Hey!
I recently started switching over to desec.io.
Right now I’m trying to debug an issue with dyndns setup, and especially using ddclient with dedyn.io.
I have a token that can perform this action without issues (anonymized domain names with foo/bar/baz/quux so that the number of dots at least is visible):
myuser$ curl -X PATCH https://desec.io/api/v1/domains/baz.quux/rrsets/foo.bar/A/ --header "Authorization: Token $DESEC_TOKEN" --header "Content-Type: application/json" --data @- <<< '{"records": ["1.2.3.4"]}'
{"created":"2025-01-29T23:29:23.284649Z","domain":"baz.quux","subname":"foo.bar","name":"foo.bar.baz.quux.","records":["1.2.3.4"],"ttl":60,"type":"A","touched":"2025-01-30T15:46:47.179278Z"}
Based on this, I’m assuming that my token has the correct permissions.
However, when I try using dedyn.io (so that it works from ddclient
), I get the following error:
myuser$ curl 'https://update.dedyn.io/?hostname=foo.bar.baz.quux&ip=4.3.2.1' --header "Authorization: Token $DESEC_TOKEN"
Insufficient token permissions.
This being said, if I run the same command with a token with full access rights, it does work correctly:
otheruser$ curl 'https://update.dedyn.io/?hostname=foo.bar.baz.quux&ip=4.3.2.1' --header "Authorization: Token $TOKEN"
good
Similarly, if I try with basic auth (that AFAIU is the thing ddclient is using), I get the same results:
myuser$ curl 'https://update.dedyn.io/?hostname=foo.bar.baz.quux&ip=4.3.2.1' -u foo.bar.baz.quux:$DESEC_TOKEN
Insufficient token permissions.
otheruser$ curl 'https://update.dedyn.io/?hostname=foo.bar.baz.quux&ip=4.3.2.1' -u foo.bar.baz.quux:$TOKEN
good
Is this a known limitation of desec’s dyndns service, a bug that is planned to be fixed, or am I misusing the APIs?