Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
INADYN(5)		    System Manager's Manual		     INADYN(5)

NAME
     inadyn.conf -- inadyn DDNS	client configuration file

SYNOPSIS
     /usr/local/etc/inadyn.conf

DESCRIPTION
     inadyn is configured using	a simple configuration file.  The "#" charac-
     ter marks start of	a comment to end of line.  The \ character can be used
     as	an escape character.

     verify-address = <true | false>
	   By default inadyn verifies both IPv4	and IPv6 addresses, making
	   sure	the address is a valid Internet	address.  Invalid addresses
	   are,	e.g., link local, loopback, multicast and known	experimental
	   addresses.  For more	information, see RFC3330.

	   IP address validation can be	disabled by setting this option	to
	   false.

     fake-address = <true | false>
	   When	using SIGUSR1, to do a forced update, this option can be used
	   to fake an address update with a "random" address in	the
	   203.0.113.0/24 range, example address range from RFC5737, before
	   updating with the actual IP address.	 This is completely outside
	   spec., but can be useful for	people who very	rarely,	if ever, get
	   an IP address change.  Because some DDNS service providers will not
	   register even a forced update if the	IP is the same.	 As a result
	   the user could be deregistered as an	inactive user.

     allow-ipv6	= <true	| false>
	   Inadyn can get an IPv6 address from an interface, or	with an	exter-
	   nal checkip script.	This option controls if	IPv6 addresses should
	   be allowed or discarded.  By	default	this option is false, i.e.
	   IPv6	addresses are discarded.

     iface = IFNAME
	   Use network interface IFNAME	as source of IP	address	changes	in-
	   stead of querying an	external server.  With this option is enabled,
	   the external	IP check is disabled and inadyn	will send DDNS updates
	   using the IP	address	of the IFNAME network interface	to all DDNS
	   providers listed in the configuration file.	This can be useful to
	   register LAN	IP addresses, or, when connected directly to a public
	   IP address, to speed	up the IP check	if the DDNS provider's check-
	   ip servers are slow to respond.

	   This	option can also	be given as a command line option to
	   inadyn(8), both serve a purpose, use	whichever one works for	you.

     iterations	= <NUM | 0>
	   Set the number of DNS updates. The default is 0, which means	infin-
	   ity.

     period = SEC
	   How often the IP is checked,	in seconds. Default: apxrox. 1 minute.
	   Max:	10 days.

     forced-update = SEC
	   How often the IP should be updated even if it is not	changed. The
	   time	should be given	in seconds.  Default is	equal to 30 days.

     secure-ssl	= < true | false >
	   If the HTTPS	certificate validation fails for a provider inadyn
	   aborts the DDNS update before sending any credentials.  When	this
	   setting is disabled,	i.e.  false, then inadyn will only issue a
	   warning.  By	default	this setting is	enabled, because security mat-
	   ters.

     broken-rtc	= < true | false >
	   HTTPS certificates are only valid within specified time windows, so
	   on systems without hardware real-time clock and default bootup time
	   far in the past, false-positive validation fail is expected.	When
	   this	setting	is enabled, i.e.  true,	then inadyn will only issue a
	   warning that	the certificate	is not valid yet. By default this set-
	   ting	is disabled, because security matters.

     ca-trust-file = FILE
	   By default inadyn uses the built-in path to the system's trusted CA
	   certificates, both GnuTLS and Open/LibreSSL support this.  As a
	   fall-back, in case the API's	to load	CA certificates	from the
	   built-in path fails,	inadyn also supports common default paths to
	   Debian and RedHat CA	bundles.

	   This	setting	overrides the built-in paths and fallback locations
	   and provides	a way to specify the path to a trusted set of CA cer-
	   tificates, in PEM format, bundled into one file.

     user-agent	= STRING
	   Specify the User-Agent string to send to the	DDNS provider on
	   checkip and update requests.	 Some providers	require	this field to
	   be set to a specific	string,	some may be OK with "Mozilla/4.0".
	   The default is to send "inadyn/VERSION SUPPORTURL", where VERSION
	   is the current inadyn version, and SUPPORTURL is the	upstream sup-
	   port	URL.

