Dynamic DNS (DDNS) fails to obtain public IP

johnpoz

@70tas when you setup a cloudflare record - you can put in whatever you want.. It sure doesn't default to 1.1.1.1, so yo put 1.1.1.1 into the record you created.

Per what @Gertjan posted - if you just go to that url what does it show for your IP?

If your system can not go to that url - then no it wouldn't be able to update your ddns. So you for some reason are not able to go to that url - maybe your blocking it?

Gertjan

@johnpoz said in Dynamic DNS (DDNS) fails to obtain public IP:

maybe your blocking it?

@70tas :
Or, the other favorite problem could be : your LAN device, where you use "http://checkip.dyndns.org" in a web browser, it shows the IP as the browser on your PV could use another DNS server, which is not pfSense.

The best test method will be : console or SSH into pfSense, use menu option 8 and then

[25.07-BETA][root@pfSense.bhf.tld]/root: curl http://checkip.dyndns.org
<html><head><title>Current IP Check</title></head><body>Current IP Address: 82.127.xx.108</body></html>

which tells me that pfSEnse has a working DNS, as it has to resolve "checkip.dyndns.org" before it can connect to it.

70tas

@Gertjan Thank you, will try later tonight

70tas

@Gertjan I used a browser to go to "http://checkip.dyndns.org" and it came back with the correct IP assigned by my ISP.

I then ssh'ed to the pfSense, and ran "curl http://checkip.dyndns.org" from the cli. It also came back with the proper IP address.

The log shows:
/services_dyndns_edit.php: Dynamic DNS (ingress.70tas.us) There was an error trying to determine the public IP for interface - wan (igc0)

AndyRH

My favorite is icanhazip.com It only returns the IP address. Much easier when messing with DDNS.

Gertjan

@70tas said in Dynamic DNS (DDNS) fails to obtain public IP:

I used a browser to go to "http://checkip.dyndns.org" and it came back with the correct IP assigned by my ISP.

I then ssh'ed to the pfSense, and ran "curl http://checkip.dyndns.org" from the cli. It also came back with the proper IP address.

Ok, so pfSense 'can' check if needed.

Some reasons why it could fail :

Check the exact moment when "/services_dyndns_edit.php: Dynamic DNS (ingress.70tas.us) There was an error .... " showed up
Now check also the Status > System Logs > System > DNS Resolver log.
Do you see any "notice: Restart of unbound 1.23.0." and "start of service (unbound 1.23.0)." at or around the moment of the "services_dyndns_edit.php" ?
After all, an URL has to be resolved first, and if DNS is not present at that moment, you have your issue explained.

Same thing : check the system log. Was the WAN interface going down and up at that same moment ? When the WAN is temporary down, it will fail.

70tas

@Gertjan Here is what I see a few seconds before DDNS, in the Unboud log:

Jul 15 08:31:21 unbound 62262 [62262:0] info: generate keytag query _ta-4f66-9728. NULL IN
Jul 15 08:31:20 unbound 62262 [62262:0] info: start of service (unbound 1.22.0).
Jul 15 08:31:20 unbound 62262 [62262:0] notice: init module 1: iterator
Jul 15 08:31:20 unbound 62262 [62262:0] notice: init module 0: validator
Jul 15 08:31:20 unbound 62262 [62262:0] notice: Restart of unbound 1.22.0.
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 2: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:20 unbound 62262 [62262:0] info: service stopped (unbound 1.22.0).
Jul 15 08:31:20 unbound 62262 [62262:2] info: generate keytag query _ta-4f66-9728. NULL IN
Jul 15 08:31:20 unbound 62262 [62262:0] info: start of service (unbound 1.22.0).
Jul 15 08:31:20 unbound 62262 [62262:0] notice: init module 1: iterator
Jul 15 08:31:20 unbound 62262 [62262:0] notice: init module 0: validator
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:18 unbound 11265 [11265:0] info: service stopped (unbound 1.22.0).
Jul 15 08:31:18 unbound 11265 [11265:0] info: start of service (unbound 1.22.0).

I also see the following in General log:

Jul 15 08:31:47 php-fpm 30381 /services_dyndns_edit.php: Dynamic DNS (kerveros.70tas.us) There was an error trying to determine the public IP for interface - wan (igc0 ).
Jul 15 08:31:47 php-fpm 30381 /services_dyndns_edit.php: Dynamic DNS: updatedns() starting
Jul 15 08:31:47 check_reload_status 590 Syncing firewall
Jul 15 08:31:47 php-fpm 30381 /services_dyndns_edit.php: Configuration Change: admin@128.244.221.135 (Local Database): Dynamic DNS client configured.
Jul 15 08:31:20 check_reload_status 590 Reloading filter
Jul 15 08:31:20 php-fpm 493 /system.php: NTPD is starting up.
Jul 15 08:31:16 root 45579 /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
Jul 15 08:31:16 check_reload_status 590 Syncing firewall
Jul 15 08:31:16 php-fpm 493 /system.php: Configuration Change: admin@128.244.221.135 (Local Database): System:
Jul 15 08:30:04 php-fpm 2106 /index.php: Successful login for user 'admin' from: 128.244.221.135 (Local Database)
Jul 15 08:15:36 nginx 2025/07/15 08:15:36 [error] 24554#100354: *1888 open() "/usr/local/www/actuator/gateway/routes" failed (2: No such file or directory), client: 79.124.58.198, server: , request: "GET /actuator/gateway/routes HTTP/1.1", host: "76.151.201.197:443"
Jul 15 08:02:58 nginx 2025/07/15 08:02:58 [error] 24554#100354: *1883 open() "/usr/local/www/KVfU" failed (2: No such file or directory), client: 96.126.104.20, server: , request: "GET /KVfU HTTP/1.1", host: "76.151.201.197"
Jul 15 07:41:46 nginx 2025/07/15 07:41:46 [error] 24554#100354: *1880 open() "/usr/local/www/logincheck" failed (2: No such file or directory), client: 198.135.51.111, server: , request: "POST /logincheck HTTP/1.1", host: "76.151.201.197"
Jul 15 07:16:00 nginx 2025/07/15 07:16:00 [error] 24554#100354: *1871 open() "/usr/local/www/_ignition/execute-solution" failed (2: No such file or directory), client: 79.124.58.198, server: , request: "GET /_ignition/execute-solution HTTP/1.1", host: "76.151.201.197:443"
Jul 15 06:54:39 nginx 2025/07/15 06:54:39 [error] 24234#100286: *1864 "/usr/local/www/console/index.php" is not found (2: No such file or directory), client: 79.124.58.198, server: , request: "GET /console/ HTTP/1.1", host: "76.151.201.197:443"

