Skip to content

Instantly share code, notes, and snippets.

@mueslo
Last active July 22, 2023 11:31
Show Gist options
  • Save mueslo/9258f8b75fe942d36eea4a6d67019f81 to your computer and use it in GitHub Desktop.
Save mueslo/9258f8b75fe942d36eea4a6d67019f81 to your computer and use it in GitHub Desktop.
Dynamic A-Record DNS Updater for united-domains.de (OpenWRT/LEDE)
#!/bin/sh
# requires: wget, ca-certificates, grep
#rm /tmp/cookies.txt
cookiefile="/tmp/cookies.txt"
#domain should contain "domain_id-record_id"
domain_id=$(echo $domain | tr "-" "\n" | sed -n "1p")
record_id=$(echo $domain | tr "-" "\n" | sed -n "2p")
#csrf tokens for login + language xmlhttprequest required to login (nice try blocking my API access, UD)
loginpage=$(/usr/bin/wget --save-cookies $cookiefile --keep-session-cookies --delete-after -qO- "https://www.united-domains.de/login/")
csrf=$(echo "$loginpage" | /bin/grep -oP -m 2 "(?<=<input type=\"hidden\" name=\"csrf\" value=\")[^\"]*(?=\"( /)?>)" | tail -1)
csrfmeta=$(echo "$loginpage" | /bin/grep -oP -m 1 "(?<=<meta name=\"csrf\" content=\")[^\"]*(?=\"( /)?>)")
csrfscript=$(echo "$loginpage" | /bin/grep -oP -m 1 "(?<=\"CSRF_TOKEN\":\")[^\"]*(?=\")")
/usr/bin/wget --load-cookies $cookiefile --save-cookies $cookiefile --keep-session-cookies --delete-after --post-data "language=en-US" --header="HTTP-X-CSRF-TOKEN: $csrfmeta" --header="X-Csrf-Token: $csrfscript" --header="X-Requested-With: XMLHttpRequest" -qO- "https://www.united-domains.de/set-user-language"
ipv4=$1
#login
echo 'login'
loginresp=$(/usr/bin/wget --load-cookies $cookiefile --save-cookies $cookiefile --keep-session-cookies --post-data "csrf=$csrf&email=$username&pwd=$password&selector=login&loginBtn=Login" -qO- "https://www.united-domains.de/login/")
#get current dns record json object & modify ip
record=$(/usr/bin/wget --load-cookies $cookiefile --save-cookies $cookiefile --keep-session-cookies -qO- "https://www.united-domains.de/pfapi/dns/domain/$domain_id/records" | jsonfilter -e "$[\"data\"][\"A\"][@.id=$record_id]" | sed "s/ //g" | sed "s/\"address\":\"[0-9.]\+\"/\"address\":\"$ipv4\"/g")
payload="{\"record\":$record,\"domain_lock_state\":{\"domain_locked\":false,\"email_locked\":false}}"
url="https://www.united-domains.de/pfapi/dns/domain/$domain_id/records"
#send changes
output=$(/usr/bin/wget --load-cookies $cookiefile --method=PUT --header=Content-Type:application/json --header="Http-X-Csrf-Token: $csrf" --body-data=$payload -qO- $url 2>&1)
echo "UD answered: $output"
write_log 7 "UD answered:\n$output"
echo $output | /usr/grep "$ipv4" >/dev/null 2>&1
success=$?
#write_log 7 "Retval: $success"
echo "Retval: $success"
return $success
@mueslo
Copy link
Author

mueslo commented Feb 13, 2020

Update 2020-02-13: UD is yet another company which fell prey to shitty JavaScript requirements. As of 2020, you can no longer log in to your dashboard without JavaScript support in your browser. This is because unless a certain XMLHttpRequest is made (supposedly to set the language, but that's what HTTP headers are for), the login POST fails and returns an error message.

Update 2023-04-10: Updated to version compatible with OpenWRT 21+, newer DDNS package (which forbids ':' as a separator) and changed grep path. See also @schmyd's comment below.

@izphi78
Copy link

izphi78 commented Mar 1, 2020

So I got the solution...

In the first request, where the initial csrf token is provided, there is another csrf token inside a json-string (CSRF_TOKEN is the value)

these two csrf token are needed to perform the intermediate step: setting the language.

I used this header where as csrf2 is the above mentioned second csrf and __csrf the old csrf

headers = {"HTTP-X-CSRF-TOKEN": csrf2, "X-Csrf-Token":self.__csrf, "X-Requested-With":"XMLHttpRequest", "Referer":self.loginurl}

And this data

data = {"language": "de"}

to POST to

https://www.united-domains.de/set-user-language

After that you can proceed as before.

I did not check if all arguments in the header are necessary but that is how I got it working.

@izphi78
Copy link

izphi78 commented Mar 1, 2020

Oh, sorry I just saw your comment and did not read the script, you already fixed the script.
never mind 😅

@Nabanja
Copy link

Nabanja commented Mar 22, 2020

Hi,
every time I tried to run this script
"UD answered: $output" $output is empty
"Retval: $success" $success is 1
could you help me?

Everything before works great.

