We Keep Coding

xrp {"result":{"error":"noNetwork","error_code":17,"error_message":"Not synced to Ripple network.","request":{"command":"fee"},"status":"error"}}

I'm trying to run a rippled non-validator node.
I'm using an 32GB RAM C5 class instance in aws with an external volume - io1 storage with 10000 iops.
I had node reboot for patching and since then it seems fine but it returns
curl --data-binary '{"method": "fee","params": []}' -H 'content-type:text/plain;' http://:5005/
A normal response is like;
{"result":{"current_ledger_size":"68","current_queue_size":"0","drops":{"base_fee":"10","median_fee":"5000","minimum_fee":"10","open_ledger_fee":"10"},"expected_ledger_size":"150","ledger_current_index":51375387,"levels":{"median_level":"128000","minimum_level":"256","open_ledger_level":"256","reference_level":"256"},"max_queue_size":"3000","status":"success"}}
err;
{"result":{"error":"noNetwork","error_code":17,"error_message":"Not synced to Ripple network.","request":{"command":"fee"},"status":"error"}}
After reboot though I just get this Not synced error.
When I spin up a node from fresh it has to download 95GB of data at about 1 a day and it gets the same error while I'm waiting.
I'm wondering what I need to do to keep these nodes stable.
[server]
port_rpc_admin_local
port_peer
port_ws_admin_local
#port_ws_public
#ssl_key = /etc/ssl/private/server.key
#ssl_cert = /etc/ssl/certs/server.crt
[port_rpc_admin_local]
port = 5005
ip = 0.0.0.0
admin = 127.0.0.1
protocol = http
[port_peer]
port = 51235
ip = 0.0.0.0
# alternatively, to accept connections on IPv4 + IPv6, use:
#ip = ::
protocol = peer
[port_ws_admin_local]
port = 6006
ip = 0.0.0.0
admin = 127.0.0.1
protocol = ws
#[port_ws_public]
#port = 6005
#ip = 0.0.0.0
#protocol = wss
#-------------------------------------------------------------------------------
[node_size]
huge
# This is primary persistent datastore for rippled. This includes transaction
# metadata, account states, and ledger headers. Helpful information can be
# found here: https://ripple.com/wiki/NodeBackEnd
# delete old ledgers while maintaining at least 2000. Do not require an
# external administrative command to initiate deletion.
[node_db]
type=RocksDB
path=/data01/rippled/db/rocksdb
open_files=2000
filter_bits=12
cache_mb=256
file_size_mb=8
file_size_mult=2
online_delete=120000
advisory_delete=0
# This is the persistent datastore for shards. It is important for the health
# of the ripple network that rippled operators shard as much as practical.
# NuDB requires SSD storage. Helpful information can be found here
# https://ripple.com/build/history-sharding
#[shard_db]
#path=/data01/rippled/db/shards/nudb
#max_size_gb=500
[database_path]
/data01/rippled/db
# This needs to be an absolute directory reference, not a relative one.
# Modify this value as required.
[debug_logfile]
/var/log/rippled/debug.log
[sntp_servers]
time.windows.com
time.apple.com
time.nist.gov
pool.ntp.org
# To use the XRP test network (see https://ripple.com/build/xrp-test-net/),
# use the following [ips] section:
# [ips]
# r.altnet.rippletest.net 51235
# File containing trusted validator keys or validator list publishers.
# Unless an absolute path is specified, it will be considered relative to the
# folder in which the rippled.cfg file is located.
[validators_file]
validators.txt
# Turn down default logging to save disk space in the long run.
# Valid values here are trace, debug, info, warning, error, and fatal
[rpc_startup]
{ "command": "log_level", "severity": "warning" }
# If ssl_verify is 1, certificates will be validated.
# To allow the use of self-signed certificates for development or internal use,
# set to ssl_verify to 0.
[ssl_verify]
1
This is my run command:
/opt/ripple/bin/rippled --silent --conf /etc/opt/ripple/rippled.cfg