	   This	can also be set	on a per-provider basis, see below custom and
	   provider section description.

     custom some@identifier {}
	   The custom{}	and provider{} sections	are very similar, except that
	   the custom section allows customizing the DDNS update server	de-
	   tails.  For more details, see the description for provider{}, be-
	   low.

     provider email@ddns-service.tld[:ID] {}
	   The custom{}	and provider{} sections	are very similar, except that
	   the custom section allows customizing the DDNS update server	de-
	   tails.  See below list for supported	DDNS providers and their
	   email@ddns-service.tld identifiers.

	   To support multiple users of	the same DDNS provider,	append [:ID]
	   to the provider name.  The ID can be	any free form string or	number
	   as long as the combination is unique.

	   Common settings in custom{} and provider{} sections are:

	   ssl = <true | false>
		 Use HTTPS, both when checking for IP changes and updating the
		 DNS record.  Default is to use	HTTPS (true).

	   username = USERNAME.
		 The username, if applicable.  This might be referred to as
		 hash by some providers.

	   password = PASSWORD
		 The password, if applicable.

	   checkip-server = checkip.example.com[:port]
		 Server	to use for periodic IP address changes,	port defaults
		 to 80.

		 This is an optional setting.  For provider{} sections it de-
		 faults	to a pre-defined checkip-server	and checkip-path for
		 the given DDNS	provider.  For custom DDNS setups it defaults
		 to api.ipify.org, which is a really great and free service
		 that even support HTTPS, see checkip-ssl setting, below.
		 When set in a provider{} section it overrides the provider's
		 default checkip-server.

	   checkip-path	= /some/checkip/url
		 Optional server path for check	IP server, defaults to "/".

	   checkip-ssl = <true | false>
		 This setting usually follows the ssl setting, but can be used
		 to disable HTTPS for the IP address check.  This might	be
		 needed	for some providers that	only support HTTPS for the DNS
		 record	update.

		 However, when a custom	checkip-server is defined for a
		 provider, this	setting	does not follow	the ssl	setting.  De-
		 fault is to use HTTPS (true).

	   checkip-command = /path/to/shell/command [optional args]
		 Shell command,	or script, for IP address update checking.
		 The command must output a text	with the IP address to its
		 standard output.  The following environment variables are
		 set:

		 INADYN_PROVIDER
		       contains	the DDNS provider's full name in form
		       email@ddns-service.tld

		 INADYN_USER
		       contains	user's name

		 Example:

		       checkip-command = "/sbin/ifconfig eth0 |	grep 'inet addr'"

		 Inadyn	will use the first occurrence in the command's output
		 that looks like an address.  Both IPv4	and IPv6 addresses are
		 supported.

	   hostname = HOSTNAME

	   hostname = {	HOSTNAME1.name.tld, HOSTNAME2.name.tld }
		 Your hostname alias.  To list multiple	names, use the second
		 form.

	   user-agent =	STRING
		 Same as the global setting, but only for this provider.  If
		 omitted it defaults to	the global setting, which if unset
		 uses the default inadyn user agent string.  For more informa-
		 tion, see above.

	   wildcard = true
		 Enable	domain name wildcarding	of your	domain name, for DDNS
		 providers that	support	this, e.g. easydns.com and loopia.com.
		 This means that anything typed	before your hostname, e.g.
		 www. or ftp., is also updated when your IP changes.  Default:
		 disabled.  For	inadyn < 1.96.3	wildcarding was	enabled	by de-
		 fault.

     provider [email@]ddns-service[.tld] {}
	   Either a unique substring matching the provider, or or one of the
	   exact matches to the	following unique provider names:

	   default@freedns.afraid.org
		 <https://freedns.afraid.org>
	   ipv4@nsupdate.info
		 <https://nsupdate.info>
	   default@duckdns.org
		 <https://duckdns.org>
	   default@freemyip.com
		 <https://freemyip.com>
	   default@loopia.com
		 <https://www.loopia.com>
	   default@dyndns.org
		 Connect to <https://www.dyndns.org>, i.e., <https://dyn.com>
	   default@noip.com
		 <https://www.noip.com>
	   default@no-ip.com
		 Handled by default@noip.com plugin.
	   default@easydns.com
		 <https://www.easydns.com>
	   default@dnsomatic.com
		 <https://www.dnsomatic.com>
	   dyndns@he.net
		 <https://dns.he.net>
	   default@tunnelbroker.net
		 IPv6 <https://www.tunnelbroker.net> by	Hurricane Electric.
	   default@sitelutions.com
		 <https://www.sitelutions.com>
	   default@dnsexit.com
		 <https://www.dnsexit.com>
	   default@zoneedit.com
		 <https://zoneedit.com>
	   default@changeip.com
		 <https://www.changeip.com>
	   default@dhis.org
		 <https://www.dhis.org>
	   default@domains.google.com
		 <https://domains.google>
	   default@ovh.com
		 <https://www.ovh.com>
	   default@gira.de
		 <https://giradns.com>
	   default@duiadns.net
		 <https://www.duiadns.net>
	   default@ddnss.de
		 <https://ddnss.de>
	   default@dynv6.com
		 <https://dynv6.com>
	   default@ipv4.dynv6.com
		 <https://ipv4.dynv6.com>
	   default@spdyn.de
		 <https://spdyn.de>
	   default@strato.com
		 <https://www.strato.com>
	   default@cloudxns.net
		 <https://www.cloudxns.net>
	   dyndns@3322.org
		 <https://www.3322.org>
	   default@dnspod.cn
		 <https://www.dnspod.cn>
	   default@dynu.com
		 <https://www.dynu.com>
	   default@selfhost.de
		 <https://www.selfhost.de>
	   default@pdd.yandex.ru
		 <https://connect.yandex.ru>
	   default@cloudflare.com
		 <https://www.cloudflare.com>

     custom some@identifier {}
	   Specific to the custom provider section are the following settings:

	   ddns-server = update.example.com
		 DDNS server name, not the full	URL.

	   ddns-path = /update?domain=
		 DDNS server path.  By default the hostname is appended	to the
		 path, unless append-myip=true is set.	Alternatively,
		 printf(3) like	format specifiers may be used for a fully cus-
		 tomizable HTTP	GET update request.  The following format
		 specifiers are	currently supported:

		 %u    username
		 %p    password, if HTTP basic auth is not used
		 %h    hostname
		 %i    IP address

		 With the following example:

		       username	 = myuser
		       password	 = mypass
		       ddns-path = "/update?user=%u&password=%p&domain=%h&myip=%i"
		       hostname	 = YOURDOMAIN.TLD

		 the resulting update URL would	be expanded to

		       /update?user=myuser&password=mypass&domain=YOURDOMAIN.TLD&myip=1.2.3.4

		 However, the password is usually never	sent in	clear text in
		 the HTTP GET URL.  Most DDNS providers	instead	rely on	HTTP
		 basic auth., which inadyn always relays to the	server in the
		 HTTP header of	update requests.  inadyn.conf v2.1 and later
		 defaults to HTTPS to protect your credentials,	but some
		 providers still do not	support	HTTPS.

	   append-myip = true
		 Append	your current IP	to the the DDNS	server update path.
		 By default this setting is false and the hostname is ap-
		 pended.  Unless the ddns-path is given	with format speci-
		 fiers,	in which case this setting is unused.

EXAMPLES
     Worth noting below	is how two different user accounts can use the same
     DDNS provider, No-IP.com, by using	the concept of instances ':N'.

	   period	  = 300

	   # Dyn.com
	   provider dyndns.org {
	       username	  = account1
	       password	  = secret1
	       hostname	  = { "my.example.com",	"other.example.org" }
	   }

	   # FreeDNS. Remember the username must be in lower case
	   # and password (max 16 chars) is case sensitive.
	   provider freedns {
	       username	  = lower-case-username
	       password	  = case-sensitive-pwd
	       hostname	  = some.example.com
	   }

	   # No-IP.com #1
	   provider no-ip.com:1	{
	       checkip-server =	"dynamic.zoneedit.com"
	       checkip-path   =	"/checkip.html"
	       checkip-ssl    =	false
	       username	      =	account21
	       password	      =	secret21
	       hostname	      =	example.no-ip.com
	   }

	   # No-IP.com #2
	   provider no-ip.com:2	{
	       username	  = account22
	       password	  = secret22
	       hostname	  = another.no-ip.com
	   }

	   # Google Domains - notice use of '@'	to update root entry
	   provider domains.google.com {
	       hostname	= @.mydomain.com
	       username	= your_username
	       password	= your_password
	   }

