Attempting a Gandi LiveDNS update, I received the following error:
WARNING: cannot connect to api.gandi.net:443 socket: IO::Socket::SSL: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed IO::Socket::INET configuration failed error:00000000:lib(0):func(0):reason(0)
This was on my EdgeOS router. It probably was missing the proper
certificate authority chain to validate the SSL certificate, or perhaps
Gandi's certificate had expired. Either way, disabling the host
verification was the easiest way to fix the problem and get the update
to actually work successfully.
Since the magic EdgeOS commands to configure this are not obvious,
here's how to configure Gandi LiveDNS on EdgeOS, if the WAN interface
(to the Internet) is on eth0:
configure
delete service dns dynamic interface eth0
set service dns dynamic interface eth0 service custom-gandi protocol gandi
set service dns dynamic interface eth0 service custom-gandi login dummy
set service dns dynamic interface eth0 service custom-gandi password GANDI_API_KEY
set service dns dynamic interface eth0 service custom-gandi options zone=DOMAIN_NAME,ttl=5m
set service dns dynamic interface eth0 service custom-gandi host-name HOSTNAME
commit; save; exit
update dns dynamic interface eth0
show dns dynamic status
For the host-name parameter, a comma-separated list can be used to
update multiple hostnames to the dynamic IP address, and "@" can be used
as a hostname to update the IP address associated with the domain itself
(which must be specified in the zone=DOMAIN_NAME parameter).
If the "ttl" option is not specified, it will default to 3 hours;
Gandi's minimum TTL supported is 5 minutes.
In nic_gandi_update(), calling geturl() with a hash parameter is
incorrect usage, because geturl() calls either fetch_via_curl(@_) or
fetch_via_socket_io(@_), both of which contain "my %params = @_;" --
this causes a "Reference found where even-sized list expected" error
because @_ needs to be a list of key-value pairs to be assigned to
%params, not a reference to a hash containing those key-value pairs.
The fix is simply to remove the braces around the list of key-value
pairs from the geturl() parameters.
There is no way the user can meaningfully set `if-skip` because the
user doesn't have control over how ddclient reads an interface's
settings (ddclient could theoretically run `ip addr show`, run
`ifconfig`, read a file in `/dev`, make a system call, use a Perl
library, etc.).
Allow update of a DNS record hosted by the Gandi LiveDNS service.
Signed-off-by: Jimmy Thrasibule <jimmy.thrasibule@orange.com>
Reviewed-by: Richard Hansen <rhansen@rhansen.org>
Adapt `header_ok` to return success for any HTTP 2xx code.
Signed-off-by: Jimmy Thrasibule <jimmy.thrasibule@orange.com>
Reviewed-by: Richard Hansen <rhansen@rhansen.org>