I ran a C5.xlarge with an io1 storage volume with 10000 iops.
/opt/ripple/bin/rippled --net --silent --conf /etc/opt/ripple/rippled.cfg
[server]
port_rpc_admin_local
port_peer
port_ws_admin_local
#port_ws_public
#ssl_key = /etc/ssl/private/server.key
#ssl_cert = /etc/ssl/certs/server.crt
[port_rpc_admin_local]
port = 5005
ip = 0.0.0.0
admin = 127.0.0.1
protocol = http
[port_peer]
port = 51235
ip = 0.0.0.0
# alternatively, to accept connections on IPv4 + IPv6, use:
#ip = ::
protocol = peer
[port_ws_admin_local]
port = 6006
ip = 0.0.0.0
admin = 127.0.0.1
protocol = ws
#[port_ws_public]
#port = 6005
#ip = 0.0.0.0
#protocol = wss
#-------------------------------------------------------------------------------
[node_size]
medium
# This is primary persistent datastore for rippled. This includes transaction
# metadata, account states, and ledger headers. Helpful information can be
# found here: https://ripple.com/wiki/NodeBackEnd
# delete old ledgers while maintaining at least 2000. Do not require an
# external administrative command to initiate deletion.
[node_db]
type=RocksDB
path=/data01/rippled/db/rocksdb
open_files=2000
filter_bits=12
cache_mb=256
file_size_mb=8
file_size_mult=2
online_delete=120000
advisory_delete=0
# This is the persistent datastore for shards. It is important for the health
# of the ripple network that rippled operators shard as much as practical.
# NuDB requires SSD storage. Helpful information can be found here
# https://ripple.com/build/history-sharding
#[shard_db]
#path=/data01/rippled/db/shards/nudb
#max_size_gb=500
[database_path]
/data01/rippled/db
# This needs to be an absolute directory reference, not a relative one.
# Modify this value as required.
[debug_logfile]
/var/log/rippled/debug.log
[sntp_servers]
time.windows.com
time.apple.com
time.nist.gov
pool.ntp.org
# To use the XRP test network (see https://ripple.com/build/xrp-test-net/),
# use the following [ips] section:
# [ips]
# r.altnet.rippletest.net 51235
# File containing trusted validator keys or validator list publishers.
# Unless an absolute path is specified, it will be considered relative to the
# folder in which the rippled.cfg file is located.
[validators_file]
validators.txt
# Turn down default logging to save disk space in the long run.
# Valid values here are trace, debug, info, warning, error, and fatal
[rpc_startup]
{ "command": "log_level", "severity": "warning" }
# If ssl_verify is 1, certificates will be validated.
# To allow the use of self-signed certificates for development or internal use,
# set to ssl_verify to 0.
[ssl_verify]
1
/etc/init.d/rippled
#
# rippled -- startup script for rippled
#
# chkconfig: - 85 15
# processname: rippled
#
### BEGIN INIT INFO
# Provides: rippled
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs $remote_fs $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop rippled
### END INIT INFO
#
#
#PIDFILE="/data01/bitcoin/bitcoind.pid"
start() {
echo -n "Starting rippled: "
exec /opt/ripple/bin/rippled --net --conf /etc/opt/ripple/rippled.cfg "$#"
}
stop() {
echo "shutting down rippled"
exec /opt/ripple/bin/rippled stop"
RETVAL=$?
rm $PIDFILE
[ $RETVAL -eq 0 ] && rm -f $PIDFILE
return $RETVAL
}
force_start() {
echo -n "Force starting Bitcoind: "
echo -n "Starting rippled: "
exec /opt/ripple/bin/rippled --net --conf /etc/opt/ripple/rippled.cfg "$#"
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 30
start
;;
force-start)
force_start
;;
*)
echo "Usage: {start|stop|restart|force-start}"
exit 1
;;
esac
exit $?```

