Dynamic DNS with Godaddy and Comcast prefix delegation

lifespeed

I'm using prefix delegation to get an IPv6 from Comcast. It doesn't actually change that often, but still to be strictly correct I would like to make use of pfSense's dynamic DNS capability and Godaddy's API (RFC2136?) to keep my domain name and the IPv6 address pointing to my Windows 10 Pro server behind pfSense.

I had a friend set this up, but it doesn't seem to be working. I don't even know where to find this function in the GoDaddy web page, apparently it is a separate user/password for IPv6 and IPv4 dynamic DNS API.

My domain name is not resolving to my server IPv6. The MX record points to my email hosted at a static IP in a server farm, BTW, I don't want to change that. But I do want to point web, FTP, media server and other services at my server behind pfSense. Any ideas?

lifespeed

It looks like I got the GoDaddy API working partially. The IPV4 address matches my WAN IP, but the IPv6 doesn't match my server behind pfSense which is 2601:646:xxxx:xxxx:xxxx:xx:xxxx:6a2e. What IPv6 is pfSense giving Godaddy, and how do I get the updated IPv6 to be that of my windows PC?

junicast

You're looking in the wrong place.
What you're looking for is
Services - DHCP Server & RA - DHCPv6 Server

In order for this to work you need to enable DHCPv6 server, enter a range plus enter the settings under: Dynamic DNS

You will also need to enable DHCPv6 client for your machines. I have no idea if Windows 10 have a working DHCPv6 client implementation. As a matter of fact most operating systems handle this quite differently. Some even don't offer an DHCPv6 client at all like Android. Such a mess. :-/

Edit:
The net obstacle you will face will be the firewall rule. While the IP doesn't change it's all fine but once it does your old rule doesn't apply any more. I don't know how to fix this though. If pfSense does not have a solution for those scenarios I think they should implement one.

lifespeed

@pmisch I have already enabled DHCPv6 server, entered an IPv6 range of fd38 in the RA section. Windows 10 is getting an IPv6 address, both public and local:

2601:646:xxxx:xxxx:xxxx:xx:xxxx:6a2e
fd38:ce4:xxxx:x:xxxx:xx:xxxx:6a2e

So the first IP is public IPv6 for the server PC behind pfSense, with the second being the local IP. This seems correct for prefix delegation.

But it looks like pfSense dynamic DNS is not sending out the server PC IPv6 to GoDaddy. I'm not sure what it is sending out. I guess I would somehow need to tell it to send the server PC IPv6, unlike IPv4 where there is only one public IP, and NAT handles the rest. But I don't think the IPv6 that is sent to GoDaddy is even the IPv6 of pfSense, the dynamic DNS prefix being sent is 2001.

And yes, I do understand the firewall issue if the IPv6 changes, even though this is won't happen often. I'll try and address that later, but first things first.

junicast

@lifespeed
Have you configured the section Dynamic DNS within the DHCPv6 server section?
That's exactly what you need. Every time a client gets an IPv6 address via DHCPv6 it will send the information via DNS Update as in RFC2136 to the DNS server, see screenshot.

lifespeed

@pmisch said in Dynamic DNS with Godaddy and Comcast prefix delegation:

@lifespeed
Have you configured the section Dynamic DNS within the DHCPv6 server section?
That's exactly what you need. Every time a client gets an IPv6 address via DHCPv6 it will send the information via DNS Update as in RFC2136 to the DNS server, see screenshot.

I see. I think. I didn't realize there was a Dynamic DNS section within DHCPv6 server. So here is what I did for Godaddy in the Dynamic DNS services section (not DHCPv6 - confusing). The "@" in the hostname field I think is OK, as the API probably connects to domain name using the key?

So this is what I've entered into the Dynamic DNS section of DHCPv6 server. The IPv4 address is for Godaddy primary nameserver. I have no idea if this correct.

Bob.Dig

@pmisch said in Dynamic DNS with Godaddy and Comcast prefix delegation:

The net obstacle you will face will be the firewall rule. While the IP doesn't change it's all fine but once it does your old rule doesn't apply any more. I don't know how to fix this though. If pfSense does not have a solution for those scenarios I think they should implement one.

