Provided by: inadyn_2.10.0-1_amd64 bug

NAME

     inadyn.conf — inadyn DDNS client configuration file

SYNOPSIS

     /etc/inadyn.conf

DESCRIPTION

     inadyn is configured using a simple configuration file.  The “#” character marks start of a
     comment to end of line.  The \ character can be used as an escape character.

     verify-address = <true | false>
           By default inadyn verifies both IPv4 and IPv6 addresses, making sure the address is a
           valid Internet address.  Invalid addresses are, e.g., link local, loopback, multicast
           and known experimental addresses.  For more information, see RFC3330.

           IP address validation can be disabled by setting this option to false.

     fake-address = <true | false>
           When using SIGUSR1, to do a forced update, this option can be used to fake an address
           update with a “random” address in the 203.0.113.0/24 range, example address range from
           RFC5737, before updating with the actual IP address.  This is completely outside
           spec., but can be useful for people who very rarely, if ever, get an IP address
           change.  Because some DDNS service providers will not register even a forced update if
           the IP is the same.  As a result the user could be deregistered as an inactive user.

     allow-ipv6 = <true | false>
           Inadyn can get an IPv6 address from an interface, or with an external checkip script.
           This option controls if IPv6 addresses should be allowed or discarded.  By default
           this option is false, i.e. any IPv6 addresses found are discarded.

     iface = IFNAME
           Use network interface IFNAME as source of IP address changes instead of querying an
           external server.  With this option is enabled, the external IP check is disabled and
           inadyn will send DDNS updates using the IP address of the IFNAME network interface to
           all DDNS providers listed in the configuration file.  This can be useful to register
           LAN IP addresses, or, when connected directly to a public IP address, to speed up the
           IP check if the DDNS provider's check-ip servers are slow to respond.

           This option can also be given as a command line option to inadyn(8), both serve a
           purpose, use whichever one works for you.

     iterations = <NUM | 0>
           Set the number of DNS updates. The default is 0, which means infinity.

     period = SEC
           How often the IP is checked, in seconds. Default: apxrox. 1 minute. Max: 10 days.

     forced-update = SEC
           How often the IP should be updated even if it is not changed. The time should be given
           in seconds.  Default is equal to 30 days.

     secure-ssl = < true | false >
           If the HTTPS certificate validation fails for a provider inadyn aborts the DDNS update
           before sending any credentials.  When this setting is disabled, i.e.  false, then
           inadyn will only issue a warning.  By default this setting is enabled, because
           security matters.

     broken-rtc = < true | false >
           HTTPS certificates are only valid within specified time windows, so on systems without
           hardware real-time clock and default bootup time far in the past, false-positive
           validation fail is expected. When this setting is enabled, i.e.  true, then inadyn
           will only issue a warning that the certificate is not valid yet. By default this
           setting is disabled, because security matters.

     ca-trust-file = FILE
           By default inadyn uses the built-in path to the system's trusted CA certificates, both
           GnuTLS and Open/LibreSSL support this.  As a fall-back, in case the API's to load CA
           certificates from the built-in path fails, inadyn also supports common default paths
           to Debian and RedHat CA bundles.

           This setting overrides the built-in paths and fallback locations and provides a way to
           specify the path to a trusted set of CA certificates, in PEM format, bundled into one
           file.

     user-agent = STRING
           Specify the User-Agent string to send to the DDNS provider on checkip and update
           requests.  Some providers require this field to be set to a specific string, some may
           be OK with "Mozilla/4.0".  The default is to send "inadyn/VERSION SUPPORTURL", where
           VERSION is the current inadyn version, and SUPPORTURL is the upstream support URL.

           This can also be set on a per-provider basis, see below custom and provider section
           description.

     custom some@identifier {}
           The custom{} and provider{} sections are very similar, except that the custom section
           allows customizing the DDNS update server details.  For more details, see the
           description for provider{}, below.

     provider email@ddns-service.tld[:ID] {}
           The custom{} and provider{} sections are very similar, except that the custom section
           allows customizing the DDNS update server details.  See below list for supported DDNS
           providers and their email@ddns-service.tld identifiers.

           To support multiple users of the same DDNS provider, append [:ID] to the provider
           name.  The ID can be any free form string or number as long as the combination is
           unique.