Cannot send with StartTLS on Postfix

I setup a mailserver with a couple different tutorials of Postfix and Dovecot. None of them seemed to actually work 100%. I did get it working with IMAP with SSL on 993 and SMTP with StartTLS on 465. However, mxtoolbox said this might be an open relay.
I wanted to get rid of this error so I added in some smtp restrictions. It gets rid of the error, but now I cannot send via mail clients.
It just sits on sending for a long time and then times out. I pulled the restrictions off of a question here, including fixes to the tutorials to get it working before.
Here is the master.cf:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
465 inet n - y - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}
${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
This is my main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Raspbian) This is not an open
relay.
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file = /root/fullchain.pem
smtpd_tls_key_file = /root/privkey.pem
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions =
# subject even authenticated users and trusted networks
# to the policy check
check_policy_service inet:127.0.0.1:10031
permit_mynetworks
reject_unknown_sender_domain
permit_sasl_authenticated
defer_unauth_destination
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
# we exclude our networks and SASL authenticated users
# from all further checks.
# since I don't know if the policy service is relevant
# for unauthenticated mail, I commented it out here
# check_policy_service inet:127.0.0.1:10031
warn_if_reject reject_non_fqdn_hostname
warn_if_reject reject_non_fqdn_sender
reject_invalid_hostname
reject_unknown_sender_domain
smtpd_data_restrictions = reject_unauth_pipelining
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mail.smbecker.tk
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost
relayhost =
mynetworks = 0.0.0.0/0 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
#Handing off local delivery to Dovecot's LMTP, and telling it where to store
mail
virtual_transport = lmtp:unix:private/dovecot-lmtp
#Virtual domains, users, and aliases
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-
domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
inet_protocols = ipv4
Basically, I want to be able to send and receive mail from anywhere as long as the domain and user exist on the server and authenticate with IMAP SSL on 993 and SMTP StartTLS on 465. The RPI has no firewall setup, but has a hardware firewall to the web only allowing ports 25,993,465. The client I am having an issue with though is a local PC without a firewall in between.
Before I made the changes to main.cf regarding:
smtpd_relay_restrictions =
# subject even authenticated users and trusted networks
# to the policy check
check_policy_service inet:127.0.0.1:10031
permit_mynetworks
reject_unknown_sender_domain
permit_sasl_authenticated
defer_unauth_destination
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
# we exclude our networks and SASL authenticated users
# from all further checks.
# since I don't know if the policy service is relevant
# for unauthenticated mail, I commented it out here
# check_policy_service inet:127.0.0.1:10031
warn_if_reject reject_non_fqdn_hostname
warn_if_reject reject_non_fqdn_sender
reject_invalid_hostname
reject_unknown_sender_domain
smtpd_data_restrictions = reject_unauth_pipelining
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
I was able to telnet on port 465. Now, I cannot. The mail log shows:
Jan 6 18:54:41 raspberrypi postfix/smtpd[30109]: lost connection after
CONNECT from unknown[10.100.100.1]
Before making changes, it just said:
smtpd_recipient_restrictions =
With nothing there.
Any one got any ideas on how to fix this?
Then I can start on Roundcube, DKIM, SFP, DMARC, and getting my ISP to create a PTR for me.

Basically, deployment of Postfix is a bit sophisticated.
My first Tip: I am using a wonderful set of Tools regarding deploy an open-source mail server called "Zimbra". It will take care of all you need and gives you a web Interface for management and UI.
Btw I can help you to fix your deployment fellow like this.
My second Tip: You may check firewalls, access permission and /etc/defaults if everything is fine. Sometimes simple Issue causes the Problem.

There is a tls log setting that will help with TLS issues:
http://www.postfix.org/TLS_README.html
Solution was to add:
smtpd_tls_loglevel = 2
which then showed me where the issue was.
Issue was here:
smtpd_relay_restrictions =
# subject even authenticated users and trusted networks
# to the policy check
check_policy_service inet:127.0.0.1:10031
I commented out the:
check_policy_service inet:127.0.0.1:10031
Now everything works and mxtoolbox shows it is not an open relay because it rejects their test message.

