Dynamic DNS Cloudflare v4 API issues with pfSense



  • It seems like there are some new fields being returned by Cloudflare which are causing the $getZoneId = "https://{$dnsServer}/client/v4/zones/?name={$this->_dnsDomain}"; in the dyndns.class to fail.

    Temporarily, I switched back to DNS-O-Matic to pass the updated IPs to Cloudflare.

    I believe the issue is related to pfSense not properly parsing the response and getting the correct success ID.

    Are there any plans to resolve this issue?



  • Anyone else experiencing this? Thanks.

    It looks like we are using v4 API for CloudFlare: https://github.com/pfsense/pfsense/blob/473f37a9f4b034cd245e9601005a5e28b97349f1/src/etc/inc/dyndns.class

    However, it does not work properly.

    Here is the verbose error messages I get in my system log (removed my IP, hash and domain for privacy):

    Dec 5 10:33:59	php-fpm	73659	/services_dyndns_edit.php: phpDynDNS (pfv4.EXAMPLE.com): UNKNOWN ERROR -
    Dec 5 10:33:59	php-fpm	73659	/services_dyndns_edit.php: phpDynDNS (pfv4.EXAMPLE.com): PAYLOAD: {"result":[{"id":"888888888FAKEDHASH*******","name":"EXAMPLE.com","status":"active","paused":false,"type":"full","development_mode":-218008,"name_servers":["cass.ns.cloudflare.com","ken.ns.cloudflare.com"],"original_name_servers":["ns1.he.net","ns2.he.net","ns3.he.net","ns4.he.net","ns5.he.net"],"original_registrar":null,"original_dnshost":null,"modified_on":"2016-12-05T15:07:37.851699Z","created_on":"2016-07-22T17:40:33.036901Z","meta":{"step":4,"wildcard_proxiable":false,"custom_certificate_quota":0,"page_rule_quota":3,"phishing_detected":false,"multiple_railguns_allowed":false},"owner":{"type":"user","id":"FAKEDHASH","email":"myemail@mydomain.com"},"permissions":["#analytics:read","#billing:edit","#billing:read","#cache_purge:edit","#dns_records:edit","#dns_records:read","#lb:edit","#lb:read","#logs:read","#organization:edit","#organization:read","#ssl:edit","#ssl:read","#waf:
    Dec 5 10:33:59	php-fpm	73659	/services_dyndns_edit.php: Dynamic DNS cloudflare (pfv4.EXAMPLE.com): _checkStatus() starting.
    Dec 5 10:33:58	php-fpm	73659	/services_dyndns_edit.php: Dynamic DNS cloudflare (pfv4.EXAMPLE.com): _update() starting.
    Dec 5 10:33:58	php-fpm	73659	/services_dyndns_edit.php: Dynamic DNS (pfv4.EXAMPLE.com): running get_failover_interface for wan. found igb0
    Dec 5 10:33:58	php-fpm	73659	/services_dyndns_edit.php: Dynamic DNS cloudflare (pfv4.EXAMPLE.com): 127.0.0.1 extracted from local system.
    Dec 5 10:33:58	php-fpm	73659	/services_dyndns_edit.php: Dynamic DNS: updatedns() starting[/code]
    


  • All,

    It seems like the dyndns.class on RELENG_2_3 has not been updated correctly to the latest branch which is causing issues for CloudFlare Dynamic DNS updating

    pfSense Stable: https://raw.githubusercontent.com/pfsense/pfsense/RELENG_2_3_2/src/etc/inc/dyndns.class

    pfSense 2.3.3: https://raw.githubusercontent.com/pfsense/pfsense/RELENG_2_3/src/etc/inc/dyndns.class

    Can we please get these branches updated so that Dynamic DNS works for pfSense 2.3.3?



  • Any update on this?

    2.3.3-dev has the same problem with dyndns.org

    Myk



  • :(

    Still not working.

    2.3.3-RELEASE (amd64)
    built on Thu Feb 16 06:59:53 CST 2017
    FreeBSD 10.3-RELEASE-p16

    Please fix it.


  • Rebel Alliance Developer Netgate

    Someone that actually has access to Cloudflare is going to have to step up and help. We do not have any Cloudflare accounts here. We added several fixes for Cloudflare to 2.4 and 2.3.3 that sat for four months with no feedback.

