diff --git a/data/templates/dns-dynamic/ddclient.conf.j2 b/data/templates/dns-dynamic/ddclient.conf.j2
index a19b79c00..4da7153c7 100644
--- a/data/templates/dns-dynamic/ddclient.conf.j2
+++ b/data/templates/dns-dynamic/ddclient.conf.j2
@@ -1,72 +1,75 @@
{% macro render_config(host, address, web_options, ip_suffixes=['']) %}
{# Address: use=if, if=ethX, usev6=ifv6, ifv6=ethX, usev6=webv6, webv6=https://v6.example.com #}
{% for ipv in ip_suffixes %}
use{{ ipv }}={{ address if address == 'web' else 'if' }}{{ ipv }}, \
{% if address == 'web' %}
{% if web_options.url is vyos_defined %}
web{{ ipv }}={{ web_options.url }}, \
{% endif %}
{% if web_options.skip is vyos_defined %}
web-skip{{ ipv }}='{{ web_options.skip }}', \
{% endif %}
{% else %}
if{{ ipv }}={{ address }}, \
{% endif %}
{% endfor %}
{# Other service options #}
{% for k,v in kwargs.items() %}
{% if v is vyos_defined %}
{{ k }}={{ v }}{{ ',' if not loop.last }} \
{% endif %}
{% endfor %}
{# Actual hostname for the service #}
{{ host }}
{% endmacro %}
### Autogenerated by dns_dynamic.py ###
daemon=1m
syslog=yes
ssl=yes
pid={{ config_file | replace('.conf', '.pid') }}
cache={{ config_file | replace('.conf', '.cache') }}
+{# Explicitly override global options for reliability #}
+web=googledomains {# ddclient default ('dyndns') doesn't support ssl and results in process lockup #}
+use=no {# ddclient default ('ip') results in confusing warning message in log #}
{% if address is vyos_defined %}
{% for address, service_cfg in address.items() %}
{% if service_cfg.rfc2136 is vyos_defined %}
{% for name, config in service_cfg.rfc2136.items() %}
{% if config.description is vyos_defined %}
# {{ config.description }}
{% endif %}
{% for host in config.host_name if config.host_name is vyos_defined %}
# RFC2136 dynamic DNS configuration for {{ name }}: [{{ config.zone }}, {{ host }}]
{# Don't append 'new-style' compliant suffix ('usev4', 'usev6', 'ifv4', 'ifv6' etc.)
to the properties since 'nsupdate' doesn't support that yet. #}
{{ render_config(host, address, service_cfg.web_options,
protocol='nsupdate', server=config.server, zone=config.zone,
password=config.key, ttl=config.ttl) }}
{% endfor %}
{% endfor %}
{% endif %}
{% if service_cfg.service is vyos_defined %}
{% for name, config in service_cfg.service.items() %}
{% if config.description is vyos_defined %}
# {{ config.description }}
{% endif %}
{% for host in config.host_name if config.host_name is vyos_defined %}
{% set ip_suffixes = ['v4', 'v6'] if config.ip_version == 'both'
else (['v6'] if config.ip_version == 'ipv6' else ['']) %}
# Web service dynamic DNS configuration for {{ name }}: [{{ config.protocol }}, {{ host }}]
-{# For ipv4 only setup, don't append 'new-style' compliant suffix ('usev4', 'ifv4', 'webv4' etc.)
