DDNS dynv6 logs success but UI shows failure

verket

Hi...

Netgate 1100 running 22.01-RELEASE. Configured DDNS for IPv4 using:

• Hostname: my FQDN new host
• Username: My email address
• Password: the password hash specified under the dynv6 ddclient password example.

Verbose logging shows (portions):

/services_dyndns_edit.php: Response Data: addresses unchanged
/services_dyndns_edit.php: Response Header: HTTP/2 200
/services_dyndns_edit.php: Dynamic DNS dynv6 (xxx.dynv6.net): _update() starting.
/services_dyndns_edit.php: Dynamic DNS dynv6 (xxx.dynv6.net): 47.156.y.y extracted from local system.

UI shows:

What am I missing?
Paul

Gertjan

@verket said in DDNS dynv6 logs success but UI shows failure:

What am I missing?

This :

?

Now you will get more log lines, thus more debug info.
I got 24 lines, and among them :

/services_dyndns_edit.php: Response Data: nochg 90.120.79.244

so the remote dyndns gave back the registered IPv4.

/services_dyndns_edit.php: Dynamic DNS he-net-tunnelbroker (532298): 90.120.79.244 extracted from Check IP Service

So locally, the same IPv4 is found.
See ServicesDynamic DNSCheck IP Services hwo this test is performed.
Basically : http://checkip.dyndns.org is used, as you could do yourself using any browser.

[/services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_wanhe-net-tunnelbroker'532298'0.cache: 90.120.79.244](link url)

Not needed, as it already should contain "90.120.79.244", but the cache file is updated.
I could check this file, if it really contains "90.120.79.244" - it did.

The cache file is here : /cf/conf/

verket

Thanks @gertjan for the good info. It appears that dynv6 doesn't return the address it registered. For example:

/services_dyndns_edit.php:
/services_dyndns_edit.php: Dynamic DNS dynv6 (verket.dynv6.net): _checkStatus() starting.
/services_dyndns_edit.php: Response Data: addresses unchanged
/services_dyndns_edit.php: Response Header:
/services_dyndns_edit.php: Response Header:
/services_dyndns_edit.php: Response Header: content-length: 19
/services_dyndns_edit.php: Response Header: x-xss-protection: 1; mode=block
/services_dyndns_edit.php: Response Header: vary: Origin
/services_dyndns_edit.php: Response Header: strict-transport-security: max-age=31536000;
/services_dyndns_edit.php: Response Header: server: Caddy
/services_dyndns_edit.php: Response Header: date: Sun, 26 Jun 2022 02:35:36 GMT
/services_dyndns_edit.php: Response Header: content-type: text/plain; charset=UTF-8
/services_dyndns_edit.php: Response Header: access-control-allow-origin:
/services_dyndns_edit.php: Response Header: HTTP/2 200
/services_dyndns_edit.php: Dynamic DNS dynv6 (verket.dynv6.net): _update() starting.
/services_dyndns_edit.php: Dynamic DNS (verket.dynv6.net): running get_failover_interface for wan. found mvneta0.4090
/services_dyndns_edit.php: Dynamic DNS dynv6 (verket.dynv6.net): 47.156.232.198 extracted from local system.
/services_dyndns_edit.php: Dynamic DNS: updatedns() starting

If I change the registered address from the dynv6 web page to something bogus and force an update, I get:

/services_dyndns_edit.php: Response Data: addresses updated

but the service doesn't return the registered IP address. Checking via their web page shows that it was updated. So hopefully this is just a PFSense UI issue and nothing more.

Thanks again for the help!
Paul

verket

dynv6 and pfsense support RFC 2136. I used their service to generate a TSIG key and created a PFSense entry:

Checking the log (no verbose logging available) showed:

/services_rfc2136_edit.php: phpDynDNS: ERROR while updating IP Address (A) for verket.dynv6.net (47.156.232.198)
/services_rfc2136_edit.php: The command '/usr/local/bin/nsupdate -k /var/etc/nsupdatekey0 /var/etc/nsupdatecmds0' returned exit code '1', the output was 'dns_request_getresponse: expected a TSIG or SIG(0)'

Their docs are fairly specific: https://dynv6.com/docs/apis#dns-update. I'll have to check out what's in /var/etc/nsupdatecmds0

Gertjan

@verket said in DDNS dynv6 logs success but UI shows failure:

but the service doesn't return the registered IP address

That not really an issue.
The service can return what it chooses to return.

But I found something strange ....

@verket said in DDNS dynv6 logs success but UI shows failure:

/services_dyndns_edit.php: Dynamic DNS dynv6 (verket.dynv6.net): _checkStatus() starting.

There are no other lines above (means : afterwards !) this line ?

The _checkStatus() function handles the result of the update procedure.
For reference : https://github.com/pfsense/pfsense/pull/4312/commits/96b2a66a3e2afb71d95cbb39779d5edc3647102f#diff-bcf28745a76c16f378252ea678d7f1caca21c59cabc46f026ff8391c01c9ddea

A message for @vktg ( @viktor_g ? ) : _checkStatus() should check and set $successful_update true when all went well ?
Or am I missing something ?

pfsense/src/etc/inc/dyndns.class never handles the 'dynv6-v6' case.
This results in :

1. the cache file never gets created / updated.
2. notify_all_remote() doesn't get called so no notification (by mail etc)
3. The log line "phpDynDNS: updating cache file ......" isn't shown.

verket

@gertjan said in DDNS dynv6 logs success but UI shows failure:

There are no other lines above (means : afterwards !) this line ?

