Custom Dynamic DNS client and HTTP authentication

smitelli

Greetings. This evening I was trying to roll a custom dynamic DNS server to receive IP change notifications from my pfSense box. I got it working easily using the Custom service type, but I decided that before I proceeded much further, I should start using (and checking) a username and password.

I set the Username and Password fields, and checked the server's logs for the Authorization: header on each request. It wasn't there. No matter what I tried, I couldn't get the server to see that pfSense was trying to send authentication info. Eventually I dove into /etc/inc/dyndns.class to see what was going on. On or around line 587, we do:

curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);

…and for some reason, that makes curl choose some authentication scheme that is not basic auth. I'm not sure how to ask curl what authentication scheme it ultimately ended up using, but whatever it was my server could not understand or see it. Removing this line, or setting it to use CURLAUTH_BASIC makes the authentication work properly.

I will readily admit that basic auth is really no more secure than sending the passwords in the clear, but it's the method that we use for DynDNS, ZoneEdit, OpenDNS… all of them, really. I think chances are pretty good that any dynamic DNS provider that offers URL-based updating would use basic auth, no?