- to the properties and instead live through the deprecation warnings for better compatibility
- with most ddclient protocols. #}
+{# For ipv4 only setup or legacy ipv6 setup, don't append 'new-style' compliant suffix
+ ('usev4', 'ifv4', 'webv4' etc.) to the properties and instead live through the
+ deprecation warnings for better compatibility with most ddclient protocols. #}
{{ render_config(host, address, service_cfg.web_options, ip_suffixes,
protocol=config.protocol, server=config.server, zone=config.zone,
login=config.username, password=config.password) }}
{% endfor %}
{% endfor %}
{% endif %}
{% endfor %}
{% endif %}
diff --git a/data/templates/dns-dynamic/override.conf.j2 b/data/templates/dns-dynamic/override.conf.j2
index 8a9dfcd70..6ca1b8a45 100644
--- a/data/templates/dns-dynamic/override.conf.j2
+++ b/data/templates/dns-dynamic/override.conf.j2
@@ -1,11 +1,10 @@
{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
[Unit]
ConditionPathExists={{ config_file }}
After=vyos-router.service
[Service]
-PIDFile=
PIDFile={{ config_file | replace('.conf', '.pid') }}
EnvironmentFile=
ExecStart=
ExecStart=/usr/bin/ddclient -file {{ config_file }}
diff --git a/interface-definitions/dns-dynamic.xml.in b/interface-definitions/dns-dynamic.xml.in
index 292c50603..c7b45b8f7 100644
--- a/interface-definitions/dns-dynamic.xml.in
+++ b/interface-definitions/dns-dynamic.xml.in
@@ -1,159 +1,159 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="service">
<children>
<node name="dns">
<properties>
- <help>Domain Name System related services</help>
+ <help>Domain Name System (DNS) related services</help>
</properties>
<children>
<node name="dynamic" owner="${vyos_conf_scripts_dir}/dns_dynamic.py">
<properties>
<help>Dynamic DNS</help>
</properties>
<children>
<tagNode name="address">
<properties>
<help>Obtain IP address to send Dynamic DNS update for</help>
<valueHelp>
<format>txt</format>
<description>Use interface to obtain the IP address</description>
</valueHelp>
<valueHelp>
<format>web</format>
<description>Use HTTP(S) web request to obtain the IP address</description>
</valueHelp>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
<list>web</list>
</completionHelp>
<constraint>
#include <include/constraint/interface-name.xml.i>
<regex>web</regex>
</constraint>
</properties>
<children>
<node name="web-options">
<properties>
<help>Options when using HTTP(S) web request to obtain the IP address</help>
</properties>
<children>
#include <include/url.xml.i>
<leafNode name="skip">
<properties>
<help>Pattern to skip from the HTTP(S) respose</help>
<valueHelp>
<format>txt</format>
<description>Pattern to skip from the HTTP(S) respose to extract the external IP address</description>
</valueHelp>
</properties>
</leafNode>
</children>
</node>
<tagNode name="rfc2136">
<properties>
<help>RFC2136 nsupdate configuration</help>
<valueHelp>
<format>txt</format>
<description>RFC2136 nsupdate service name</description>
</valueHelp>
</properties>
<children>
#include <include/generic-description.xml.i>
#include <include/dns/dynamic-service-host-name-server.xml.i>
<leafNode name="key">
<properties>
<help>File containing the TSIG secret key shared with remote DNS server</help>
<valueHelp>
<format>filename</format>
<description>File in /config/auth directory</description>
</valueHelp>
<constraint>
<validator name="file-path" argument="--strict --parent-dir /config/auth"/>
</constraint>
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
<leafNode name="zone">
<properties>
<help>Forwarding zone to be updated</help>
<valueHelp>
<format>txt</format>
<description>RFC2136 Zone to be updated</description>
</valueHelp>
<constraint>
<validator name="fqdn"/>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
<tagNode name="service">
<properties>
<help>Dynamic DNS configuration</help>
<valueHelp>
<format>txt</format>
<description>Dynamic DNS service name</description>
</valueHelp>
</properties>
<children>
#include <include/generic-description.xml.i>
#include <include/dns/dynamic-service-host-name-server.xml.i>
#include <include/generic-username.xml.i>
#include <include/generic-password.xml.i>
<leafNode name="protocol">
<properties>
<help>ddclient protocol used for Dynamic DNS service</help>
<completionHelp>
<script>${vyos_completion_dir}/list_ddclient_protocols.sh</script>
</completionHelp>
<constraint>
<validator name="ddclient-protocol"/>
</constraint>
</properties>
</leafNode>
