Allow Update Domain #4

Author: kimbtech

README.md

@@ -8,16 +8,17 @@ for https://github.com/KIMB-technologies/Radio-API
 
 The configuration is done using env variables.
 
-- `SERVER_BIND` *(optional)* The IP address the server binds on, if not set, 0.0.0.0 is used to bind on all interfaces.
-- `SERVER_PORT` *(optional)* The port which is used for the DNS server, should always be the default 53 (unless for testing).
-- `SERVER_UPSTREAM` *(optional)* The upstream DNS server, where DNS answers are fetched from 
+- `SERVER_BIND` *(optional, default `0.0.0.0`)* The IP address the server binds on. `0.0.0.0` binds on all interfaces.
+- `SERVER_PORT` *(optional, default `53`)* The port which is used for the DNS server, should always be the default `53` (unless for testing).
+- `SERVER_UPSTREAM` *(optional, default `8.8.8.8`)* The upstream DNS server, where DNS answers are fetched from 
 - `RADIO_DOMAIN` *(required, if `RADIO_IP` not set)* The domain where the [Radio-API](https://github.com/KIMB-technologies/Radio-API) can be found.
 	The DNS server will return the `A` record of this domain for all queries containing `wifiradiofrontier.com`. 
 - `RADIO_IP` *(required, if `RADIO_DOMAIN` not set)* The ip address where the [Radio-API](https://github.com/KIMB-technologies/Radio-API) can be found.
 	The DNS server will return this IP for all queries containing `wifiradiofrontier.com`. 
 	If `RADIO_DOMAIN` is set, it will be used. If `RADIO_DOMAIN` is not set, `RADIO_IP` will be used!
-- `ALLOWED_DOMAIN` *(optional)* Normally a DNS resolver will answer all queries from all sources. This can be a security risk, so one should only answer the queries from trusted sources. One can give a list (domain names divided by `,`) of domain name here, only queries from the corresponding `A` records will be answered then.  **The default value is `all` which means all sources are trusted. E.g. for testing and usage in local networks.** (Normally giving your DynDNS name is right; More domain names lead to a higher response time to queries.)
-- `TIME_SERVER` *(optional)* If the DNS server is queried for `time.wifiradiofrontier.com` it will answer with the `A` record of this domain. So one does not have to host an own NTP server at `RADIO_DOMAIN`. Per default some time server is used.
+- `ALLOWED_DOMAIN` *(optional, default `all`)* Normally a DNS resolver will answer all queries from all sources. This can be a security risk, so one should only answer the queries from trusted sources. One can give a list (domain names divided by `,`) of domain name here, only queries from the corresponding `A` records will be answered then.  **The default value is `all` which means all sources are trusted. E.g. for testing and usage in local networks.** (Normally giving your DynDNS name is right; More domain names lead to a higher response time to queries.)
+- `TIME_SERVER` *(optional, default `ntp0.fau.de`)* If the DNS server is queried for `time.wifiradiofrontier.com` it will answer with the `A` record of this domain. So one does not have to host an own NTP server at `RADIO_DOMAIN`. Per default some time server is used.
+- `ENABLE_UPDATE` *(optional, default `false`)* Set to `true` to enable responding to DNS queries for `update.wifiradiofrontier.com` with the `A` record of `update.wifiradiofrontier.com` instead of the ip of Radio-API. (This will allow the radio to do updates. Performing updates is a trade-off between risking changes to the API, that may prevent Radio-API from working, and bug fixes and security implications for the radio's software.)
 
 Run using the [**Docker-compose Example**](./docker-compose.yml)!
 

VERSION

@@ -1,3 +1,3 @@
 2
 2.1
-2.1.0
+2.1.1

dns/config.py

@@ -23,6 +23,7 @@ def _load_data(cls):
 			"UPSTREAM": str(os.getenv("SERVER_UPSTREAM", "8.8.8.8")),
 			"RADIO": str(os.getenv("RADIO_DOMAIN", os.getenv("RADIO_IP", None))),
 			"TIME" : str(os.getenv("TIME_SERVER", "ntp0.fau.de")),
+			"UPDATE" : bool(os.getenv("ENABLE_UPDATE", "false") == "true"),
 			"ALLOWED" : str(os.getenv("ALLOWED_DOMAIN", "all")),
 			"DEVMODE" : bool(os.getenv("DEVMODE", "false") == "true")
 		}

dns/hama.py

@@ -10,6 +10,7 @@ class Hama():
 
 	_DOMAIN = "wifiradiofrontier.com."
 	_TIME_DOMAIN = "time.wifiradiofrontier.com."
+	_UPDATE_DOMAIN = "update.wifiradiofrontier.com."
 
 	def __init__(self):
 		self.do_lookup = Config["DO_LOOKUP"]
@@ -25,6 +26,8 @@ def match_domain(self, question:DNSQuestion) -> bool:
 	def fetch_answer(self, question:DNSQuestion) -> Union[RR, None]:
 		if question.qname.matchSuffix(self._TIME_DOMAIN):
 			ip_address = DNSClient.resolve_a(Config["TIME"])
+		elif Config["UPDATE"] and question.qname.matchSuffix(self._UPDATE_DOMAIN):
+			ip_address = DNSClient.resolve_a(self._UPDATE_DOMAIN)
 		else:
 			ip_address = DNSClient.resolve_a(Config["RADIO"]) if self.do_lookup else Config["RADIO"]
 

docker-compose.dev.yml

@@ -18,4 +18,5 @@ services:
       - RADIO_IP=192.168.0.41
       - ALLOWED_DOMAIN=all
       - TIME_SERVER=ntp0.fau.de
+      - ENABLE_UPDATE=true
     restart: always

docker-compose.yml

@@ -13,4 +13,5 @@ services:
       #- RADIO_IP=192.168.0.41 # the place where https://github.com/KIMB-technologies/Radio-API ist hosted (if only available via IP and no domain, comment RADIO_DOMAIN)
       - ALLOWED_DOMAIN=home.example.com,home2.example.com # the domains of the home routers (DynDNS) as list divided by ',' or 'all' to allow all sources for the requests
       - TIME_SERVER=ntp0.fau.de # the NTP time server used by the radio (may be changed)
+      - ENABLE_UPDATE=false # set to true to enable dns resolving of update server for radios
     restart: unless-stopped

docker/Dockerfile

@@ -3,8 +3,8 @@ FROM alpine
 ARG H_UID=1000
 ARG H_GID=1000
 
-RUN apk add --no-cache --update -X http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-      python3 py3-pip libcap libcap2 py3-dnslib
+RUN apk add --no-cache --update python3 py3-pip libcap libcap2 \
+      && pip3 install --break-system-packages --no-cache-dir dnslib
 
 # setup system and user
 RUN ln -s /usr/bin/python3 /usr/local/bin/python \