INADYN(5) (smm)
INADYN(5) File Formats Manual (smm) INADYN(5)

NAME

inadyn.confinadyn DDNS client configuration file

SYNOPSIS

/etc/inadyn.conf

DESCRIPTION

inadyn is configured using a simple configuration file. The “#” character marks start of a comment to end of line. The \ character can be used as an escape character.
verify-address = <true | false>
By default inadyn verifies both IPv4 and IPv6 addresses, making sure the address is a valid Internet address. Invalid addresses are, e.g., link local, loopback, multicast and known experimental addresses. For more information, see RFC3330.
IP address validation can be disabled by setting this option to false.
fake-address = <true | false>
When using SIGUSR1, to do a forced update, this option can be used to fake an address update with a “random” address in the 203.0.113.0/24 range, example address range from RFC5737, before updating with the actual IP address. This is completely outside spec., but can be useful for people who very rarely, if ever, get an IP address change. Because some DDNS service providers will not register even a forced update if the IP is the same. As a result the user could be deregistered as an inactive user.
allow-ipv6 = <true | false>
Inadyn can get an IPv6 address from an interface, or with an external checkip script. This option controls if IPv6 addresses should be allowed or discarded. By default this option is false, i.e. IPv6 addresses are discarded.
iface = IFNAME
Use network interface IFNAME as source of IP address changes instead of querying an external server. With this option is enabled, the external IP check is disabled and inadyn will send DDNS updates using the IP address of the IFNAME network interface to all DDNS providers listed in the configuration file. This can be useful to register LAN IP addresses, or, when connected directly to a public IP address, to speed up the IP check if the DDNS provider's check-ip servers are slow to respond.
This option can also be given as a command line option to inadyn(8), both serve a purpose, use whichever one works for you.
iterations = <NUM | 0>
Set the number of DNS updates. The default is 0, which means infinity.
period = SEC
How often the IP is checked, in seconds. Default: apxrox. 1 minute. Max: 10 days.
forced-update = SEC
How often the IP should be updated even if it is not changed. The time should be given in seconds. Default is equal to 30 days.
secure-ssl = < true | false >
If the HTTPS certificate validation fails for a provider inadyn aborts the DDNS update before sending any credentials. When this setting is disabled, i.e. false, then inadyn will only issue a warning. By default this setting is enabled, because security matters.
broken-rtc = < true | false >
HTTPS certificates are only valid within specified time windows, so on systems without hardware real-time clock and default bootup time far in the past, false-positive validation fail is expected. When this setting is enabled, i.e. true, then inadyn will only issue a warning that the certificate is not valid yet. By default this setting is disabled, because security matters.
ca-trust-file = FILE
By default inadyn uses the built-in path to the system's trusted CA certificates, both GnuTLS and Open/LibreSSL support this. As a fall-back, in case the API's to load CA certificates from the built-in path fails, inadyn also supports common default paths to Debian and RedHat CA bundles.
This setting overrides the built-in paths and fallback locations and provides a way to specify the path to a trusted set of CA certificates, in PEM format, bundled into one file.
user-agent = STRING
Specify the User-Agent string to send to the DDNS provider on checkip and update requests. Some providers require this field to be set to a specific string, some may be OK with "Mozilla/4.0". The default is to send "inadyn/VERSION SUPPORTURL", where VERSION is the current inadyn version, and SUPPORTURL is the upstream support URL.
This can also be set on a per-provider basis, see below custom and provider section description.
custom some@identifier {}
The custom{} and provider{} sections are very similar, except that the custom section allows customizing the DDNS update server details. For more details, see the description for provider{}, below.
provider email@ddns-service.tld[:ID] {}
The custom{} and provider{} sections are very similar, except that the custom section allows customizing the DDNS update server details. See below list for supported DDNS providers and their email@ddns-service.tld identifiers.
To support multiple users of the same DDNS provider, append [:ID] to the provider name. The ID can be any free form string or number as long as the combination is unique.
Common settings in custom{} and provider{} sections are:
ssl = <true | false>
Use HTTPS, both when checking for IP changes and updating the DNS record. Default is to use HTTPS (true).
username = USERNAME.
The username, if applicable. This might be referred to as hash by some providers.
password = PASSWORD
The password, if applicable.
checkip-server = checkip.example.com[:port]
Server to use for periodic IP address changes, port defaults to 80.
This is an optional setting. For provider{} sections it defaults to a pre-defined checkip-server and checkip-path for the given DDNS provider. For custom DDNS setups it defaults to api.ipify.org, which is a really great and free service that even support HTTPS, see checkip-ssl setting, below. When set in a provider{} section it overrides the provider's default checkip-server.
checkip-path = /some/checkip/url
Optional server path for check IP server, defaults to "/".
checkip-ssl = <true | false>
This setting usually follows the ssl setting, but can be used to disable HTTPS for the IP address check. This might be needed for some providers that only support HTTPS for the DNS record update.
However, when a custom checkip-server is defined for a provider, this setting does not follow the ssl setting. Default is to use HTTPS (true).
checkip-command = /path/to/shell/command [optional args]
Shell command, or script, for IP address update checking. The command must output a text with the IP address to its standard output. The following environment variables are set:
INADYN_PROVIDER
contains the DDNS provider's full name in form email@ddns-service.tld
INADYN_USER
contains user's name
Example:
checkip-command = "/sbin/ifconfig eth0 | grep 'inet addr'"
        