<leafNode name="zone">
<properties>
<help>DNS zone to update (not used by all protocols)</help>
<valueHelp>
<format>txt</format>
<description>Name of DNS zone</description>
</valueHelp>
</properties>
</leafNode>
<leafNode name="ip-version">
<properties>
<help>IP address version to use</help>
<valueHelp>
<format>_ipv4</format>
<description>Use only IPv4 address</description>
</valueHelp>
<valueHelp>
<format>_ipv6</format>
<description>Use only IPv6 address</description>
</valueHelp>
<valueHelp>
<format>both</format>
<description>Use both IPv4 and IPv6 address</description>
</valueHelp>
<completionHelp>
<list>ipv4 ipv6 both</list>
</completionHelp>
<constraint>
<regex>(ipv[46]|both)</regex>
</constraint>
<constraintErrorMessage>IP Version must be literal 'ipv4', 'ipv6' or 'both'</constraintErrorMessage>
</properties>
<defaultValue>ipv4</defaultValue>
</leafNode>
</children>
</tagNode>
</children>
</tagNode>
</children>
</node>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in
index ced1c9c31..86dc47a47 100644
--- a/interface-definitions/dns-forwarding.xml.in
+++ b/interface-definitions/dns-forwarding.xml.in
@@ -1,690 +1,690 @@
<?xml version="1.0"?>
<!-- DNS forwarder configuration -->
<interfaceDefinition>
<node name="service">
<children>
<node name="dns">
<properties>
- <help>Domain Name System related services</help>
+ <help>Domain Name System (DNS) related services</help>
</properties>
<children>
<node name="forwarding" owner="${vyos_conf_scripts_dir}/dns_forwarding.py">
<properties>
<help>DNS forwarding</help>
<priority>918</priority>
</properties>
<children>
<leafNode name="cache-size">
<properties>
<help>DNS forwarding cache size</help>
<valueHelp>
<format>u32:0-2147483647</format>
<description>DNS forwarding cache size</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-2147483647"/>
</constraint>
</properties>
<defaultValue>10000</defaultValue>
</leafNode>
<leafNode name="dhcp">
<properties>
<help>Interfaces whose DHCP client nameservers to forward requests to</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
<multi/>
</properties>
</leafNode>
<leafNode name="dns64-prefix">
<properties>
<help>Help to communicate between IPv6-only client and IPv4-only server</help>
<valueHelp>
<format>ipv6net</format>
<description>IPv6 address and /96 only prefix length</description>
</valueHelp>
<constraint>
<validator name="ipv6-prefix"/>
</constraint>
</properties>
</leafNode>
<leafNode name="dnssec">
<properties>
<help>DNSSEC mode</help>
<completionHelp>
<list>off process-no-validate process log-fail validate</list>
</completionHelp>
<valueHelp>
<format>off</format>
<description>No DNSSEC processing whatsoever!</description>
</valueHelp>
<valueHelp>
<format>process-no-validate</format>
<description>Respond with DNSSEC records to clients that ask for it. No validation done at all!</description>
</valueHelp>
<valueHelp>
<format>process</format>
<description>Respond with DNSSEC records to clients that ask for it. Validation for clients that request it.</description>
</valueHelp>
<valueHelp>
<format>log-fail</format>
<description>Similar behaviour to process, but validate RRSIGs on responses and log bogus responses.</description>
</valueHelp>
<valueHelp>
<format>validate</format>
<description>Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses.</description>
</valueHelp>
<constraint>
<regex>(off|process-no-validate|process|log-fail|validate)</regex>
</constraint>
</properties>
<defaultValue>process-no-validate</defaultValue>
</leafNode>
<tagNode name="domain">
<properties>
<help>Domain to forward to a custom DNS server</help>
<valueHelp>
<format>txt</format>
<description>An absolute DNS domain name</description>
</valueHelp>
<constraint>
<validator name="fqdn"/>
</constraint>
</properties>
<children>
#include <include/name-server-ipv4-ipv6-port.xml.i>
<leafNode name="addnta">
<properties>
<help>Add NTA (negative trust anchor) for this domain (must be set if the domain does not support DNSSEC)</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="recursion-desired">
<properties>
<help>Set the "recursion desired" bit in requests to the upstream nameserver</help>
<valueless/>
</properties>
</leafNode>
</children>
</tagNode>
<tagNode name="authoritative-domain">
<properties>
<help>Domain to host authoritative records for</help>
<valueHelp>
<format>txt</format>
<description>An absolute DNS domain name</description>
</valueHelp>
<constraint>
<validator name="fqdn"/>
