#!/bin/bash # _____ _ _ # | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___ # | __| _| -_| -_| . | . | | . | . | | -_| # |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___| # # Freedom in the Cloud # # DNS functions # # License # ======= # # Copyright (C) 2014-2018 Bob Mottram # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # DNS NAMESERVER1='91.239.100.100' NAMESERVER2='89.233.43.71' NAMESERVER3='87.118.100.175' NAMESERVER4='94.75.228.29' NAMESERVER5='85.25.251.254' NAMESERVER6='2.141.58.13' # parameters used when adding a new domain DDNS_PROVIDER="freedns" DDNS_USERNAME= DDNS_PASSWORD= INADYN_REPO="https://github.com/troglobit/inadyn" INADYN_COMMIT='3fe26d2235ddda9047cf33e8ed1453bcc3bbbf19' INADYN_CONFIG_FILE=/etc/inadyn.conf # web site used to obtain the external IP address of the system GET_IP_ADDRESS_URL="checkip.two-dns.de" # other possible services to obtain the external IP address EXTERNAL_IP_SERVICES=( \ 'https://check.torproject.org/' \ 'https://www.whatsmydns.net/whats-my-ip-address.html' \ 'https://www.privateinternetaccess.com/pages/whats-my-ip/' \ 'http://checkip.two-dns.de' \ 'http://ip.dnsexit.com' \ 'http://ifconfig.me/ip' \ 'http://ipecho.net/plain' \ 'http://checkip.dyndns.org/plain' \ 'http://ipogre.com/linux.php' \ 'http://whatismyipaddress.com/' \ 'http://ip.my-proxy.com/' \ 'http://websiteipaddress.com/WhatIsMyIp' \ 'http://getmyipaddress.org/' \ 'http://www.my-ip-address.net/' \ 'http://myexternalip.com/raw' \ 'http://www.canyouseeme.org/' \ 'http://www.trackip.net/' \ 'http://icanhazip.com/' \ 'http://www.iplocation.net/' \ 'http://www.howtofindmyipaddress.com/' \ 'http://www.ipchicken.com/' \ 'http://whatsmyip.net/' \ 'http://www.ip-adress.com/' \ 'http://checkmyip.com/' \ 'http://www.tracemyip.org/' \ 'http://checkmyip.net/' \ 'http://www.lawrencegoetz.com/programs/ipinfo/' \ 'http://www.findmyip.co/' \ 'http://ip-lookup.net/' \ 'http://www.dslreports.com/whois' \ 'http://www.mon-ip.com/en/my-ip/' \ 'http://www.myip.ru' \ 'http://ipgoat.com/' \ 'http://www.myipnumber.com/my-ip-address.asp' \ 'http://www.whatsmyipaddress.net/' \ 'http://formyip.com/' \ 'http://www.displaymyip.com/' \ 'http://www.bobborst.com/tools/whatsmyip/' \ 'http://www.geoiptool.com/' \ 'http://checkip.dyndns.com/' \ 'http://myexternalip.com/' \ 'http://www.ip-adress.eu/' \ 'http://www.infosniper.net/' \ 'http://wtfismyip.com/' \ 'http://ipinfo.io/' \ 'http://httpbin.org/ip') function update_inadyn_config { if [ ! -f "${INADYN_CONFIG_FILE}" ]; then return fi if [[ "$DDNS_PROVIDER" == *'freedns'* ]]; then return fi if ! grep -q "$DDNS_PROVIDER" "${INADYN_CONFIG_FILE}"; then if grep -q "{" "${INADYN_CONFIG_FILE}"; then sed -i "s|provider .*|provider $DDNS_PROVIDER {|g" "${INADYN_CONFIG_FILE}" sed -i "s|username .*|username = $DDNS_USERNAME|g" "${INADYN_CONFIG_FILE}" sed -i "s|password .*|password = $DDNS_PASSWORD|g" "${INADYN_CONFIG_FILE}" sed -i "s|checkip-server .