ['service', 'cloudflare']
+ proto = 'cloudflare'
+ web_url_good = 'https://ifconfig.me/ip'
+ web_url_bad = 'http:/ifconfig.me/ip'
+
+ self.cli_set(svc_path_iface + ['protocol', proto])
+ self.cli_set(svc_path_iface + ['zone', zone])
+ self.cli_set(svc_path_iface + ['password', password])
+ self.cli_set(svc_path_iface + ['host-name', hostname])
+ self.cli_set(base_path_iface + ['web-options', 'url', web_url_good])
+
+ # web-options is supported only with web service based address lookup
+ # exception is raised for interface based address lookup
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+ self.cli_delete(base_path_iface + ['web-options'])
+
+ # commit changes
+ self.cli_commit()
+
+ # web-options is supported with web service based address lookup
+ # this should work, but clear interface based config first
+ self.cli_delete(base_path_iface)
+ self.cli_set(svc_path_web + ['protocol', proto])
+ self.cli_set(svc_path_web + ['zone', zone])
+ self.cli_set(svc_path_web + ['password', password])
+ self.cli_set(svc_path_web + ['host-name', hostname])
+
+ # web-options must be a valid URL
+ with self.assertRaises(ConfigSessionError) as cm:
+ self.cli_set(base_path_web + ['web-options', 'url', web_url_bad])
+ self.assertIn(f'"{web_url_bad.removeprefix("http:")}" is not a valid URI', str(cm.exception))
+ self.cli_set(base_path_web + ['web-options', 'url', web_url_good])
+
+ # commit changes
+ self.cli_commit()
+
+ # Check the generating config parameters
+ ddclient_conf = cmd(f'sudo cat {DDCLIENT_CONF}')
+ self.assertIn(f'usev4=webv4', ddclient_conf)
+ self.assertIn(f'webv4={web_url_good}', ddclient_conf)
+ self.assertIn(f'protocol={proto}', ddclient_conf)
+ self.assertIn(f'zone={zone}', ddclient_conf)
+ self.assertIn(f'password=\'{password}\'', ddclient_conf)
+ self.assertIn(f'{hostname}', ddclient_conf)
+
+ def test_07_dyndns_vrf(self):
+ # Table number randomized, but should be within range 100-65535
+ vrf_table = "".join(random.choices(string.digits, k=4))
+ vrf_name = f'vyos-test-{vrf_table}'
+ svc_path = ['address', interface, 'service', 'cloudflare']
+
+ self.cli_set(['vrf', 'name', vrf_name, 'table', vrf_table])
+ self.cli_set(base_path + ['vrf', vrf_name])
+
+ self.cli_set(base_path + svc_path + ['protocol', 'cloudflare'])
+ self.cli_set(base_path + svc_path + ['host-name', hostname])
+ self.cli_set(base_path + svc_path + ['zone', zone])
+ self.cli_set(base_path + svc_path + ['password', password])
+
+ # commit changes
+ self.cli_commit()
+
+ # Check for process in VRF
+ systemd_override = cmd(f'cat {DDCLIENT_SYSTEMD_UNIT}')
+ self.assertIn(f'ExecStart=ip vrf exec {vrf_name} /usr/bin/ddclient -file {DDCLIENT_CONF}',
+ systemd_override)
+
+ # Check for process in VRF
+ proc = cmd(f'ip vrf pids {vrf_name}')
+ self.assertIn(DDCLIENT_PNAME, proc)
+
+ # Cleanup VRF
+ self.cli_delete(['vrf', 'name', vrf_name])
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/src/completion/list_ddclient_protocols.sh b/src/completion/list_ddclient_protocols.sh
index 75fb0cf44..c8855b5d1 100755
--- a/src/completion/list_ddclient_protocols.sh
+++ b/src/completion/list_ddclient_protocols.sh
@@ -14,4 +14,4 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-echo -n $(ddclient -list-protocols)
+echo -n $(ddclient -list-protocols | grep -vE 'nsupdate|cloudns|porkbun')
diff --git a/src/conf_mode/dns_dynamic.py b/src/conf_mode/dns_dynamic.py