@mueslo
Copy link
Author

mueslo commented Mar 23, 2020

Hi,
every time I tried to run this script
"UD answered: $output" $output is empty
"Retval: $success" $success is 1
could you help me?

Everything before works great.

How are you running this?

@Blaxdemir
Copy link

Blaxdemir commented Apr 2, 2020

Hi @mueslo, I have realized that they made more changes.

csrf=$csrf&email=$username&pwd=$password&selector=login&loginBtn=Login

Should be changed by:
csrf=$csrf&selector=login&email=$username&pwd=$password (don't know if the order is relevant)

With this, the script is able to login correctly and get the records from UD. Now my problem is, the IP address isn't updated and then output is empty. Do you guys have any idea about it?

Best,

B.

@Blaxdemir
Copy link

Blaxdemir commented Apr 2, 2020

Hi,
every time I tried to run this script
"UD answered: $output" $output is empty
"Retval: $success" $success is 1
could you help me?

Everything before works great.

You should execute the script as:
./ddns_ud.sh x.y.z.w
Remeber to give the script execution permissions by:
chmod +x ddns_ud.sh

I also execute it with sudo, so that it can delete the cookie file without prompting. Also be careful to execute the script too many times, you will receive an email from them.

@esskar
Copy link

esskar commented May 24, 2020

is this still working? cant get the authentication to work.
trying to create a terraform provider for united-domains

@izphi78
Copy link

izphi78 commented May 24, 2020

I ported the script to run with certbot... I can confirm that the authentication still works. I also experienced an issue while doing several tests. Due to the many login requests my account was forced into 2fa via mail. So I temporarily had to enter an otp which was send via mail.

Can you check if you can still login via browser without 2fa?

For futher help I need more information.

Best regards

@mueslo
Copy link
Author

mueslo commented May 24, 2020

Still works for me.

@esskar
Copy link

esskar commented May 26, 2020

@izphi78 yes, i run into the same 2fa via mail problem, but that is resolved (for information: grabbing a new ip from your provider resolves it immediately), but i still cant get it to work.
it's my first time with golang - maybe i am missing something - will try on the weekend again

@schmyd
Copy link

schmyd commented Dec 10, 2021

had some issues getting it to work with openwrt 21.02.1. One issue is related to a different path of grep (simple fix). The other is caused by http422 errors that were thrown and could be resolved by using a different Http-X-Csrf-Token header. Also I couldn't pass : for the domain via luci, so I changed the separator to -.

Below you find my patch

diff --git a/ddns_ud.sh b/ddns_ud.sh
index 277cbb5..f86387d 100644
--- a/ddns_ud.sh
+++ b/ddns_ud.sh
@@ -4,15 +4,15 @@

 cookiefile="/tmp/cookies.txt"

-#domain should contain "domain_id:record_id"
-domain_id=$(echo $domain | tr ":" "\n" | sed -n "1p")
-record_id=$(echo $domain | tr ":" "\n" | sed -n "2p")
+#domain should contain "domain_id-record_id"
+domain_id=$(echo $domain | tr "-" "\n" | sed -n "1p")
+record_id=$(echo $domain | tr "-" "\n" | sed -n "2p")

 #csrf tokens for login + language xmlhttprequest required to login (nice try blocking my API access, UD)
 loginpage=$(/usr/bin/wget --save-cookies $cookiefile --keep-session-cookies --delete-after -qO- "https://www.united-domains.de/login/")
-csrf=$(echo "$loginpage" | /usr/bin/grep -oP -m 2 "(?<=<input type=\"hidden\" name=\"csrf\" value=\")[^\"]*(?=\"( /)?>)" | tail -1)
-csrfmeta=$(echo "$loginpage" | /usr/bin/grep -oP -m 1 "(?<=<meta name=\"csrf\" content=\")[^\"]*(?=\"( /)?>)")
-csrfscript=$(echo "$loginpage" | /usr/bin/grep -oP -m 1 "(?<=\"CSRF_TOKEN\":\")[^\"]*(?=\")")
+csrf=$(echo "$loginpage" | /bin/grep -oP -m 2 "(?<=<input type=\"hidden\" name=\"csrf\" value=\")[^\"]*(?=\"( /)?>)" | tail -1)
+csrfmeta=$(echo "$loginpage" | /bin/grep -oP -m 1 "(?<=<meta name=\"csrf\" content=\")[^\"]*(?=\"( /)?>)")
+csrfscript=$(echo "$loginpage" | /bin/grep -oP -m 1 "(?<=\"CSRF_TOKEN\":\")[^\"]*(?=\")")
 /usr/bin/wget --load-cookies $cookiefile --save-cookies $cookiefile --keep-session-cookies --delete-after --post-data "language=en-US" --header="HTTP-X-CSRF-TOKEN: $csrfmeta" --header="X-Csrf-Token: $csrfscript" --header="X-Requested-With: XMLHttpRequest" -qO- "https://www.united-domains.de/set-user-language"

 ipv4=$1
@@ -28,12 +28,11 @@ payload="{\"record\":$record,\"domain_lock_state\":{\"domain_locked\":false,\"em
 url="https://www.united-domains.de/pfapi/dns/domain/$domain_id/records"