*|checkip-server = $GET_IP_ADDRESS_URL|g" "${INADYN_CONFIG_FILE}" else # Old inadyn config file format # store any previous aliases grep 'alias ' "${INADYN_CONFIG_FILE}" > /tmp/inadyn_aliases # remove entry for any previous ddns sed -i '/system /,$d' "${INADYN_CONFIG_FILE}" # add the new provider { echo ''; echo "system $DDNS_PROVIDER"; echo ' ssl'; echo " checkip-url $GET_IP_ADDRESS_URL /"; } >> "${INADYN_CONFIG_FILE}" if [ "$DDNS_USERNAME" ]; then echo " username $DDNS_USERNAME" >> "${INADYN_CONFIG_FILE}" fi if [ "$DDNS_PASSWORD" ]; then echo " password $DDNS_PASSWORD" >> "${INADYN_CONFIG_FILE}" fi if [ -f /tmp/inadyn_aliases ]; then cat /tmp/inadyn_aliases >> "${INADYN_CONFIG_FILE}" rm /tmp/inadyn_aliases fi fi else if grep -q "{" "${INADYN_CONFIG_FILE}"; then sed -i "s|username .*|username = $DDNS_USERNAME|g" "${INADYN_CONFIG_FILE}" sed -i "s|password .*|password = $DDNS_PASSWORD|g" "${INADYN_CONFIG_FILE}" sed -i "s|checkip-server .*|checkip-server = $GET_IP_ADDRESS_URL|g" "${INADYN_CONFIG_FILE}" else # Old inadyn config file format # change username/password for an existing provider if [ "$DDNS_USERNAME" ]; then if grep -q " username " "${INADYN_CONFIG_FILE}"; then sed -i "s| username .*| username $DDNS_USERNAME|g" "${INADYN_CONFIG_FILE}" else echo " username $DDNS_USERNAME" >> "${INADYN_CONFIG_FILE}" fi fi if [ "$DDNS_PASSWORD" ]; then if grep -q " password " "${INADYN_CONFIG_FILE}"; then sed -i "s| password .*| password $DDNS_PASSWORD|g" "${INADYN_CONFIG_FILE}" else echo " password $DDNS_PASSWORD" >> "${INADYN_CONFIG_FILE}" fi fi fi fi systemctl enable inadyn systemctl restart inadyn } function create_freedns_updater { if [[ $ONION_ONLY != "no" ]]; then return fi # currently inadyn doesn't work as expected with freeDNS, so this is a workaround if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then return fi if [[ $DDNS_PROVIDER != *"freedns"* ]]; then return fi if [[ $SYSTEM_TYPE == "mesh"* ]]; then return fi # remove any legacy command if [ -f /usr/bin/dynamicdns ]; then rm /usr/bin/dynamicdns fi if grep -q "dynamicdns" /etc/crontab; then sed -i '/dynamicdns/d' /etc/crontab fi # add the update command to cron if ! grep -q "/usr/local/bin/${PROJECT_NAME}-freedns" /etc/crontab; then function_check cron_add_mins cron_add_mins 3 "/usr/local/bin/${PROJECT_NAME}-freedns" systemctl restart cron fi mark_completed "${FUNCNAME[0]}" } function add_ddns_domain { if [ ! "$1" ]; then echo $'ddns domain not specified' exit 5638 fi CURRENT_DDNS_DOMAIN="$1" if [[ $ONION_ONLY != "no" ]]; then return fi if [ ! "$DDNS_PROVIDER" ]; then return fi if [[ "$DDNS_PROVIDER" == 'none' ]]; then return fi if [ ! -f "${INADYN_CONFIG_FILE}" ]; then echo $'Unable to find inadyn configuration file "${INADYN_CONFIG_FILE}"' exit 5745 fi if ! grep -q "$DDNS_PROVIDER" "${INADYN_CONFIG_FILE}"; then { echo 'period = 300'; echo 'user-agent = Mozilla/5.0'; echo ''; echo "provider $DDNS_PROVIDER {"; echo " ssl = true"; echo " checkip-ssl = false"; echo " checkip-server = $GET_IP_ADDRESS_URL"; echo " username = $DDNS_USERNAME"; echo " password = $DDNS_PASSWORD"; echo " hostname = { $CURRENT_DDNS_DOMAIN }"; echo '}'; } > "${INADYN_CONFIG_FILE}" else sed -i "s|checkip-server .