Support for DynDNS provider deSEC.io
-
I've been trying to configure the pfSense DynDNS service to work with the provider deSEC.io (https://desec.io). This provider offers free service and - this is what got me interested - supports DNSSEC and IPv6. I was able to update either my IPv4 or my IPv6 address using the "Custom" providers in pfSense, but not both at once. After looking at their API spec:
https://desec.io/#!/en/docs/update-api-details
… it became clear why: If it receives an update request where either the v4 or v6 address is not specified, it will delete the A or AAAA record respectively. So, to get both v4 and v6 addresses registered, they have to be updated in a single request, which is not possible with the pfSense "Custom" provider option as far as I can see.
Would it be possible to add support for this provider?
-
I've been trying to configure the pfSense DynDNS service to work with the provider deSEC.io (https://desec.io). This provider offers free service and - this is what got me interested - supports DNSSEC and IPv6. I was able to update either my IPv4 or my IPv6 address using the "Custom" providers in pfSense, but not both at once. After looking at their API spec:
https://desec.io/#!/en/docs/update-api-details
… it became clear why: If it receives an update request where either the v4 or v6 address is not specified, it will delete the A or AAAA record respectively. So, to get both v4 and v6 addresses registered, they have to be updated in a single request, which is not possible with the pfSense "Custom" provider option as far as I can see.
Would it be possible to add support for this provider?
Did you ever work out the correct method to use deSEC.io, it looks pretty cool. Id like to use that along side pfsense, Acme Certificates and Let's Encrypt ..
-
Indeed it is a very nice free dynamic dns. The compatibility with Lets Encrypt is particularly "tasty". To update it is simple, just create a "Custom" updater. On the form for the updater you only have to set the Update URL and Result Match.
The url should be formatted like this:
https://update.dedyn.io/update?username=YOUR_SUBDOMAIN_HERE.dedyn.io&password=YOUR_MEGA_LONG_PASS_HEREIn the Result Match type:
goodThats all. The updater won't get the domain, so you won't see any in the Dashboard, but as long as the reply from the url is "good", you should be indeed good and it will update.
You can validate your setup and check if indeed is updating in the url:
https://desec.io/#!/en/tools/dyndns-check?domain=YOUR_SUBDOMAIN_HERE.dedyn.io -
Does this still work?
I created a token with the name pfSense on deSEC.io for my subdomain and use this token for the YOUR_MEGA_LONG_PASS_HERE but I get a
Result did not match. [Invalid token.]in the pfSense logs.
-
I got this answer via email from the deSEC support and want to share it as it actually solved my issue.
Our token values do not have the form 82733565-feb5-4909-8e80-19a1b83dab85.
This is the format of the IDs of our tokens. For authentication, you need
to send the token value, not the token ID.The token ID is needed to distinguish tokens, as the token name field is
optional (and you can also use the same token name several times).You cannot look up the value of an already existing token in our web
interface. In fact, we do not store the values of our token in clear
text.The token value is only displayed once when you create a token. In the
web interface, it is displayed in a notification at the bottom of the
screen. (If you use the REST API manually, the token value is contained
in the response body when you issed a token create request.)So best way forward probably is to delete your pfSense token in our
web interface, and create a new one. Then take a look at the value
displayed at the bottom of the screen, and copy it to your pfSense
configuration. -
Feature request created: https://redmine.pfsense.org/issues/11357
