Porkbun sub domain identification seems flawed for multiple subdomain levels
0xE1 opened this issue · comments
If I'm trying to update sub2.sub1 in domain.com
ddclient generates invalid uri for single level domain configuration:
sub2.sub1.domain.com -> sub2+sub1.domain.com -> https://porkbun.com/api/json/v3/dns/retrieveByNameType/sub1.domain.com/A/sub2 -> Invalid domain.
ideally in case of domain.com being the root, it should be:
sub2.sub1.domain.com -> sub2.sub1+domain.com -> https://porkbun.com/api/json/v3/dns/retrieveByNameType/domain.com/A/sub2.sub1
which I tested by manually calling that API endpoint and it works.
I've tried on-root-domain=yes, but it then forces whole hostname to be the root
sub2.sub1.domain.com -> https://porkbun.com/api/json/v3/dns/retrieveByNameType/sub2.sub1.domain.com/A
I believe on-root-domain is working as intended as there's a usecases for it to stay exactly as it is,
what's needed is some parameter to specify the actual root domain something like root=domain.com.
Alternatively on-root-domain could also accept integer that will indicate the spit index?
I doubt Porkbun would want to accommodate retrieveByNameType/sub2.sub1.domain.com/A format to point to sub2.sub1 record within domain.com.
Content of ddclient.conf (it was generated by opnsense os-ddclient, but I've verified each line and it is valid):
syslog=yes # log update msgs to syslog
pid=/var/run/ddclient.pid # record PID in file.
ssl=yes
usev6=ifv6, ifv6=pppoe0, \
usev4=ifv4, ifv4=pppoe0, \
protocol=porkbun, \
apikey=pk1_123, \
secretapikey=sk1_123, \
login=pk1_123, \
password=sk1_123 \
sub2.sub1.domain.com
Verbose output when running ddclient -v with that config
UPDATE: updating sub2.sub1.domain.com
SENDING: Curl system cmd to https://porkbun.com
SENDING: silent
SENDING: include
SENDING: user-agent="ddclient/3.11.2"
SENDING: connect-timeout=120
SENDING: max-time=120
SENDING: request=POST
SENDING: url="https://porkbun.com/api/json/v3/dns/retrieveByNameType/sub1.domain.com/A/sub2"
SENDING: header="Content-Type: application/json"
SENDING: data="{\"secretapikey\":\"sk1_123\",\"apikey\":\"pk1_123\"}"
RECEIVE: HTTP/2 400
RECEIVE: date: Sat, 27 Jan 2024 14:07:06 GMT
RECEIVE: content-type: application/json
RECEIVE: set-cookie: AWSALB=123; Expires=Sat, 03 Feb 2024 14:07:05 GMT; Path=/
RECEIVE: set-cookie: AWSALBCORS=123; Expires=Sat, 03 Feb 2024 14:07:05 GMT; Path=/; SameSite=None; Secure
RECEIVE: server: openresty
RECEIVE: set-cookie: BUNSESSION2=123; path=/; secure; HttpOnly; SameSite=Lax
RECEIVE: expires: Thu, 19 Nov 1981 08:52:00 GMT
RECEIVE: cache-control: no-store, no-cache, must-revalidate
RECEIVE: pragma: no-cache
RECEIVE: strict-transport-security: max-age=63072000; includeSubDomains; preload
RECEIVE:
RECEIVE: {"status":"ERROR","message":"Invalid domain."}
FAILED: updating sub1.domain.com: failed (HTTP/2 400
FAILED: date: Sat, 27 Jan 2024 14:07:06 GMT
FAILED: content-type: application/json
FAILED: set-cookie: AWSALB=123; Expires=Sat, 03 Feb 2024 14:07:05 GMT; Path=/
FAILED: set-cookie: AWSALBCORS=123; Expires=Sat, 03 Feb 2024 14:07:05 GMT; Path=/; SameSite=None; Secure
FAILED: server: openresty
FAILED: set-cookie: BUNSESSION2=123; path=/; secure; HttpOnly; SameSite=Lax
FAILED: expires: Thu, 19 Nov 1981 08:52:00 GMT
FAILED: cache-control: no-store, no-cache, must-revalidate
FAILED: pragma: no-cache
FAILED: strict-transport-security: max-age=63072000; includeSubDomains; preload
FAILED:
FAILED: {"status":"ERROR","message":"Invalid domain."})```
Hi,
I just pushed a not-yet tested update onto the feature_porkbun_subdomains branch. With that change, your configuration should now work like this:
usev6=ifv6, ifv6=pppoe0, \
usev4=ifv4, ifv4=pppoe0, \
protocol=porkbun, \
apikey=pk1_123, \
secretapikey=sk1_123, \
login=pk1_123, \
root-domain=domain.com, \
password=sk1_123 \
sub2.sub1.domain.com
Please test whether this works and fully covers your usecase/issues.
I've tested the changes and it works without issues, thank you very much!
p.s. I've migrated to porkbun since google domains are deprecating DDNS within February, so there might be an uptick of people using other ddclient services including porkbun
p.s.s. For some reason notes are wiped on porkbun end, but since I see it's clearly sent by ddclient, that's definitely on porkbun side
data="{\"content\":\"123.123.123.123\",\"apikey\":\"pk1_123\",\"ttl\":\"600\",\"notes\":\"DDNS\",\"secretapikey\":\"sk1_123\"}"
I updated the docs and refactored the code a bit - could you run your check once more to confirm? Then I'll merge this into master for the next release.
I've applied changes and tested both documentation and functionality, and everything works and looks good