Not sure what the next to last error is about not finding /usr/loca/www/console/index.php

Gertjan

@70tas

During the 2 seconds interval, from 08:31:18 to 08:31:20, the resolver 'Unbound' stopped and started twice [ ].

The error

@70tas said in Dynamic DNS (DDNS) fails to obtain public IP:

Jul 15 08:31:47 php-fpm 30381 /services_dyndns_edit.php: Dynamic DNS (kerveros.70tas.us) There was an error trying to determine the public IP for interface - wan (igc0 ).

was shown at 08:31:47, that 27 seconds later ... what happened at that moment (20 sec before, 0 sec after).
If unbound was still stopping and starting, then you've found the issue.

Normally, unbound never stops (or : gets restarted).
unbound will get restarted if you hook up physically an internet cable -or deactivate a device hooked up on to that cable. Or the device gets powered down / up. (solution : place pnly switches on your LAN and WAN interfaces, and power these with an UPS)
unbound can get restarted under the the control of pfBlockerng - example : if you ask to sync the pfBlockerng feeds every hour, don't be surprised unbound can also get restarted every hours.

But yours restarted twice in 2 seconds. Does it do that all the time ?

About this :

Not sure what the next to last error is about not finding /usr/loca/www/console/index.php

Look two lines up, you posted yourself where that request came from :

Who is this 79.124.58.198 ? you've Bulgarian friends ?

Did you really open up the WAN interface ?? [ ]

Same thing for 198.135.51.111, 96.126.104.20 etc dono what the entire Internet is doing against your pfSense GUI, consider that as 'bad' practice.

70tas

Unbound keeps restarting a few times, but not lately.

Yes I did open 443, so I can get in. 76.151.201.197 is my assigned IP. I can get it via curl and use it to connect temporarily. 76.151.xxx.xxx is my current outbound NAT.
79.124.58.198 is 4vendeta.com a Communication provider, which looks like I am currently hopping from. However, I am still concerned that it cannot find /usr/loca/www/console/index.php. Any ideas?

Tas

70tas

@70tas I ran a traceroute to checkip.dyndns.org, seems okay.

I can resolve checkip.dyndns.org, so that means I have a good DNS.
I can curl checkip.dyndns.org and other IP checkers and I get the proper address back.

I just don't see how this has anything to do with IP addresses, or I wouldn't be able to resolve checkip.dyndns.org. I think the problem has to do with the DDNS updater; the logs don't show that it even tries to connect to Cloudflare, it is just saying it can't get my IP.

70tas

Well, I guess I have to go back to 2,72. I may try reinstalling 2.80 for the third time, but I don’t expect it to work. I wish there were more logs available as to where the (dydns) service is failing, that would make it a lot easier to troubleshoot. I am using Xfinity, pfsense and Cloudflare, it should just work.
Tas

Gertjan

@70tas said in Dynamic DNS (DDNS) fails to obtain public IP:

more logs available as to where the (dydns) service is failing

You checked : Services > Dynamic DNS > Dynamic DNS Clients > Edit :

Plan B :
According to the documentation there is a debug mode.
See here : the source.
Go to line 3377.
Place '//' in front of the return; statement.
Save.

From now on, according to line 239, there will be a log file here /var/etc/, the filebname starts with with "dyndns_" that will contain the debug info.

Don't forget to remove the '//' when your done.

70tas

@Gertjan Thanks for the help. A '//' on that line, which is the end of the conditional crashed the app. I placed a '//' on each of the lines in the conditional, but I do not see any log files in the stated directory. I will have to read the script again to try to figure out where it puts the output; however, I'm a bash guy, so we'll see.

Thanks again.
Tas

Gertjan

@70tas said in Dynamic DNS (DDNS) fails to obtain public IP:

A '//' on that line, which is the end of the conditional crashed the app.

Like this :

worked for me.
No issues / errors.
I did found a log file now :

but not very helpful - it contained just one line :

07-17-25 03:15:27 - (6013287) - [freedns2] - 82.127.26.108/1752758073

let's say that's ok because "all went well".

edit :
bash ? That' way to complicated.
This is PHP, which is somewhat comparable to BASIC.

70tas

Ok, so the equivalent line on my 2.8 is 3369.
No errors this time, but I can't find a log file. I searched the entire file system.
Tas

Gertjan

@70tas

If one is created, its in /var/etc/

If none is created, the the update was deemed not necessary, and was skipped.
You can force an update of course. Delete the 'cache' file, you'll find it in /cf/conf/ - and the file starts with dyndns.... and end with dot cache.