inadyn.conf —
inadyn DDNS client configuration file
inadyn is configured using a simple
configuration file. The “#” character marks start of a comment
to end of line. The \ character can be used as an escape character.
verify-address
= <true |
false>- By default
inadyn verifies both IPv4
and IPv6 addresses, making sure the address is a valid Internet address.
Invalid addresses are, e.g., link local, loopback, multicast and known
experimental addresses. For more information, see RFC3330.
IP address validation can be disabled by setting this option to
false.
fake-address
= <true |
false>- When using SIGUSR1, to do a forced update, this option can be used to fake
an address update with a “random” address in the
203.0.113.0/24 range, example address range from RFC5737, before updating
with the actual IP address. This is completely outside spec., but can be
useful for people who very rarely, if ever, get an IP address change.
Because some DDNS service providers will not register even a forced update
if the IP is the same. As a result the user could be deregistered as an
inactive user.
allow-ipv6
= <true |
false>Inadyn can get an IPv6 address from an
interface, or with an external checkip script. This option controls if
IPv6 addresses should be allowed or discarded. By default this option is
false, i.e. any IPv6 addresses found are
discarded.iface
= IFNAME- Use network interface
IFNAME as source
of IP address changes instead of querying an external server. With this
option is enabled, the external IP check is disabled and
inadyn will send DDNS updates using the
IP address of the IFNAME network
interface to all DDNS providers listed in the
configuration file. This can be useful to register LAN IP addresses, or,
when connected directly to a public IP address, to speed up the IP check
if the DDNS provider's check-ip servers are slow to respond.
This option can also be given as a command line option to
inadyn(8), both
serve a purpose, use whichever one works for you.
iterations
= <NUM |
0>- Set the number of DNS updates. The default is
0, which means infinity.
period
= SEC- How often the IP is checked, in seconds. Default: apxrox. 1 minute. Max:
10 days.
forced-update
= SEC- How often the IP should be updated even if it is not changed. The time
should be given in seconds. Default is equal to 30 days.
secure-ssl
= < true |
false
>- If the HTTPS certificate validation fails for a provider
inadyn aborts the DDNS update before
sending any credentials. When this setting is disabled, i.e.
false, then
inadyn will only issue a warning. By
default this setting is enabled, because security matters.
broken-rtc
= < true |
false
>- HTTPS certificates are only valid within specified time windows, so on
systems without hardware real-time clock and default bootup time far in
the past, false-positive validation fail is expected. When this setting is
enabled, i.e. true, then
inadyn will only issue a warning that
the certificate is not valid yet. By default this setting is disabled,
because security matters.
ca-trust-file
= FILE- By default
inadyn uses the built-in
path to the system's trusted CA certificates, both GnuTLS and
Open/LibreSSL support this. As a fall-back, in case the API's to load CA
certificates from the built-in path fails,
inadyn also supports common default
paths to Debian and RedHat CA bundles.
This setting overrides the built-in paths and fallback locations and
provides a way to specify the path to a trusted set of CA certificates, in
PEM format, bundled into one file.
user-agent
= STRING- Specify the User-Agent string to send to the DDNS provider on checkip and
update requests. Some providers require this field to be set to a specific
string, some may be OK with "Mozilla/4.0". The default is to
send "inadyn/VERSION SUPPORTURL", where VERSION is the current
inadyn version, and SUPPORTURL is the
upstream support URL.
This can also be set on a per-provider basis, see below custom and provider
section description.
custom
some@identifier {}- The
custom{} and
provider{} sections are very similar,
except that the custom section allows customizing the DDNS update server
details. For more details, see the description for
provider{}, below.
provider
email@ddns-service.tld[:ID] {}- The
custom{} and
provider{} sections are very similar,
except that the custom section allows customizing the DDNS update server
details. See below list for supported DDNS providers and their
email@ddns-service.tld identifiers.
To support multiple users of the same DDNS provider, append
[:ID] to the provider name. The
ID can be any free form string or
number as long as the combination is unique.
Common settings in custom{} and provider{} sections are:
include("/path/to/file")- Include settings from another file, supports tilde expansion, e.g.
