Possible bug with Dynamic DNS
-
@steveits said in Possible bug with Dynamic DNS:
No change in my IP address and/or 25 days has not passed
I believe this is the part I had found...if the code doesn't think the pfSense WAN IP has changed there's nothing to update.
Exact.
See line 357 in /etc/inc/dyndns.class.
The "_detectChange()" function checks the IP using "http://checkip.dyndns.org/" - and compares the IPv4 with hat is stored in cache file.You can find the IPv4 cache file here /etc/conf/
It's called :-rw-r--r-- 1 root wheel 24 Jun 19 18:52 dyndns_wanopendns'xxxx'1.cache
and contains the IP ( :) ) and a 'unix' time stamp code.
This is the content of my file :
82.127.34.254|1624121569
If the two are identical, there is nothing to do.
My WAN IP is 82.127.34.254 and the file contains also "82.127.34.254" : the hourly dyndns update aborts.You can test yourself :
Compare your cache file with what comes back from here : http://checkip.dyndns.org/
Is it identical ? -
@gertjan said in Possible bug with Dynamic DNS:
which means : every one minute after each hour :execute /etc/rc.dyndns.update
Small correction: "At 01:01.โ
1 0-23 * * *
would be every hour. -
@bob-dig Hello.
If the WAN is the same as it was on the last check then no change is pushed to DynDNS, becuase it thinks there is nothing to update.
The original problem was caused by someone else getting the credentials of the DynDNS service and altering the public IP against the DynDNS entry.
If the script were to perform a DNS lookup against its own DynDNS entry to double check that the result from http://checkip.dyndns.org/ matches and perform an update if either it doesnt match or the WAN has changed that would be good.
-
@gertjan said in Possible bug with Dynamic DNS:
My WAN IP is 82.127.34.254 and the file contains also "82.127.34.254" : the hourly dyndns update aborts
This is the scenario the OP is describing...the WAN IP hasn't changed, but the IP is still wrong in DNS because it was updated by something else.
Vs. other implementations I've seen (and even wrote a basic one, long ago) where the server tracks whether the IP changes.
A few dynamic DNS allow manual updates after logging in to their site, I think I've seen? Otherwise a workaround might be to put in a wrong IP, run the cron job, then go back to the correct IP. Might fool it into updating.
-
@bob-dig said in Possible bug with Dynamic DNS:
Small correction: "At 01:01.โ
1 0-23 * * *
would be every hour.Your right
And seems more logic also.
Most DynDNS suppliers don't like having their systems accessed for unneeded updates.Keep in mind : there is another situation that forces the /etc/rc.dyndns.update to get called : when the WAN interface goes DOWN and UP, and (another) IP gets assigned.
@steveb53 said in Possible bug with Dynamic DNS:
The original problem was caused by someone else getting the credentials of the DynDNS service and altering the public IP against the DynDNS entry.
You (your dyndns updater) should be the only one able to update your dyndns host name. If the system gets hacked, everything is possible.
@steveb53 said in Possible bug with Dynamic DNS:
If the script were to perform a DNS lookup against its own DynDNS entry to double check that the result from http://checkip.dyndns.org/ matches and perform an update if either it doesnt match or the WAN has changed that would be good.
Such an access must exist first, the dyndns must publish some sort of API to read back the value. Or do a 'dig' locally for your dyndns hostname.
But again : why bother : just make sure no one else uses your credentials and everything will be fine. "keep it simple" is always the best solution.You won't be able to negotiate something with your car insurance neither when you give your car keys to some stranger ....
-
@gertjan said in Possible bug with Dynamic DNS:
Most DynDNS suppliers don't like having their systems accessed for unneeded updates.
The issue is there had been an update and it was changed to another IP.
The original problem was caused by someone else getting the credentials of the DynDNS service and altering the public IP against the DynDNS entry.
You (your dyndns updater) should be the only one able to update your dyndns host name. If the system gets hacked, everything is possible.
Correct, however the system didnt get hacked, the credentials for the service was used.
If the script were to perform a DNS lookup against its own DynDNS entry to double check that the result from http://checkip.dyndns.org/ matches and perform an update if either it doesnt match or the WAN has changed that would be good.
Such an access must exist first, the dyndns must publish some sort of API to read back the value. Or do a 'dig' locally for your dyndns hostname.
It doesnt need to access the service to do this, a simple DNS lookup will achieve the same.
But again : why bother : just make sure no one else uses your credentials and everything will be fine. "keep it simple" is always the best solution.
Agreed, but credentials get compromised all the time.
The script logic could be;
- What's my public IP
- Check 1 : Local check is my WAN different from my cached YES/NO
- Check 2 : Regular DNS lookup, is my WAN different from DNS. YES/NO
- If check 1 YES then perform update, its a natural change of our WAN
- if check 2 YES then perform update, something else must have changed it. report to sysop for further checks.
-
hi, I have a problem with noip, as before the update it worked correctly, but now I have noticed that if I force update it gives me the ip green, but on nonip.com the ip remains the old one. I tried has install DUC on windows and it works. Can someone tell me why they update the ip on pfsense with green color while on the provider not?
-
@frankz
Check the logs on your system. -
@gertjan i'am resolve to patch 4aab19d4ade5d164c22bd63b2833d54bab740d59
-
@gertjan
I've done a bit of fiddling and cobbled this together and its logging correctly. - I made a manual change directly on the service and it detected it.$dyndnsis = gethostbyname($this->_FQDN); // lets see what the public DNS things our IP is
if ($this->_dnsIP != $dyndnsis) {
log_error(sprintf(gettext('Dynamic DNS Someting is wrong %1$s should be %2$s and its come back as %3$s'), $this->_FQDN, $this->_dnsIP, $dyndnsis));
}else {
log_error(sprintf(gettext('Dynamic DNS all is well %1$s should be %2$s and its come back as %3$s'), $this->_FQDN, $this->_dnsIP, $dyndnsis));
}I'm not too sure where it should sit in the dyndns.class file, I've got it at line 360 just above the line that reads $this->_debugID = rand(1000000, 9999999);
I also need to be able to trigger an update should the public DNS return a different IP than expected.