Dynamic DNS (DDNS) fails to obtain public IP
-
If one is created, its in /var/etc/
If none is created, the the update was deemed not necessary, and was skipped.
You can force an update of course. Delete the 'cache' file, you'll find it in /cf/conf/ - and the file starts with dyndns.... and end with dot cache. -
@Gertjan See this thread, https://forum.netgate.com/post/1219168 for a working method. It appears Cloudflare may only work with API Tokens now; Either way the pfSense DDNS client does not work with CloudFlare.
I am able to update via script, so I will be trying using a cron job. Hopefully someone from pfSense sees these threads and can make some sense out of them. Apologies for not being more helpful.
70tas -
@70tas said in Dynamic DNS (DDNS) fails to obtain public IP:
Either way the pfSense DDNS client does not work with CloudFlare.
Sure it does! Just set it up on my 2.8 - clicky clicky = worky worky.
Not sure what you are doing wrong, or what you have wrong on your system - but clicky clicky and working
Created my testddns entry in cloudflare. Created a new api token, copied the zone id to use for login.. Click and bobs your uncle.
-
@johnpoz I understand that it is working for you, but it is not working for me and I can't gather any kind of diagnostic as to why it is failing. The only thing I can think of, is that both myself and @revengineer both started with the WAN on one port and then changed it to a different port. It used to work on 2.7.2 before my box gave up the ghost, and I installed 2.8.0 on a new box, but changed the ports after installation.
If there is anything I can provide to figure out where it is failing, I am willing to do it. However, all I know is "I" can't get the client to work, but I can get the script in @revengineer 's thread to work.
Thank you
-
@70tas my point to showing it working was to counter your blanket statement.
Clearly it is working so your blanket statement that it is not is false.
If you are having issues because you changed your wan interface - I would blow away your config and start from scratch with your new wan interface.
I don't remember details of your previous thread.. Did you actually get your zone id, did you create a new api token and use the template? This took all couple of minutes to setup from creating the record in cloudflare, creating the token and getting the zone ID from cloudflare dashboard.
And my 2.8 vm is even behind a nat.
What does your xml config look like?
<dyndnses> <dyndns> <check_ip_mode>always</check_ip_mode> <type>cloudflare</type> <username><![CDATA[df79e7f73<snipped>4ada2f0]]></username> <password><![CDATA[dlVsWC0xW<snipped>mRKNjBudQ==]]></password> <host>testddns</host> <domainname>snipped.tld</domainname> <mx></mx> <verboselog></verboselog> <enable></enable> <interface>wan</interface> <zoneid></zoneid> <ttl></ttl> <maxcacheage></maxcacheage> <updateurl></updateurl> <resultmatch></resultmatch> <requestif>wan</requestif> <descr></descr> <force></force> <id>0</id> </dyndns> </dyndnses> -
@johnpoz you are correct, I should not have made a blanket statement. Of course it works.
In my case something went wrong. By the way, where do I find the xml config?
However, I’m far enough down the road, if the script works I’ll just keep using it. As for CloudFlare, I retrieved everything from scratch, but it didn’t work. It is probably something I’ve done that triggered the issue, I am just trying to figure out what it was. It is all fun and games, after all, my work and my hobby.
-
@70tas Have you tried the Save & Force Update button?
There are conditions where a normal update doesn't work, like post. (cache file matches WAN, pfSense [wrongly] assumes there is no need to actually update the A record)
Try the force, try deleting the /conf/dyndns_wanprovidername'hostname.example.com'0.cache file.
-
@70tas said in Dynamic DNS (DDNS) fails to obtain public IP:
where do I find the xml config?
under backup and restore - you can download the whole xml as a backup, or you can just pick the section you want. I just picked the ddns section.
And yeah @SteveITS has a valid point, try the save & force. And deleting the cache can't hurt either.
As to just using your script - that works too, always lots of different ways to skin any cat. But you are right, it should just work - and that it isn't can become an obsession. I have never had any issues with ddns on pfsense as far back as I can remember - and that has been quite some time. And I moved a couple of domains to cloudflare years and years ago.. And has always not been a problem. I believe I have my global token in my current pfsense main install. But have no idea what it is.. But its currently working - I believe its global because its using my email address as the username. And can't recall when last time I messed with that in pfsense has been. I know its been multiple versions some upgrades, and some clean installs with restore from backed up config. The clean installs when was when moved to zfs and when they changed the lay out of zfs volumes, etc.
I don't do much playing with my main install since I have both a CE and + version VM I can just fire up.
-
@johnpoz Ok, so I deleted the /tmp/.cache files and /tmp/.lock files.
I then rebuilt the DDNS config, tried it, negative.
I exported a backup of the DDNS to XML and here is what I get:This XML file does not appear to have any style information associated with it. The document tree is shown below.
I presume the CDATA is encrypted because it doesn't match my token.Hope this makes some sense to someone.
Tas -
@70tas that username sure isn't right for using a api token.. You need to use your Zone ID you get from cloudflare.
That wouldn't even be right for a global token, which would be your email address.
Go to your zone, ie 70tas.us dns settings - scroll down on the right and you should see your zone ID
-
@70tas To note it here as well, I used the script posted in the other thread only for debugging purposes. While you can use it with a cron job, it is not necessary. The DDNS GUI works fine for cloudflare. The important thing is to use the Zone ID for the user name, not the email address. In the past, the email address must have worked because that is what I had in there before. It worked for years but now no longer.
-
@revengineer we sure global doesn't work? My main pfsense running 24.11 is using global and it still works. Just double checked.
Clearly they are moving away from it - it is legacy. I have one, but not sure if they let you create one if you didn't already have one?
Global API key is the previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API key.
But you can view it if you have one. So he could try using that - but from what he posted, unless he edited for posting - what he has in username isn't valid for either a global key or api token.
