Hi!

I'm trying to get a user that changes IP-address like you and I breathe..
I helped him register a dyndns account that gets automatically updated and doing a nslookup on it indeed gives the correct IP he's on at the moment.

Is it possible to use this in his account in io?
I've tried adding it in these two slightly different ways:
:ident@blablabla.dyndns.org
*@blablabla.dyndns.org
But the site still reports that "login failed > username> hostmask *@1.2.#.# not added." so it seems like io isn't resolving the hostname in the userfile and then compares the answer to the IP he tries to login from.

I've looked through ioftpd.ini and found a couple of entries that makes it seem like it should be supported but I can't manage to get it to work.

Please help :)

You're in luck. So far as I know ioFTPD is the only FTP server to really solve this problem...

First make sure you have the feature enabled... 'Dynamic_DNS_Lookup' under [Network] should be set to 'ALWAYS' (KNOCKED is more restrictive and a lot trickier so just use ALWAYS).

After that the form you used should be all that is required - ':ident@blablabla.dyndns.org'. If no "static" hostmask matches the user it will resolve at login time any hostmask starting with ":" to get the current IP and check that.

I do wonder a bit at the 'hostmask *@1.2.#.# not added' bit. That isn't an ioFTPD message but must be the result of some script running. It's possible that you have a 3rd party script trying to help out and automatically add some hostmasks to users and that is breaking the internal feature. Check to see if there is a PRE/POST event on the USER or PASS commands...

Btw, I forgot to mention this in my original post but I think the io I'm running is 7.03.
Dynamic_DNS_Lookup was already set to ALWAYS.

I had a pre event on pass:
pass = TCL ..\scripts\nxTools\nxClose.tcl LOGIN
But unmarking it didn't change the behavior, sorry about the error message I gave below btw, it was taken from the eggdrop, this is how it looks in io:
[L] USER testuser
[L] 331 Password required for testuser.
[L] PASS (hidden)
[L] 530 Login failed: Your IP/hostname is not authorized.
[L] Connection failed
And checking the added IP for the user gives this info:
[R] 200-| IP1: :testident@blablabla.dyndns.org | |
I also tried changing it to *@blablabla.dyndns.org but the same error still happens.

Hmm, I wonder what else I could try to get it to work, it still doesn't seem like io is trying to do a lookup on the IP because the error message when trying to login comes with lightning speed.

One thing that does work is adding testident@*.bredbandsbolaget.se for example, the problem then of course is that I can't be sure that it is indeed the correct computer logging in so anyone that gets the ident can login from any bredbandsbolaget connected computer which is less than ideal.

Hmm, that all appears right. I assume if you try to "ping" or "nslookup" the name the address it resolves to shows up correctly from a command window?

Since you're trying 7.03 it probably isn't a huge deal to try 6.9.3 in a test setup since most of the .ini file is the same. The reason is pre v7.0 includes a "LOOKUP: <name>" entry in the logfile whenever it does a dynamic lookup. If you try 6.9.3 you could at least verify that it was trying to lookup the name...

Two other tidbits. If a name resolves to more than 1 IP address only the first is used. I don't think this happens with dynamic name resolvers but just letting you know. The other thing to check is if the name contains any numeric chars like 'mys1te' or something? Just in case I goofed something try it without any numbers to see if that makes a difference if the v6.9.3 shows it doesn't try to lookup the name...

Hmm, that all appears right. I assume if you try to "ping" or "nslookup" the name the address it resolves to shows up correctly from a command window?
Yes, nslookup gives the current and correct IP

Two other tidbits. If a name resolves to more than 1 IP address only the first is used. I don't think this happens with dynamic name resolvers but just letting you know. The other thing to check is if the name contains any numeric chars like 'mys1te' or something? Just in case I goofed something try it without any numbers to see if that makes a difference if the v6.9.3 shows it doesn't try to lookup the name...
The name only resolves to one IP at all times I've tested with nslookup or /dns <NICK> on IRC and the dynamic name only have letters, no numbers.

Since you're trying 7.03 it probably isn't a huge deal to try 6.9.3 in a test setup since most of the .ini file is the same. The reason is pre v7.0 includes a "LOOKUP: <name>" entry in the logfile whenever it does a dynamic lookup. If you try 6.9.3 you could at least verify that it was trying to lookup the name...
I'll have to try that when I get the time to see if it reports anything.
Have any plans to bring the LOOKUP entry back for the logfile in future releases?
Why was it removed, filled the log too quickly?