</constraint>
</properties>
<children>
<node name="records">
<properties>
<help>DNS zone records</help>
</properties>
<children>
<tagNode name="a">
<properties>
<help>A record</help>
<valueHelp>
<format>txt</format>
<description>A DNS name relative to the root record</description>
</valueHelp>
<valueHelp>
<format>@</format>
<description>Root record</description>
</valueHelp>
<valueHelp>
<format>any</format>
<description>Wildcard record (any subdomain)</description>
</valueHelp>
<constraint>
<regex>([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.)</regex>
</constraint>
</properties>
<children>
<leafNode name="address">
<properties>
<help>IPv4 address</help>
<valueHelp>
<format>ipv4</format>
<description>IPv4 address</description>
</valueHelp>
<multi/>
<constraint>
<validator name="ipv4-address"/>
</constraint>
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
<tagNode name="aaaa">
<properties>
<help>AAAA record</help>
<valueHelp>
<format>txt</format>
<description>A DNS name relative to the root record</description>
</valueHelp>
<valueHelp>
<format>@</format>
<description>Root record</description>
</valueHelp>
<valueHelp>
<format>any</format>
<description>Wildcard record (any subdomain)</description>
</valueHelp>
<constraint>
<regex>([-_a-zA-Z0-9.]{1,63}|@|any)(?<!\.)</regex>
</constraint>
</properties>
<children>
<leafNode name="address">
<properties>
<help>IPv6 address</help>
<valueHelp>
<format>ipv6</format>
<description>IPv6 address</description>
</valueHelp>
<multi/>
<constraint>
<validator name="ipv6-address"/>
</constraint>
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
<tagNode name="cname">
<properties>
<help>CNAME record</help>
<valueHelp>
<format>txt</format>
<description>A DNS name relative to the root record</description>
</valueHelp>
<valueHelp>
<format>@</format>
<description>Root record</description>
</valueHelp>
<constraint>
<regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex>
</constraint>
</properties>
<children>
<leafNode name="target">
<properties>
<help>Target DNS name</help>
<valueHelp>
<format>name.example.com</format>
<description>Absolute DNS name</description>
</valueHelp>
<constraint>
<regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex>
</constraint>
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
<tagNode name="mx">
<properties>
<help>MX record</help>
<valueHelp>
<format>txt</format>
<description>A DNS name relative to the root record</description>
</valueHelp>
<valueHelp>
<format>@</format>
<description>Root record</description>
</valueHelp>
<constraint>
<regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex>
</constraint>
</properties>
<children>
<tagNode name="server">
<properties>
<help>Mail server</help>
<valueHelp>
<format>name.example.com</format>
<description>Absolute DNS name</description>
</valueHelp>
<constraint>
<regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex>
</constraint>
</properties>
<children>
<leafNode name="priority">
<properties>
<help>Server priority</help>
<valueHelp>
<format>u32:1-999</format>
<description>Server priority (lower numbers are higher priority)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 1-999"/>
</constraint>
</properties>
<defaultValue>10</defaultValue>
</leafNode>
</children>
</tagNode>
#include <include/dns/time-to-live.xml.i>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
<tagNode name="ns">
<properties>
<help>NS record</help>
<valueHelp>
<format>txt</format>
<description>A DNS name relative to the root record</description>
</valueHelp>
<constraint>
<regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex>
</constraint>
</properties>
<children>
<leafNode name="target">
<properties>
<help>Target DNS server authoritative for subdomain</help>
<valueHelp>
<format>nsXX.example.com</format>
<description>Absolute DNS name</description>
</valueHelp>
<constraint>
<regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex>
</constraint>
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
<tagNode name="ptr">
<properties>
<help>PTR record</help>
<valueHelp>
<format>txt</format>
<description>A DNS name relative to the root record</description>
</valueHelp>
<valueHelp>
<format>@</format>
<description>Root record</description>
</valueHelp>
<constraint>
<regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex>
</constraint>
</properties>
<children>
<leafNode name="target">
<properties>
<help>Target DNS name</help>
<valueHelp>
