(Bug) Curl error occurred: Failed to connect to members.dyndns.org port 443 after 15831 ms: No route to host
-
Hello everyone,
I've a secundary pfsense box sync with another one (in high availability both working without any issues), and the Dynamic DNS with some dyndns (custom) entries, are not able to sync. Its like there is no internet connection, with the following message:
Curl error occurred: Failed to connect to members.dyndns.org port 443 after 15831 ms: No route to host
I've put this secundary pfsense in production, but still doesnt update those entries.
Here is the secundary pfsense box, were I have this issue:
Here is the main pfsense box, were everything is working fine:
The GW_GROUP is a dual WAN uplink group, were the current available WAN is this one:
If I use the secundary box, I am able to access that http://checkip.dyndns.org dyndns url through it without issue, so I think that there is something on Dynamic DNS and dont know why.
I've traceroute to that members.dyndns.org without any issue under that pfsense box without issue:
Anyone knows what can be?
Thanks in advance!
-
pfSEense said : "no route to host". So it could find "members.dyndns.org", that is : it could convert "members.dyndns.org'" into a IPv4.
Then you asked your PC if it could find an IPv4 for "members.dyndns.org".
??
But your PC isn't doing the DDNS update, pfSense should do that.Do the check on pfSense :
[2.5.2-RELEASE][root@pfsense.my.place]/root: host members.dyndns.org members.dyndns.org is an alias for vip.web1-05-ussnn1.prod.dc.dyndns.com. vip.web1-05-ussnn1.prod.dc.dyndns.com has address 162.88.175.12
The answer means that the DNS (the resolver) is working fine on pfSense.
The test on the PC is fine but not a solid proof,the PC could be using, for example, '8.8.8.8'.Btw :
traceroute members.dyndns.org
on pfSense should also work.
The fact that you use a HA setup adds another set of can of worms. I can't help you with that kind of setup.
-
Yes I know I should have done that trace route from that pfsense box and not from that pc attached to that box network, but got lazy lol.
Doing a traceroute on that box, its able to route to that host.
The setup of dynamic DNS entries are the same on both nodes (those entries are not sync from one unit to another, are added manually), but on one there is no issues, only on the other. I really dont know why.
-
Even checking that port 443 from that node, it shows as openned:
Running: /usr/local/bin/nmap -sS -e lagg0.4088 'members.dyndns.com' Starting Nmap 7.91 ( https://nmap.org ) at 2021-12-23 16:50 WET Nmap scan report for members.dyndns.com (162.88.175.12) Host is up (0.17s latency). rDNS record for 162.88.175.12: vip.web1-05-ussnn1.prod.dc.dyndns.com Not shown: 998 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 13.04 seconds
-
And curling that 443 port, on members.dyndns.com from everywhere, I got a 404 error.
Curling to 80 port on checkip.dyndns.org, it works as expected.
-
If I set verbose mode on that dynamic DNS entry, I got the following info:
Dec 23 17:40:26 php 98159 rc.dyndns.update: Curl error occurred: Failed to connect to members.dyndns.org port 443 after 15729 ms: No route to host Dec 23 17:40:26 php 98159 rc.dyndns.update: Dynamic DNS dyndns-custom (x.getmyip.com): _checkStatus() starting. Dec 23 17:40:26 php 98159 rc.dyndns.update: Response Data: Dec 23 17:40:26 php 98159 rc.dyndns.update: Response Header: Dec 23 17:40:10 php 98159 rc.dyndns.update: Dynamic DNS dyndns-custom (x.getmyip.com): _update() starting. Dec 23 17:40:10 php 98159 rc.dyndns.update: DynDns (x.getmyip.com): Dynamic Dns: cacheIP != wan_ip. Updating. Cached IP: 0.0.0.0 WAN IP: x.x.x.226 Dec 23 17:40:10 php 98159 rc.dyndns.update: Dynamic Dns (x.getmyip.com): Current WAN IP: x.x.x.226 Cached IP: 0.0.0.0 Dec 23 17:40:10 php 98159 rc.dyndns.update: Dynamic DNS dyndns-custom (x.getmyip.com): x.x.x.226 extracted from Check IP Service Dec 23 17:40:09 php 98159 rc.dyndns.update: Dynamic DNS (x.getmyip.com): running get_failover_interface for opt3. found lagg0.4090 Dec 23 17:40:09 php 98159 rc.dyndns.update: Dynamic DNS dyndns-custom (x.getmyip.com): x.x.x.226 extracted from Check IP Service Dec 23 17:40:03 php 98159 rc.dyndns.update: Dynamic DNS: updatedns() starting
-
@sipriuspt said in Curl error occurred: Failed to connect to members.dyndns.org port 443 after 15831 ms: No route to host:
members.dyndns.org port
Ok, members.dyndns.org port resolves fine.
