Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to update No-IP IPv6 (dynupdate.no-ip.com does not have an AAAA record)

    Scheduled Pinned Locked Moved DHCP and DNS
    12 Posts 4 Posters 2.7k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      SteveITS Galactic Empire @Lars_
      last edited by

      @Lars_ FWIW We looked at this in our No-IP not that long ago and I don't think there's a way to set up a dynamically updating AAAA record...? When we tried to do so we could manually create an AAAA in their system but IIRC there was no way to set up credentials and hence update it. The hostnames we could create that were update-able were all A records.

      They do have docs, like a Linux page https://www.noip.com/support/knowledgebase/automatic-ipv6-updates-linux-duc (which ends "If you have a dual stack type network, the No-IP DUC will default to the IPv4 address") but AFAICT it doesn't work that way. Unless we were completely missing something.

      Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
      Upvote ๐Ÿ‘ helpful posts!

      L 1 Reply Last reply Reply Quote 0
      • L Offline
        Lars_ @SteveITS
        last edited by Lars_

        @SteveITS Determined testing pays off. It works now ๐ŸŽ‰

        Same for
        dynupdate.no-ip.com/nic/update?hostname=thisismydomain.ddns.net&myip=%IP%
        with option "HTTP API DNS Options = Force IPv4 DNS Resolution" enabled.

        I was actually quite close. The solution is to update the AAAA record using IPv4:

        Service Type: Custom (v6)

        HTTP API DNS Options = Force IPv4 DNS Resolution

        Update URL:
        dynupdate.no-ip.com/nic/update?hostname=thisismydomain.ddns.net&myipv6=%IP%

        Note: It has to be &myipv6=, not &myip=

        Is this something that makes sense to be implemented in No-IP (v6) and No-IP (free-v6)? It would not work if IPv4 DNS resolution isn't available, but I guess that is not very common in the wild.

        Haven't found a way to tag this thread as SOLVED.

        S M R 3 Replies Last reply Reply Quote 1
        • S Offline
          SteveITS Galactic Empire @Lars_
          last edited by

          @Lars_ What pfSense version are you on?

          https://docs.netgate.com/pfsense/en/latest/releases/2-8-0.html#dynamic-dns
          "Fixed: RFC 2136 Dynamic DNS cannot update AAAA records over IPv6 "

          Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
          Upvote ๐Ÿ‘ helpful posts!

          L 1 Reply Last reply Reply Quote 0
          • L Offline
            Lars_ @SteveITS
            last edited by Lars_

            @Lars_ What pfSense version are you on?

            Been on 2.8.0 since I started looking into this whole matter.

            The fix you quoted (AAAA records can now be updated over IPv6) wouldn't matter actually, as No-IP itself doesn't support updating AAAA records via IPv6 in the first place. At least not via "dynupdate.no-ip.com/nic/update". Hence, I showed how to update the AAAA record via IPv4.

            1 Reply Last reply Reply Quote 0
            • M Offline
              michael7786
              last edited by michael7786

              I'm running into basically the same issue with Route53 v6.

              I think an important characteristic of the bug is that you need to use IPv4 when updating Route53. Amazon doesn't provide a AAAA record for route53 and presumably they do not provide an IPv6 endpoint for API requests.

              I was looking at the source code and I think I found the issue.

              dyndns.class is used for dynamic DNS. Basically it will do a REST API call. It uses the Curl lib to make it happen.

              Here's dyndns.class line 416:
              https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/master/entry/src/etc/inc/dyndns.class#L416

              Here we're setting the variable _addressFamilyRequest. In case we are doing dynamic DNS with an IPv6 interface, then this value is set to AF_INET6 (this value comes from the C socket API and it means "Address Family IPv6").

              Later on we initialize the curl object on line 570. Then on line 572

              https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/master/entry/src/etc/inc/dyndns.class#L572

              We do this:

              curl_setopt($ch, CURLOPT_IPRESOLVE, (($this->_addressFamilyRequest == AF_INET6) ? CURL_IPRESOLVE_V6 : CURL_IPRESOLVE_V4));
              

              This is important. We're telling curl to only use IPv6.

              From here, the code customizes the REST API call for each service. There's specialized code for noip, and route53-v6. This is where we figure out the API URL, the request body, and the http headers. There is a block of code for basically every dynamic DNS provider. I only looked carefully at route53-v6 and noip-v6. In both cases we do not update the CURLOPT_IPRESOLVE curl option.

              After that we call curl_exec to execute the API call:
              https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/master/entry/src/etc/inc/dyndns.class#L1918

              So to fix this bug, I think we'd need to identify the REST endpoints that are IPv4 only, or we need to allow curl to fallback to IPv4.

