Support for DynDNS provider deSEC.io



  • I've been trying to configure the pfSense DynDNS service to work with the provider deSEC.io (https://desec.io). This provider offers free service and - this is what got me interested - supports DNSSEC and IPv6. I was able to update either my IPv4 or my IPv6 address using the "Custom" providers in pfSense, but not both at once. After looking at their API spec:

    https://desec.io/#!/en/docs/update-api-details

    … it became clear why: If it receives an update request where either the v4 or v6 address is not specified, it will delete the A or AAAA record respectively. So, to get both v4 and v6 addresses registered, they have to be updated in a single request, which is not possible with the pfSense "Custom" provider option as far as I can see.

    Would it be possible to add support for this provider?



  • @enodeb:

    I've been trying to configure the pfSense DynDNS service to work with the provider deSEC.io (https://desec.io). This provider offers free service and - this is what got me interested - supports DNSSEC and IPv6. I was able to update either my IPv4 or my IPv6 address using the "Custom" providers in pfSense, but not both at once. After looking at their API spec:

    https://desec.io/#!/en/docs/update-api-details

    … it became clear why: If it receives an update request where either the v4 or v6 address is not specified, it will delete the A or AAAA record respectively. So, to get both v4 and v6 addresses registered, they have to be updated in a single request, which is not possible with the pfSense "Custom" provider option as far as I can see.

    Would it be possible to add support for this provider?

    Did you ever work out the correct method to use deSEC.io, it looks pretty cool.  Id like to use that along side pfsense, Acme Certificates and Let's Encrypt ..



  • Indeed it is a very nice free dynamic dns. The compatibility with Lets Encrypt is particularly "tasty". To update it is simple, just create a "Custom" updater. On the form for the updater you only have to set the Update URL and Result Match.

    The url should be formatted like this:

    https://update.dedyn.io/update?username=YOUR_SUBDOMAIN_HERE.dedyn.io&password=YOUR_MEGA_LONG_PASS_HERE
    

    In the Result Match type:

    good
    

    Thats all. The updater won't get the domain, so you won't see any in the Dashboard, but as long as the reply from the url is "good", you should be indeed good and it will update.

    You can validate your setup and check if indeed is updating in the url:

    https://desec.io/#!/en/tools/dyndns-check?domain=YOUR_SUBDOMAIN_HERE.dedyn.io
    


  • Does this still work?

    I created a token with the name pfSense on deSEC.io for my subdomain and use this token for the YOUR_MEGA_LONG_PASS_HERE but I get a

    Result did not match. [Invalid token.]
    

    in the pfSense logs.


Log in to reply