Opening a DGRAM socket from within a docker container fails (permission denied)

I'm running an application which builds and sends ICMP ECHO requests to a few different ip addresses. The application is written in Crystal. When attempting to open a socket from within the crystal docker container, Crystal raises an exception: Permission Denied.
From within the container, I have no problem running ping 8.8.8.8.
Running the application on macos, I have no problem.
Reading the https://docs.docker.com/engine/security/apparmor/ and https://docs.docker.com/engine/security/seccomp/ pages on apparmor and seccomp I was sure I'd found the solution, but the problem remains unresolved, even when running as docker run --rm --security-opt seccomp=unconfined --security-opt apparmor=unconfined socket_permission
update/edit: After digging into capabilities(7), I added the following line to my dockerfile: RUN setcap cap_net_raw+ep bin/ping trying to let the socket get opened but without change.
Thanks!
Relevant crystal socket code, full working code sample below:
# send request
address = Socket::IPAddress.new host, 0
socket = IPSocket.new Socket::Family::INET, Socket::Type::DGRAM, Socket::Protocol::ICMP
socket.send slice, to: address
Dockerfile:
FROM crystallang/crystal:0.23.1
WORKDIR /opt
COPY src/ping.cr src/
RUN mkdir bin
RUN crystal -v
RUN crystal build -o bin/ping src/ping.cr
ENTRYPOINT ["/bin/sh","-c"]
CMD ["/opt/bin/ping"]
Running the code, first native, then via docker:
#!/bin/bash
crystal run src/ping.cr
docker build -t socket_permission .
docker run --rm --security-opt seccomp=unconfined --security-opt apparmor=unconfined socket_permission
And finally, a 50 line crystal script which fails to open a socket in docker:
require "socket"
TYPE = 8_u16
IP_HEADER_SIZE_8 = 20
PACKET_LENGTH_8 = 16
PACKET_LENGTH_16 = 8
MESSAGE = " ICMP"
def ping
sequence = 0_u16
sender_id = 0_u16
host = "8.8.8.8"
# initialize packet with MESSAGE
packet = Array(UInt16).new PACKET_LENGTH_16 do |i|
MESSAGE[ i % MESSAGE.size ].ord.to_u16
end
# build out ICMP header
packet[0] = (TYPE.to_u16 << 8)
packet[1] = 0_u16
packet[2] = sender_id
packet[3] = sequence
# calculate checksum
checksum = 0_u32
packet.each do |byte|
checksum += byte
end
checksum += checksum >> 16
checksum = checksum ^ 0xffff_ffff_u32
packet[1] = checksum.to_u16
# convert packet to 8 bit words
slice = Bytes.new(PACKET_LENGTH_8)
eight_bit_packet = packet.map do |word|
[(word >> 8), (word & 0xff)]
end.flatten.map(&.to_u8)
eight_bit_packet.each_with_index do |chr, i|
slice[i] = chr
end
# send request
address = Socket::IPAddress.new host, 0
socket = IPSocket.new Socket::Family::INET, Socket::Type::DGRAM, Socket::Protocol::ICMP
socket.send slice, to: address
# receive response
buffer = Bytes.new(PACKET_LENGTH_8 + IP_HEADER_SIZE_8)
count, address = socket.receive buffer
length = buffer.size
icmp_data = buffer[IP_HEADER_SIZE_8, length-IP_HEADER_SIZE_8]
end
ping