           Common settings in custom{} and provider{} sections are:

           include("/path/to/file")
                 Include settings from another file, supports tilde expansion, e.g.
                 ~/.freedns.pw.  Any custom{} or provider{} setting can be included, and any
                 amount of include statements may be used.

           ssl = <true | false>
                 Use HTTPS, both when checking for IP changes and updating the DNS record.
                 Default is to use HTTPS (true).

           username = USERNAME.
                 The username, if applicable.  This might be referred to as hash by some
                 providers.

           password = PASSWORD
                 The password, if applicable.

           iface = IFNAME
                 Same as the global setting, but only for this provider.  For more information,
                 see above.

           checkip-server = <default | checkip.example.com[:port]>
                 This setting allows you to override the default checkip server with either the
                 string default, to use In-a-dyn's built-in default, api.ipify.org, or the
                 complete name of the server to use for periodic IP address changes.  The
                 optional port argument defaults to 80.

                 This is an optional setting.  For provider{} sections it defaults to a pre-
                 defined checkip-server and checkip-path for the given DDNS provider.  For custom
                 DDNS setups it defaults to api.ipify.org, which is a really great and free
                 service that even support HTTPS, see checkip-ssl setting, below.  When set in a
                 provider{} section it overrides the provider's default checkip-server.

           checkip-path = /some/checkip/url
                 Optional server path for check IP server, defaults to "/".  When the
                 checkip-server is set to default, this setting is ignored.

           checkip-ssl = <true | false>
                 This setting usually follows the ssl setting, but can be used to disable HTTPS
                 for the IP address check.  This might be needed for some providers that only
                 support HTTPS for the DNS record update.

                 However, when a custom checkip-server is defined for a provider, this setting
                 does not follow the ssl setting.  Default is to use HTTPS (true).

           checkip-command = /path/to/shell/command [optional args]
                 Shell command, or script, for IP address update checking.  The command must
                 output a text with the IP address to its standard output.  The following
                 environment variables are set:

                 INADYN_PROVIDER
                       contains the DDNS provider's full name in form email@ddns-service.tld

                 INADYN_USER
                       contains user's name

                 Example:

                       checkip-command = "/sbin/ifconfig eth0 | grep 'inet addr'"

                 Inadyn will use the first occurrence in the command's output that looks like an
                 address.  Both IPv4 and IPv6 addresses are supported.

           hostname = HOSTNAME

           hostname = { HOSTNAME1.name.tld, HOSTNAME2.name.tld }
                 Your hostname alias.  To list multiple names, use the second form.

           user-agent = STRING
                 Same as the global setting, but only for this provider.  If omitted it defaults
                 to the global setting, which if unset uses the default inadyn user agent string.
                 For more information, see above.

           wildcard = <true | false>
                 Enable domain name wildcarding of your domain name, for DDNS providers that
                 support this, e.g. easydns.com and loopia.com.  This means that anything typed
                 before your hostname, e.g. www. or ftp., is also updated when your IP changes.
                 Default: disabled.  For inadyn < 1.96.3 wildcarding was enabled by default.

           ttl = SEC
                 Time to live of your domain name.  Only works with supported DDNS providers,
                 e.g. cloudflare.com.

           proxied = <true | false>
                 Proxy DNS origin via provider's CDN network.  Only works with supported DDNS
                 providers, e.g. cloudflare.com.  Default: false

     provider [email@]ddns-service[.tld] {}
           Either a unique substring matching the provider, or or one of the exact matches to the
           following unique provider names:

           default@freedns.afraid.org
                 ⟨https://freedns.afraid.org⟩
           ipv4@nsupdate.info
                 ⟨https://nsupdate.info⟩
           default@duckdns.org
                 ⟨https://duckdns.org⟩
           default@freemyip.com
                 ⟨https://freemyip.com⟩
           default@loopia.com
                 ⟨https://www.loopia.com⟩
           default@dyndns.org
                 Connect to ⟨https://www.dyndns.org⟩, i.e., ⟨https://dyn.com⟩
           default@noip.com
                 ⟨https://www.noip.com⟩
           default@no-ip.com
                 Handled by default@noip.com plugin.
           default@easydns.com
                 ⟨https://www.easydns.com⟩
           default@dnsomatic.com
                 ⟨https://www.dnsomatic.com⟩
           dyndns@he.net
                 ⟨https://dns.he.net⟩
           default@tunnelbroker.net
                 IPv6 ⟨https://www.tunnelbroker.net⟩ by Hurricane Electric.
           default@sitelutions.com
                 ⟨https://www.sitelutions.com⟩
           default@dnsexit.com
                 ⟨https://www.dnsexit.com⟩
           default@zoneedit.com
                 ⟨https://zoneedit.com⟩
           default@changeip.com
                 ⟨https://www.changeip.com⟩
           default@dhis.org
                 ⟨https://www.dhis.org⟩
           default@domains.google.com
                 ⟨https://domains.google⟩
           default@ovh.com
                 ⟨https://www.ovh.com⟩
           default@gira.de
                 ⟨https://giradns.com⟩
           default@duiadns.net
                 ⟨https://www.duiadns.net⟩
           default@ddnss.de
                 ⟨https://ddnss.de⟩
           default@dynv6.com
                 ⟨https://dynv6.com⟩
           default@ipv4.dynv6.com
                 ⟨https://ipv4.dynv6.com⟩
           default@spdyn.de
                 ⟨https://spdyn.de⟩
           default@strato.com
                 ⟨https://www.strato.com⟩
           default@cloudxns.net
                 ⟨https://www.cloudxns.net⟩
           dyndns@3322.org
                 ⟨https://www.3322.org⟩
           default@dnspod.cn
                 ⟨https://www.dnspod.cn⟩
           default@dynu.com
                 ⟨https://www.dynu.com⟩
           default@selfhost.de
                 ⟨https://www.selfhost.de⟩
           default@pdd.yandex.ru
                 ⟨https://connect.yandex.ru⟩
           default@cloudflare.com
                 ⟨https://www.cloudflare.com⟩

     custom some@identifier {}
           Specific to the custom provider section are the following settings:

           ddns-server = update.example.com
                 DDNS server name, not the full URL.

           ddns-path = /update?domain=
                 DDNS server path.  By default the hostname is appended to the path, unless
                 append-myip=true is set.  Alternatively, printf(3) like format specifiers may be
                 used for a fully customizable HTTP GET update request.  The following format
                 specifiers are currently supported:

                 %u    username
                 %p    password, if HTTP basic auth is not used
                 %h    hostname
                 %i    IP address

                 With the following example:

                       username  = myuser
                       password  = mypass
                       ddns-path = "/update?user=%u&password=%p&domain=%h&myip=%i"
                       hostname  = YOURDOMAIN.TLD

                 the resulting update URL would be expanded to

                       /update?user=myuser&password=mypass&domain=YOURDOMAIN.TLD&myip=1.2.3.4

                 However, the password is usually never sent in clear text in the HTTP GET URL.
                 Most DDNS providers instead rely on HTTP basic auth., which inadyn always relays
                 to the server in the HTTP header of update requests.  inadyn.conf v2.1 and later
                 defaults to HTTPS to protect your credentials, but some providers still do not
                 support HTTPS.

           append-myip = true
                 Append your current IP to the the DDNS server update path.  By default this
                 setting is false and the hostname is appended.  Unless the ddns-path is given
                 with format specifiers, in which case this setting is unused.

EXAMPLES

     Worth noting below is how two different user accounts can use the same DDNS provider, No-
     IP.com, by using the concept of instances ':N'.

           period         = 300

           # Dyn.com
           provider dyndns.org {
               username   = account1
               password   = secret1
               hostname   = { "my.example.com", "other.example.org" }
           }

           # FreeDNS. Remember the username must be in lower case
           # and password (max 16 chars) is case sensitive.
           provider freedns {
               username   = lower-case-username
               password   = case-sensitive-pwd
               hostname   = some.example.com
           }

           # No-IP.com #1
           # With multiple usernames at the same provider, index with :#
           provider no-ip.com:1 {
               checkip-server = "dynamic.zoneedit.com"
               checkip-path   = "/checkip.html"
               checkip-ssl    = false
               username       = account21
               password       = secret21
               hostname       = example.no-ip.com
           }

           # No-IP.com #2
           provider no-ip.com:2 {
               username   = account22
               password   = secret22
               hostname   = another.no-ip.com
           }

