Dynamic DNS Cloudflare v4 API issues with pfSense

Paint · Dec 5, 2016, 5:08 PM

It seems like there are some new fields being returned by Cloudflare which are causing the $getZoneId = "https://{$dnsServer}/client/v4/zones/?name={$this->_dnsDomain}"; in the dyndns.class to fail.

Temporarily, I switched back to DNS-O-Matic to pass the updated IPs to Cloudflare.

I believe the issue is related to pfSense not properly parsing the response and getting the correct success ID.

Are there any plans to resolve this issue?

Paint · Dec 5, 2016, 4:03 PM

Anyone else experiencing this? Thanks.

It looks like we are using v4 API for CloudFlare: https://github.com/pfsense/pfsense/blob/473f37a9f4b034cd245e9601005a5e28b97349f1/src/etc/inc/dyndns.class

However, it does not work properly.

Here is the verbose error messages I get in my system log (removed my IP, hash and domain for privacy):

Dec 5 10:33:59	php-fpm	73659	/services_dyndns_edit.php: phpDynDNS (pfv4.EXAMPLE.com): UNKNOWN ERROR -
Dec 5 10:33:59	php-fpm	73659	/services_dyndns_edit.php: phpDynDNS (pfv4.EXAMPLE.com): PAYLOAD: {"result":[{"id":"888888888FAKEDHASH*******","name":"EXAMPLE.com","status":"active","paused":false,"type":"full","development_mode":-218008,"name_servers":["cass.ns.cloudflare.com","ken.ns.cloudflare.com"],"original_name_servers":["ns1.he.net","ns2.he.net","ns3.he.net","ns4.he.net","ns5.he.net"],"original_registrar":null,"original_dnshost":null,"modified_on":"2016-12-05T15:07:37.851699Z","created_on":"2016-07-22T17:40:33.036901Z","meta":{"step":4,"wildcard_proxiable":false,"custom_certificate_quota":0,"page_rule_quota":3,"phishing_detected":false,"multiple_railguns_allowed":false},"owner":{"type":"user","id":"FAKEDHASH","email":"myemail@mydomain.com"},"permissions":["#analytics:read","#billing:edit","#billing:read","#cache_purge:edit","#dns_records:edit","#dns_records:read","#lb:edit","#lb:read","#logs:read","#organization:edit","#organization:read","#ssl:edit","#ssl:read","#waf:
Dec 5 10:33:59	php-fpm	73659	/services_dyndns_edit.php: Dynamic DNS cloudflare (pfv4.EXAMPLE.com): _checkStatus() starting.
Dec 5 10:33:58	php-fpm	73659	/services_dyndns_edit.php: Dynamic DNS cloudflare (pfv4.EXAMPLE.com): _update() starting.
Dec 5 10:33:58	php-fpm	73659	/services_dyndns_edit.php: Dynamic DNS (pfv4.EXAMPLE.com): running get_failover_interface for wan. found igb0
Dec 5 10:33:58	php-fpm	73659	/services_dyndns_edit.php: Dynamic DNS cloudflare (pfv4.EXAMPLE.com): 127.0.0.1 extracted from local system.
Dec 5 10:33:58	php-fpm	73659	/services_dyndns_edit.php: Dynamic DNS: updatedns() starting[/code]

Paint · Dec 5, 2016, 5:58 PM

All,

It seems like the dyndns.class on RELENG_2_3 has not been updated correctly to the latest branch which is causing issues for CloudFlare Dynamic DNS updating

pfSense Stable: https://raw.githubusercontent.com/pfsense/pfsense/RELENG_2_3_2/src/etc/inc/dyndns.class

pfSense 2.3.3: https://raw.githubusercontent.com/pfsense/pfsense/RELENG_2_3/src/etc/inc/dyndns.class

Can we please get these branches updated so that Dynamic DNS works for pfSense 2.3.3?

MyKroFt · Dec 18, 2016, 8:07 AM

Any update on this?

2.3.3-dev has the same problem with dyndns.org

Myk

zuperjotmeil · Feb 21, 2017, 9:16 PM

:(

Still not working.

2.3.3-RELEASE (amd64)
built on Thu Feb 16 06:59:53 CST 2017
FreeBSD 10.3-RELEASE-p16

Please fix it.

jimp · Feb 24, 2017, 2:56 PM

Someone that actually has access to Cloudflare is going to have to step up and help. We do not have any Cloudflare accounts here. We added several fixes for Cloudflare to 2.4 and 2.3.3 that sat for four months with no feedback.