~/.freedns.pw. Any custom{} or
provider{} setting can be included, and any amount of include
statements may be used.
ssl
= <true |
false>- Use HTTPS, both when checking for IP changes and updating the DNS
record. Default is to use HTTPS (true).
username
= USERNAME.- The username, if applicable. This might be referred to as hash by some
providers.
password
= PASSWORD- The password, if applicable.
iface
= IFNAME- Same as the global setting, but only for this provider. For more
information, see above.
checkip-server
= <default |
checkip.example.com[:port]>- This setting allows overriding the provider's default checkip server.
The
default keyword resolves to the
built-in default,
http://ifconfig.me/ip, which affect
not only this setting, but also
checkip-path and
checkip-ssl. Any other value is the
server name to query periodically for IP address changes. The optional
:port argument defaults to
443, see
checkip-ssl for details.
This is an optional setting. For
provider{} sections it defaults to
a pre-defined checkip-server and
checkip-path for the given DDNS
provider. For custom() DDNS setups
it defaults to the built-in default (abvove).
checkip-path
= /some/checkip/url?param=value- Optional server path and query string for check IP server, defaults to
"/". When the
checkip-server is set to
default, this setting is
ignored.
checkip-ssl
= <true |
false>- This setting usually follows the
ssl setting, but can be used to
disable HTTPS for the IP address check. This might be needed for some
providers that only support HTTPS for the DNS record update.
However, when a custom checkip-server
is defined for a provider, this setting does
not follow the
ssl setting. Default is to use
HTTPS (true).
checkip-command
= /path/to/shell/command [optional args]- Shell command, or script, for IP address update checking. The command
must output a text with the IP address to its standard output. The
following environment variables are set:
- INADYN_PROVIDER
- contains the DDNS provider's full name in form
email@ddns-service.tld
- INADYN_USER
- contains user's name
Example:
checkip-command = "/sbin/ifconfig eth0 | grep 'inet addr'"
Inadyn will use the first occurrence
in the command's output that looks like an address. Both IPv4 and IPv6
addresses are supported.
hostname
= HOSTNAME-
hostname
= { HOSTNAME1.name.tld,
HOSTNAME2.name.tld }- Your hostname alias. To list multiple names, use the second form.
user-agent
= STRING- Same as the global setting, but only for this provider. If omitted it
defaults to the global setting, which if unset uses the default
inadyn user agent string. For more
information, see above.
wildcard
= <true |
false>- Enable domain name wildcarding of your domain name, for DDNS providers
that support this, e.g. easydns.com and loopia.com. This means that
anything typed before your hostname, e.g. www. or ftp., is also
updated when your IP changes. Default: disabled. For
inadyn < 1.96.3 wildcarding was
enabled by default.
ttl
= SEC- Time to live of your domain name. Only works with supported DDNS
providers, e.g. cloudflare.com.
proxied
= <true |
false>- Proxy DNS origin via provider's CDN network. Only works with supported
DDNS providers, e.g. cloudflare.com. Default: false
provider
[email@]ddns-service[.tld] {}- Either a unique substring matching the provider, or or one of the exact
matches to the following unique provider names:
default@freedns.afraid.org- ⟨https://freedns.afraid.org⟩
ipv4@nsupdate.info- ⟨https://nsupdate.info⟩
ipv6@nsupdate.info- ⟨https://nsupdate.info⟩
default@duckdns.org- ⟨https://duckdns.org⟩
default@freemyip.com- ⟨https://freemyip.com⟩
default@loopia.com- ⟨https://www.loopia.com⟩
default@dyndns.org- Connect to ⟨https://www.dyndns.org⟩, i.e.,
⟨https://dyn.com⟩
default@noip.com- ⟨https://www.noip.com⟩
default@no-ip.com- Handled by
default@noip.com
plugin.
default@easydns.com- ⟨https://www.easydns.com⟩
default@dnsomatic.com- ⟨https://www.dnsomatic.com⟩
dyndns@he.net- ⟨https://dns.he.net⟩
default@tunnelbroker.net- IPv6 ⟨https://www.tunnelbroker.net⟩ by Hurricane
Electric.