<format>name.example.com</format>
<description>Absolute DNS name</description>
</valueHelp>
<constraint>
<regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex>
</constraint>
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
<tagNode name="txt">
<properties>
<help>TXT record</help>
<valueHelp>
<format>txt</format>
<description>A DNS name relative to the root record</description>
</valueHelp>
<valueHelp>
<format>@</format>
<description>Root record</description>
</valueHelp>
<constraint>
<regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex>
</constraint>
</properties>
<children>
<leafNode name="value">
<properties>
<help>Record contents</help>
<valueHelp>
<format>txt</format>
<description>Record contents</description>
</valueHelp>
<multi/>
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
<tagNode name="spf">
<properties>
<help>SPF record</help>
<valueHelp>
<format>txt</format>
<description>A DNS name relative to the root record</description>
</valueHelp>
<valueHelp>
<format>@</format>
<description>Root record</description>
</valueHelp>
<constraint>
<regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex>
</constraint>
</properties>
<children>
<leafNode name="value">
<properties>
<help>Record contents</help>
<valueHelp>
<format>txt</format>
<description>Record contents</description>
</valueHelp>
</properties>
</leafNode>
#include <include/dns/time-to-live.xml.i>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
<tagNode name="srv">
<properties>
<help>SRV record</help>
<valueHelp>
<format>txt</format>
<description>A DNS name relative to the root record</description>
</valueHelp>
<valueHelp>
<format>@</format>
<description>Root record</description>
</valueHelp>
<constraint>
<regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex>
</constraint>
</properties>
<children>
<tagNode name="entry">
<properties>
<help>Service entry</help>
<valueHelp>
<format>u32:0-65535</format>
<description>Entry number</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-65535"/>
</constraint>
</properties>
<children>
<leafNode name="hostname">
<properties>
<help>Server hostname</help>
<valueHelp>
<format>name.example.com</format>
<description>Absolute DNS name</description>
</valueHelp>
<constraint>
<regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="port">
<properties>
<help>Port number</help>
<valueHelp>
<format>u32:0-65535</format>
<description>TCP/UDP port number</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-65536"/>
</constraint>
</properties>
</leafNode>
<leafNode name="priority">
<properties>
<help>Entry priority</help>
<valueHelp>
<format>u32:0-65535</format>
<description>Entry priority (lower numbers are higher priority)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-65535"/>
</constraint>
</properties>
<defaultValue>10</defaultValue>
</leafNode>
<leafNode name="weight">
<properties>
<help>Entry weight</help>
<valueHelp>
<format>u32:0-65535</format>
<description>Entry weight</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-65535"/>
</constraint>
</properties>
<defaultValue>0</defaultValue>
</leafNode>
</children>
</tagNode>
#include <include/dns/time-to-live.xml.i>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
<tagNode name="naptr">
<properties>
<help>NAPTR record</help>
<valueHelp>
<format>txt</format>
<description>A DNS name relative to the root record</description>
</valueHelp>
<valueHelp>
<format>@</format>
<description>Root record</description>
</valueHelp>
<constraint>
<regex>([-_a-zA-Z0-9.]{1,63}|@)(?<!\.)</regex>
</constraint>
</properties>
<children>
<tagNode name="rule">
<properties>
<help>NAPTR rule</help>
<valueHelp>
<format>u32:0-65535</format>
<description>Rule number</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-65535"/>
</constraint>
</properties>
<children>
<leafNode name="order">
<properties>
<help>Rule order</help>
<valueHelp>
<format>u32:0-65535</format>
<description>Rule order (lower order is evaluated first)</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-65535"/>
</constraint>
</properties>
</leafNode>
<leafNode name="preference">
<properties>
<help>Rule preference</help>
<valueHelp>
<format>u32:0-65535</format>
<description>Rule preference</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-65535"/>
</constraint>
</properties>
<defaultValue>0</defaultValue>
</leafNode>
<leafNode name="lookup-srv">
<properties>
<help>S flag</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="lookup-a">