Inadyn will use the first occurrence in the command's output that looks like an address. Both IPv4 and IPv6 addresses are supported.
hostname = HOSTNAME
 
hostname = { HOSTNAME1.name.tld, HOSTNAME2.name.tld }
Your hostname alias. To list multiple names, use the second form.
user-agent = STRING
Same as the global setting, but only for this provider. If omitted it defaults to the global setting, which if unset uses the default inadyn user agent string. For more information, see above.
wildcard = true
Enable domain name wildcarding of your domain name, for DDNS providers that support this, e.g. easydns.com and loopia.com. This means that anything typed before your hostname, e.g. www. or ftp., is also updated when your IP changes. Default: disabled. For inadyn < 1.96.3 wildcarding was enabled by default.
provider [email@]ddns-service[.tld] {}
Either a unique substring matching the provider, or or one of the exact matches to the following unique provider names:
default@freedns.afraid.org
⟨https://freedns.afraid.org⟩
ipv4@nsupdate.info
⟨https://nsupdate.info⟩
default@duckdns.org
⟨https://duckdns.org⟩
default@freemyip.com
⟨https://freemyip.com⟩
default@loopia.com
⟨https://www.loopia.com⟩
default@dyndns.org
Connect to ⟨https://www.dyndns.org⟩, i.e., ⟨https://dyn.com⟩
default@noip.com
⟨https://www.noip.com⟩
default@no-ip.com
Handled by default@noip.com plugin.
default@easydns.com
⟨https://www.easydns.com⟩
default@dnsomatic.com
⟨https://www.dnsomatic.com⟩
dyndns@he.net
⟨https://dns.he.net⟩
default@tunnelbroker.net
IPv6 ⟨https://www.tunnelbroker.net⟩ by Hurricane Electric.
default@sitelutions.com
⟨https://www.sitelutions.com⟩
default@dnsexit.com
⟨https://www.dnsexit.com⟩
default@zoneedit.com
⟨https://zoneedit.com⟩
default@changeip.com
⟨https://www.changeip.com⟩
default@dhis.org
⟨https://www.dhis.org⟩
default@domains.google.com
⟨https://domains.google⟩
default@ovh.com
⟨https://www.ovh.com⟩
default@gira.de
⟨https://giradns.com⟩
default@duiadns.net
⟨https://www.duiadns.net⟩
default@ddnss.de
⟨https://ddnss.de⟩
default@dynv6.com
⟨https://dynv6.com⟩
default@ipv4.dynv6.com
⟨https://ipv4.dynv6.com⟩
default@spdyn.de
⟨https://spdyn.de⟩
default@strato.com
⟨https://www.strato.com⟩
default@cloudxns.net
⟨https://www.cloudxns.net⟩
dyndns@3322.org
⟨https://www.3322.org⟩
default@dnspod.cn
⟨https://www.dnspod.cn⟩
default@dynu.com
⟨https://www.dynu.com⟩
default@selfhost.de
⟨https://www.selfhost.de⟩
default@pdd.yandex.ru
⟨https://connect.yandex.ru⟩
default@cloudflare.com
⟨https://www.cloudflare.com⟩
custom some@identifier {}
Specific to the custom provider section are the following settings:
ddns-server = update.example.com
DDNS server name, not the full URL.
ddns-path = /update?domain=
DDNS server path. By default the hostname is appended to the path, unless append-myip=true is set. Alternatively, printf(3) like format specifiers may be used for a fully customizable HTTP GET update request. The following format specifiers are currently supported:
%u
username
%p
password, if HTTP basic auth is not used
%h
hostname
%i
IP address
With the following example:
username  = myuser 
password  = mypass 
ddns-path = "/update?user=%u&password=%p&domain=%h&myip=%i" 
hostname  = YOURDOMAIN.TLD
        
the resulting update URL would be expanded to
/update?user=myuser&password=mypass&domain=YOURDOMAIN.TLD&myip=1.2.3.4
        
However, the password is usually never sent in clear text in the HTTP GET URL. Most DDNS providers instead rely on HTTP basic auth., which inadyn always relays to the server in the HTTP header of update requests. inadyn.conf v2.1 and later defaults to HTTPS to protect your credentials, but some providers still do not support HTTPS.
append-myip = true
Append your current IP to the the DDNS server update path. By default this setting is false and the hostname is appended. Unless the ddns-path is given with format specifiers, in which case this setting is unused.