default@sitelutions.com- ⟨https://www.sitelutions.com⟩
default@dnsexit.com- ⟨https://www.dnsexit.com⟩
default@zoneedit.com- ⟨https://zoneedit.com⟩
default@changeip.com- ⟨https://www.changeip.com⟩
default@dhis.org- ⟨https://www.dhis.org⟩
default@domains.google.com- ⟨https://domains.google⟩
default@ovh.com- ⟨https://www.ovh.com⟩
default@gira.de- ⟨https://giradns.com⟩
default@duiadns.net- ⟨https://www.duiadns.net⟩
default@ddnss.de- ⟨https://ddnss.de⟩
default@dynv6.com- ⟨https://dynv6.com⟩
default@ipv4.dynv6.com- ⟨https://ipv4.dynv6.com⟩
default@spdyn.de- ⟨https://spdyn.de⟩
default@strato.com- ⟨https://www.strato.com⟩
default@cloudxns.net- ⟨https://www.cloudxns.net⟩
dyndns@3322.org- ⟨https://www.3322.org⟩
default@dnspod.cn- ⟨https://www.dnspod.cn⟩
default@dynu.com- ⟨https://www.dynu.com⟩
default@selfhost.de- ⟨https://www.selfhost.de⟩
default@pdd.yandex.ru- ⟨https://connect.yandex.ru⟩
default@cloudflare.com- ⟨https://www.cloudflare.com⟩
default@goip.de- ⟨https://www.goip.de⟩
custom
some@identifier {}- Specific to the custom provider section are the following settings:
ddns-server
= update.example.com- DDNS server name, not the full URL.
ddns-path
= /update?domain=- DDNS server path. By default the hostname is appended to the path,
unless
append-myip=true is set.
Alternatively,
printf(3)
like format specifiers may be used for a fully customizable HTTP GET
update request. The following format specifiers are currently
supported:
%u- username
%p- password, if HTTP basic auth is not used
%h- hostname
%i- IP address
With the following example:
username = myuser
password = mypass
ddns-path = "/update?user=%u&password=%p&domain=%h&myip=%i"
hostname = YOURDOMAIN.TLD
the resulting update URL would be expanded to
/update?user=myuser&password=mypass&domain=YOURDOMAIN.TLD&myip=1.2.3.4
However, the password is usually never sent in clear text in the HTTP
GET URL. Most DDNS providers instead rely on HTTP basic auth., which
inadyn always relays to the server
in the HTTP header of update requests.
inadyn.conf v2.1 and later defaults
to HTTPS to protect your credentials, but some providers still do not
support HTTPS.
append-myip
= true- Append your current IP to the the DDNS server update path. By default
this setting is false and the hostname is appended. Unless the
ddns-path is given with format
specifiers, in which case this setting is unused.
Worth noting below is how two different user accounts can use the same DDNS
provider, No-IP.com, by using the concept of instances ':N'.
period = 300
# Dyn.com
provider dyndns.org {
username = account1
password = secret1
hostname = { "my.example.com", "other.example.org" }
}
# FreeDNS. Remember the username must be in lower case
# and password (max 16 chars) is case sensitive.
provider freedns {
username = lower-case-username
password = case-sensitive-pwd
hostname = some.example.com
}
# No-IP.com #1
# With multiple usernames at the same provider, index with :#
provider no-ip.com:1 {
checkip-server = "dynamic.zoneedit.com"
checkip-path = "/checkip.html"
checkip-ssl = false
username = account21
password = secret21
hostname = example.no-ip.com
}
# No-IP.com #2
provider no-ip.com:2 {
username = account22
password = secret22
hostname = another.no-ip.com
}
# Google Domains - notice use of '@' to update root entry
provider domains.google.com:1 {
hostname = @.mydomain.com
username = your_username
password = your_password
}
# Wildcard subdomains - notice the quoutes (required!)
provider domains.google.com:2 {
hostname = "*.mydomain.com"
username = your_username
password = your_password
}
# Loopia
provider loopia.com {
wildcard = true
username = account3
password = secret3
hostname = example.com
}
# ddnss.de
provider ddnss.de {
username = your_username
password = your_password
hostname = your_host.ddnss.de
}
# spdyn.de
provider spdyn.de {
username = your_username
password = your_password
hostname = your_host.spdyn.de
}
# www.strato.com
provider strato.com {
username = your_username
password = your_password
hostname = example.com
}
# dynv6.com update using a custom checkip-command, which works
# if you have access to an Internet-connected interface. Make
# sure to verify the command works on your system first
allow-ipv6 = true # required option for IPv6 atm.