<properties>
<help>A flag</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="resolve-uri">
<properties>
<help>U flag</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="protocol-specific">
<properties>
<help>P flag</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="service">
<properties>
<help>Service type</help>
<constraint>
<regex>[a-zA-Z][a-zA-Z0-9]{0,31}(\+[a-zA-Z][a-zA-Z0-9]{0,31})?</regex>
</constraint>
</properties>
</leafNode>
<leafNode name="regexp">
<properties>
<help>Regular expression</help>
</properties>
</leafNode>
<leafNode name="replacement">
<properties>
<help>Replacement DNS name</help>
<valueHelp>
<format>name.example.com</format>
<description>Absolute DNS name</description>
</valueHelp>
<constraint>
<regex>[-_a-zA-Z0-9.]{1,63}(?<!\.)</regex>
</constraint>
</properties>
</leafNode>
</children>
</tagNode>
#include <include/dns/time-to-live.xml.i>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
</children>
</node>
#include <include/generic-disable-node.xml.i>
</children>
</tagNode>
<leafNode name="ignore-hosts-file">
<properties>
<help>Do not use local /etc/hosts file in name resolution</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="no-serve-rfc1918">
<properties>
<help>Makes the server authoritatively not aware of RFC1918 addresses</help>
<valueless/>
</properties>
</leafNode>
<leafNode name="allow-from">
<properties>
<help>Networks allowed to query this server</help>
<valueHelp>
<format>ipv4net</format>
<description>IP address and prefix length</description>
</valueHelp>
<valueHelp>
<format>ipv6net</format>
<description>IPv6 address and prefix length</description>
</valueHelp>
<multi/>
<constraint>
<validator name="ip-prefix"/>
</constraint>
</properties>
</leafNode>
#include <include/listen-address.xml.i>
#include <include/port-number.xml.i>
<leafNode name="port">
<defaultValue>53</defaultValue>
</leafNode>
<leafNode name="negative-ttl">
<properties>
<help>Maximum amount of time negative entries are cached</help>
<valueHelp>
<format>u32:0-7200</format>
<description>Seconds to cache NXDOMAIN entries</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 0-7200"/>
</constraint>
</properties>
<defaultValue>3600</defaultValue>
</leafNode>
<leafNode name="timeout">
<properties>
<help>Number of milliseconds to wait for a remote authoritative server to respond</help>
<valueHelp>
<format>u32:10-60000</format>
<description>Network timeout in milliseconds</description>
</valueHelp>
<constraint>
<validator name="numeric" argument="--range 10-60000"/>
</constraint>
</properties>
<defaultValue>1500</defaultValue>
</leafNode>
#include <include/name-server-ipv4-ipv6-port.xml.i>
<leafNode name="source-address">
<properties>
<help>Local addresses from which to send DNS queries</help>
<completionHelp>
<script>${vyos_completion_dir}/list_local_ips.sh --both</script>
</completionHelp>
<valueHelp>
<format>ipv4</format>
<description>IPv4 address from which to send traffic</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
<description>IPv6 address from which to send traffic</description>
</valueHelp>
<multi/>
<constraint>
<validator name="ip-address"/>
</constraint>
</properties>
<defaultValue>0.0.0.0 ::</defaultValue>
</leafNode>
<leafNode name="system">
<properties>
<help>Use system name servers</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/op-mode-definitions/dns-dynamic.xml.in b/op-mode-definitions/dns-dynamic.xml.in
index 8047d55cd..4f0399964 100644
--- a/op-mode-definitions/dns-dynamic.xml.in
+++ b/op-mode-definitions/dns-dynamic.xml.in
@@ -1,75 +1,102 @@
<?xml version="1.0"?>
<interfaceDefinition>
+ <node name="monitor">
+ <children>
+ <node name="log">
+ <children>
+ <node name="dns">
+ <properties>
+ <help>Monitor last lines of Domain Name System (DNS) related services</help>
+ </properties>
+ <children>
+ <node name="dynamic">
+ <properties>
+ <help>Monitor last lines of Dynamic DNS update service</help>
+ </properties>
+ <command>journalctl --no-hostname --follow --boot --unit ddclient.service</command>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
<node name="show">
<children>
<node name="log">
<children>
<node name="dns">
+ <properties>
+ <help>Show log for Domain Name System (DNS) related services</help>
+ </properties>
<children>
<node name="dynamic">
<properties>
- <help>Show log for dynamic DNS</help>
+ <help>Show log for Dynamic DNS update service</help>
</properties>