           # Google Domains - notice use of '@' to update root entry
           provider domains.google.com:1 {
               hostname = @.mydomain.com
               username = your_username
               password = your_password
           }
           # Wildcard subdomains - notice the quoutes (required!)
           provider domains.google.com:2 {
               hostname = "*.mydomain.com"
               username = your_username
               password = your_password
           }

           # Loopia
           provider loopia.com {
               wildcard   = true
               username   = account3
               password   = secret3
               hostname   = example.com
           }

           # ddnss.de
           provider ddnss.de {
               username   = your_username
               password   = your_password
               hostname   = your_host.ddnss.de
           }

           # spdyn.de
           provider spdyn.de {
               username   = your_username
               password   = your_password
               hostname   = your_host.spdyn.de
           }

           # www.strato.com
           provider strato.com {
               username   = your_username
               password   = your_password
               hostname   = example.com
           }

           # dynv6.com update using a custom checkip-command, which works
           # if you have access to an Internet-connected interface.  Make
           # sure to verify the command works on your system first
           allow-ipv6 = true                # required option for IPv6 atm.
           provider default@dynv6.com {
               username   = your_token
               password   = not_used
               hostname = { my.dynv6.net }  # second host with comma
               checkip-command = "/sbin/ip -6 addr | grep inet6 | awk -F '[ ]+|/' '{print $3}' | grep -v ^::1 | grep -v ^fe80"
           }

           # IPv6 account at https://tunnelbroker.net
           provider tunnelbroker.net {
               username   = xyzzy
               password   = update-key-in-advanced-tab
               hostname   = tunnel-id
           }

           # www.freemyip.com
           provider freemyip.com {
               password = your_token
               hostname = your_hostname.freemyip.com
           }

           # www.cloudxns.net
           provider cloudxns.net {
               username = your_api_key
               password = your_secret_key
               hostname = yourhost.example.com
           }

           # www.dnspod.cn
           provider dnspod.cn {
               username = your_api_id
               password = your_api_token
               hostname = yourhost.example.com
           }

           # www.cloudflare.com
           provider cloudflare.com {
               username = zone.name
               password = api_token # Create a unique custom api token with the following permissions: Zone.Zone - Read, Zone.DNS - Edit.
               hostname = hostname.zone.name
               ttl = 1 # optional, value of 1 is 'automatic'.
               proxied = false # optional.
           }

           # www.namecheap.com
           custom namecheap {
               username    = YOURDOMAIN.TLD
               password    = mypass
               ddns-server = dynamicdns.park-your-domain.com
               ddns-path   = "/update?domain=%u&password=%p&host=%h"
               hostname    = { "@", "www", "test" }
           }

           # Generic example, check all details for your provider!
           custom example {
               username       = myuser
               password       = mypass
               checkip-server = checkip.example.com
               checkip-path   = /
               checkip-ssl    = false
               ddns-server    = update.example.com
               ddns-path      = "/update?hostname="
               hostname       = myhostname.example.net
           }

     As of Inadyn 1.99.14 the generic plugin can also be used with providers that require the
     client's IP in the update request, which for example ⟨https://dyn.com⟩ requires:

           # This emulates dyndns.org
           custom dyn.com {
               username     = DYNUSERNAME
               password     = DYNPASSWORD
               ddns-server  = members.dyndns.org
               ddns-path    = "/nic/update?hostname=YOURHOST.dyndns.org&myip="
               append-myip  = true
               hostname     = YOURHOST
           }

     Notice the use of append-myip which differs from above previous examples.  Without this
     option set the default (backwards compatible) behavior is to append the hostname.

     An alternative, and perhaps more intuitive approach introduced in Inadyn v2.0, is to use the
     printf(3) like format specifiers mentioned previously.  The same example look like this:

           # This emulates dyndns.org
           custom dyn.com {
               ssl          = false
               username     = DYNUSERNAME
               password     = DYNPASSWORD
               ddns-server  = members.dyndns.org
               ddns-path    = "/nic/update?hostname=%h.dyndns.org&myip=%i"
               hostname     = YOURHOST
           }

SEE ALSO

     inadyn(8)

     The inadyn home page is ⟨https://github.com/troglobit/inadyn⟩

AUTHORS

     This manual page was initially written for the Debian GNU/Linux system by Shaul Karl
     <mailto:shaul@debian.org>.  Currently maintained by Joachim Wiberg
     <mailto:troglobit@gmail.com>.