Dynamic DNS (DDNS) fails to obtain public IP
-
@70tas my point to showing it working was to counter your blanket statement.
Clearly it is working so your blanket statement that it is not is false.
If you are having issues because you changed your wan interface - I would blow away your config and start from scratch with your new wan interface.
I don't remember details of your previous thread.. Did you actually get your zone id, did you create a new api token and use the template? This took all couple of minutes to setup from creating the record in cloudflare, creating the token and getting the zone ID from cloudflare dashboard.
And my 2.8 vm is even behind a nat.
What does your xml config look like?
<dyndnses> <dyndns> <check_ip_mode>always</check_ip_mode> <type>cloudflare</type> <username><![CDATA[df79e7f73<snipped>4ada2f0]]></username> <password><![CDATA[dlVsWC0xW<snipped>mRKNjBudQ==]]></password> <host>testddns</host> <domainname>snipped.tld</domainname> <mx></mx> <verboselog></verboselog> <enable></enable> <interface>wan</interface> <zoneid></zoneid> <ttl></ttl> <maxcacheage></maxcacheage> <updateurl></updateurl> <resultmatch></resultmatch> <requestif>wan</requestif> <descr></descr> <force></force> <id>0</id> </dyndns> </dyndnses> -
@johnpoz you are correct, I should not have made a blanket statement. Of course it works.
In my case something went wrong. By the way, where do I find the xml config?
However, I’m far enough down the road, if the script works I’ll just keep using it. As for CloudFlare, I retrieved everything from scratch, but it didn’t work. It is probably something I’ve done that triggered the issue, I am just trying to figure out what it was. It is all fun and games, after all, my work and my hobby.
-
@70tas Have you tried the Save & Force Update button?
There are conditions where a normal update doesn't work, like post. (cache file matches WAN, pfSense [wrongly] assumes there is no need to actually update the A record)
Try the force, try deleting the /conf/dyndns_wanprovidername'hostname.example.com'0.cache file.
-
@70tas said in Dynamic DNS (DDNS) fails to obtain public IP:
where do I find the xml config?
under backup and restore - you can download the whole xml as a backup, or you can just pick the section you want. I just picked the ddns section.
And yeah @SteveITS has a valid point, try the save & force. And deleting the cache can't hurt either.
As to just using your script - that works too, always lots of different ways to skin any cat. But you are right, it should just work - and that it isn't can become an obsession. I have never had any issues with ddns on pfsense as far back as I can remember - and that has been quite some time. And I moved a couple of domains to cloudflare years and years ago.. And has always not been a problem. I believe I have my global token in my current pfsense main install. But have no idea what it is.. But its currently working - I believe its global because its using my email address as the username. And can't recall when last time I messed with that in pfsense has been. I know its been multiple versions some upgrades, and some clean installs with restore from backed up config. The clean installs when was when moved to zfs and when they changed the lay out of zfs volumes, etc.
I don't do much playing with my main install since I have both a CE and + version VM I can just fire up.
-
@johnpoz Ok, so I deleted the /tmp/.cache files and /tmp/.lock files.
I then rebuilt the DDNS config, tried it, negative.
I exported a backup of the DDNS to XML and here is what I get:This XML file does not appear to have any style information associated with it. The document tree is shown below.
I presume the CDATA is encrypted because it doesn't match my token.Hope this makes some sense to someone.
Tas -
@70tas that username sure isn't right for using a api token.. You need to use your Zone ID you get from cloudflare.
That wouldn't even be right for a global token, which would be your email address.
Go to your zone, ie 70tas.us dns settings - scroll down on the right and you should see your zone ID
-
@70tas To note it here as well, I used the script posted in the other thread only for debugging purposes. While you can use it with a cron job, it is not necessary. The DDNS GUI works fine for cloudflare. The important thing is to use the Zone ID for the user name, not the email address. In the past, the email address must have worked because that is what I had in there before. It worked for years but now no longer.
-
@revengineer we sure global doesn't work? My main pfsense running 24.11 is using global and it still works. Just double checked.
Clearly they are moving away from it - it is legacy. I have one, but not sure if they let you create one if you didn't already have one?
Global API key is the previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API key.
But you can view it if you have one. So he could try using that - but from what he posted, unless he edited for posting - what he has in username isn't valid for either a global key or api token.
-
@revengineer Unfortunately, there is something wrong in my configuration, which causes it not to be able to find my real IP. I'm not going to spend a lot of time on it, since I can use the script via Cron. I just need to modify it so it doesn't update needlesly.
Thanks for all the help
I appreciate it -
@70tas Doesn't matter if it did or we don't even know - maybe it can, but since you have the wrong settings it never going to work.
-
@johnpoz I think we are talking about two different things, and I may not have been clear. For the username, it states for cloudflare: "Enter email for Global API Key or (optionally) Zone ID for API token." I could not get this to accept my email address, and I had to use the Zone ID. If the email address works for you, then I wonder whether my problem is that I changed my cloudflare email address to a different one than I used when I opened the account and established the global api key.
In any case it sounds like @70tas has other issues but has found a solution.
-
@revengineer said in Dynamic DNS (DDNS) fails to obtain public IP:
and I had to use the Zone ID
what was posted from his xml is not a zone id. So how do we know what problem he is actually having - because what he posted is never going to work be it using global key or a api token.
-
@johnpoz I'm sorry John, how do you assume I have the wrong settings. If I had the wrong settings, then the script wouldn't work either, yes?
-
@johnpoz Exactly. You have hit the proverbial nail on the head. I just can't figure out where it is coming from. It doesn't make much sense does it. But like you said earlier, I don't need to spend more time on it. I've modified the script, or rather Google Gemini provided the script for me. ;)
Hey thanks for all of the help sir. I really appreciate it. If there is any way I can help in future, please let me know.
Tas -
@70tas said in Dynamic DNS (DDNS) fails to obtain public IP:
how do you assume I have the wrong settings.
Don't have to assume anything - your xml you posted has the wrong username.. you have your domain name in there - its not your email or you zone id for that domain.. So with how pfsense updates it no it would never work.
-
@johnpoz Ok, well thank you anyway John
Tas -
I'm having this same issue after updating to 2.8.0. My DDNS providers all show red (all 3 of them) and none are updating. They all give the same error:
/services_dyndns_edit.php: Dynamic DNS (<redacted>) There was an error trying to determine the public IP for interface - wan (vtnet1 ).Seems like there's no solution in this thread, unfortunately :(
-
I found a solution on Reddit, it's to disable gateway monitoring (or in my case, I changed the monitoring IP):
https://www.reddit.com/r/PFSENSE/comments/1l1x7wd/pfsense_280_ce_and_dynamic_dns_with_linode_api/ -
@ManiacDC So your gateway was offline.. Or the gateway/monitor you were pointing to was not answering so pfsense thought it was offline. But it wasn't and was working.
It showed it in the gateway widget as offline? That is a pretty significant piece of info to know.. That was never mentioned here.
-
@johnpoz the gateway ip address does not respond to pings, so it was showing as offline in the widget. If I change the IP to something I can ping, like 8.8.8.8, then everything starts working. I don't know what's new with 2.8.0 to change this behavior:
Did monitoring change in 2.8.0?
Did DDNS updates start checking the gateway status in 2.8.0?
I don't know if my gateway showed as offline in 2.7.X, I never checked. I doubt my gateway's ability to respond to pings has changed.
