Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    deSEC.io / dedyn.io DynDNS now supports avoiding overwriting entries with dual stack IP4/6

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 340 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JeGrJ
      JeGr LAYER 8 Moderator
      last edited by

      Hi there,

      I was testing the DynDNS and Acme integration with the nice folks from deSEC.io and happen to stumble upon a problem with their API.
      While having IPv4 AND IPv6 configured as DynDNS services in pfSense, one entry overwrites the other. So if IPv4 gets reloaded, the IP4 entry for e.g. test.jlab.dedyn.io is there. After the IPv6 refresh from the dyndns page runs, the IP4 vanished from the name and only the IP6 AAAA entry is there. The same was the case when refreshing v4 - A is there, AAAA gets removed. That's as per their API documentation but as pfSense doesn't support (yet?) to update both it's IP4 and IP6 at the same time.

      So I kindly asked them if there was a way to configure the way the API handles calls to the same host/domain entry with changes to A/AAAA behavior and they quickly added a new parameter called preserve to their API:

      https://desec.readthedocs.io/en/latest/dyndns/update-api.html

      It now states:

      For IPv4, we check the query string parameters myip, myipv4, ip (in this order) for an IPv4 address to record in the database. When the special string preserve is provided instead of an IP address, the address on record (if any) will be kept as is. If none of the parameters is set, the connection’s client IP address will be used if it is an IPv4 connection; otherwise the IPv4 address will be deleted from the DNS. IP deletion can also be forced by providing an empty value (e.g. myipv4=).

      For IPv6, the procedure is similar. We check the myipv6, ipv6, myip, ip query string parameters (in this order) and the IP that was used to connect to the API for IPv6 addresses and use the first one found. The preserve rule applies as above. If nothing is found or an empty value provided, the AAAA record will be deleted.

      So two questions actually:

      1. Could this option please be included into the DynDNS Module for deSEC.io so we can toggle the behavior as needed?

      2. Would it be possible to include a IP4/IP6 Module that submits both values at the same time (as their API allows) so we don't have to add multiple "services" for the same address/job?

      3. Could we add a generic Custom (v4/v6) Job so we get a custom one where we have access to both the interfaces IP4 AND IP6 address? Currently it's either or and the %IP% variable is filled accordingly but there are more and more services that support proper dual-stack handling and it reduces unnecessary multiple connects to the same service over and over again to update IP4 and IP6 entries of perhaps multiple domains/hostnames and thus reducing runtime of the background job.

      Cheers
      \jens

      Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.