Unfortunately, no. There was just the one blank line above/after.

Thanks for the code pointer -- good reading! I'll have to spend some more time with it.

Paul

Gertjan

@verket

Guess what : Redmine was already aware : Bug #13298 :: Dynv6 does not check response code when updating

A pull request exists : https://github.com/pfsense/pfsense/pull/4605
Here is the code (not final, but it would be great if you could test) to paste in : https://github.com/pfsense/pfsense/pull/4605/commits/adfb1d2b8a1f60757a2b0cf63f9e59275f3892f3

verket

@gertjan thanks for finding the patch. I added the patch to /etc/inc/dyndns.class but it was hitting the default switch:

/services_dyndns_edit.php: phpDynDNS (verket.dynv6.net): (Unknown Response)
/services_dyndns_edit.php: phpDynDNS (verket.dynv6.net): PAYLOAD: addresses unchanged
/services_dyndns_edit.php: Dynamic DNS dynv6 (verket.dynv6.net): _checkStatus() starting.
/services_dyndns_edit.php: Response Data: addresses unchanged
/services_dyndns_edit.php: Response Header:
/services_dyndns_edit.php: Response Header:
/services_dyndns_edit.php: Response Header: content-length: 19
/services_dyndns_edit.php: Response Header: x-xss-protection: 1; mode=block
/services_dyndns_edit.php: Response Header: vary: Origin
/services_dyndns_edit.php: Response Header: strict-transport-security: max-age=31536000;
/services_dyndns_edit.php: Response Header: server: Caddy
/services_dyndns_edit.php: Response Header: date: Thu, 30 Jun 2022 03:42:53 GMT
/services_dyndns_edit.php: Response Header: content-type: text/plain; charset=UTF-8
/services_dyndns_edit.php: Response Header: HTTP/2 200
/services_dyndns_edit.php: Dynamic DNS dynv6 (verket.dynv6.net): _update() starting.
/services_dyndns_edit.php: Dynamic DNS (verket.dynv6.net): running get_failover_interface for wan. found mvneta0.4090
/services_dyndns_edit.php: Dynamic DNS dynv6 (verket.dynv6.net): 47.156.232.198 extracted from local system.
/services_dyndns_edit.php: Dynamic DNS: updatedns() starting

Unlike the patch, my code has a curl_getinfo() line after every case statement:

case 'desec-v6':
        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        switch ($http_code) {

When I added it to the dynv6 case, it sort of worked:

nginx [error] 43689#100100: *389 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.2.160, server: , request: "POST /services_dyndns_edit.php?id=0 HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "pfsense.localdomain", referrer: "https://pfsense.localdomain/services_dyndns_edit.php?id=0"
php-fpm	/services_dyndns_edit.php: phpDynDNS (verket.dynv6.net): (Success) IP Address Changed Successfully!
php-fpm	/services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_wandynv6'verket.dynv6.net'0.cache: 47.156.232.198
php-fpm	/services_dyndns_edit.php: Dynamic DNS dynv6 (verket.dynv6.net): 47.156.232.198 extracted from local system.
php-fpm	/services_dyndns_edit.php: Dynamic DNS dynv6 (verket.dynv6.net): _checkStatus() starting.
php-fpm	/services_dyndns_edit.php: Response Data: addresses unchanged
php-fpm	/services_dyndns_edit.php: Response Header:
php-fpm	/services_dyndns_edit.php: Response Header:
php-fpm	/services_dyndns_edit.php: Response Header: content-length: 19
php-fpm	/services_dyndns_edit.php: Response Header: x-xss-protection: 1; mode=block
php-fpm	/services_dyndns_edit.php: Response Header: vary: Origin
php-fpm	/services_dyndns_edit.php: Response Header: strict-transport-security: max-age=31536000;
php-fpm	/services_dyndns_edit.php: Response Header: server: Caddy
php-fpm	/services_dyndns_edit.php: Response Header: date: Thu, 30 Jun 2022 03:57:10 GMT
php-fpm	/services_dyndns_edit.php: Response Header: content-type: text/plain; charset=UTF-8
php-fpm	/services_dyndns_edit.php: Response Header: HTTP/2 200
php-fpm	/services_dyndns_edit.php: Dynamic DNS dynv6 (verket.dynv6.net): _update() starting.
php-fpm	/services_dyndns_edit.php: Dynamic DNS (verket.dynv6.net): running get_failover_interface for wan. found mvneta0.4090
php-fpm	/services_dyndns_edit.php: Dynamic DNS dynv6 (verket.dynv6.net): 47.156.232.198 extracted from local system.
php-fpm	/services_dyndns_edit.php: Dynamic DNS: updatedns() starting

The browser times out with a 504 Gateway Time-out but the Services -> Dynamic DNS page is happy:

github's blame shows that there was an intermediate fix that removed the requirement for the curl_getinfo() line but I don't understand the timeout.

I'll check it out after the 22.05 update to see if the timeouts go away.

verket

@Gertjan I reapplied the patch after upgrading to 22.05 and it worked without the timeout issues. Thanks again for all your help!