Update 2.7.2 to 2.8.0 Dynamic DNS not working with Cloudflare

A Former User

It seems as if it is the old problem from a couple of years ago coming back again:

whent you get an IPv6 Address via pppoe or dhcp you also get some link local addresses for that. somtimes even the default gw is link local.

It seems in some circumstances the ddns client of pfsense does not get the right ip address and makes a lot of silly stuff with the ll address....

because even if forcing the update and even when the given ipv6 address is the same as before it fails to "update" the ddns service and shows a cached "::" entry ....

I cannot say if the entry itself is getting updated, since, in my case, there is no change.....

BTW: I just encountered my 4 IPv6 WAN Adresses are totally mixed up in the ddns entries..... I don't recon any rule about how pfsense mangled it.... wan1 has ddns IP from wan3 wan 2 and 4 does not have any dyndns address. The addresses itself are correctly assigned to the correct interfaces in the interface section.

stephenw10

Ok so the issue you're seeing is only affecting IPv6 addresses?

And gateway monitoring is working fine for those IPv6 interfaces?

That seems separate to the issue other users here were hitting.

A Former User

@stephenw10

The IPv6 Addresses are not updated in the DNS. I checked that.

Why should that be another Issue? Gateway monitoring for itself is working fine as far as I can tell right now.

The ddns script does not resolve the current IPv6 Address - totaly irrelevant if I use a script or not - in the status display it is always "::" and not a current or past IPv6 Address.

stephenw10

Right, it's just that this seems to be a new/different issue to that which was discussed in this thread. Which was that a change in the behaviour of the dyndns update script meant it would not run against a WAN where the gateway is marked down.
As I understand it that's not what youre seeing?

cschafer

@djstone

I just installed 2.8.0 and was having difficulties getting Dynamic DNS to work with Cloudflare. In my case, my WAN is a dual stack IPv4 and IPv6, when I call var_dump(dyndnsCheckIP('igb0')) on my WAN; I see that by default the dyndnsCheck(Interface) is returning the IPv6 address on the WAN interface (a public IPv6 in my case).

I happen to have a VLAN defined in my system that only supports IPv4, and when I query that VLAN interface with dyndnsCheck(), I get my public IPv4 address.

So, I updated my Dynamic DNS Client to use the VLAN interface for the "Interface to Monitor" and the IPv4 address on cloudfare updated successfully. Strange workaround, but I'm using it for now. My Cloudflare client settings are as follows:

Service Type: Cloudflare
Interface to monitor: VLAN
Check IP Mode: Automatic (default)
Hostname: @
Domain: xyz.net
Cloudflare Proxy: off
Username: {cloudflare zone id]
Password: [Zone:Edit Token ID]
TTL: empty
Description: Cloudflare

I have not figured out a way to get "Cloudflare (v6)" client to work and update my AAAA record. If I use the WAN as 'Interface to monitor' which returns an IPv6 address as you would think would be useful, the task fails with the generic error. If I use the VLAN workaround as 'Interface to monitor,' it executes successfully but does nothing on Cloudflare (perhaps fails to overwrite an IPv6 address with an IPv4 address??? don't know).

If anyone can give a clear guide on how to do Dynamic DNS updates to Cloudflare for both IPv4 and IPv6 with a WAN that has the following setup, I would appreciate it :
IPv4 Configuration Type: DHCP
IPv6 Configuration Type: DHCP6

stephenw10

Ah, nice catch. Hmm...

m80s

I have the same issue on 25.07.1 after upgrading to 24.11.

As I am running pfSense on VM on proxmox it was easy for me to revert back and confirmed no issues with 24.11.

I didn't check if disabling gateway monitoring fixed the issue

stephenw10

Also with Cloudflare? With IPv6?

m80s

@stephenw10 said in Update 2.7.2 to 2.8.0 Dynamic DNS not working with Cloudflare:

Also with Cloudflare? With IPv6?

didn't try, should it work with it?
Is it something that it will be fixed btw?

stephenw10

Yes, it will be fixed. We just need more info. Like: are you also using Cloudlfare? Or is this something affecting multiple dyndns providers?

It should work with IPv6, yes, but there was at least on report of that failing specifically on Cloudflare.

A Former User

@stephenw10

...and freedns... and hetzner... and hurricane electrics is failing too with ipv6.....

stephenw10

Ah, that's good info. Ok...

m80s

@stephenw10 in my case I tried with 25.07.1:

DuckDNS
DeSec

both with IPv4 and both failing.
No issue on 24.11.

Now i reverted back to 24.11 so I can't make further tests

mcury

@m80s said in Update 2.7.2 to 2.8.0 Dynamic DNS not working with Cloudflare:

DuckDNS

I'm running 25.07.1 and duckdns is working for me.

stephenw10

@m80s said in Update 2.7.2 to 2.8.0 Dynamic DNS not working with Cloudflare:

@stephenw10 in my case I tried with 25.07.1:
DuckDNS
DeSec
both with IPv4 and both failing.

Yeah that's unexpected. Unless they are using a WAN with a gateway that shows as down. In which case you would be hitting the new behaviour requiring gateway monitoring be corrected.

m80s

@stephenw10

tried again with 25.07.01 and confirmed I need to set Disable Gateway Monitoring Action to make it work.

I think this behavior should be fixed

stephenw10

Well that's not a bug if the gateways used were marked as down. That's the expected behaviour in 2.8.X.

If the gateway being marked down is a change since 2.7.2 that could be a separate problem.

ds2kx

@stephenw10 Hello i am not sure to understand the workaround or the solution.

I just update from 2.7.X to 2.8.1 and Dyndns doesn't show IP on dashboard (N/A and time)

IP string is correctly showed on diag php command
checkip.dyndns.org is OK
i create an additonnal checkipservice on my website to be sure

What we must do step by step to fix this problem please.

Thanks
regards

stephenw10

Are you running it on an interface that has a gateway shown as down? If so change the target to something that responds or set it to unmonitored.

ds2kx

@stephenw10 Hello, It appears that the gateway was indeed listed as offline because originally it was using the internet provider's gateway IP address, and the provider had blocked ICMP ping requests. Therefore, you simply need to enter a reliable IP address that accepts ICMP pings, such as 8.8.8.8, 8.8.4.4, 1.1.1.1, etc.

Check gateway:
Stats -> Gateways
Check if Gateways is marked offline (red)

Put a realiable IP to check 'online availability':
System -> Routing -> Gateways
Click on little pencil to gateways and change Monitored IP field with 8.8.8.8 or 8.8.4.4 or any other Ip that you known which can be pinged 24/24 - 7/7
Your gateways will be properly checked to determine if they are online or not.

This way you don't disable anything, you actually improve your configuration :)

I hope this can help others. Thank you @stephenw10