    We need more information than "not working". Show us settings you are using, set the dyndns entry to verbose log output and get the logs, and so on.


  • Banned

    I keep wondering whether these DynDNS providers actually have any interest in people using their service. The amount of breakage and useless, super-complicated API changes is disturbing. Not exactly convinced this is worth the maintenance effort.



  • same for me, not working and cant update A record, which i think where the issue is.



  • Hey.. my Cloudflare DynamicDNS works only with subdomains zones,  ( ex: hostname field hostname –---domain field mydomain.com >> Save  … & it works but when i try to add another record only for mydomain.com   ex: hostname field empty –---domain field mydomain.com >> Save  >>>> & i get "The hostname contains invalid characters."

    I tried another option like: hostname field mydomain –---domain field com >> Save  .. & i get " /services_dyndns_edit.php: phpDynDNS (mydomain.com): (Error) Zone or Host ID was not found, check the hostname." 
    This are my logs:

    Feb 27 19:00:57	php-fpm	55946	/services_dyndns_edit.php: Dynamic DNS: updatedns() starting
    Feb 27 19:00:57	php-fpm	55946	/services_dyndns_edit.php: Dynamic DNS cloudflare (high-we.com): xxx.xxx.174.178 extracted from local system.
    Feb 27 19:00:57	php-fpm	55946	/services_dyndns_edit.php: Dynamic DNS (high-web.com): running get_failover_interface for wan. found pppoe3
    Feb 27 19:00:57	php-fpm	55946	/services_dyndns_edit.php: Dynamic DNS cloudflare (high-we.com): _update() starting.
    Feb 27 19:01:02	php-fpm	55946	/services_dyndns_edit.php: Dynamic DNS cloudflare (high-we.com): _checkStatus() starting.
    Feb 27 19:01:02	php-fpm	55946	/services_dyndns_edit.php: phpDynDNS (high-web): (Error) Zone or Host ID was not found, check the hostname.
    

    when i used hostname field high-we –---domain field com

    Thank you.


  • Rebel Alliance Developer Netgate

    Can someone with Cloudflare and one of these records try applying this patch with the System Patches package?

    http://atxfiles.pfsense.org/jimp/patches/cfddns-at.diff

    That lets the GUI accept an @ for the hostname which should let it work.

    If that does work and the records update properly and operate as expected, I'll commit the change, along with changing the upgrade code so that if the hostname ended up blank it would get pre-filled with @.

    If this doesn't work, then there is still another change I can try, but again I need someone who has Cloudflare with an appropriate record to test it.



  • I 'l try in a few hours, i'm at work now. Thank you.



  • It doesnt work, i patched the file /src/usr/local/www/services_dyndns_edit.php "manualy" …in the diff file the line from where start the code is line 111 but on my file it start at line  149```
    /diff --git a/src/usr/local/www/services_dyndns_edit.php b/src/usr/local/www/services_dyndns_edit.php
    index acff97f..07f1636 100644
    --- a/src/usr/local/www/services_dyndns_edit.php
    +++ b/src/usr/local/www/services_dyndns_edit.php
    @@ -111,6 +111,8 @@ if ($_POST['save'] || $_POST['force']) {
    /* Namecheap can have a @. and . in hostname /
    if ($pconfig['type'] == "namecheap" && ($_POST['host'] == '
    .' || $_POST['host'] == '
    ' || $_POST['host'] == '@.' || $_POST['host'] == '@')) {
    $host_to_check = $_POST['domainname'];

    •   } elseif ((($pconfig['type'] == "cloudflare") || ($pconfig['type'] == "cloudflare-v6")) && ($_POST['host'] == '@.' || $_POST['host'] == '@')) {
      
    •   	$host_to_check = $_POST['domainname'];
        } else {
        	$host_to_check = $_POST['host'];/
      
    The good thing is .. now "@" is accepted but it doesnt work. This is my log file:
    