- <command>cat $(printf "%s\n" /var/log/messages* | sort -nr) | grep -e "ddclient"</command>
+ <command>journalctl --no-hostname --boot --unit ddclient.service</command>
</node>
</children>
</node>
</children>
</node>
<node name="dns">
<properties>
- <help>Show DNS information</help>
+ <help>Show Domain Name System (DNS) related information</help>
</properties>
<children>
<node name="dynamic">
<properties>
<help>Show Dynamic DNS information</help>
</properties>
<children>
<leafNode name="status">
<properties>
<help>Show Dynamic DNS status</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/dns_dynamic.py --status</command>
</leafNode>
</children>
</node>
</children>
</node>
</children>
</node>
<node name="restart">
<children>
<node name="dns">
+ <properties>
+ <help>Restart specific Domain Name System (DNS) related service</help>
+ </properties>
<children>
<node name="dynamic">
<properties>
<help>Restart Dynamic DNS service</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/dns_dynamic.py --update</command>
</node>
</children>
</node>
</children>
</node>
<node name="update">
<properties>
<help>Update data for a service</help>
</properties>
<children>
<node name="dns">
<properties>
- <help>Update DNS information</help>
+ <help>Update Domain Name System (DNS) related information</help>
</properties>
<children>
<node name="dynamic">
<properties>
<help>Update Dynamic DNS information</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/dns_dynamic.py --update</command>
</node>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/op-mode-definitions/dns-forwarding.xml.in b/op-mode-definitions/dns-forwarding.xml.in
index c8ca117be..a4c650c38 100644
--- a/op-mode-definitions/dns-forwarding.xml.in
+++ b/op-mode-definitions/dns-forwarding.xml.in
@@ -1,112 +1,112 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="monitor">
<children>
<node name="log">
<children>
<node name="dns">
<properties>
- <help>Monitor last lines of Domain Name Service (DNS)</help>
+ <help>Monitor last lines of Domain Name System (DNS) related services</help>
</properties>
<children>
<node name="forwarding">
<properties>
<help>Monitor last lines of DNS forwarding</help>
</properties>
<command>journalctl --no-hostname --follow --boot --unit pdns-recursor.service</command>
</node>
</children>
</node>
</children>
</node>
</children>
</node>
<node name="show">
<children>
<node name="log">
<children>
<node name="dns">
<properties>
- <help>Show log for Domain Name Service (DNS)</help>
+ <help>Show log for Domain Name System (DNS) related services</help>
</properties>
<children>
<node name="forwarding">
<properties>
<help>Show log for DNS Forwarding</help>
</properties>
<command>journalctl --no-hostname --boot --unit pdns-recursor.service</command>
</node>
</children>
</node>
</children>
</node>
<node name="dns">
<properties>
- <help>Show DNS information</help>
+ <help>Show Domain Name System (DNS) related information</help>
</properties>
<children>
<node name="forwarding">
<properties>
<help>Show DNS forwarding information</help>
</properties>
<children>
<leafNode name="statistics">
<properties>
<help>Show DNS forwarding statistics</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/dns.py show_forwarding_statistics</command>
</leafNode>
</children>
</node>
</children>
</node>
</children>
</node>
<node name="restart">
<children>
<node name="dns">
<properties>
- <help>Restart specific DNS service</help>
+ <help>Restart specific Domain Name System (DNS) related service</help>
</properties>
<children>
<leafNode name="forwarding">
<properties>
<help>Restart DNS forwarding service</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/dns_forwarding_restart.sh</command>
</leafNode>
</children>
</node>
</children>
</node>
<node name="reset">
<children>
<node name="dns">
<properties>
- <help>Reset a DNS service state</help>
+ <help>Reset Domain Name System (DNS) related service state</help>
</properties>
<children>
<node name="forwarding">
<properties>
<help>Reset DNS forwarding cache</help>
</properties>
<children>
<tagNode name="domain">
<command>sudo ${vyos_op_scripts_dir}/dns_forwarding_reset.py $5</command>
<properties>
<help>Reset DNS forwarding cache for a domain</help>
</properties>
</tagNode>
<leafNode name="all">
<command>sudo ${vyos_op_scripts_dir}/dns_forwarding_reset.py --all</command>
<properties>
<help>Reset DNS forwarding cache</help>
</properties>
</leafNode>
</children>