The other end is picking up the phone, but refuses to talk.
TheNo route to host
isn't really what this is all about.
Is it a TLS error ?
Just a wild shot : is the time of your pfSense correct ?
Another one : don't ripe out the power, do a clean shut down. When the un it is down, remove the power, count to 60, put the power back.
Retry. -
@gertjan sorry for the late response.
- Is it a TLS error ?
Dont seems to be, in both firewalls I got 404 with https://members.dyndns.org.
- is the time of your pfSense correct ?
Same time set.
- don't ripe out the power, do a clean shut down. When the un it is down, remove the power, count to 60, put the power back. Retry.
Same output.
-
Why am I starting to think that this is a bug ...
If I dont find any aparent reason for this to happean, I will backup and factory reset this box and restore that backup.
-
Even on primary box I have thousands of:
rc.dyndns.update: Curl error occurred: Failed to connect to members.dyndns.org port 443 after 15729 ms: No route to host
Now I am unable to identify the source of that problem on secundary box through logs ....
-
@sipriuspt said in Curl error occurred: Failed to connect to members.dyndns.org port 443 after 15831 ms: No route to host:
Dont seems to be, in both firewalls I got 404 with https://members.dyndns.org
Then from a 'traffic' point of view - your side-their side - all is well.
It looks like "dyndns.org" changed something, on their side of course.
-
Thanks a lot for the help @Gertjan, I openned an issue on pfSense bug tracker, and seems like its an already known problem.
From what I see, it happeans more when you have multi WAN, and the tier 1 is offline and tier 2 is up, who is the same that I have here. It has also made problems with other Dynamic DNS services like NoIP.
This one was mine:
https://redmine.pfsense.org/issues/12753First report:
https://redmine.pfsense.org/issues/12631So beware ppl.
-
IMHO, you are hit by two issues :
The first one : members.dynds.org is 'dead'. click on the link and you se the problem. It returns a simple '404' ..... That's a "dynds.org" problem.
Btw 'curl' simulates the same http or https request as a web browser like edge, firefox, etc. It gets back the reply and shows, or places it in file, the choice is up to you.
The second one : Multiple WANs : you see a 'route to host' : this tells me that the request can't leave the pfSense box and is indeed a local (pfSense) issue.
It could be a bug, or just a floating firewall rule that forbids that intercepts that typical curl request for going out.
I can't tell, as I never dealt with Multiple WAN,s or grouped WAN type interfaces.I presume that when you remove your "GW" setup, and you wind up having distinct WAN interfaces, with one being the default, the issue is gone.
That is, now you'll hit the " members.dyndns.org returns 404 ". -
@gertjan you are right about being two issues, but I can live with a 'failed connect' on logs if everything is working fine ehehe
In my case there is no floating rules.
-
@gertjan Just to confirm here that after upgrating pfsense OS from 21.05.2 to 22.01, and recreating (copy) all dyndns entries, it finally worked.
Without recrating those dyndns entries, I was having badauths on logs under 22.01 version.
-
-
-
-
-