[Freedombox-discuss] http://politics.slashdot.org/story/11/07/18/0153204/Security-Consultants-Wa rn-About-PROTECT-IP-Act
Bjarni Rúnar Einarsson
bre at pagekite.net
Thu Jul 21 19:16:05 UTC 2011
On Thu, Jul 21, 2011 at 5:44 PM, ian at churchkey.org <ian at churchkey.org>wrote:
> >
> > Very sensible, but I was very surprised recently to find that there is
> > (apparently) no package to provide simple DynDNS server-side
> functionality.
>
...
> > there in fact a hole that needs filling here? UNlike many of our other
> > problems this is not intrinsically difficult. A few naff shell scripts
> > make a perfectly functional solution. There are probbaly many ways to
> > make it more generally useful and flexible.
>
> > Have I in fact just missed some standard way of doing this, or is
>
> I think you've hit the nail on the head actually, though Bjarni
> Einarsson could certainly shed some better light on the current state of
> affairs.
>
Depending on what you want, updates are actually a built in feature of
servers like bind these days, using recent-ish additions to the DNS
standard. However, as is often the case, the devil is in the authentication
details:
* How do users sign up?
* Where is the user database stored?
* What is the policy regarding usage/traffic/billing/... ?
I am not aware of off-the-shelf solutions that handle the
signup/user-database/web-based updates, and I'm not sure how well the
protocols actually support the dynamic DNS service provider use-case...
For historic reasons (I am pretty sure dynamic DNS service predates native
DNS support for updates), most of the dynamic DNS providers out there do not
actually use the DNS standard updates at all - instead they provide a web
interface for new users to sign up, and then a simple web-based API for
sending in updates as well.
These ad-hoc web-based protocols are actually what most routers support out
of the box (anyone please correct me if I am wrong about this) - and
although they are non-standard, it's a lot easier to tell a developer to
just fetch https://username:password@dyndnasprovider/update.cgi?ip=1.2.3.4
(or the equivalent) than it is to get them to craft authenticated DNS update
packets.
When looking through all this stuff for the pagekite.py and the service, I
ended up emulating the existing dynamic DNS services and provided a
web-based update service, ignoring the DNS spec entirely and aiming for
compatibility with the existing dynamic DNS providers. I have already open
sourced most of my back-end code, the only thing I haven't released is the
web-based updater, but I would be perfectly willing to do so if someone
wants to try and clean it up for reuse and packaging. My signup and account
management stuff OTOH is too tightly integrated with the PageKite service to
be easily reused, it would probably be cleaner to just start from scratch.
--
Bjarni R. Einarsson
Founder, lead developer of PageKite.
Make localhost servers visible to the world: http://pagekite.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110721/b09527d9/attachment.html>
More information about the Freedombox-discuss
mailing list