search

virtualmin / virtualmin-gpl

Virtualmin web hosting control panel for Webmin
https://www.virtualmin.com
GNU General Public License v3.0
313 stars 97 forks source link

Dynamic DNS, dns rewriter script Extremely odd issue, looking for advice #274

Open abclution opened 3 years ago

abclution commented 3 years ago

So on my internal development virtualmin box, I am on a home (dynamic dns) connection with a complete shit LTE router Huawei HA-35. This router on every single reboot, tries to inject its own SSL certificate chain due to its parental filtering "abilities", returning for any http/https some certificate nonsense. Many apps freak out during the first couple minutes, for example nextcloud sync client complains it is being asked to accept a certificate that is not in my cert store and would I like to accept it.

It (the router) always does this on the first minute or so after a reboot and then afterwards gives up.

The problem is that I have discovered is that the dynamic dns updater script of virtualmin, where it updates all the DNS records for the new external address does NOT do enough sanity checking. And how it checks it actually dumps whatever output it gets into the DNS records if it differs from the previous values.

Yes, the problem is the SSL certificate injection, but the bastards providing the router have locked down the ability to enable or disable this feature. Here is an example of the chaos it causes, this is 2 a records graabbed raw from the dns configuration.

Since the dynamic updater doesn't check to make sure its being returned just an IP address, perhaps this can / should be done.

Thankfully I only had to fix dns records of 3-4 vhosts but it was still a fng mess.