 #send changes
-output=$(/usr/bin/wget --load-cookies $cookiefile --method=PUT --header=Content-Type:application/json --header="Http-X-Csrf-Token: $csrf" --body-data=$payload -qO- $url 2>&1)
-echo "UD answered: $output"
+output=$(/usr/bin/wget --load-cookies $cookiefile --method=PUT --header=Content-Type:application/json --header="Http-X-Csrf-Token: $csrfscript" --body-data=$payload -qO- $url 2>&1)
 write_log 7 "UD answered:\n$output"

-echo $output | /usr/bin/grep "$ipv4" >/dev/null 2>&1
+echo $output | /bin/grep "$ipv4" >/dev/null 2>&1
 success=$?
 #write_log 7 "Retval: $success"
-echo "Retval: $success"
 return $success

@ManuGithubSteam
Copy link

This seems to be broken.

I tried to fix it but i get a 404 response...

this is my payload (Ip already xhanged):

{"data":{"A":[{"address":"157.91.144.248","content":"157.91.144.248","id":102270702,"filter_value":"some.one","ttl":600,"type":"A","standard_value":false,"sub_domain":"","domain":"some.one","webspace":false,"ssl":false,"udag_record_type":5},{"address":"157.91.144.248","content":"157.91.144.248","id":102270705,"filter_value":"some,one","ttl":600,"type":"A","standard_value":false,"sub_domain":"*","domain":"some.one","webspace":false,"ssl":false,"udag_record_type":5},{"address":"95.222.29.243","content":"116.203.91.142","id":106534996,"filter_value":"cloud.some.one","ttl":600,"type":"A","standard_value":false,"sub_domain":"cloud","domain":"some.one","webspace":false,"ssl":false,"udag_record_type":5}],"MX":[{"prio":10,"mail_server":"mx00.udag.de","content":"mx00.udag.de","id":101973276,"filter_value":"some.one","ttl":3600,"type":"MX","standard_value":true,"sub_domain":"","domain":"some.one","webspace":false,"ssl":false,"udag_record_type":4},{"prio":20,"mail_server":"mx01.udag.de","content":"mx01.udag.de","id":101973279,"filter_value":"some.one","ttl":3600,"type":"MX","standard_value":true,"sub_domain":"","domain":"some.one","webspace":false,"ssl":false,"udag_record_type":4}],"AAAA":[],"TXT":[],"SRV":[],"CNAME":[],"NS":[],"CAA":[]}}

I tried also with the original Payload but its the same.

upload to united...
Useing this command:

/usr/bin/wget --load-cookies $cookiefile --method=PUT --header=Content-Type:application/json --header="Http-X-Csrf-Token: $csrfscript" --body-data=$payload -qO- $url

--2022-07-30 16:09:10-- https://www.united-domains.de/pfapi/dns/domain/7130160/records
Resolving www.united-domains.de (www.united-domains.de)... 89.31.137.221
Connecting to www.united-domains.de (www.united-domains.de)|89.31.137.221|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2022-07-30 16:09:10 ERROR 404: Not Found.

Response code is 8

Any tipps ?

Thanks!

@izphi78
Copy link

izphi78 commented Jul 31, 2022

I migrated to another DNS Provider which has an API. Not worth the struggle.
In my optinion united-domains DNS is inferior. Last time I checked you couldn't even set CAA etc.
You can keep your Domain at UD, you can simply set NS to point to another Provider.
You can even keep the Mail functionality by setting MX to UDs Servers at the net Provider.

I used dynv6 (perfect for ipv6 dyndns) for a long time but it is very unreliable.
I am now using cloudflare and he.net

@schmyd
Copy link

schmyd commented Aug 2, 2022

Hi @ManuGithubSteam,

it's not really clear to me why you're getting a 404. Script is still working for me. Were you able to resolve it?

@x4FF3
Copy link

x4FF3 commented Jul 21, 2023

Hi,

did they change the login again? cannot login with this script.

EDIT: using the curl command from here: https://gist.github.com/bjuretko/abee8435c8d6f6de39a61322ad44699a does work, but cannot update the ip

@schmyd
Copy link

schmyd commented Jul 21, 2023

still worked for me this morning

@rapkin61
Copy link

Hi @izphi78,
where did you go?
I'm severly thinking about moving my domain to another hoster, that offers an API.

I'm fed up with with that scripting stuff. The shell script here worked for a while, but United Domains seem to permanently change their website. For a while I worked around this with a python script, but even this fails more and more often, because of permanent changes in the html/css code of UD.
This is extremely annoying!
Can you recommend me a good hoster, that has an API?

@mueslo
Copy link
Author

mueslo commented Jul 22, 2023

@rapkin61 FWIW, inwx was recommended to me by a friend, specifically for API access

@izphi78
Copy link

izphi78 commented Jul 22, 2023

@rapkin61 I went to cloudflare. No need to transfer your Domain. Just add it to the Dashboard and set the NS records. If you want to keep mail functionality, set it accordingly in the UD settings and set the MX records as shown in the instructions.

Never had any trouble with it after going that route. And much stuff has integration for Cloudflare like certbot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment