DDNS through Website Host

The purpose of this project was to provide a way to update customized sub-domain ip addresses that are dynamically assigned and subject to change. The update process can be achieved through a router, DD-WRT is the only router firmware I know of that provides the needed configuration options in the HTTP-GUI interface, or an update program running on a PC.

My research lead me to discover that dynamic DNS services (like dnsdynamic.org, changeIP.com, No IP, afraid.org, dyndns.com) use HTTP as the update protocol. Information is sent via HTTP containing the user, password, domain and IP address. Authentication is provided by HTTP basic authentication. This could be a vulnerability and would preferably be done over an SSL connection.

Most web hosts provide configuration options through a web portal (CPL), including the ability to add and modify custom DNS entries. To complete this project I needed to figure out a way to script these changes. Curl was the first and most obvious choice. I used Firefug to monitor the post and response information transactions when logging into the web control panel and editing the DNS entries. From this I found out what information was being sent where. I used curl to successfully log into the control panel and save the session in a cookie. Then I used the cookie to post the proper information to the page that edits the DNS entries. BAM, I had my way to script the DNS changes.

CURL login with cookie:
curl -c cookies.txt -d 'post information' 'destination address'

CURL form completion using cookie from login:
curl -b cookies.txt -d 'post information' 'destination address'

Of course cookies should be deleted after use and my finished script does that.

The next step was to be able to listen for update requests, what better way than to use the web server running on the host. The test I did was on a site not running SSL, but it is only a test site and not actually serving or dealing with sensitive data. In order to get a client to successfully update I had to implement the authentication mechanism. The standard files come into play, .htaccess and .htpasswd. I created a couple of test users and sub-domains and tested the functionality of authentication on the directory I chose for the test. Success!!!

So I had a way to script the changes and a server which provided authentication but still needed to link the server authentication to the update process. PHP was available on the host as was php-curl. After researching the DDNS client used by DD-WRT (inadyn) I had a basic understanding of the information exchanging between the client and the server and was ready to write a PHP script to listen for update requests in the password protected directory.

The following php script is the result. The curl.php script contains the update function. The update function contains sensitive information about my web host so it is not included. The update request sends the variables for IP and host name in the URL and they can be retrieved via the GET method.

A text file is used to check the submitted IP address against the current IP address stored in the web hosts DNS server. The text file stores the username, domain name and IP address for each subdomain. If there is no change in the IP address the script returns 'nochg'. If the domain name sent does not match with the domain name on a line of the text file it returns 'notfqdn'. If the IP has changed the script executes the update function, sends a 'good' response back to the client and writes the new address to the text file. The update function uses curl to update the IP address through the web hosts control panel.

The format for the text file looks like this

username fqdn current-ip-address
username fqdn current-ip-address
username fqdn current-ip-address

The curl-php portion logs in and obtains a cookie from the web host and then is basically just a conditional execution depending on the host name of the sub-domain.

The INADYN client needs three extra options to function with this setup:

--dyndns_system custom@dyndns.org
--dyndns_server_url /path/to/scripts?hostname=
--dyndns_server_name mywebserver.com

At the bottom of this page there is a screen shot of an actual successful test using the DDNS settings in DD-WRT. It has been photo shopped to remove sensitive info. You should see how the DD-WRT GUI reflects the three required options listed above. It took me a while to the options correct. The DD-WRT GUI appends the host name you enter to the value you put in the URL field. If you do not add the ?hostname= to the end of the URL field it does not work. To test the update I entered the current IP address in the text file and got an update not necessary response. I entered a bogus address into the text file and got an update successful response. Of course incorrect parameters like user, password, Host Name, URL or DYNDNS Server return errors.





Valid XHTML5 Valid CSS!