www.confluence.internal.domain.gr.  IN  A   "<!DOCTYPE html><!--[if lt IE 7 ]><html lang="en" class="ie6"><![endif]--><!--[if IE 7 ]><html lang="en" class="ie7"><![endif]--><!--[if IE 8 ]><html lang="en" class="ie8"><![endif]--><!--[if IE 9 ]><html lang="en" class="ie9"><![endif]--><!--[if (gt IE 9)|!(IE)]><!--><html lang="en"><!--<![endif]--><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" ><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="description" content=""><meta name="author" content=""><meta name="csrf_param" content="hEREC3aBnKHoZayYiGGgbzVJEsBFEba9"/><meta name="csrf_token" content="MHQ8Xj55J60AcyTexLu0VWa06o9l9B06"/><meta name="n" content="b40c16cc7883227615f14f21d1e4154f9e79a973700c5160992947541aab073bfd1f4d1079c685843032d3a8194d65fc6d102d155c9ec322262e8d6d8fd5b557678bbf8b2a42a521d7722d8cc1ab176d6d0859eb57f76e56d937d1107c0261d9a739b7c09d745fff69f8e8c9e3148e26fe170192985ee9d47154ec0fff03729dbbe966e96514ec97301661fddad3240ca56cd4e228939c0bfb615db342556357e6518246faab43e819486077aff4225db09fc3b4d4c7dad23032da369ad28fe12b15280af304202a706ea00835256c643664ff587d3fccd9f5eccd0495607ccf127c007b51f605c028326f6aab6ee4aec6afcea09fcf598e839f1d3cf04d3503"/><meta name="e" content="010001"/><meta name="chap_challenge" content="D91cE5bE55CBC9cF78Cf5e677DEc1eF44E61e6DC4CCDB9f02F0D"/><title></title><link type="text/css" href="/css/cat_public.css.cgz?HA35HA35V100R019C00SPC0021234567890" rel="stylesheet"><!--[if lt IE 9]><script type="text/javascript" language="javascript" src="/js/html5.js?HA35HA35V100R019C00SPC0021234567890"></script><![endif]--><!--[if lt IE 7]><script type="text/javascript" language="javascript" src="/lib/DD_belatedPNG_0.0.8a-min.js?HA35HA35V100R019C00SPC0021234567890"></script><![endif]--><script language="JavaScript" type="text/javascript">var g_Lang = new Array();g_Lang[0] = {lang:"ar", title:"Arabia"};g_Lang[1] = {lang:"da", title:"Danish"};g_Lang[2] = {lang:"fi", title:"Finnish"};</script></head><body data-spy="scroll" data-target=".bs-docs-sidebar"><div id="fixtop" class="navbar navbar-fixed-top"><div class="container top_div"><ul class="nav pull-left logo_png"><li class="pull-left"><div id="huaweilogo" class="ic-logo ie6image"></div></li><li id="width_product_title" class="pull-left product_title"></li></ul><div id="lang"></div></div><div class="container shadow height_52 top_menu_back_img" id="menu_test"></div></div><div id="submit_light" class="submit_white_content rounddiv"></div><div id="submit_fade" class="submit_black_overlay hide" style="filter:alpha(opacity=50); opacity:0.5;"></div><div class="main-container">    <div class="container"><div id="container"></div></div></div><script language="JavaScript" type="text/javascript">var g_userLevel = 0;var g_curcountrycode= "OTE";var g_userLang = "en";</script><script type="text/x-handlebars" data-template-name="lang"><div class="nav-collapse collapse paddingtop_10">{{view  Atp.ProductDividerLineView}}<ul class="nav pull-right lang-title-width"><li class="pull-left text_center paddingleft_10 ie6margintop_10"><a id="loginusername"></a></li> <li class="pull-left text_center paddingleft_10">&nbsp;</li><li class="marginright_5 text_center paddingleft_10">&nbsp;</li></ul></div></script><script type="text/x-handlebars" data-template-name="container"><div class="row rounddiv wizard_config_div">{{view Atp.InternetWizardHeader}}<div id="contentPage"><div class="internet_config">{{view Atp.DetectContainerView}}</div></div></div></script><div class="navbar navbar-fixed-bottom"><footer><div id="foot" class="container"><script type="text/x-handlebars" data-template-name="foot">{{view Atp.footerview}}</script></div><div id="heartbeat"></div></footer></div><div id="backgroundPopup" class="submit_black_overlay hide" style="filter:alpha(opacity=50); opacity:0.5;"></div><div id="output_login" class="outputwin hide index_page_us_ps_div" style="_margin-left:0px;"></div><script type="text/x-handlebars" data-template-name="heartbeat">{{view Atp.HeartbeatView}}</script><!--[if lt IE 8 ]><script type="text/javascript" language="javascript" src="/lib/json.js?HA35HA35V100R019C00SPC0021234567890"></script><![endif]--><script type="text/javascript" language="javascript" src="/lib/cat_jquery.js.jgz?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/lib/cat_liblayout.js.jgz?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/lib/cat_enc.js.jgz?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/lib/sha1.js?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/lib/pbkdf2.js?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/lib/sjcl.js?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/lang/en/menu_res.js?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/lib/cat_exember.js.jgz?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/atpscriptall_/lib/base64.js/lang/en/wizard_res.js/lang/en/pin_res.js/lang/en/wan_res.js/lang/en/user_login_res.js/lang/en/user_account_res.js/lib/base64.js/js/pin.js/js/link.js/js/wizardwan.js/js/pvcscan.js/js/changeaccount.js?HA35HA35V100R019C00SPC0021234567890"></script><script language="JavaScript" type="text/javascript">$(document).ready(function() {pageload();$("#home_menu").live("click",function() {showLoginWindow();go_aim = 2;});$("#internet_settings_menu").live("click",function(){showLoginWindow();go_aim =3;});$("#homenetwork_settings_menu").live("click",function(){showLoginWindow();go_aim = 4});$("#sharing_settings_menu").live("click",function(){showLoginWindow();go_aim =5;});$("#maintain_settings_menu").live("click",function(){showLoginWindow();go_aim = 6;});$("#telephone_settings_menu").live("click",function(){showLoginWindow();go_aim = 9;});$("#index_window").live("click",function(){utilCloseDialog("output_login");});});</script><script language="JavaScript" type="text/javascript">$(document).ready(function(){var productname = "";Atp.WebuiCustomizeController.load(function(){if(0 != g_userLevel && "" != window.location.hash) {Atp.ProfileSwitchController.load();}});if("undefined" != typeof(Atp.WebuiCustomizeController.content.htmltitle)) {productname = Atp.WebuiCustomizeController.content.htmltitle;}if("" != productname){document.title = productname;$("#width_product_title").text(productname);}Atp.AdminNameController.load();Atp.WebuiCapacityController.load(function(){load_sysmenu();});Ember.View.create({templateName: 'container'}).appendTo('#container');});</script></body></html>"
ftp.confluence.internal.domain.gr.  IN  A   "<!DOCTYPE html><!--[if lt IE 7 ]><html lang="en" class="ie6"><![endif]--><!--[if IE 7 ]><html lang="en" class="ie7"><![endif]--><!--[if IE 8 ]><html lang="en" class="ie8"><![endif]--><!--[if IE 9 ]><html lang="en" class="ie9"><![endif]--><!--[if (gt IE 9)|!(IE)]><!--><html lang="en"><!--<![endif]--><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" ><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="description" content=""><meta name="author" content=""><meta name="csrf_param" content="hEREC3aBnKHoZayYiGGgbzVJEsBFEba9"/><meta name="csrf_token" content="MHQ8Xj55J60AcyTexLu0VWa06o9l9B06"/><meta name="n" content="b40c16cc7883227615f14f21d1e4154f9e79a973700c5160992947541aab073bfd1f4d1079c685843032d3a8194d65fc6d102d155c9ec322262e8d6d8fd5b557678bbf8b2a42a521d7722d8cc1ab176d6d0859eb57f76e56d937d1107c0261d9a739b7c09d745fff69f8e8c9e3148e26fe170192985ee9d47154ec0fff03729dbbe966e96514ec97301661fddad3240ca56cd4e228939c0bfb615db342556357e6518246faab43e819486077aff4225db09fc3b4d4c7dad23032da369ad28fe12b15280af304202a706ea00835256c643664ff587d3fccd9f5eccd0495607ccf127c007b51f605c028326f6aab6ee4aec6afcea09fcf598e839f1d3cf04d3503"/><meta name="e" content="010001"/><meta name="chap_challenge" content="D91cE5bE55CBC9cF78Cf5e677DEc1eF44E61e6DC4CCDB9f02F0D"/><title></title><link type="text/css" href="/css/cat_public.css.cgz?HA35HA35V100R019C00SPC0021234567890" rel="stylesheet"><!--[if lt IE 9]><script type="text/javascript" language="javascript" src="/js/html5.js?HA35HA35V100R019C00SPC0021234567890"></script><![endif]--><!--[if lt IE 7]><script type="text/javascript" language="javascript" src="/lib/DD_belatedPNG_0.0.8a-min.js?HA35HA35V100R019C00SPC0021234567890"></script><![endif]--><script language="JavaScript" type="text/javascript">var g_Lang = new Array();g_Lang[0] = {lang:"ar", title:"Arabia"};g_Lang[1] = {lang:"da", title:"Danish"};g_Lang[2] = {lang:"fi", title:"Finnish"};</script></head><body data-spy="scroll" data-target=".bs-docs-sidebar"><div id="fixtop" class="navbar navbar-fixed-top"><div class="container top_div"><ul class="nav pull-left logo_png"><li class="pull-left"><div id="huaweilogo" class="ic-logo ie6image"></div></li><li id="width_product_title" class="pull-left product_title"></li></ul><div id="lang"></div></div><div class="container shadow height_52 top_menu_back_img" id="menu_test"></div></div><div id="submit_light" class="submit_white_content rounddiv"></div><div id="submit_fade" class="submit_black_overlay hide" style="filter:alpha(opacity=50); opacity:0.5;"></div><div class="main-container">    <div class="container"><div id="container"></div></div></div><script language="JavaScript" type="text/javascript">var g_userLevel = 0;var g_curcountrycode= "OTE";var g_userLang = "en";</script><script type="text/x-handlebars" data-template-name="lang"><div class="nav-collapse collapse paddingtop_10">{{view  Atp.ProductDividerLineView}}<ul class="nav pull-right lang-title-width"><li class="pull-left text_center paddingleft_10 ie6margintop_10"><a id="loginusername"></a></li> <li class="pull-left text_center paddingleft_10">&nbsp;</li><li class="marginright_5 text_center paddingleft_10">&nbsp;</li></ul></div></script><script type="text/x-handlebars" data-template-name="container"><div class="row rounddiv wizard_config_div">{{view Atp.InternetWizardHeader}}<div id="contentPage"><div class="internet_config">{{view Atp.DetectContainerView}}</div></div></div></script><div class="navbar navbar-fixed-bottom"><footer><div id="foot" class="container"><script type="text/x-handlebars" data-template-name="foot">{{view Atp.footerview}}</script></div><div id="heartbeat"></div></footer></div><div id="backgroundPopup" class="submit_black_overlay hide" style="filter:alpha(opacity=50); opacity:0.5;"></div><div id="output_login" class="outputwin hide index_page_us_ps_div" style="_margin-left:0px;"></div><script type="text/x-handlebars" data-template-name="heartbeat">{{view Atp.HeartbeatView}}</script><!--[if lt IE 8 ]><script type="text/javascript" language="javascript" src="/lib/json.js?HA35HA35V100R019C00SPC0021234567890"></script><![endif]--><script type="text/javascript" language="javascript" src="/lib/cat_jquery.js.jgz?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/lib/cat_liblayout.js.jgz?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/lib/cat_enc.js.jgz?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/lib/sha1.js?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/lib/pbkdf2.js?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/lib/sjcl.js?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/lang/en/menu_res.js?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/lib/cat_exember.js.jgz?HA35HA35V100R019C00SPC0021234567890"></script><script type="text/javascript" language="javascript" src="/atpscriptall_/lib/base64.js/lang/en/wizard_res.js/lang/en/pin_res.js/lang/en/wan_res.js/lang/en/user_login_res.js/lang/en/user_account_res.js/lib/base64.js/js/pin.js/js/link.js/js/wizardwan.js/js/pvcscan.js/js/changeaccount.js?HA35HA35V100R019C00SPC0021234567890"></script><script language="JavaScript" type="text/javascript">$(document).ready(function() {pageload();$("#home_menu").live("click",function() {showLoginWindow();go_aim = 2;});$("#internet_settings_menu").live("click",function(){showLoginWindow();go_aim =3;});$("#homenetwork_settings_menu").live("click",function(){showLoginWindow();go_aim = 4});$("#sharing_settings_menu").live("click",function(){showLoginWindow();go_aim =5;});$("#maintain_settings_menu").live("click",function(){showLoginWindow();go_aim = 6;});$("#telephone_settings_menu").live("click",function(){showLoginWindow();go_aim = 9;});$("#index_window").live("click",function(){utilCloseDialog("output_login");});});</script><script language="JavaScript" type="text/javascript">$(document).ready(function(){var productname = "";Atp.WebuiCustomizeController.load(function(){if(0 != g_userLevel && "" != window.location.hash) {Atp.ProfileSwitchController.load();}});if("undefined" != typeof(Atp.WebuiCustomizeController.content.htmltitle)) {productname = Atp.WebuiCustomizeController.content.htmltitle;}if("" != productname){document.title = productname;$("#width_product_title").text(productname);}Atp.AdminNameController.load();Atp.WebuiCapacityController.load(function(){load_sysmenu();});Ember.View.create({templateName: 'container'}).appendTo('#container');});</script></body></html>"

Here is an example of what my nextcloud client pops up every time after a router reboot and the first 10-30 seconds of internet connectivity.

image

abclution commented 3 years ago

For now I would just like the run the dynip.pl job manually but I cannot quite figure out the right way to do it.

/usr/share/webmin/virtual-server/dynip.pl Can't locate ./virtual-server-lib.pl at /usr/share/webmin/virtual-server/dynip.pl line 7.

cd /usr/share/webmin/virtual-server/dynip.pl root@DEV:/usr/share/webmin/virtual-server# ./dynip.pl WEBMIN_CONFIG not set at ../web-lib-funcs.pl line 4704. Compilation failed in require at ./dynip.pl line 7.

chris001 commented 3 years ago

IF there isn't already a command line API to do this, then one should be added.. it's a very helpful ability to be able to do reliably and cleanly.

jcameron commented 3 years ago

You can force a dynamic IP re-check by running /etc/webmin/virtual-server/dynip.pl

jcameron commented 3 years ago

Also, I've added an extra check to ensure that the dynamic IP is actually an IP!

abclution commented 3 years ago

Thanks, when I get around to updating and trying it out again I'll let you know if there is any issues. Why do I always find the strangest edge cases sigh.