index 4b1aed742..2bccaee0f 100755
--- a/src/conf_mode/dns_dynamic.py
+++ b/src/conf_mode/dns_dynamic.py
@@ -19,6 +19,7 @@ import os
from sys import exit
from vyos.config import Config
+from vyos.configverify import verify_interface_exists
from vyos.template import render
from vyos.utils.process import call
from vyos import ConfigError
@@ -29,13 +30,25 @@ config_file = r'/run/ddclient/ddclient.conf'
systemd_override = r'/run/systemd/system/ddclient.service.d/override.conf'
# Protocols that require zone
-zone_allowed = ['cloudflare', 'godaddy', 'hetzner', 'gandi', 'nfsn']
+zone_necessary = ['cloudflare', 'digitalocean', 'godaddy', 'hetzner', 'gandi', 'nfsn']
+zone_supported = zone_necessary + ['dnsexit2', 'zoneedit1']
# Protocols that do not require username
-username_unnecessary = ['1984', 'cloudflare', 'cloudns', 'duckdns', 'freemyip', 'hetzner', 'keysystems', 'njalla']
+username_unnecessary = ['1984', 'cloudflare', 'cloudns', 'digitalocean', 'dnsexit2',
+ 'duckdns', 'freemyip', 'hetzner', 'keysystems', 'njalla',
+ 'regfishde']
+
+# Protocols that support TTL
+ttl_supported = ['cloudflare', 'dnsexit2', 'gandi', 'hetzner', 'godaddy', 'nfsn']
# Protocols that support both IPv4 and IPv6
-dualstack_supported = ['cloudflare', 'dyndns2', 'freedns', 'njalla']
+dualstack_supported = ['cloudflare', 'digitalocean', 'dnsexit2', 'duckdns',
+ 'dyndns2', 'easydns', 'freedns', 'hetzner', 'infomaniak',
+ 'njalla']
+
+# dyndns2 protocol in ddclient honors dual stack for selective servers
+# because of the way it is implemented in ddclient
+dyndns_dualstack_servers = ['members.dyndns.org', 'dynv6.com']
def get_config(config=None):
if config:
@@ -43,11 +56,11 @@ def get_config(config=None):
else:
conf = Config()
- base_level = ['service', 'dns', 'dynamic']
- if not conf.exists(base_level):
+ base = ['service', 'dns', 'dynamic']
+ if not conf.exists(base):
return None
- dyndns = conf.get_config_dict(base_level, key_mangling=('-', '_'),
+ dyndns = conf.get_config_dict(base, key_mangling=('-', '_'),
no_tag_node_value_mangle=True,
get_first_key=True,
with_recursive_defaults=True)
@@ -61,6 +74,10 @@ def verify(dyndns):
return None
for address in dyndns['address']:
+ # If dyndns address is an interface, ensure it exists
+ if address != 'web':
+ verify_interface_exists(address)
+
# RFC2136 - configuration validation
if 'rfc2136' in dyndns['address'][address]:
for config in dyndns['address'][address]['rfc2136'].values():
@@ -70,32 +87,40 @@ def verify(dyndns):
f'based Dynamic DNS service on "{address}"')
# Dynamic DNS service provider - configuration validation
+ if 'web_options' in dyndns['address'][address] and address != 'web':
+ raise ConfigError(f'"web-options" is applicable only when using HTTP(S) web request to obtain the IP address')
+
+ # Dynamic DNS service provider - configuration validation
if 'service' in dyndns['address'][address]:
for service, config in dyndns['address'][address]['service'].items():
- error_msg = f'is required for Dynamic DNS service "{service}" on "{address}"'
+ error_msg_req = f'is required for Dynamic DNS service "{service}" on "{address}"'
+ error_msg_uns = f'is not supported for Dynamic DNS service "{service}" on "{address}" with protocol "{config["protocol"]}"'
for field in ['host_name', 'password', 'protocol']:
if field not in config:
- raise ConfigError(f'"{field.replace("_", "-")}" {error_msg}')