It turns out the answer is that Linux (and by extension docker) does not give the same permissions that macOS does for DGRAM sockets. Changing the socket declaration to socket = IPSocket.new Socket::Family::INET, Socket::Type::RAW, Socket::Protocol::ICMP allows the socket to connect under docker.
A little more still is required to run the program in a non-root context. Because raw sockets are restricted to root, the binary must also be issued the correct capability for access to a raw socket, CAP_NET_RAW. However, in docker, this isn't necessary. I was able to get the program to run outside of super-user context by running sudo setcap cap_net_raw+ep bin/ping. This is a decent primer on capabilities and the setpcap command
MacOS doesn't use the same system of permissions, so setcap is just an unrecognized command. As a result, to get the above code to compile and run successfully on macOS without super-user context, I changed the socket creation code to:
socket_type = Socket::Type::RAW
{% if flag?(:darwin) %}
socket_type = Socket::Type::DGRAM
{% end %}
socket = IPSocket.new Socket::Family::INET, socket_type, Socket::Protocol::ICMP
Applying the CAP_NET_RAW capability for use in linux happens elsewhere in the build process if needed.
With those changes, I'm not seeing any requirement for changes to seccomp or apparmor from the default shipped with Docker in order to run the program.

static ip settings of illumos, openindiana

I'd just download Openindiana (OI-hipster-gui-20170502.iso)
and install it on my VirtualBox(5.1.22, macOS 10.12.5)
Two network interface enabled, one for NAT another for bridge(i want to use it in static ip)
# svcadm disable network/physical:nwam
# svcadm enable network/physical:default
# ipadm enable-if -t e1000g1
# ipadm create-addr -T static -a a.b.c.d/24 e1000g1/v4
ipadm: Could not create address: Persistent operation on temporary object
How can I configure it?
using Solaris11.3, i did
# ipadm create-ip net1
# ipadm create-addr -T static -a a.b.c.d/24 net1/v4
works fine.
Anybody tell me the difference between OpenIndiana(Illumos) and Solaris11
Best regards,

How to Update DNS Records Programatically

I am trying to update a DNS Record which is at (I believe) the following path on the server:
ServerName -> Forward Lookup Zones -> domain.com -> test
Where the DNS record is called test, and is of type Host(A).
I downloaded the DNSShell module from here and tried changing the 'Data' column of the DNS record (which contains an IP address) with this command:
Set-DNSRecord -Identity "test.domain.com"
But I got this error:
Cannot validate argument on parameter 'Identity'. The argument "test.domain.com" does not match the "^\\.\root\MicrosoftDNS:MicrosoftDNS_" pattern. Supply an argument that matches "^\\.\root\MicrosoftDNS:MicrosoftDNS_" and try the command again.
So I updated the Identity parameter as follows:
Set-DNSRecord -Identity "\\Servername\root\MicrosoftDNS:MicrosoftDNS_"
But now I am seeing:
Set-DNSRecord : Specified argument was out of the range of the valid values. Parameter name: Path
When I try adding a -Path, it says there is not such parameter! Does anyone know where I need to add the test.domain.com part of the DNS to tell the command which record to update? The documentation on this module is incomplete for this part of it and I can't seem to find any alternatives.
I can call Get-DNSRecord and see the record I need to update, but any attempts to Set are blocked because I have no idea how these paths are built.
Any help is much appreciated.

You can use also default PowerShell module for DNS server from Microsoft, example would then look something like this:
Add-DnsServerResourceRecordA -Name "recordname" -IPv4Address "192.168.0.0" -ZoneName "domain.com" -AllowUpdateAny -AgeRecord
In case you need removal before that something like this should work:
Remove-DnsServerResourceRecord -ZoneName "domain.com" -Name "recordname" -RRType "A" -Force

I managed to overcome this by using ye olde classic CMD command:
dnscmd /RecordAdd domain.com recordname RecordType /Aging /OpenAcl A 192.168.0.0
This adds a new record, and seems to do so even when another record with the same name (but different IP) exists.
So in my case, I will have to use dnscmd to first remove the existing record before adding a new one (as I actually just want to update the IP address of the existing record).
Command for removing dns record :
dnscmd /recorddelete domain.com recordname
More details can be found here.