博主我常年在路由器的OpenWRT系统上以crontab方式跑ArDNSPod:https://github.com/anrip/ArDNSPodl来实现DNSPod上解析域名的DDNS功能,但是今天突然发现在出口IP变化以后,DDNS域名没有像往常一样正常更新(以往反应都是很快的),检查了下也不是以前出现的又被ISP变回内网IP导致的,于是ssh登上路由器的局域网IP,手动执行了下crontab里sh的命令,发现提示这个:
1 2 3 4 5 |
root@xCloud:/opt/usr/ardnspod/ddnspod.sh Linux Updating Domain: xxxx.k-res.net hostIP: xxx.xx.xxx.xxx Get Record Info Failed! |
于是vi ddnspod.sh,找到使用wget发送DNSPod API请求的那行:
1 |
wget –quiet –no-check-certificate –output-document=- –user-agent=$agent –post-data $param $inter |
把–quiet去掉,再次执行脚本,提示:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
root@xCloud:/opt/usr/ardnspod# ./ddnspod.sh Linux Updating Domain: xxxx.k-res.net hostIP: xxx.xx.xxx.xxx –2019-03-10 21:58:56– https://dnsapi.cn/Domain.Info Resolving dnsapi.cn… 157.255.173.149 Connecting to dnsapi.cn|157.255.173.149|:443… connected. OpenSSL: error:1409442E:lib(20):func(148):reason(1070) Unable to establish SSL connection. –2019-03-10 21:58:56– https://dnsapi.cn/Record.List Resolving dnsapi.cn… 157.255.173.149 Connecting to dnsapi.cn|157.255.173.149|:443… connected. OpenSSL: error:1409442E:lib(20):func(148):reason(1070) Unable to establish SSL connection. –2019-03-10 21:58:56– https://dnsapi.cn/Record.Info Resolving dnsapi.cn… 157.255.173.149 Connecting to dnsapi.cn|157.255.173.149|:443… connected. OpenSSL: error:1409442E:lib(20):func(148):reason(1070) Unable to establish SSL connection. Get Record Info Failed! |
可以清楚的看到是wget在建立ssl连接时出错了,查了下错误信息,发现是TLS版本的问题,于是又回DNSPod上查,找到了这个:DNSPod将对全站SSL证书进行升级 ,原来是DNSPod进行了SSL升级,明确指出“不再支持TLS v1.1、TLS v1.0等旧版本协议”,看来就是这个问题了!
随后又再查看wget的一些资料,找到了这个:https://unix.stackexchange.com/questions/237778/wget-tls-1-2-error,看来只要wget版本在1.16.1以上,就可以支持TLS v1.2,赶紧看了下路由器上的wget版本:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
root@xCloud:/opt/usr/ardnspod# wget –version GNU Wget 1.16 built on linux-gnu. +digest +https +ipv6 -iri +large-file -nls +ntlm +opie -psl +ssl/openssl Wgetrc: /etc/wgetrc (system) Compile: mipsel-openwrt-linux-uclibc-gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC=”/etc/wgetrc” -DLOCALEDIR=”/usr/share/locale” -I. -I../lib -I../lib -I/work/workspace/kezengquan/kernel_3.10/staging_dir/target-mipsel_24kec+dsp_uClibc-0.9.33.2/usr/include -I/work/workspace/kezengquan/kernel_3.10/staging_dir/target-mipsel_24kec+dsp_uClibc-0.9.33.2/include -I/work/workspace/kezengquan/kernel_3.10/staging_dir/toolchain-mipsel_24kec+dsp_gcc-4.8-linaro_uClibc-0.9.33.2/usr/include -I/work/workspace/kezengquan/kernel_3.10/staging_dir/toolchain-mipsel_24kec+dsp_gcc-4.8-linaro_uClibc-0.9.33.2/include -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kec -mdsp -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -mips16 -minterlink-mips16 Link: mipsel-openwrt-linux-uclibc-gcc -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kec -mdsp -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -msoft-float -mips16 -minterlink-mips16 -L/work/workspace/kezengquan/kernel_3.10/staging_dir/target-mipsel_24kec+dsp_uClibc-0.9.33.2/usr/lib -L/work/workspace/kezengquan/kernel_3.10/staging_dir/target-mipsel_24kec+dsp_uClibc-0.9.33.2/lib -L/work/workspace/kezengquan/kernel_3.10/staging_dir/toolchain-mipsel_24kec+dsp_gcc-4.8-linaro_uClibc-0.9.33.2/usr/lib -L/work/workspace/kezengquan/kernel_3.10/staging_dir/toolchain-mipsel_24kec+dsp_gcc-4.8-linaro_uClibc-0.9.33.2/lib /work/workspace/kezengquan/kernel_3.10/staging_dir/target-mipsel_24kec+dsp_uClibc-0.9.33.2/usr/lib/libssl.so /work/workspace/kezengquan/kernel_3.10/staging_dir/target-mipsel_24kec+dsp_uClibc-0.9.33.2/usr/lib/libcrypto.so -ldl -lz -lpcre ftp-opie.o openssl.o http-ntlm.o ../lib/libgnu.a Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://www.gnu.org/licenses/gpl.html. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Originally written by Hrvoje Niksic hniksic@xemacs.org. Please send bug reports and questions to bug-wget@gnu.org. |