+ raise ConfigError(f'"{field.replace("_", "-")}" {error_msg_req}')
+
+ if config['protocol'] in zone_necessary and 'zone' not in config:
+ raise ConfigError(f'"zone" {error_msg_req} with protocol "{config["protocol"]}"')
- if config['protocol'] in zone_allowed and 'zone' not in config:
- raise ConfigError(f'"zone" {error_msg}')
+ if config['protocol'] not in zone_supported and 'zone' in config:
+ raise ConfigError(f'"zone" {error_msg_uns}')
- if config['protocol'] not in zone_allowed and 'zone' in config:
- raise ConfigError(f'"{config["protocol"]}" does not support "zone"')
+ if config['protocol'] not in username_unnecessary and 'username' not in config:
+ raise ConfigError(f'"username" {error_msg_req} with protocol "{config["protocol"]}"')
- if config['protocol'] not in username_unnecessary:
- if 'username' not in config:
- raise ConfigError(f'"username" {error_msg}')
+ if config['protocol'] not in ttl_supported and 'ttl' in config:
+ raise ConfigError(f'"ttl" {error_msg_uns}')
if config['ip_version'] == 'both':
if config['protocol'] not in dualstack_supported:
- raise ConfigError(f'"{config["protocol"]}" does not support '
- f'both IPv4 and IPv6 at the same time')
+ raise ConfigError(f'Both IPv4 and IPv6 at the same time {error_msg_uns}')
# dyndns2 protocol in ddclient honors dual stack only for dyn.com (dyndns.org)
- if config['protocol'] == 'dyndns2' and 'server' in config and config['server'] != 'members.dyndns.org':
- raise ConfigError(f'"{config["protocol"]}" does not support '
- f'both IPv4 and IPv6 at the same time for "{config["server"]}"')
+ if config['protocol'] == 'dyndns2' and 'server' in config and config['server'] not in dyndns_dualstack_servers:
+ raise ConfigError(f'Both IPv4 and IPv6 at the same time {error_msg_uns} for "{config["server"]}"')
+
+ if {'wait_time', 'expiry_time'} <= config.keys() and int(config['expiry_time']) < int(config['wait_time']):
+ raise ConfigError(f'"expiry-time" must be greater than "wait-time"')
return None
diff --git a/src/conf_mode/service_mdns-repeater.py b/src/conf_mode/service_mdns-repeater.py
index 6909731ff..6526c23d1 100755
--- a/src/conf_mode/service_mdns-repeater.py
+++ b/src/conf_mode/service_mdns-repeater.py
@@ -29,6 +29,7 @@ from vyos import airbag
airbag.enable()
config_file = '/run/avahi-daemon/avahi-daemon.conf'
+systemd_override = r'/run/systemd/system/avahi-daemon.service.d/override.conf'
vrrp_running_file = '/run/mdns_vrrp_active'
def get_config(config=None):
@@ -48,6 +49,8 @@ def get_config(config=None):
if mdns:
mdns['vrrp_exists'] = conf.exists('high-availability vrrp')
+ mdns['config_file'] = config_file
+
return mdns
def verify(mdns):
@@ -101,11 +104,16 @@ def generate(mdns):
return None
render(config_file, 'mdns-repeater/avahi-daemon.conf.j2', mdns)
+ render(systemd_override, 'mdns-repeater/override.conf.j2', mdns)
return None
def apply(mdns):
+ systemd_service = 'avahi-daemon.service'
+ # Reload systemd manager configuration
+ call('systemctl daemon-reload')
+
if not mdns or 'disable' in mdns:
- call('systemctl stop avahi-daemon.service')
+ call(f'systemctl stop {systemd_service}')
if os.path.exists(config_file):
os.unlink(config_file)
@@ -120,10 +128,10 @@ def apply(mdns):
os.mknod(vrrp_running_file) # vrrp script looks for this file to update mdns repeater
if len(mdns['interface']) < 2:
- call('systemctl stop avahi-daemon.service')
+ call(f'systemctl stop {systemd_service}')
return None
- call('systemctl restart avahi-daemon.service')
+ call(f'systemctl restart {systemd_service}')
return None
diff --git a/src/etc/systemd/system/avahi-daemon.service.d/override.conf b/src/etc/systemd/system/avahi-daemon.service.d/override.conf
deleted file mode 100644
index a9d2085f7..000000000
--- a/src/etc/systemd/system/avahi-daemon.service.d/override.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-After=
-After=vyos-router.service
-ConditionPathExists=/run/avahi-daemon/avahi-daemon.conf
-
-[Service]
-ExecStart=
-ExecStart=/usr/sbin/avahi-daemon --syslog --file /run/avahi-daemon/avahi-daemon.conf \ No newline at end of file
diff --git a/src/migration-scripts/dns-dynamic/1-to-2 b/src/migration-scripts/dns-dynamic/1-to-2
new file mode 100755
index 000000000..8b599b57a
--- /dev/null
+++ b/src/migration-scripts/dns-dynamic/1-to-2
@@ -0,0 +1,70 @@
+#!/usr/bin/env python3
+
+# Copyright (C) 2023 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# T5708:
+# - migrate "service dns dynamic timeout ..."
+# to "service dns dynamic interval ..."
+# - remove "service dns dynamic address <interface> web-options ..." when <interface> != "web"
+# - migrate "service dns dynamic address <interface> service <service> protocol dnsexit"
+# to "service dns dynamic address <interface> service <service> protocol dnsexit2"
+
+import sys
+from vyos.configtree import ConfigTree
+
+if len(sys.argv) < 2:
+ print("Must specify file name!")
+ sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+config = ConfigTree(config_file)
+
+base_path = ['service', 'dns', 'dynamic']
+timeout_path = base_path + ['timeout']
+address_path = base_path + ['address']
+
+if not config.exists(base_path):
+ # Nothing to do
+ sys.exit(0)
+
+# Migrate "service dns dynamic timeout ..."
+# to "service dns dynamic interval ..."
+if config.exists(timeout_path):
+ config.rename(timeout_path, 'interval')
+
+# Remove "service dns dynamic address <interface> web-options ..." when <interface> != "web"
+for address in config.list_nodes(address_path):
+ if config.exists(address_path + [address, 'web-options']) and address != 'web':
+ config.delete(address_path + [address, 'web-options'])
+
+# Migrate "service dns dynamic address <interface> service <service> protocol dnsexit"
+# to "service dns dynamic address <interface> service <service> protocol dnsexit2"
+for address in config.list_nodes(address_path):
+ for svc_cfg in config.list_nodes(address_path + [address, 'service']):
+ if config.exists(address_path + [address, 'service', svc_cfg, 'protocol']):
+ protocol = config.return_value(address_path + [address, 'service', svc_cfg, 'protocol'])
+ if protocol == 'dnsexit':
+ config.set(address_path + [address, 'service', svc_cfg, 'protocol'], 'dnsexit2')
+
+try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ sys.exit(1)
diff --git a/src/validators/ddclient-protocol b/src/validators/ddclient-protocol
index 6f927927b..8f455e12e 100755
--- a/src/validators/ddclient-protocol
+++ b/src/validators/ddclient-protocol
@@ -14,7 +14,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-ddclient -list-protocols | grep -qw $1
+ddclient -list-protocols | grep -vE 'nsupdate|cloudns|porkbun' | grep -qw $1
if [ $? -gt 0 ]; then
echo "Error: $1 is not a valid protocol, please choose from the supported list of protocols"