I think the solution is there, firewall rules can be host agnostic, at least for IPv4. For IPv6 it is not working right now.

If someone knows if and how to configure the DDNS Section in the DHCPv6 Server for cloudflare, please let me know.

lifespeed

The IPv6 for my domain still has the 2001 prefix instead of the 2601 prefix delegated from my Comcast WAN. Did I not specify Dynamic DNS service or DHCPv6 Dynamic DNS subsection correctly? I haven't rebooted the router since last night, is that required?

It seems like I'm close, sure would like to get this working. It was one of the main reasons I switched to pfSense.

Edit: Should DDNS client updates field by changed to deny so that "DHCP will do the update and the client should not". I'm not even sure what the client is, presumably I want pfSense DHCP server to update Godaddy Dynamic DNS API.

lifespeed

Any ideas? pfSense is updating the IPv4 to Godaddy correctly, but despite my (mis?) configuration of the DDNS Section in the DHCPv6 Server, the IPv6 address sent to GoDaddy Dynamic DNS API is wrong.

lifespeed

So to make this work, I just hard-coded the external IPv6 address in GoDaddy AAAA record and disabled the dynamic DNS for IPv6 in pfSense. Since the IPv6 from Comcast almost never changes, this works fine. Still a little disappointing this couldn't be done in strictly-correct fashion like dynamic DNS for IPv4.

JKnott

@lifespeed said in Dynamic DNS with Godaddy and Comcast prefix delegation:

Still a little disappointing this couldn't be done in strictly-correct fashion like dynamic DNS for IPv4.

I always considered the static config to be the proper one, with dyndns a hack to get around the problem with ISPs that allow the address to change. With DHCP, you're supposed to always have the same address, unless you allow the lease to expire. However, there are some ISPs that don't follow that and force changes when needed. With my ISP, my IPv4 address changes so seldom it's virtually static. On IPv6, my prefix does not change, at least not since the "Do not allow PD/Address release" option became available in pfSense.

lifespeed

Well, you may be right. Neither IPv6 nor IPv4 have changed in the month I've had pfSense running. We'll see.

johnpoz

Just another reason how just using a tunnel from HE is better ;) I have had the same /48 for like 9 years.. So my IPv6 ntp server that is part of the ntp pool has had same IP.. And I can even set the PTR for it... I can even change ISPs and still it has the same IP.. Which I have done a few times since first got it.

But sure have fun dicking around with ddns ;) hehehe

Or your delegated prefix changing on an ISP whim..

lifespeed

@johnpoz said in Dynamic DNS with Godaddy and Comcast prefix delegation:

Just another reason how just using a tunnel from HE is better ;)

Now were back to simpler vs. more complex. It sounds like you had a reason to implement a workaround that gives you a static IP. From what I understand, Comcast is pretty reliable for keeping the same IP even on residential. If that proves not to be the case, I can change my setup as you mentioned. But for now I'm configured as static on IPv6, and the dyndns on IPv4 isn't doing anything because it isn't changing.

JKnott

@johnpoz said in Dynamic DNS with Godaddy and Comcast prefix delegation:

Just another reason how just using a tunnel from HE is better ;)

It's great when your ISP doesn't provide IPv6, but you shouldn't have to use it when they do. Addresses should not normally change on either IPv4 or IPv6, but some ISPs are clueless. With mine, my IPv4 address only changed when I changed hardware or they reorganized their network, forcing an address change.

johnpoz

My IPv4 has always been stable on any ISP have had, after the dial up days.. And using trumpet for tcp/ip ;)

you shouldn't have to use it when they do

Agreed - but it solves a lot of cluelessness by these isp that have no clue how to do ipv6 correctly.. Which isps that have ipv6 allow you to set the PTRs for your space?

NogBadTheBad

@johnpoz said in Dynamic DNS with Godaddy and Comcast prefix delegation:

Which isps that have ipv6 allow you to set the PTRs for your space?

Mine doesn't.

Bob.Dig

@NogBadTheBad Probably no one does, because it is not yours and can change anytime.

NogBadTheBad

@Bob-Dig

My IPv6 address space is mine ( all /48 of it ) and allocated by my ISP to route via my WAN address.

johnpoz

When you get your IPv6 through free tunnel from HE, you get to ;)