*|checkip-server = $GET_IP_ADDRESS_URL|g" "${INADYN_CONFIG_FILE}" fi if ! grep -q "$CURRENT_DDNS_DOMAIN" "${INADYN_CONFIG_FILE}"; then DDNS_HOSTNAMES=$(grep 'hostname ' "${INADYN_CONFIG_FILE}"| awk -F '{' '{print $2}' | sed 's| }||g') sed -i "s|hostname .*|hostname = {${DDNS_HOSTNAMES}, ${CURRENT_DDNS_DOMAIN} }|g" "${INADYN_CONFIG_FILE}" fi chmod 600 "${INADYN_CONFIG_FILE}" systemctl daemon-reload systemctl restart inadyn } function remove_ddns_domain { if [ ! "$1" ]; then echo $'ddns domain not specified' exit 5638 fi CURRENT_DDNS_DOMAIN="$1" if [[ $ONION_ONLY != "no" ]]; then return fi if [[ "$DDNS_PROVIDER" == 'none' ]]; then return fi if [ ! -f "${INADYN_CONFIG_FILE}" ]; then echo $'Unable to find inadyn configuration file "${INADYN_CONFIG_FILE}"' exit 5745 fi if grep -q "$CURRENT_DDNS_DOMAIN" "${INADYN_CONFIG_FILE}"; then systemctl stop inadyn sed -i "s|, ${CURRENT_DDNS_DOMAIN}||g" "${INADYN_CONFIG_FILE}" if grep -q "$CURRENT_DDNS_DOMAIN" "${INADYN_CONFIG_FILE}"; then sed -i "s|${CURRENT_DDNS_DOMAIN}||g" "${INADYN_CONFIG_FILE}" fi systemctl daemon-reload systemctl start inadyn fi } function configure_dns { if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then return fi apt-get -yq install resolvconf resolvconf=/etc/resolvconf/resolv.conf.d/head # allow changes to resolv.conf chattr -i $resolvconf { echo 'domain localdomain'; echo 'search localdomain'; echo "nameserver $NAMESERVER1"; echo "nameserver $NAMESERVER2"; echo "nameserver $NAMESERVER3"; echo "nameserver $NAMESERVER4"; echo "nameserver $NAMESERVER5"; echo "nameserver $NAMESERVER6"; } > $resolvconf # prevent resolv.conf from changing resolvconf -u mark_completed "${FUNCNAME[0]}" } function set_hostname { DEFAULT_DOMAIN_NAME="$1" echo "$DEFAULT_DOMAIN_NAME" > /etc/hostname hostname "$DEFAULT_DOMAIN_NAME" echo "$DEFAULT_DOMAIN_NAME" > /etc/mailname if grep -q "127.0.1.1" /etc/hosts; then sed -i "s/127.0.1.1.*/127.0.1.1 $DEFAULT_DOMAIN_NAME/g" /etc/hosts else echo "127.0.1.1 $DEFAULT_DOMAIN_NAME" >> /etc/hosts fi } function set_your_domain_name { if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then return fi function_check set_hostname set_hostname "$DEFAULT_DOMAIN_NAME" mark_completed "${FUNCNAME[0]}" } function configure_firewall_for_dns { if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then return fi if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then # docker does its own firewalling return fi iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT function_check save_firewall_settings save_firewall_settings mark_completed "${FUNCNAME[0]}" } # NOTE: deliberately no exit 0