summaryrefslogtreecommitdiff
path: root/src/conf_mode/dns_dynamic.py
diff options
context:
space:
mode:
authorIndrajit Raychaudhuri <irc@indrajit.com>2023-12-26 10:30:49 -0600
committerIndrajit Raychaudhuri <irc@indrajit.com>2023-12-26 15:22:55 -0600
commit047cbcf5df11cc7f72d1f1fe683a80d313896242 (patch)
treeff12e4500fb5b3143f6cef2c3c1af19921c50de4 /src/conf_mode/dns_dynamic.py
parentbe7c56cbc6d0b28f6e85e35a2dc5303bd663754b (diff)
downloadvyos-1x-047cbcf5df11cc7f72d1f1fe683a80d313896242.tar.gz
vyos-1x-047cbcf5df11cc7f72d1f1fe683a80d313896242.zip
ddclient: T5144: Warn against configuration with broken IP lookup service
We always enable HTTPS in ddclient configuration, however `http://checkip.dyndns.org` is HTTP only and does not support HTTPS. Warn the user if they are using this service. Also, make `url` in `web-options` mandatory.
Diffstat (limited to 'src/conf_mode/dns_dynamic.py')
-rwxr-xr-xsrc/conf_mode/dns_dynamic.py12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/conf_mode/dns_dynamic.py b/src/conf_mode/dns_dynamic.py
index 809c650d9..99fa8feee 100755
--- a/src/conf_mode/dns_dynamic.py
+++ b/src/conf_mode/dns_dynamic.py
@@ -15,7 +15,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
-
+import re
from sys import exit
from vyos.base import Warning
@@ -103,6 +103,16 @@ def verify(dyndns):
raise ConfigError(f'"web-options" is applicable only when using HTTP(S) '
f'web request to obtain the IP address')
+ # Warn if using checkip.dyndns.org, as it does not support HTTPS
+ # See: https://github.com/ddclient/ddclient/issues/597
+ if 'web_options' in config:
+ if 'url' not in config['web_options']:
+ raise ConfigError(f'"url" in "web-options" {error_msg_req} '
+ f'with protocol "{config["protocol"]}"')
+ elif re.search("^(https?://)?checkip\.dyndns\.org", config['web_options']['url']):
+ Warning(f'"checkip.dyndns.org" does not support HTTPS requests for IP address '
+ f'lookup. Please use a different IP address lookup service.')
+
# RFC2136 uses 'key' instead of 'password'
if config['protocol'] != 'nsupdate' and 'password' not in config:
raise ConfigError(f'"password" {error_msg_req}')