	   # Loopia
	   provider loopia.com {
	       wildcard	  = true
	       username	  = account3
	       password	  = secret3
	       hostname	  = example.com
	   }

	   # ddnss.de
	   provider ddnss.de {
	       username	  = your_username
	       password	  = your_password
	       hostname	  = your_host.ddnss.de
	   }

	   # spdyn.de
	   provider spdyn.de {
	       username	  = your_username
	       password	  = your_password
	       hostname	  = your_host.spdyn.de
	   }

	   # www.strato.com
	   provider strato.com {
	       username	  = your_username
	       password	  = your_password
	       hostname	  = example.com
	   }

	   # dynv6.com
	   provider dynv6.com {
	       username	  = your_token
	       password	  = not_used
	       hostname	  = your_host.dynv6.net
	   }

	   # IPv6 account at https://tunnelbroker.net
	   provider tunnelbroker.net {
	       username	  = xyzzy
	       password	  = update-key-in-advanced-tab
	       hostname	  = tunnel-id
	   }

	   # www.freemyip.com
	   provider freemyip.com {
	       password	= your_token
	       hostname	= your_hostname.freemyip.com
	   }

	   # www.cloudxns.net
	   provider cloudxns.net {
	       username	= your_api_key
	       password	= your_secret_key
	       hostname	= yourhost.example.com
	   }

	   # www.dnspod.cn
	   provider dnspod.cn {
	       username	= your_api_id
	       password	= your_api_token
	       hostname	= yourhost.example.com
	   }

	   # Create a unique API token with the	following Permissions:
	   #   Zone: Zone - Read
	   #   Zone: DNS - Edit
	   #
	   # If	the token is limited to	a specific zone	(it should be)
	   # it	will also need the following permission:
	   #   Account:	Account	Settings - Read
	   #
	   # For more information, see this Cloudflare Community post:
	   # https://community.cloudflare.com/t/bug-zone-detail-by-name-requires-zone-list-permission/128042
	   #
	   # Note: global API keys are NOT supported for security reasons
	   provider cloudflare.com {
		username = unused (but currently something must	be entered)
		password = your_api_token
		hostname = yourhost.example.com
	   }

	   # Generic example for twoDNS.de
	   custom twoDNS.de {
	       username	      =	account4
	       password	      =	secret4
	       checkip-server =	checkip.two-dns.de
	       checkip-path   =	/
	       checkip-ssl    =	false
	       ddns-server    =	update.twodns.de
	       ddns-path      =	"/update?hostname="
	       hostname	      =	example.dd-dns.de
	   }

     As	of Inadyn 1.99.14 the generic plugin can also be used with providers
     that require the client's IP in the update	request, which for example
     <https://dyn.com> requires:

	   # This emulates dyndns.org
	   custom dyn.com {
	       username	    = DYNUSERNAME
	       password	    = DYNPASSWORD
	       ddns-server  = members.dyndns.org
	       ddns-path    = "/nic/update?hostname=YOURHOST.dyndns.org&myip="
	       append-myip  = true
	       hostname	    = YOURHOST
	   }

     Notice the	use of append-myip which differs from above previous examples.
     Without this option set the default (backwards compatible)	behavior is to
     append the	hostname.

     An	alternative, and perhaps more intuitive	approach introduced in Inadyn
     v2.0, is to use the printf(3) like	format specifiers mentioned previ-
     ously.  The same example look like	this:

	   # This emulates dyndns.org
	   custom dyn.com {
	       ssl	    = false
	       username	    = DYNUSERNAME
	       password	    = DYNPASSWORD
	       ddns-server  = members.dyndns.org
	       ddns-path    = "/nic/update?hostname=%h.dyndns.org&myip=%i"
	       hostname	    = YOURHOST
	   }

SEE ALSO
     inadyn(8)

     The inadyn	home page is <https://github.com/troglobit/inadyn>

AUTHORS
     This manual page was initially written for	the Debian GNU/Linux system by
     Shaul Karl	<mailto:shaul@debian.org>.  Currently maintained by Joachim
     Nilsson <mailto:troglobit@gmail.com>.

FreeBSD	13.0		       February	20, 2020		  FreeBSD 13.0

NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=inadyn.conf&sektion=5&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help