EXAMPLES

Worth noting below is how two different user accounts can use the same DDNS provider, No-IP.com, by using the concept of instances ':N'.
period         = 300 
 
# Dyn.com 
provider dyndns.org { 
    username   = account1 
    password   = secret1 
    hostname   = { "my.example.com", "other.example.org" } 
} 
 
# FreeDNS. Remember the username must be in lower case 
# and password (max 16 chars) is case sensitive. 
provider freedns { 
    username   = lower-case-username 
    password   = case-sensitive-pwd 
    hostname   = some.example.com 
} 
 
# No-IP.com #1 
provider no-ip.com:1 { 
    checkip-server = "dynamic.zoneedit.com" 
    checkip-path   = "/checkip.html" 
    checkip-ssl    = false 
    username       = account21 
    password       = secret21 
    hostname       = example.no-ip.com 
} 
 
# No-IP.com #2 
provider no-ip.com:2 { 
    username   = account22 
    password   = secret22 
    hostname   = another.no-ip.com 
} 
 
# Google Domains - notice use of '@' to update root entry 
provider domains.google.com { 
    hostname = @.mydomain.com 
    username = your_username 
    password = your_password 
} 
 
# Loopia 
provider loopia.com { 
    wildcard   = true 
    username   = account3 
    password   = secret3 
    hostname   = example.com 
} 
 
# ddnss.de 
provider ddnss.de { 
    username   = your_username 
    password   = your_password 
    hostname   = your_host.ddnss.de 
} 
 
# spdyn.de 
provider spdyn.de { 
    username   = your_username 
    password   = your_password 
    hostname   = your_host.spdyn.de 
} 
 
# www.strato.com 
provider strato.com { 
    username   = your_username 
    password   = your_password 
    hostname   = example.com 
} 
 
# dynv6.com 
provider dynv6.com { 
    username   = your_token 
    password   = not_used 
    hostname   = your_host.dynv6.net 
} 
 
# IPv6 account at https://tunnelbroker.net 
provider tunnelbroker.net { 
    username   = xyzzy 
    password   = update-key-in-advanced-tab 
    hostname   = tunnel-id 
} 
 
# www.freemyip.com 
provider freemyip.com { 
    password = your_token 
    hostname = your_hostname.freemyip.com 
} 
 
# www.cloudxns.net 
provider cloudxns.net { 
    username = your_api_key 
    password = your_secret_key 
    hostname = yourhost.example.com 
} 
 
# www.dnspod.cn 
provider dnspod.cn { 
    username = your_api_id 
    password = your_api_token 
    hostname = yourhost.example.com 
} 
 
# Create a unique API token with the following Permissions: 
#   Zone: Zone - Read 
#   Zone: DNS - Edit 
# 
# If the token is limited to a specific zone (it should be) 
# it will also need the following permission: 
#   Account: Account Settings - Read 
# 
# For more information, see this Cloudflare Community post: 
# https://community.cloudflare.com/t/bug-zone-detail-by-name-requires-zone-list-permission/128042 
# 
# Note: global API keys are NOT supported for security reasons 
provider cloudflare.com { 
     username = unused (but currently something must be entered) 
     password = your_api_token 
     hostname = yourhost.example.com 
} 
 
# Generic example for twoDNS.de 
custom twoDNS.de { 
    username       = account4 
    password       = secret4 
    checkip-server = checkip.two-dns.de 
    checkip-path   = / 
    checkip-ssl    = false 
    ddns-server    = update.twodns.de 
    ddns-path      = "/update?hostname=" 
    hostname       = example.dd-dns.de 
}
As of Inadyn 1.99.14 the generic plugin can also be used with providers that require the client's IP in the update request, which for example ⟨https://dyn.com⟩ requires:
# This emulates dyndns.org 
custom dyn.com { 
    username     = DYNUSERNAME 
    password     = DYNPASSWORD 
    ddns-server  = members.dyndns.org 
    ddns-path    = "/nic/update?hostname=YOURHOST.dyndns.org&myip=" 
    append-myip  = true 
    hostname     = YOURHOST 
}
Notice the use of append-myip which differs from above previous examples. Without this option set the default (backwards compatible) behavior is to append the hostname.
An alternative, and perhaps more intuitive approach introduced in Inadyn v2.0, is to use the printf(3) like format specifiers mentioned previously. The same example look like this:
# This emulates dyndns.org 
custom dyn.com { 
    ssl          = false 
    username     = DYNUSERNAME 
    password     = DYNPASSWORD 
    ddns-server  = members.dyndns.org 
    ddns-path    = "/nic/update?hostname=%h.dyndns.org&myip=%i" 
    hostname     = YOURHOST 
}

SEE ALSO

inadyn(8)
The inadyn home page is ⟨https://github.com/troglobit/inadyn⟩

AUTHORS

This manual page was initially written for the Debian GNU/Linux system by Shaul Karl ⟨mailto:shaul@debian.org⟩. Currently maintained by Joachim Nilsson ⟨mailto:troglobit@gmail.com⟩.
February 20, 2020 Debian