[Feature Request] Per Subdomain Secret

Question

[Feature Request] Per Subdomain Secret

sebthom opened this issue 4 years ago · 1 comments

Please add the ability to specify a dedicated secret for a given subdomain.

E.g. via environment variable

docker run -it -d \
    -p 8080:8080 \
    -p 53:53 \
    -p 53:53/udp \
    -e SHARED_SECRET=changeme \
    -e SECRET_mysubdomain1=changeme1 \
    -e SECRET_mysubdomain2=changeme2 \
    -e ZONE=example.org \
    -e RECORD_TTL=3600 \
    --name=dyndns \
    davd/docker-ddns:latest

Answer 1 · 2020-08-28T22:03:14.000Z

I created a pull request #59 where it is possible to use ddnskeys to have restricted access to a subdomain as defined in the zone file with update-policy. The shared secret will be still the same for all domains but further checking is done by the bind9 server with the ddnskey. Therefor you have to make sure that the default ist to not have access without a ddnykey.

This method may break compatibility with existing systems since it adds a variable to the request. For the future it may be a good idea to remove the current "shared secret check" and replace it with ddnskeys in a way to keep compatibility. By using ddnskeys we can archive ACL by delegating the task to the bind9 server itself.

But there is not much support for it right now and to get it to work requires some manual adjustments.