provider default@dynv6.com {
username = your_token
password = not_used
hostname = { my.dynv6.net } # second host with comma
checkip-command = "/sbin/ip -6 addr | grep inet6 | awk -F '[ ]+|/' '{print $3}' | grep -v ^::1 | grep -v ^fe80"
}
# IPv6 account at https://tunnelbroker.net
provider tunnelbroker.net {
username = xyzzy
password = update-key-in-advanced-tab
hostname = tunnel-id
}
# www.freemyip.com
provider freemyip.com {
password = your_token
hostname = your_hostname.freemyip.com
}
# www.cloudxns.net
provider cloudxns.net {
username = your_api_key
password = your_secret_key
hostname = yourhost.example.com
}
# www.dnspod.cn
provider dnspod.cn {
username = your_api_id
password = your_api_token
hostname = yourhost.example.com
}
# www.cloudflare.com #1
provider cloudflare.com {
username = zone.name
password = api_token # Create a unique custom api token with the following permissions: Zone.Zone - Read, Zone.DNS - Edit.
hostname = hostname.zone.name
ttl = 1 # optional, value of 1 is 'automatic'.
proxied = false # optional.
}
# www.cloudflare.com #2
provider cloudflare.com {
username = zone.name
password = api_token # Create a unique custom api token with the following permissions: Zone.Zone - Read, Zone.DNS - Edit.
hostname = fc9f4f7feb9f9ff8710c2b4f3fb6b5a0 # The Cloudflare identifier of this dns record. Useful when updating round-robin DNS entries.
ttl = 1 # optional, value of 1 is 'automatic'.
proxied = false # optional.
}
# www.goip.de
provider goip.de {
username = username
password = password
hostname = hostname.goip.de
}
# www.namecheap.com
custom namecheap {
username = YOURDOMAIN.TLD
password = mypass
ddns-server = dynamicdns.park-your-domain.com
ddns-path = "/update?domain=%u&password=%p&host=%h"
hostname = { "@", "www", "test" }
}
# Generic example, check all details for your provider!
custom example {
username = myuser
password = mypass
checkip-server = checkip.example.com
checkip-path = /
checkip-ssl = false
ddns-server = update.example.com
ddns-path = "/update?hostname="
hostname = myhostname.example.net
}
As of Inadyn 1.99.14 the generic plugin can also be used with providers that
require the client's IP in the update request, which for example
⟨https://dyn.com⟩ requires:
# This emulates dyndns.org
custom dyn.com {
username = DYNUSERNAME
password = DYNPASSWORD
ddns-server = members.dyndns.org
ddns-path = "/nic/update?hostname=YOURHOST.dyndns.org&myip="
append-myip = true
hostname = YOURHOST
}
Notice the use of
append-myip which differs
from above previous examples. Without this option set the default (backwards
compatible) behavior is to append the hostname.
An alternative, and perhaps more intuitive approach introduced in Inadyn v2.0,
is to use the
printf(3) like
format specifiers mentioned previously. The same example look like this:
# This emulates dyndns.org
custom dyn.com {
ssl = false
username = DYNUSERNAME
password = DYNPASSWORD
ddns-server = members.dyndns.org
ddns-path = "/nic/update?hostname=%h.dyndns.org&myip=%i"
hostname = YOURHOST
}
inadyn(8)
The
inadyn home page is
⟨https://github.com/troglobit/inadyn⟩
This manual page was initially written for the
Debian
GNU/Linux system by
Shaul Karl
⟨mailto:shaul@debian.org⟩. Currently maintained by
Joachim Wiberg
⟨mailto:troglobit@gmail.com⟩.