DNSExit: Updater breaks when provided with a zone and a non-identical hostname (bug)

[jortkoopmans]

Description

When a configuration is provided with a zone and a hostname that is not identical to the zone, the updater fails. This issue was introduced with the implementation of the dnsexit provider, due to a misunderstanding of how the dnsexit API expects updates for 'subdomains'. This bug has been confirmed via the report here: opnsense/plugins

Steps to reproduce

1. Provide a configuration with a zone and a hostname that is not identical to the zone.
2. Run the updater.

Expected behavior

The updater should produce the following JSON call for host host1.myroot.publicvm.com on zone myroot.publicvm.com:

{
"domain":"myroot.publicvm.com",
"apikey":"myApiKey"
"update":
  [{
    "ttl":5,
    "type":"A",
    "content":"1.2.3.4",
     "name":"host1"
   }]
}

Actual behavior

Currently, the name field is identical to the full hostname, which does not work.
Note that for calls with identical name and zone, this does work, as does an empty name with a zone that contains a root hostname (i.e. myroot.publicvm.com)

Proposed solution

The issue can be fixed by:

• Only providing the 'hostname' part on the name field in the update block, by trimming it from the zone (if provided).
• Ensuring that this fix does not break other use cases (simple hostname only, without zone, hostname and zone being equal). Also handling ipv4 and ipv6 which must be done in a single call.

I will propose a solution shortly.

[rhansen]

@jortkoopmans

Currently, the name field is identical to the full hostname, which does not work.

So the documentation at https://dnsexit.com/dns/dns-api/ is wrong? Their documentation explicitly says that it is OK to either include or exclude the domain (zone). If their documentation is wrong, please also file a bug report with them to fix their documentation or their service.

Note that for calls with identical name and zone, this does work, as does an empty name with a zone that contains a root hostname (i.e. myroot.publicvm.com)

#674 uses the full host name for name when the zone setting equals the host name. Please confirm that that is the preferred behavior.

[DiSHTiX]

@jortkoopmans

Currently, the name field is identical to the full hostname, which does not work.

So the documentation at https://dnsexit.com/dns/dns-api/ is wrong? Their documentation explicitly says that it is OK to either include or exclude the domain (zone). If their documentation is wrong, please also file a bug report with them to fix their documentation or their service.

Note that for calls with identical name and zone, this does work, as does an empty name with a zone that contains a root hostname (i.e. myroot.publicvm.com)

#674 uses the full host name for name when the zone setting equals the host name. Please confirm that that is the preferred behavior.

This only works for updating the top-level ddns domain ie. myroot.publicvm.com.
For subdomains ie. amsterdam.myroot.publicvm.com requires the 'zone' = 'myroot.publicvm.com' but currently the script tries to use 'amsterdam.myroot.publicvm.com' which fails as it does not exist.

Its better explained here, incl. response from DNSexit themselves.
#opnsense/plugins#3712 (comment)

[rhansen]

These are the cases (JSON to DNSExit) I need to understand:

• domain = "domain.publicvm.com" and name = "": This IS supported, and updates domain.publicvm.com.
• domain = "domain.publicvm.com" and name = "domain.publicvm.com": This IS supported, and updates domain.publicvm.com.
• domain = "domain.publicvm.com" and name = "host.domain.publicvm.com": This is NOT supported, contrary to DNSExit's own documentation.
• domain = "domain.publicvm.com" and name = "host": This IS supported, and updates host.domain.publicvm.com.
• domain = "host.domain.publicvm.com" and name = "host.domain.publicvm.com". This IS supported, and updates host.domain.publicvm.com.
• domain = "host.domain.publicvm.com" and name = "". This IS supported, and updates host.domain.publicvm.com.

@DiSHTiX Can you confirm that the above is complete and correct?