Custom DNS API needs HTTP GET update for pfSense compatibility


#1

MIAB has an elegant REST-style API for managing custom DNS records. For instance, the following command sets laptop.mydomain.com to point to the IP address of the machine you are executing curl on:

curl -X PUT https://box.mydomain.com/admin/dns/custom/laptop.mydomain.com

pfSense is a popular open-source firewall/router that will update an external DNS server with an interface IP address when it changes by issuing a custom URL.

But pfSense expects to issue a GET request instead of a PUT request. In fact, many dynamic DNS APIs utilize GET for update functionality.

What would it take to update the MIAB to support GET update functionality?

For example,

https://box.mydomain.com/admin/dns/custom/laptop.mydomain.com?action=update

would update DNS rather than the default GET behavior of returning matching custom DNS records as a JSON array of objects.


#2

pfSense needs to update how they do things. You don’t GET data from the server to PUT data on it. It should be doing a PUT request.

I would use a proxy for now to convert the GET request from PF to a PUT request. If you want. PM me and we can talk details on a custom script.


#3

pfSense supports 40+ different DDNS services, and while I appreciate the purist view of MIAB’s REST-style API, it appears to me that most of the 40+ DDNS services take GET requests to update records.

I’ve posted to the pfsense forums to request support of PUT to update custom DDNS, so I’ll wait to see if that gets traction. I also found Dennis Murphy’s script to update MIAB DNS records from a cron task running on pfsense.


#4

The issue here is that using GET to update is not RFC standard. It is really supposed to be PUT. Just because 40+ DDNS services support it, doesn’t make it right. Though at this point, maybe following the flow would be best.

That said - I can still make a custom script if you need it.


#5

I’m interested in your custom script, and since pfSense is so popular, I expect many others would find it useful. I was able to get Dennis’ script running (although I can’t seem to find the cron output log on pfsense).

Would your script run on pfSense (FreeBSD-based), or would it need to run on MIAB and accept the input from pfSense’s GET request?


#6

Is there some documentation on the pfSense API call?

I agree with @murgero, it seems weird that it would use GET to update the DDNS server, but far more likely to use GET to pull down information from the DDNS server and then update its firewall rules accordingly.


#7

It would be a simple PHP script, it can run where ever you want it to.


#8

That’s unfortunately how many of the other dynDNS services work, such as dyn.com, opendns or what-have-you. Seems backwards to me too.

The script runs in the background on my pfSense box - it’s ugly code and not very sophisticated, but then again, I’m ugly and unsophisticated too. :wink:

Glad it’s working for you mskendrick!

And murgero - there is a PHP interpreter; latest pfSense has a php 7.2.10 interpreter installed, so that’d work fine as well. Likely cleaner than my old-world bourne script. (Wow, I’m really calling PHP cleaner than … anything?)


#9

The PHP source file for pfSense to capture the custom DNS URL is here.

$section->addInput(new Form_Input(
    'updateurl',
    'Update URL',
    'text',
    $pconfig['updateurl']
))->setHelp('This is the only field required by for Custom Dynamic DNS, and is only used by Custom Entries.');

In my case I don’t want pfSense to update firewall rules, only notify MIAB to change the address in the A record. Honestly, I wish pfSense had allowed curl parameters instead of the “updateurl” field which would provide much more flexibility.


#10

PHP is good IDK why so many people hate it. It literally runs half the world.


#11

I think the main reason for the difference is that the DDNS scripts are designed to do one thing and that’s to update the IP address of a single DDNS entry. So they can afford to use a GET Verb to do this.

On the other hand Josh’s API has multiple functions which use the verb to determine the action taken by his script - @JoshData feel free to correct me here.


#12

Ultimately though many home/SOHO routers (including pfSense) that offer DDNS client update functionality won’t be able to update MIAB without a change to support GET to update a dynamic IP address.

This seems like a common edge case that MIAB could easily support while keeping the pure REST approach for everything else.


#13

If you’re down for it, you can also make an unsupported modification to MIAB to allow GET requests for what you’re doing. I’ve looked over that source code once, it doesn’t look that hard to do. It’s in Python.


#14

guys, this issue is resolved as I built a script for it. It should work with any device, router, or setup.


#15

Thank you, this is a nice little PHP add-on.

For my purposes, I’ll continue to use the shell script because it lets me sweep through multiple DNS entries in one fell swoop rather than multiple calls. Plus, it’s been working for a year+ without issue, but your PHP script should do the trick for others. Nice job.


#16

It is immensely popular and mostly easy to code, but I wouldn’t call it good… at least, not earlier iterations. No language spec was defined until quite recently. Security issues out the wazoo. php vs phpng branching. Pre-Zend, performance sucked rocks. (Yes, I’m old enough to have programmed in PHP/FI before even Zend 1.)

Syntax changes were a pain (although not as painful as Swift changes - but Xcode’s intelligence mostly hides that.)

I was a very very early adopter of PHP back in the day - it was a mess then… mostly better now, but that stigma has been cast long ago.