              Is there a way to communicate any of this with the folks at netgate? In a previous commit, someone already figured out what API endpoints are IPv4 only, here's the code:

              https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/ddb0771962b2e1e974a908f1b02ddd94423c2903/entry/src/etc/inc/dyndns.class#L334

              A possible solution might involve copy-pasting this... Another idea is to customize these particular dynamic dns code blocks so that curl uses the CURL_IPRESOLVE_WHATEVER. Here's what I mean:

              https://curl.se/libcurl/c/CURLOPT_IPRESOLVE.html

              S M 2 Replies Last reply Reply Quote 0
              • S Offline
                SteveITS Galactic Empire @michael7786
                last edited by

                @michael7786 said in How to update No-IP IPv6 (dynupdate.no-ip.com does not have an AAAA record):

                Is there a way to communicate any of this with the folks at netgate?

                Bug reports can be made at redmine.pfsense.org.

                Maybe relevant: https://redmine.pfsense.org/issues/11177 (from https://docs.netgate.com/pfsense/en/latest/releases/25-03.html#dynamic-dns)

                Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
                Upvote ๐Ÿ‘ helpful posts!

                1 Reply Last reply Reply Quote 0
                • M Offline
                  michael7786 @michael7786
                  last edited by

                  I did some more research and there might be some incorrect information in my previous post

                  Here's the part:
                  @michael7786 said in How to update No-IP IPv6 (dynupdate.no-ip.com does not have an AAAA record):

                  In a previous commit, someone already figured out what API endpoints are IPv4 only, here's the code:

                  https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/ddb0771962b2e1e974a908f1b02ddd94423c2903/entry/src/etc/inc/dyndns.class#L334

                  A possible solution might involve copy-pasting this... Another idea is to customize these particular dynamic dns code blocks so that curl uses the CURL_IPRESOLVE_WHATEVER. Here's what I mean:

                  https://curl.se/libcurl/c/CURLOPT_IPRESOLVE.html

                  I would like to clarify, I do not know if this is a list of DDNS providers with IPv4-only endpoints I just checked a few DNS records using nslookups and I think azurev6 might be reachable over IPv6.

                  When I ran this:

                  nslookup -type=AAAA management.azure.com
                  

                  I was able to resolve a AAAA record.

                  Therefore, I would like to clarify that I do not know if that list is relevant.

                  1 Reply Last reply Reply Quote 0
                  • M Offline
                    michael7786
                    last edited by

                    @SteveITS Thanks for your help! I created a regression issue at

                    https://redmine.pfsense.org/issues/16249

                    I've never done this before, so hopefully it's accepted.

                    @Lars_ your work-around was a huge help. I was able to track down the issues thanks to your post.

                    1 Reply Last reply Reply Quote 0
                    • M Offline
                      michael7786 @Lars_
                      last edited by

                      @Lars_ I ended up creating a patch that fixes the problem for route53-v6. But I attempted to fix the problem for noip-v6 too. Feel free to try it out.

                      Here's a link to the relevant issue where I attached the patch:
                      https://redmine.pfsense.org/issues/16249#note-1

                      You can use the System_Patches package to apply the patch. After installing the package, you can go to:

                      System > Patches

                      From there you can click Add New Patch. This will take you to the system_patches_edit.php page. I included a screenshot that shows how to fill in the fields. The "Patch Application Behavior" values are pretty important. You'll want to set Path Strip Count to 1, and set Base Directory to /.

                      I don't think my patch is a good long term fix. But it might be acceptable as an immediate fix. The problem is the patch just assumes the pfsense device has an IPv4 interface. I'm not accounting for NAT64 and/or other XLAT technologies. I think a better long-term approach would be to:

                      1. Try to use IPv6 to reach the Dynamic DNS API endpoint (it should use the newly implemented behavior from pfsense 2.8.0)
                      2. If step one fails then fall back to using IPv4 or any other available connection. (maybe we need a new configuration setting to allow/force the Dynamic DNS client to use a different interface)
                      1 Reply Last reply Reply Quote 0
                      • R Offline
                        ranger802004 @Lars_
                        last edited by

                        @Lars_ said in How to update No-IP IPv6 (dynupdate.no-ip.com does not have an AAAA record):

                        @SteveITS Determined testing pays off. It works now ๐ŸŽ‰

                        Same for
                        dynupdate.no-ip.com/nic/update?hostname=thisismydomain.ddns.net&myip=%IP%
                        with option "HTTP API DNS Options = Force IPv4 DNS Resolution" enabled.

                        I was actually quite close. The solution is to update the AAAA record using IPv4:

                        Service Type: Custom (v6)

                        HTTP API DNS Options = Force IPv4 DNS Resolution

                        Update URL:
                        dynupdate.no-ip.com/nic/update?hostname=thisismydomain.ddns.net&myipv6=%IP%

                        Note: It has to be &myipv6=, not &myip=

                        Is this something that makes sense to be implemented in No-IP (v6) and No-IP (free-v6)? It would not work if IPv4 DNS resolution isn't available, but I guess that is not very common in the wild.

                        Haven't found a way to tag this thread as SOLVED.

                        This solution worked for me!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.