</node>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/src/conf_mode/dns_dynamic.py b/src/conf_mode/dns_dynamic.py
index e070a3502..67134e681 100755
--- a/src/conf_mode/dns_dynamic.py
+++ b/src/conf_mode/dns_dynamic.py
@@ -1,138 +1,142 @@
#!/usr/bin/env python3
#
# Copyright (C) 2018-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
from sys import exit
from vyos.config import Config
from vyos.configdict import dict_merge
from vyos.template import render
from vyos.util import call
from vyos.xml import defaults
from vyos import ConfigError
from vyos import airbag
airbag.enable()
config_file = r'/run/ddclient/ddclient.conf'
systemd_override = r'/run/systemd/system/ddclient.service.d/override.conf'
# Protocols that require zone
zone_allowed = ['cloudflare', 'godaddy', 'hetzner', 'gandi', 'nfsn']
# Protocols that do not require username
username_unnecessary = ['1984', 'cloudflare', 'cloudns', 'duckdns', 'freemyip', 'hetzner', 'keysystems', 'njalla']
# Protocols that support both IPv4 and IPv6
dualstack_supported = ['cloudflare', 'dyndns2', 'freedns', 'njalla']
def get_config(config=None):
if config:
conf = config
else:
conf = Config()
base_level = ['service', 'dns', 'dynamic']
if not conf.exists(base_level):
return None
dyndns = conf.get_config_dict(base_level, key_mangling=('-', '_'), get_first_key=True)
if 'address' in dyndns:
for address in dyndns['address']:
# Apply service specific defaults (svc_type = ['rfc2136', 'service'])
for svc_type in dyndns['address'][address]:
default_values = defaults(base_level + ['address', svc_type])
for svc_cfg in dyndns['address'][address][svc_type]:
dyndns['address'][address][svc_type][svc_cfg] = dict_merge(
default_values, dyndns['address'][address][svc_type][svc_cfg])
dyndns['config_file'] = config_file
return dyndns
def verify(dyndns):
# bail out early - looks like removal from running config
if not dyndns or 'address' not in dyndns:
return None
for address in dyndns['address']:
# RFC2136 - configuration validation
if 'rfc2136' in dyndns['address'][address]:
for config in dyndns['address'][address]['rfc2136'].values():
for field in ['host_name', 'zone', 'server', 'key']:
if field not in config:
raise ConfigError(f'"{field.replace("_", "-")}" is required for RFC2136 '
f'based Dynamic DNS service on "{address}"')
# Dynamic DNS service provider - configuration validation
if 'service' in dyndns['address'][address]:
for service, config in dyndns['address'][address]['service'].items():
error_msg = f'is required for Dynamic DNS service "{service}" on "{address}"'
for field in ['host_name', 'password', 'protocol']:
if field not in config:
raise ConfigError(f'"{field.replace("_", "-")}" {error_msg}')
if config['protocol'] in zone_allowed and 'zone' not in config:
raise ConfigError(f'"zone" {error_msg}')
if config['protocol'] not in zone_allowed and 'zone' in config:
raise ConfigError(f'"{config["protocol"]}" does not support "zone"')
if config['protocol'] not in username_unnecessary:
if 'username' not in config:
raise ConfigError(f'"username" {error_msg}')
if config['ip_version'] == 'both':
if config['protocol'] not in dualstack_supported:
raise ConfigError(f'"{config["protocol"]}" does not support '
f'both IPv4 and IPv6 at the same time')
# dyndns2 protocol in ddclient honors dual stack only for dyn.com (dyndns.org)
if config['protocol'] == 'dyndns2' and 'server' in config and config['server'] != 'members.dyndns.org':
raise ConfigError(f'"{config["protocol"]}" does not support '
f'both IPv4 and IPv6 at the same time for "{config["server"]}"')
return None
def generate(dyndns):
# bail out early - looks like removal from running config
if not dyndns or 'address' not in dyndns:
return None
render(config_file, 'dns-dynamic/ddclient.conf.j2', dyndns)
render(systemd_override, 'dns-dynamic/override.conf.j2', dyndns)
return None
def apply(dyndns):
+ systemd_service = 'ddclient.service'
+ # Reload systemd manager configuration
+ call('systemctl daemon-reload')
+
# bail out early - looks like removal from running config
if not dyndns or 'address' not in dyndns:
- call('systemctl stop ddclient.service')
+ call(f'systemctl stop {systemd_service}')
if os.path.exists(config_file):
os.unlink(config_file)
else:
- call('systemctl restart ddclient.service')
+ call(f'systemctl reload-or-restart {systemd_service}')
return None
if __name__ == '__main__':
try:
c = get_config()
verify(c)
generate(c)
apply(c)
except ConfigError as e:
print(e)
exit(1)