• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Cloudflare DDNS: UNKNOWN ERROR

DHCP and DNS
2
5
332
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    logan893
    last edited by Jun 14, 2024, 8:23 AM

    I'm attempting to use Dynamic DNS service to update the IP of a Cloudflare subdomain, using the Zone ID API key as username, and an API token with "Edit zone DNS" (from template) permission as password.

    The verbose logging is switched on, but I get nothing useful from the system logs output. Not finding any similar problems when searching.

    I believe this was working 4 months ago, but I haven't kept track of it since and I see now that it's broken.

    I've tried changing the password to the Global API key, or a newly created "Edit zone DNS" token, but the same behavior persists in pfsense.

    I'm running pfSense 2.5.2

    Has there been any changes on the Cloudflare side that are now incompatible with the DDNS service pfSense 2.5.2?

    How do I proceed with any troubleshooting when the verbose logging gives me such limited information?

    Any help is appreciated.

    Jun 14 09:53:57 pfsense php-fpm[64818]: /services_dyndns_edit.php: Dynamic DNS: updatedns() starting
Jun 14 09:53:57 pfsense php-fpm[64818]: /services_dyndns_edit.php: Dynamic DNS cloudflare (subdomain.example.com): xx.xx.xx.xx extracted from local system.
Jun 14 09:53:57 pfsense php-fpm[64818]: /services_dyndns_edit.php: Dynamic DNS (subdomain.example.com): running get_failover_interface for wan. found vtnet0
Jun 14 09:53:57 pfsense php-fpm[64818]: /services_dyndns_edit.php: Dynamic DNS cloudflare (subdomain.example.com): _update() starting.
Jun 14 09:53:57 pfsense php-fpm[64818]: /services_dyndns_edit.php: Response Header:
Jun 14 09:53:57 pfsense php-fpm[64818]: /services_dyndns_edit.php: Response Data:
Jun 14 09:53:57 pfsense php-fpm[64818]: /services_dyndns_edit.php: Dynamic DNS cloudflare (subdomain.example.com): _checkStatus() starting.
Jun 14 09:53:57 pfsense php-fpm[64818]: /services_dyndns_edit.php: phpDynDNS (subdomain): PAYLOAD:
Jun 14 09:53:57 pfsense php-fpm[64818]: /services_dyndns_edit.php: phpDynDNS (subdomain): UNKNOWN ERROR -
    L 1 Reply Last reply Jun 14, 2024, 9:13 AM Reply Quote 0
    • L
      logan893 @logan893
      last edited by Jun 14, 2024, 9:13 AM

      I had a look at the /etc/inc/dyndns.class file to see what it's supposed to do, and I replicated the API calls manually towards the api.cloudflare.com v4 service from a server on my LAN with internet access via the pfsense FW. Using the API commands that should be executed by the dyndns component, I am able to update the cloudflare DNS IP.

      Doesn't make sense to me why pfSense is failing in this way.

      1 Reply Last reply Reply Quote 0
      • L
        logan893
        last edited by Jun 14, 2024, 11:59 AM

        I'm digging some more by adding debug logging to the code. The curl_exec command is failing (returning false). There's no error text from curl_error (returns empty string), but the curl_errno return value is 7, which according to the documentation means CURLE_COULDNT_CONNECT.

        Manually executing 'curl -X GET "https://api.cloudflare.com/client/v4/..." -H headers' from the pfsense command line works and gives proper results in return.

        The output from curl_info is almost identical before vs after execution, with the exception of a few of the time metrics being updated from 0.

        After failure of curl_exec (errno 7), curl_getinfo contains: url=https://api.cloudflare.com/client/v4/zones/xxxxx/dns_records?name=subdomain.example.com&type=A, content_type=, http_code=0, header_size=0, request_size=0, filetime=-1, ssl_verify_result=0, redirect_count=0, total_time=0.002556, namelookup_time=0.00365, connect_time=0, pretransfer_time=0, size_upload=0, size_download=0, speed_download=0, speed_upload=0, download_content_length=-1, upload_content_length=-1, starttransfer_time=0, redirect_time=0, redirect_url=, primary_ip=, certinfo=Array(<empty>), primary_port=0, local_ip=, local_port=0, http_version=0, protocol=0, ssl_verifyresult=0, scheme=, appconnect_time_us=0, connect_time_us=0, namelookup_time_us=3650, pretransfer_time_us=0, redirect_time_us=0, starttransfer_time_us=0, total_time_us=2556,

        1 Reply Last reply Reply Quote 0
        • L
          logan893
          last edited by logan893 Jun 14, 2024, 1:50 PM Jun 14, 2024, 1:20 PM

          I've tracked it down to the following:

          The IP fetched for WAN is correct, and taken from the bridge0 interface (a bridge of vtnet0 and vtnet1). This interface has the WAN IP DHCP client configuration, while vtnet0 and vtnet1 have no IP configuration set.

          While DDNS finds the correct IP, it also looks for an interface and picks vtnet0 (vtnet1 interface is currently down). Since vtnet0 has no IP configured, this makes curl_exec fail in this way.

          If I override the interface selection via curl_setopt($ch, CURLOPT_INTERFACE, 'if!bridge0');, the Cloudflare DDNS configuration works.

          Perhaps it's incorrect to use function get_failover_interface here, or the behavior is not correct for my scenario.

          Edit: raised a bug report. https://redmine.pfsense.org/issues/15557

          1 Reply Last reply Reply Quote 0
          • P
            Popolou
            last edited by Jun 14, 2024, 1:54 PM

            Works fine on this end, exactly the same way but the configuration in 2.7.2 no longer asks for a username for Cloudflare. Instead, it is blank and the password is the API key.

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.