Community discussions

MikroTik App
 
DejanAgain
just joined
Topic Author
Posts: 10
Joined: Fri May 10, 2019 12:01 am

dns-update on 7.1.1

Mon Jan 03, 2022 4:29 am

Hi,

Because I need OpenVPN today have migrated routerOS 6.x to 7.1.1

Well known script for dns-update on following line is responding "parameter missing"
/tool dns-update name=$ddnshost address=[:pick $ddnsip 0 [:find $ddnsip "/"] ] key-name=$ddnsuser key=$ddnspass

After adding for testing to command line " dns-server=45.79.87.114" getiing error :
"reply not signed"
(45.79.87.114 is primary dns for freeddns.com)

Anyone have idea what I can do to get dns-update working ?

Thank you in advance


BTW.
This is x86, don't tell me to use Ip/Cloud because option does not exists
 
DejanAgain
just joined
Topic Author
Posts: 10
Joined: Fri May 10, 2019 12:01 am

Re: dns-update on 7.1.1

Tue Jan 04, 2022 6:34 pm

Well, I've made this working but by my understanding :

- dns-update is broken
- still would like to understand where from is comming "reply not signed"

And for anyone who need to made this working, in my case for changeip, fetch is still working and on their web site is instruction how to use http://, so I've made this to work next way :
:local ddnsurl ("http://nic.ChangeIP.com/nic/update\3Fip=" . $ddnsip . "&hostname=" . $ddnshost)
/tool fetch url=$ddnsurl user=$ddnsuser password=$ddnspass dst-path=ddns-res.txt
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: dns-update on 7.1.1

Fri Jan 07, 2022 8:55 pm

From what I see, dns-update in v6 has undocumented support for changeip.com. You can omit "dns-server" and "zone" parameters and router then sends some request to https://nic.changeip.com, instead of doing regular DNS update (= request to DNS server on port 53). In v7, this was either removed, or "dns-server" and "zone" were made mandatory by mistake. Only MikroTik knows which one it is.
Yours look like correct solution, only you should rather use https://nic.changeip.com and check-certificate=yes, for which you need to import root certificate used by changeip.com. It's "USERTrust RSA Certification Authority", which you can get from https://sectigo.com/knowledge-base/deta ... 000000rfBO, or from your web browser, if you visit https://nic.changeip.com/nic/update and find it in website details.

Who is online

Users browsing this forum: No registered users and 23 guests