DDNS (dynamic host names) DUC setup in OpenWrt.

For a zillion and one reasons, many of us own host "names". These might be names we registered with a domain registrar, or names we have aquired through one of the many, many dynamic hosts services, such as no-ip.com.

Mostly these hosts get used for web sites, and mostly they are hosted on regular web servers "out there". Servers with fixed IP addresses that you can always get to by that same IP address/name combo.

But many of these names need to point to services which run on our OWN machines, for example to run web or ftp servers at home, or to access your security/IP cameras when you are out and about, or for VPNs and remote logins and much, much, MUCH more.

But OUR Machines are behind NATs and inside ISP Dynamic IP Address pools and the IP Address of our "home" can quite literally change from one minute to the next, unless you are paying your ISP (handsomely) for a fixed IP, which would be mad, as we have dynamic host name providers!

When our dynamic external IP changes, for example when we reconnect our DSL, we simply let the "Dynamic DNS" (DDNS) provider know our new IP, and they instantly update the world's DNS records (it usually takes a few minutes for changes to propagate the entire planet). Problem solved.

These DDNS suppliers provide scripts, programs, apps and such to keep your current IP in sync with the corresponding host name records. If you run OpenWrt you don't need any of that extra stuff running on your machines. OpenWrt can handle every single one of your dynamic host names automatically.

When I say "automatically", I mean once it's setup correctly, which in OpenWrt can be a pain in the arse.

Hopefully this page can take away some of that pain..

Installation is simple. Either use LuCI (System >> Software) a shell, do..

opkg install ddns-scripts

If you want to use the web interface to configure your DDNS, also do..

opkg install luci-app-ddns

I'm not a fan of the web interface for configuring OpenWrt, but you can certainly use that to configure your ddns scripts. If you are creating a config in /etc/config/ddns, it might look something like this example namecheap ddns upate..

config service 	home
	option enabled			1
	option name				myfunkydynamicdomain.com
	option interface		wan
	option check_interval	16
	option check_unit		minutes
	option domain			myfunkydynamicdomain.com
	option force_interval	63
	option force_unit		hours
#	option ip_source		script
#	option ip_script		/usr/local/bin/myextip
	option ip_source		web
	option ip_script		http://icanhazip.com/
	option retry_interval	60
	option retry_unit		seconds
	option service_name		namecheap.com
	option username			@
	option password			6cc75a49ead92fc1d3516687b8a42c22
	option use_https		1
	option cacert			/etc/ssl/certs

You will note I also have a "script" to determine my external IP address. It simply returns your external IP in plain text, which is precisely what the "web" option (above) does. I use the script elsewhere on the system. /usr/local/bin/myextip is simply this..

	#!/bin/sh
	wget -qO- http://icanhazip.com/

You could also use the corz.org plain text ip service, but I'm not going to demonstrate that here.

Note, if you use SSL (as in above example) you will need to install the full version of wget..

	opkg install wget

and install the proper SSL certificates..

	mkdir -p /etc/ssl/certs
	opkg install openssl-util
	opkg install ca-certificates

And install valid certificates for whatever domains you plan to access with the ddns updater script using SSL. You really don't want to be throwing your domain update passwords over the internet in plain text.

Here is how to create the certificate for https://dynamicdns.park-your-domain.com:443, the namecheap update server..

	cd /etc/ssl/certs
	openssl s_client -connect dynamicdns.park-your-domain.com:443 < /dev/null > temporary.out
	openssl x509 -outform PEM < temporary.out > dynamicdns.park-your-domain.com.cer

Finally, create a valid ".0" link using the hash value from openssl..

	HASH=`openssl x509 -hash -noout -in dynamicdns.park-your-domain.com.cer`.0
	ln -s dynamicdns.park-your-domain.com $HASH

Done!

Repeat for each host.

You might want to make a script for it..

cat /usr/local/bin/addcert

#!/bin/sh
# author: cor at corz dot org

openssl=/usr/bin/openssl

if [ ! -f $openssl ]; then
  echo "ERROR: Can't find $openssl. openssl-util installed?" >&2
fi

domain=$1
cd $SSL_CERT_DIR

openssl s_client  -connect $domain:443 < /dev/null > temporary.out
openssl x509 -outform PEM < temporary.out > $domain.cer
HASH=`openssl x509 -hash -noout -in $domain.cer`.0
ln -s $domain $HASH

rm temporary.out

Then you can simply do..

	addcert no-ip.com

Oh! Possibly /usr/local/bin isn't in your system PATH. That is set in /etc/profile. You will want something like..

	export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin

When you are in there, don't forget to put

	export SSL_CERT_DIR=/etc/ssl/certs

Up near the top somewhere.

Yup, all that to make a single https request! But it's worth it, and you should only need to do it one time.

Other Dynamic Host Providers

Most of the dynamic host providers are fairly easy to setup. The odd one is no-ip.com. There is a package you can download specifically for handling no-ip.com, but I prefer to use OpenWrt's "Custom" option, especially when updating multiple hosts, like this..

config service noip
	option	enabled			1
	option	name			noip
	option	interface		wan
	option	check_interval	15
	option	check_unit		minutes
	option	force_interval	66
	option	force_unit		hours
	option	ip_source		script
	option	ip_script		/usr/local/bin/myextip
	option	retry_interval	60
	option	retry_unit		seconds
	option	username		me@somemailserver.com
	option	password		PASSWORD-HERE
	option	use_syslog		2
	option	use_logfile		1
	option	update_url		'http://[USERNAME]:[PASSWORD]@dynupdate.no-ip.com/nic/update?hostname=dynamic.no-ip.com,dynamic.no-ip.biz,dynamic.no-ip.org,dynamic.no-ip.info,dynamic.serveftp.com&myip=[IP]'
	option	domain			dynamic.no-ip.com
	option use_https		1
	option cacert			/etc/ssl/certs

Note the multiple hosts in the update url, separated by commas. Also note that is one single line, no matter how it looks in your browser (copy & paste will work fine).

Testing..

You can test your individual configurations from the shell. This is how to test the "noip" DUC config (the name corresponds to "config service <THIS-STRING>")..

	/usr/lib/ddns/dynamic_dns_updater.sh noip

This will run the update script from the shell and you will see all the output, which is much handier for debugging. Use Ctrl+C to terminate the script after the update.

Once everything is working you can startup individual DUC services from the shell..

	/usr/lib/ddns/dynamic_dns_updater.sh noip &

Finally, enable the ddns DUC service and start it up..

/etc/init.d/ddns enable
/etc/init.d/ddns start