    Mar 1 18:06:17 php-fpm 35954 /services_dyndns_edit.php: Dynamic DNS: updatedns() starting
    Mar 1 18:06:17 php-fpm 35954 /services_dyndns_edit.php: Dynamic DNS cloudflare (@.high-we.com): xxx.xxx.xxx.98 extracted from local system.
    Mar 1 18:06:17 php-fpm 35954 /services_dyndns_edit.php: Dynamic DNS (@.high-we.com): running get_failover_interface for wan. found pppoe3
    Mar 1 18:06:17 php-fpm 35954 /services_dyndns_edit.php: Dynamic DNS cloudflare (@.high-we.com): _update() starting.
    Mar 1 18:06:22 php-fpm 35954 /services_dyndns_edit.php: Dynamic DNS cloudflare (@.high-we.com): _checkStatus() starting.
    Mar 1 18:06:22 php-fpm 35954 /services_dyndns_edit.php: phpDynDNS (@): (Error) Zone or Host ID was not found, check the hostname

    
    Best Regards

  • Rebel Alliance Developer Netgate

    OK, I'll have to change that to sub @ or @. for "" (nothing) in the backend when that happens. I'll work up a different patch later today.



  • If you need someone else with Cloudflare and dynamic DNS, I can try to provide assistance where needed also.



  • @jimp:

    OK, I'll have to change that to sub @ or @. for "" (nothing) in the backend when that happens. I'll work up a different patch later today.

    Any new? about fix ..

    Thank you.
    Best Regards


  • Rebel Alliance Developer Netgate

    Revert my previous patch and try this one: http://atxfiles.pfsense.org/jimp/patches/cfddns-at-trim.diff



  • @jimp:

    Can someone with Cloudflare and one of these records try applying this patch with the System Patches package?

    http://atxfiles.pfsense.org/jimp/patches/cfddns-at.diff

    That lets the GUI accept an @ for the hostname which should let it work.

    If that does work and the records update properly and operate as expected, I'll commit the change, along with changing the upgrade code so that if the hostname ended up blank it would get pre-filled with @.

    If this doesn't work, then there is still another change I can try, but again I need someone who has Cloudflare with an appropriate record to test it.

    Old patch:

    diff --git a/src/usr/local/www/services_dyndns_edit.php b/src/usr/local/www/services_dyndns_edit.php
    index acff97f..07f1636 100644
    --- a/src/usr/local/www/services_dyndns_edit.php
    +++ b/src/usr/local/www/services_dyndns_edit.php
    @@ -111,6 +111,8 @@ if ($_POST['save'] || $_POST['force']) {
     		/* Namecheap can have a @. and *. in hostname */
     		if ($pconfig['type'] == "namecheap" && ($_POST['host'] == '*.' || $_POST['host'] == '*' || $_POST['host'] == '@.' || $_POST['host'] == '@')) {
     			$host_to_check = $_POST['domainname'];
    +		} elseif ((($pconfig['type'] == "cloudflare") || ($pconfig['type'] == "cloudflare-v6")) && ($_POST['host'] == '@.' || $_POST['host'] == '@')) {
    +			$host_to_check = $_POST['domainname'];
     		} else {
     			$host_to_check = $_POST['host'];
    

    @jimp:

    Revert my previous patch and try this one: http://atxfiles.pfsense.org/jimp/patches/cfddns-at-trim.diff

    This  patch is the same with previous patch :)
    New patch:```
    diff --git a/src/usr/local/www/services_dyndns_edit.php b/src/usr/local/www/services_dyndns_edit.php
    index acff97f..07f1636 100644
    --- a/src/usr/local/www/services_dyndns_edit.php
    +++ b/src/usr/local/www/services_dyndns_edit.php
    @@ -111,6 +111,8 @@ if ($_POST['save'] || $_POST['force']) {
    /* Namecheap can have a @. and . in hostname /
    if ($pconfig['type'] == "namecheap" && ($_POST['host'] == '
    .' || $_POST['host'] == '
    ' || $_POST['host'] == '@.' || $_POST['host'] == '@')) {
    $host_to_check = $_POST['domainname'];

    •   } elseif ((($pconfig['type'] == "cloudflare") || ($pconfig['type'] == "cloudflare-v6")) && ($_POST['host'] == '@.' || $_POST['host'] == '@')) {
      
    •   	$host_to_check = $_POST['domainname'];
        } else {
        	$host_to_check = $_POST['host'];
      

  • Rebel Alliance Developer Netgate

    Well, hmm. It wasn't before I copied it. Let me make it again.


