1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
|
DHIS Daemon Client release 5.3
==============================
This distribution includes the source code for the DHIS daemon client
dhid release 5.3.
What is dhid ?
--------------
dhid is the DHIS client daemon. After setting up with the DHIS provider,
each machine may run a dhid daemon (in background) in order to
update its dynamic IP address within the server.
/etc/dhid.conf should be configured according to the provider's
assigned parameters.
Until release 4.0 DHIS was a system intended to provide dynamic DNS
updates (on the server) only. In other words, the client daemon dhid
would update its DNS entry within the server.
As of R5 DHIS is no longer a Dynamic DNS protocol only. While
service providers may in fact provide such a service with DHIS,
other servers may also be offered based on the dynamic IP acquisiton.
Once running, dhid sends echo request packets to the server and
expects a reply. Once received, dhid tries to authenticate at the
server either in password or qrc mode. From then on, and
providing authentication was successful, the client waits and
replies to queries originated at the server. If the server doesn't
receive acknowledgments of these packets the host is marked offline.
Likewise, if the client doesn't receive queries for a period of time
the offline stage is restored.
Therefore, the only thing a DHIS host needs is to run the dhid client.
The server is able to determine when the host is online and the server
tables are updated automatically.
From R5 the DHIS client dhid no longer implements mail relaying functions
or interactive mode.
This release of the client however supports the following additional
features:
Multi-server support
Multi-client update support
Configurable refresh rates
Possibility of running external commands when online/offline transitions
occur.
For an example of the possible options please see dhid.conf.sample
Running dhid on a different incoming port
-----------------------------------------
The incoming UDP port (for UDP messages from servers) is by default
58800. If you wish to run it on a different UDP port you may use the
-p option.
Example:
dhid -p 59000
Will make dhid listen for UDP packets on port 59000
Running dhid under a user other than root
-----------------------------------------
The DHIS daemon dhid can be executed by any user provided it has
permissions to use (bind) the UDP port default 58800).
AFAWK there is no real risk in running dhid as root, but if
you're worried about security you may create a dhis user and run dhid
as such. In this case make sure that the user under which dhid is being
executed has permissions to read the /etc/dhid.conf file.
Create a dedicated username (e.g. dhis)
Make sure the user running dhid has access to dhid.conf
(in the dhis user example)
chown dhis /etc/dhid.conf
Execute it under that user
In startup script
su -c dhis /somewhere/dhid
If you want a pid file with the process ID number to
be written, also make sure that either the user has
permissions to write under /var/run or that you use
the -P option described below to write somewhere where
it has.
Having dhid.conf on a different location
----------------------------------------
You may move dhid.conf anywhere and use the -f option to specify
its location. Alternativelly you may update the DHID_CONF directive
in dhid.h and recompile the client.
e.g.
dhid -f /usr/local/etc/dhid.conf
Moving the PID file
-------------------
The PID file location may also be specified on the command line
using the -P option.
Example:
dhid -P /var/run/dhid.pid
Logging
-------
The DHIS client dhid does not send any output to stdout. Instead
it uses syslog() to report messages.
Error messages are logged under LOG_ERR and informational
messages under LOG_INFO.
Asynchronous Offline Packets
----------------------------
It is possible to instruct the IS to mark the host Offline
at once. This procedure is performed automatically when the timeout
is reached and no acknowledgements are received by the server. However,
you may wish to speed up the offline process by including the offline
request in his system's disconnection script.
The command: kill -USR2 `cat /var/run/dhid.pid` issues an Offline packet
request.
Please note that this kill must be included in the script that
is called prior to disconnection, not in the one that is
executed once disconnection has happened. Also, you may
wish to add a sleep of 1 second to allow the offline packet
to get through.
Multi-Server and Multi-Client support:
--------------------------------------
The present client supports:
1) Multi-client updates on a single independent server
2) Multi-client updates on multiple independent servers
3) Single client updates on one of multi redundant servers
4) Or any combination of the above
With option 1) it is possible to update multiple records
(with multiple ids and keys) on a same server address/port.
With option 2) it is possible to update multiple clients
(with multiple ids and keys) on multiple server addresses/ports.
With option 3) a same client (id and keys) is sent to a list
of redundant servers. The client will pick up (for the session)
the first replying server and will use it for futher communication.
With this option it is possible to use the dhid client in a redundant /
load sharing DHIS service provided that the DHIS service provider
itself has servers in redundant mode.
For more information on the usage of these options please see
the example configuration file dhid.conf.sample
Note for Multiserver/client:
----------------------------
Since R5 this client supports multiple server/clients. In the present
release issuing an offline request with USR2 brings all
records in dhid.conf to offline mode.
Likewise when a connection is present all records in dhid.conf
are automatically brought online.
Firewalls:
----------
If you intend to run dhid behind a firewall make sure to allow
both incoming and outgoing UDP packets to the configured server(s).
The port is 58800 by default or other if specified in dhid.conf and/or
with the -p option. Remember that this only changes the incoming
port. The server port (to which the client sends packets) is defined
at the service provider and cannot be changed by the client.
Naturally don't be alarmed if you see incoming UDP packets arriving
at your machine when running the dhid client.
NAT Systems
-----------
If your host is residing behind a NAT/PAT device (Network Address
Translation / Port Translation) such as a Wireless LAN / ADSL router,
a bit of additional configuration is needed.
Outbound packets are automatically translated and thus require
no action. I.E. the dhid client sends packets to the server's port
58800 and the NAT router translates the inside address to the
outside address (possibly dynamically assigned by your ADSL or
Cable ISP).
Inbound packets however will arrive at the router and not at the
machine running dhid. Therefore you need to configure a redirect
rule at the NAT device mapping UDP packets targeted at the DHIS
port to the private IP address of the machine running dhid.
The following diagram illustrates an example scenario of this:
<host running dhid> -------- ADSL Router --------- Internet --- DHIS Server
<10.0.0.1/24> <10.0.0.254/24> <dynamic IP> <212.1.1.1>
1) Client sends UDP packet from 10.0.0.1 to 212.1.1.1:58000
2) The router translates the source of the packet to the dynamic IP (NAT)
3) The server replies to the dynamic IP on port 58800
4) >>> The router must redirect (DMZ, etc ...) UDP packets to port 58800
to the inside address 10.0.0.1
Please note:
In this case, the IP address considered and marked online by the DHIS
server is the dynamic IP address, not the internal IP address.
Hence if you wish to run a web server for example, on the same or
a different machine inside your network, you need to redirect TCP port
80 as well to the web server.
Services
--------
Examples of services that DHIS may provide:
Dynamic IP DNS
Dynamic IP mail relaying and delivery
Dynamic IP Tunnel establishment
Dynamic IP ACL control
Further Information
-------------------
For further information concerning the dhid daemon, the DHIS server,
for bug reporting or making suggestions please see our web site at
www.dhis.org for contact information.
We have removed references to email addresses from this distribution
due to the excessive amounts of SPAM we were receiving on the
support mailboxes.
|