看来版本刚好符合要求,于是再次vi ddnspod.sh,修改wget调用那行,加入–secure-protocol=TLSv1_2,再次执行,结果如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
root@xCloud:/opt/usr/ardnspod# ./ddnspod.sh Linux Updating Domain: xxxx.k-res.net hostIP: xxx.xx.xxx.xxx –2019-03-10 22:01:52– https://dnsapi.cn/Domain.Info Resolving dnsapi.cn… 157.255.173.149 Connecting to dnsapi.cn|157.255.173.149|:443… connected. HTTP request sent, awaiting response… 200 OK Length: 565 Saving to: ‘STDOUT’ 100%[===================================================================================>] 565 –.-KB/s in 0s 2019-03-10 22:01:53 (8.98 MB/s) – written to stdout [565/565] –2019-03-10 22:01:53– https://dnsapi.cn/Record.List Resolving dnsapi.cn… 157.255.173.149 Connecting to dnsapi.cn|157.255.173.149|:443… connected. HTTP request sent, awaiting response… 200 OK Length: 649 Saving to: ‘STDOUT’ 100%[===================================================================================>] 649 –.-KB/s in 0s 2019-03-10 22:01:53 (7.74 MB/s) – written to stdout [649/649] –2019-03-10 22:01:53– https://dnsapi.cn/Record.Info Resolving dnsapi.cn… 157.255.173.149 Connecting to dnsapi.cn|157.255.173.149|:443… connected. HTTP request sent, awaiting response… 200 OK Length: 443 Saving to: ‘STDOUT’ 100%[===================================================================================>] 443 –.-KB/s in 0s 2019-03-10 22:01:54 (7.04 MB/s) – written to stdout [443/443] lastIP: 125.37.162.3 –2019-03-10 22:01:54– https://dnsapi.cn/Domain.Info Resolving dnsapi.cn… 157.255.173.149 Connecting to dnsapi.cn|157.255.173.149|:443… connected. HTTP request sent, awaiting response… 200 OK Length: 565 Saving to: ‘STDOUT’ 100%[===================================================================================>] 565 –.-KB/s in 0s 2019-03-10 22:01:55 (6.74 MB/s) – written to stdout [565/565] –2019-03-10 22:01:55– https://dnsapi.cn/Record.List Resolving dnsapi.cn… 157.255.173.149 Connecting to dnsapi.cn|157.255.173.149|:443… connected. HTTP request sent, awaiting response… 200 OK Length: 649 Saving to: ‘STDOUT’ 100%[===================================================================================>] 649 –.-KB/s in 0s 2019-03-10 22:01:55 (7.74 MB/s) – written to stdout [649/649] –2019-03-10 22:01:56– https://dnsapi.cn/Record.Ddns Resolving dnsapi.cn… 157.255.173.149 Connecting to dnsapi.cn|157.255.173.149|:443… connected. HTTP request sent, awaiting response… 200 OK Length: 162 Saving to: ‘STDOUT’ 100%[===================================================================================>] 162 –.-KB/s in 0s 2019-03-10 22:01:56 (1.54 MB/s) – written to stdout [162/162] postRS: xxx.xx.xxx.xxx |
可以到200成功的信息,上DNSPod控制台确认了下,解析A记录也确实更新了,再把sh里wget调用的–quiet加回来,一切恢复往常:
1 2 3 4 5 6 |
root@xCloud:/opt/usr/ardnspod# ./ddnspod.sh Linux Updating Domain: xxx.k-res.net hostIP: xxx.xx.xxx.xxx lastIP: xxx.xx.xxx.xxx Last IP is the same as current IP! |