  • Rebel Alliance Developer Netgate

    Fetch it again, should be the correct one now.



  • Now its ok with the file.. i'll try the patch in a about 15 minutes..



  • I can confirm that the new patch that jimp provided is now working with Cloudflare DDNS. Thank you!



  • Yes … its working now!!! Thank You very much!!


  • Rebel Alliance Developer Netgate

    I created https://redmine.pfsense.org/issues/7357 for this issue and pushed that fix. It will be in the next new snapshots and whatever release we put out next.

    Thanks for testing!



  • I have aplied your path and it solve the GUI problem. I could now put @ in host and save the DynDNS.

    But I am getting this in the log (I have changed real domain with "domain.demo"):

    Mar 8 15:46:27 php-fpm 92633 /services_dyndns_edit.php: phpDynDNS (@): UNKNOWN ERROR - Invalid request headers
    Mar 8 15:46:27 php-fpm 92633 /services_dyndns_edit.php: phpDynDNS (@): PAYLOAD: {"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}
    Mar 8 15:46:27 php-fpm 92633 /services_dyndns_edit.php: Dynamic DNS cloudflare (domain.demo): _checkStatus() starting.
    Mar 8 15:46:26 php-fpm 92633 /services_dyndns_edit.php: Dynamic DNS cloudflare (@.domain.demo): _update() starting.
    Mar 8 15:46:26 php-fpm 92633 /services_dyndns_edit.php: Dynamic DNS (@.domain.demo): running get_failover_interface for wan. found vmx0
    Mar 8 15:46:26 php-fpm 92633 /services_dyndns_edit.php: Dynamic DNS cloudflare (@.domain.demo): xxx.xxx.xxx.xxx extracted from local system.
    Mar 8 15:46:26 php-fpm 92633 /services_dyndns_edit.php: Dynamic DNS: updatedns() starting

    I am on:

    2.3.3-RELEASE (amd64)
    built on Thu Feb 16 06:59:53 CST 2017
    FreeBSD 10.3-RELEASE-p16



  • OK… my bad.

    Have to put Global API key as password, do not put your account password as password.

    User = user
    Password = Global API Key

    Works great... Thanks  :)



  • I'm on the latest release (2.4.0.b.20170308.0906) and I'm having a related issue or perhaps a regression.  (I think.)

    I'm updating a domain with the wildcard checkbox set.  The domain to be updated is *.subdomain.domain.com.

    I have confirmed that I am able to set the IP directly using curl and the cloudflare api.  Via the pfsense updater, the update fails and I get the following in the log.

    Mar 8 12:31:38 php-fpm 92474 /services_dyndns_edit.php: phpDynDNS (home): (Error) Zone or Host ID was not found, check the hostname.
    Mar 8 12:31:38 php-fpm 92474 /services_dyndns_edit.php: Dynamic DNS cloudflare (subdomain.domain.com): _checkStatus() starting.
    Mar 8 12:31:37 php-fpm 92474 /services_dyndns_edit.php: Dynamic DNS cloudflare (subdomain.domain.com): _update() starting.
    Mar 8 12:31:37 php-fpm 92474 /services_dyndns_edit.php: DynDns (subdomain.domain.com): Dynamic Dns: cacheIP != wan_ip. Updating. Cached IP: 0.0.0.0 WAN IP: xxx.xxx.xxx.xxx Initial update.

    Thanks!

    Update: I was able to successfully update a non-wildcard domain.  So, looks like whatever causes this issue is related to wildcard updates alone.



  • @zuperjotmeil:

    OK… my bad.

    Have to put Global API key as password, do not put your account password as password.

    User = user
    Password = Global API Key

    Works great... Thanks  :)

    As far as I know, Cloudflare has always required use of your global API key as password for dynamic DNS update. I have the same issue where I cannot update a root domain (blah.tld), as it requires a subdomain. The patch linked in the earlier posts works for me.



  • The patched worked for pfsense 2.3.3 but I would like to update all the subdomains and root domain of a zone with the same ip, how can I do that? The wild card thing doesn't seem to work nor can I use the asterisk for the host name.


Log in to reply