setting up nsupdate.info software and related services, docs, ansible, ... #442
Comments
|
Glad to help! :-) Our docs for server installation are by far not complete and this is partly intended, because we do not want to document stuff that is not from us / not part of this project (e.g. Web Servers nginx/apache, bind9 and other nameservers, linux system/network administration, etc.). But all these have their own docs and especially django has quite good docs with a lot of tipps, so please read them (they are useful every time you install some django project, not just for nsupdate.info sw). Maybe try to get some simple django app working, that does not need to be nsupdate.info sw, could be also some "hello world" app. Also play with virtualenv, this is useful for installing python apps in general. If you have specific questions that are not covered by our docs, but that are related specific to our sw, feel free to ask. You can also do an incremental approach. E.g. you could at first only run your own nameserver and register it with the https://nsupdate.info/ instance. Later you can install your own nsupdate-info server and use your nameserver with that. |
Sage advice and actually am trying to do currently.
Actually I tried to do this quite recently, last 3-4 days. Worked diligently and learned all about nsupdate (bind) commands, how to setup and use the keys and everything. Worked out all the configuration parts, managed to get my nsupdate command with my key working from remote hosts to update my dns server but for some reason the nsupdate.info online service could not do it, even with the same (and correct key). I didn't want to bother anyone so I went forward to trying to self hosted. I can give it a try again. |
|
https://www.nsupdate.info/custom/site.html did you read that? Maybe solves your own-ns-updating issue. |
|
!!! No, I did not see that at all. Well, time to get IPV6 enabled. Thanks, that would probably explain it. |
|
You don't even need v6 yourself, just use the right way to enter the right v6 address into nsupdate.info instance, see URL. |
|
Ok, yeah I figured that part out, but still doesn't like my server. Not sure why. My primary and secondary are the same address, not sure if thats the problem. address in ipv6 form here: ::ffff:46.4.91.85 Or perhaps because I am using a subdomain?
Is this supported? |
|
your v6 addr is wrong.
read the the text again at the url i gave.
…On December 22, 2019 3:08:04 PM GMT+01:00, abclution ***@***.***> wrote:
Ok, yeah I figured that part out, but still doesn't like my server. Not
sure why.
My primary and secondary are the same address, not sure if thats the
problem.
address in ipv6 form here: ::ffff:46.4.91.85
Or perhaps because I am using a subdomain?
I want to do dynamic dns on a subdomain
* .ip.fixd.eu
Is this supported?
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#442 (comment)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
|
Well, I dunno. I only started playing with ipv6 a few weeks ago, so also pretty newbish. I thought I was supposed to do ipv4 embedded ipv6 address. Then I also tried setting it to XXXXXX like the example on the link but it doesn't seem right either. And I tried a 6to4 calculator that gave me this - XXXXXXXXXX But I guess I just don't understand why its not working. Or there is a firewall issue on my side. Not sure. I understand needed to give my ipv4 in a ipv6 form, which I thought I did, but I still get the no connectivity, and honestly, I can't figure out what I've done wrong. |
|
ping6 works: |
|
Ok. I finally managed to get it working. I spent some time setting up my IPV6 on my server, but was still getting
IPV6 Connectivity was working fine though, so next step was DNS (bind) Step number 3 on this website was the key. https://kiko.ghost.io/things-i-wish-id-known-about-nsupdate-and-dynamic-dns-updates/ Added the allow-update { key mykeynamedefinedinbindconf; }; to the specific zone file, (as well as the key definition in the named.conf and suddenly everything started working. Duh. DNS, its always DNS. Actually it was BIND. Perhaps add information regarding per-zone key authentication to nsupdate.info help text. |
|
OK, so this is not really in the scope of nsupdate-info docs, it is bind docs. We could maybe add some links to the relevant parts of the bind docs, but we do not want to re-write bind docs. Can you make a pull request with that against our docs? |
|
In my opinion, putting a small hint text helper to this area (see photo), including the (nsupdate.info server specific) note regarding requiring embedded ipv4 embedded ipv6 address, instead of linking to bind documentation would be more more end user friendly.