We need more information than "not working". Show us settings you are using, set the dyndns entry to verbose log output and get the logs, and so on.

doktornotor · Feb 24, 2017, 3:01 PM

I keep wondering whether these DynDNS providers actually have any interest in people using their service. The amount of breakage and useless, super-complicated API changes is disturbing. Not exactly convinced this is worth the maintenance effort.

sandman06 · Feb 25, 2017, 10:14 AM

same for me, not working and cant update A record, which i think where the issue is.

borgotech · Feb 27, 2017, 5:14 PM

Hey.. my Cloudflare DynamicDNS works only with subdomains zones, ( ex: hostname field hostname –---domain field mydomain.com >> Save … & it works but when i try to add another record only for mydomain.com ex: hostname field empty –---domain field mydomain.com >> Save >>>> & i get "The hostname contains invalid characters."

I tried another option like: hostname field mydomain –---domain field com >> Save .. & i get " /services_dyndns_edit.php: phpDynDNS (mydomain.com): (Error) Zone or Host ID was not found, check the hostname."
This are my logs:

Feb 27 19:00:57	php-fpm	55946	/services_dyndns_edit.php: Dynamic DNS: updatedns() starting
Feb 27 19:00:57	php-fpm	55946	/services_dyndns_edit.php: Dynamic DNS cloudflare (high-we.com): xxx.xxx.174.178 extracted from local system.
Feb 27 19:00:57	php-fpm	55946	/services_dyndns_edit.php: Dynamic DNS (high-web.com): running get_failover_interface for wan. found pppoe3
Feb 27 19:00:57	php-fpm	55946	/services_dyndns_edit.php: Dynamic DNS cloudflare (high-we.com): _update() starting.
Feb 27 19:01:02	php-fpm	55946	/services_dyndns_edit.php: Dynamic DNS cloudflare (high-we.com): _checkStatus() starting.
Feb 27 19:01:02	php-fpm	55946	/services_dyndns_edit.php: phpDynDNS (high-web): (Error) Zone or Host ID was not found, check the hostname.

when i used hostname field high-we –---domain field com

Thank you.

jimp · Feb 28, 2017, 7:52 PM

Can someone with Cloudflare and one of these records try applying this patch with the System Patches package?

http://atxfiles.pfsense.org/jimp/patches/cfddns-at.diff

That lets the GUI accept an @ for the hostname which should let it work.

If that does work and the records update properly and operate as expected, I'll commit the change, along with changing the upgrade code so that if the hostname ended up blank it would get pre-filled with @.

If this doesn't work, then there is still another change I can try, but again I need someone who has Cloudflare with an appropriate record to test it.

borgotech · Mar 1, 2017, 12:27 PM

I 'l try in a few hours, i'm at work now. Thank you.

borgotech · Mar 1, 2017, 4:31 PM

It doesnt work, i patched the file /src/usr/local/www/services_dyndns_edit.php "manualy" …in the diff file the line from where start the code is line 111 but on my file it start at line 149```
/diff --git a/src/usr/local/www/services_dyndns_edit.php b/src/usr/local/www/services_dyndns_edit.php
index acff97f..07f1636 100644
--- a/src/usr/local/www/services_dyndns_edit.php
+++ b/src/usr/local/www/services_dyndns_edit.php
@@ -111,6 +111,8 @@ if ($_POST['save'] || $_POST['force']) {
/* Namecheap can have a @. and . in hostname /
if ($pconfig['type'] == "namecheap" && ($_POST['host'] == '.' || $_POST['host'] == '' || $_POST['host'] == '@.' || $_POST['host'] == '@')) {
$host_to_check = $_POST['domainname'];

  } elseif ((($pconfig['type'] == "cloudflare") || ($pconfig['type'] == "cloudflare-v6")) && ($_POST['host'] == '@.' || $_POST['host'] == '@')) {

  	$host_to_check = $_POST['domainname'];
  } else {
  	$host_to_check = $_POST['host'];/

The good thing is .. now "@" is accepted but it doesnt work. This is my log file:

Mar 1 18:06:17 php-fpm 35954 /services_dyndns_edit.php: Dynamic DNS: updatedns() starting
Mar 1 18:06:17 php-fpm 35954 /services_dyndns_edit.php: Dynamic DNS cloudflare (@.high-we.com): xxx.xxx.xxx.98 extracted from local system.
Mar 1 18:06:17 php-fpm 35954 /services_dyndns_edit.php: Dynamic DNS (@.high-we.com): running get_failover_interface for wan. found pppoe3
Mar 1 18:06:17 php-fpm 35954 /services_dyndns_edit.php: Dynamic DNS cloudflare (@.high-we.com): _update() starting.
Mar 1 18:06:22 php-fpm 35954 /services_dyndns_edit.php: Dynamic DNS cloudflare (@.high-we.com): _checkStatus() starting.
Mar 1 18:06:22 php-fpm 35954 /services_dyndns_edit.php: phpDynDNS (@): (Error) Zone or Host ID was not found, check the hostname


Best Regards

jimp · Mar 1, 2017, 4:28 PM

OK, I'll have to change that to sub @ or @. for "" (nothing) in the backend when that happens. I'll work up a different patch later today.

choochoo · Mar 2, 2017, 10:54 PM

If you need someone else with Cloudflare and dynamic DNS, I can try to provide assistance where needed also.

borgotech · Mar 6, 2017, 6:10 AM

@jimp:

OK, I'll have to change that to sub @ or @. for "" (nothing) in the backend when that happens. I'll work up a different patch later today.

Any new? about fix ..

Thank you.
Best Regards

jimp · Mar 6, 2017, 2:08 PM

Revert my previous patch and try this one: http://atxfiles.pfsense.org/jimp/patches/cfddns-at-trim.diff

borgotech · Mar 6, 2017, 4:24 PM

@jimp:

Can someone with Cloudflare and one of these records try applying this patch with the System Patches package?

http://atxfiles.pfsense.org/jimp/patches/cfddns-at.diff

That lets the GUI accept an @ for the hostname which should let it work.

If that does work and the records update properly and operate as expected, I'll commit the change, along with changing the upgrade code so that if the hostname ended up blank it would get pre-filled with @.

If this doesn't work, then there is still another change I can try, but again I need someone who has Cloudflare with an appropriate record to test it.

Old patch:

diff --git a/src/usr/local/www/services_dyndns_edit.php b/src/usr/local/www/services_dyndns_edit.php
index acff97f..07f1636 100644
--- a/src/usr/local/www/services_dyndns_edit.php
+++ b/src/usr/local/www/services_dyndns_edit.php
@@ -111,6 +111,8 @@ if ($_POST['save'] || $_POST['force']) {
 		/* Namecheap can have a @. and *. in hostname */
 		if ($pconfig['type'] == "namecheap" && ($_POST['host'] == '*.' || $_POST['host'] == '*' || $_POST['host'] == '@.' || $_POST['host'] == '@')) {
 			$host_to_check = $_POST['domainname'];
+		} elseif ((($pconfig['type'] == "cloudflare") || ($pconfig['type'] == "cloudflare-v6")) && ($_POST['host'] == '@.' || $_POST['host'] == '@')) {
+			$host_to_check = $_POST['domainname'];
 		} else {
 			$host_to_check = $_POST['host'];

@jimp:

Revert my previous patch and try this one: http://atxfiles.pfsense.org/jimp/patches/cfddns-at-trim.diff

This patch is the same with previous patch :)
New patch:```
diff --git a/src/usr/local/www/services_dyndns_edit.php b/src/usr/local/www/services_dyndns_edit.php
index acff97f..07f1636 100644
--- a/src/usr/local/www/services_dyndns_edit.php
+++ b/src/usr/local/www/services_dyndns_edit.php
@@ -111,6 +111,8 @@ if ($_POST['save'] || $_POST['force']) {
/* Namecheap can have a @. and . in hostname /
if ($pconfig['type'] == "namecheap" && ($_POST['host'] == '.' || $_POST['host'] == '' || $_POST['host'] == '@.' || $_POST['host'] == '@')) {
$host_to_check = $_POST['domainname'];

  } elseif ((($pconfig['type'] == "cloudflare") || ($pconfig['type'] == "cloudflare-v6")) && ($_POST['host'] == '@.' || $_POST['host'] == '@')) {

  	$host_to_check = $_POST['domainname'];
  } else {
  	$host_to_check = $_POST['host'];

jimp · Mar 6, 2017, 4:23 PM

Well, hmm. It wasn't before I copied it. Let me make it again.

jimp · Mar 6, 2017, 4:24 PM

Fetch it again, should be the correct one now.

borgotech · Mar 6, 2017, 4:41 PM

Now its ok with the file.. i'll try the patch in a about 15 minutes..