I will see if I can find the appropriate files and add some words |
|
As you already noted: the "embed v4 in v6" address part is specific to that server, it is not generally true for the software. So make sure this is made clear. |
|
Guess we can close this? |
|
Oh, I am still working on some things that I mentioned. Got some of the additional text done, but haven't found the second page I want to add it to yet. Got distracted making a windows .bat DNS updater and finalizing a Mikrotik updater as well. |
|
OK, reopened. Please update as you progress. |
|
Hi again. Regarding the text changes and adding allow-update { key mykeynamedefinedinbindconf; }; it appears that is a bit more complicated than just missing that allow-update clause with the key. Turns out, during initial setup, I didn't care about clobbering my own or existing sub-domains (such as www, ipv4, ipv6) for the rules given by nsupdate regarding the update-policy rules. So I didn't add that (update-policy section) to my zone. Because I did not add the update-policy, the allow-update { key mykeynamedefinedinbindconf; }; DID allow updates to happen as the key was linked to the zone through that method. But later, as I decided to implement some of the recommended update-policy actions, I received this message in my syslog: 'allow-update' is ignored when 'update-policy' is present So as it turns out the zone needs EITHER allow-update { key mykeynamedefinedinbindconf; }; OR the update-policy recommended rules, to allow dynamic updates from the generated keys, NOT BOTH. And nsupdate's default recommended settings are more correct, more secure and more flexible, especially if making the domain publicly shared! So, as usual, the project gurus being gurus it was a PEBKEC error on my side. So regarding adding some textual clarity in various places, what I had initially thought would be useful, is actually not correct in the way I had thought. Soo.. I need to rethink how and where additional documentation should be created for end user friendliness. Regarding the update clients, I will make another issue to keep them separated. |
|
I also had a hard time and some difficulties setting up nsupdate.info and all the required services. Finally I succeeded and wrote a simple Ansible role instead of a How To: https://github.com/citronalco/ansible-nsupdate.info |
ThomasWaldmann
changed the title
|
I did come across nsupdate only recently. So call me a I-know-nothing-user. I did read that it is possible to self host nsupdate. Is the documentation about that the part labeled "Administrating the service"? If that is the case, well, I used the search with "self" as keyword. It did not point me there. IF my guess is right, may I suggest adding a few lines (right under the headline ?) that this part of the documentation is for self hosting the service? @citronalco I did see your link above pointing to your ansible thing. Well, I don't even know what ansible is (yet). I need to look that up. Always worth learning something new. ;-) I guess it is some type of magic. ;-) Thanks for the effort in advance. Also a big thanks in advance to the dev-team of nsupdate.info. |
|
@Danfro Simply open an issue at my repo if you encounter any problems |
First off, @ThomasWaldmann I am a big fan. Your work on BorgBackup has saved my ass many times. I'm not much of a dev, but I do sysadmin mostly. Deeply appreciate and respect your (and others!) work on borg.
I manage a bunch of disconnected systems that of course are on consumer/home internet style connections with dynamic ips etc. Trying to find a selfhosted dynamic dns server is a necessity, and was happy to find this very cool project.
I consider myself fairly competent (Windows + Linux + Hosting tech), but I was utterly unable to figure out how to get this project running, at all. Possibly due to not understanding how Django projects work at all. I am comfortable with most linux tools, including pip and git and apache. In fact, I have been installing and using OSS for as long as it has been around. In the documentation, (or my brain) there seems to be a gap that I cannot bridge regarding setting this up on my own server.
I have a Virtualmin server I use for hosting (self hosted), which has support for Django installation (install scripts..) and I have also installed Django manually in my trials. I'm trying to set this up on a (apache) virtual web host, but following the documentation, there just seems to be a point where I am utterly lost. I plan on giving it another go, but I think the documentation assumes some deeper knowledge of using and setting up and understanding Django that doesn't quite lead me into success. I tried to follow into the Django documentation, but did not make it.
Its probably my inexperience with this particular framework, in fact, have never actually used a Python web app, so its a bit alien to me. But I thought I would give a bit of feedback regarding my experiences.
I've already failed for about 5 hours, and I plan on failing for at least another 5. So wish me luck.
The text was updated successfully, but these errors were encountered: