Dynamic DNS not updating (PPPoE) WAN IP sometimes
-
@w0w said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry
This comes up from time to time. Based on those posts, in essence pfSense checks what it had for an IP last time and if it's the same, doesn't bother updating the hostname. That works unless, for some reason, the hostname has an incorrect IP and then pfSense doesn't update it.
https://forum.netgate.com/topic/148175/solved-dynamic-dns-not-updating/4
https://forum.netgate.com/topic/155684/dynamic-dns-auto-update-issue/4the "save & force update" button should do it though:
Jul 11 15:52:01 php-fpm 1232 /services_dyndns_edit.php: phpDynDNS (mail): (Success) IP Address Updated Successfully! Jul 11 15:52:01 php-fpm 1232 /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_wannamecheap'site.example.com'0.cache: x.x.x.223Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote 👍 helpful posts! -
@stephenw10 said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
If you manually force an update does it push the IP correctly?
Yes, I think so.
-
@SteveITS said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
https://forum.netgate.com/topic/148175/solved-dynamic-dns-not-updating/4
https://forum.netgate.com/topic/155684/dynamic-dns-auto-update-issue/4Looks like I've missed those topics as well. Also, I have been using the script something like that was mentioned by @serbus
I can't agree with @Gertjan about caching, because it can be requested without using cache, like
dig @ns1.example.com example.com (source)
Even if there is a problem with resolving it via pfSense, why not just update DynDNS entry every time when this rc is called? The right way I see it should work is that pfSense should never write IP into its own cache file until IP is updated on the nameserver. -
@w0w said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
I can't agree with @Gertjan about caching,
Where did I said that ?
Still, if the resolver has a already a resolved entry for the domain, and TTL is still positive, it won't resolve. That said, dyndns host names have often ridiculous low TTL values.edit : ah, ok, get it : here : https://forum.netgate.com/topic/155684/dynamic-dns-auto-update-issue/4
A "dig @ns1.example.com example.com" would work.
Way better is using "http://checkip.dyndns.org" where you use the WAN interface you want to check. That's like phoning some one and then ask to this person : what is the number showing on your phone right now ? It's pretty fail safe, and will exclude any cache issues.@w0w said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
why not just update DynDNS entry every time when this rc is called?
You mean : updating the remote DNS, even if it was not needed ?
If it's your own DNS facility, ok, why not. All the others : the will warn, and then blacklist you. Abusive (non needed) updates are often 'punished'.Can you check :
The script used will be more verbose, and you'll se what happens, and what not happens.
Btw : this isn't another "namecheap", right ?
-
@Gertjan said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
You mean : updating the remote DNS, even if it was not needed ?
If it's your own DNS facility, ok, why not. All the others : the will warn, and then blacklist you. Abusive (non needed) updates are often 'punishedYes you right it's not a very good idea, will work in 90% maybe but fails some day the other way you have mentioned. Same as currently used code is not failproof, but it safe for Dynamic DNS providers at least, yes.
@Gertjan said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
Can you check :
The script used will be more verbose, and you'll se what happens, and what not happens.
Btw : this isn't another "namecheap", right ?
Will try and report back.
I use duia.eu only just for VPN and access my network from outside. -
Jul 14 06:14:40 php-fpm 94559 /rc.newwanipv6: Netgate pfSense Plus package system has detected an IP change or dynamic WAN reconnection - 2001:xyxy:d248:ffff:c470:be30:e8d2:a3ca -> 2001:xyxy:d248:ffff:1f:c9bd:c7bf:9e1d - Restarting packages. Jul 14 06:14:40 php-fpm 94559 /rc.newwanipv6: Creating rrd update script Jul 14 06:14:40 php-fpm 94559 /rc.newwanipv6: Resyncing OpenVPN instances for interface WAN. Jul 14 06:14:40 php-fpm 94559 /rc.newwanipv6: Ignoring IPsec reload since there are no tunnels on interface wan Jul 14 06:14:39 php-fpm 83479 /rc.newwanip: phpDynDNS (removed.duia.eu): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. Jul 14 06:14:39 php-fpm 83479 /rc.newwanip: Dynamic Dns (removed.duia.eu): Current WAN IP: xx.xx.6.192 Cached IP: xx.xx.6.192 Jul 14 06:14:39 php-fpm 83479 /rc.newwanip: Dynamic DNS duiadns (removed.duia.eu): xx.xx.6.192 extracted from local system. Jul 14 06:14:39 check_reload_status 480 Reloading filter Jul 14 06:14:39 check_reload_status 480 Starting packages Jul 14 06:14:39 php-fpm 20760 /rc.newwanipv6: Netgate pfSense Plus package system has detected an IP change or dynamic WAN reconnection - 2001:xyxy:d248:ffff:c470:be30:e8d2:a3ca -> 2001:xyxy:b248:d7:76:c6ff:fe00:b317 - Restarting packages. Jul 14 06:14:39 php-fpm 83479 /rc.newwanip: Dynamic DNS duiadns (removed.duia.eu): _checkIP() starting. Jul 14 06:14:39 php-fpm 83479 /rc.newwanip: Dynamic DNS duiadns (removed.duia.eu): _detectChange() starting. Jul 14 06:14:39 php-fpm 83479 /rc.newwanip: Dynamic DNS (removed.duia.eu): running get_failover_interface for wan. found pppoe0 Jul 14 06:14:39 php-fpm 83479 /rc.newwanip: Dynamic DNS duiadns (removed.duia.eu): xx.xx.6.192 extracted from local system. Jul 14 06:14:39 php-fpm 20760 /rc.newwanipv6: Creating rrd update script Jul 14 06:14:39 php-fpm 20760 /rc.newwanipv6: Resyncing OpenVPN instances for interface WAN. Jul 14 06:14:39 php-fpm 20760 /rc.newwanipv6: Ignoring IPsec reload since there are no tunnels on interface wan Jul 14 06:14:39 php-fpm 83479 /rc.newwanip: Dynamic DNS duiadns (removed.duia.eu): _checkIP() starting. Jul 14 06:14:39 php-fpm 94559 /rc.newwanipv6: phpDynDNS (removed.duia.eu): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. Jul 14 06:14:39 php-fpm 94559 /rc.newwanipv6: Dynamic Dns (removed.duia.eu): Current WAN IP: xx.xx.6.192 Cached IP: xx.xx.6.192 Jul 14 06:14:39 php-fpm 94559 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): xx.xx.6.192 extracted from local system. Jul 14 06:14:39 php-fpm 83479 /rc.newwanip: Dynamic DNS: updatedns() starting Jul 14 06:14:39 php-fpm 94559 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): _checkIP() starting. Jul 14 06:14:39 php-fpm 94559 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): _detectChange() starting. Jul 14 06:14:39 php-fpm 94559 /rc.newwanipv6: Dynamic DNS (removed.duia.eu): running get_failover_interface for wan. found pppoe0 Jul 14 06:14:39 php-fpm 94559 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): xx.xx.6.192 extracted from local system. Jul 14 06:14:38 php-fpm 94559 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): _checkIP() starting. Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): _update() ending. Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): _checkStatus() ending. Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: phpDynDNS (removed.duia.eu): (Success) IP Address Updated Successfully! Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: phpDynDNS: updating cache file /conf/dyndns_wanduiadns'removed.duia.eu'1.cache: xx.xx.6.192 Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): xx.xx.6.192 extracted from local system. Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): _checkIP() starting. Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): _checkStatus() starting. Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: Response Data: good xx.xx.6.192 Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: Response Header: Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: Response Header: Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: Response Header: vary: Accept-Encoding Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: Response Header: content-type: text/plain;charset=ascii Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: Response Header: date: Fri, 14 Jul 2023 03:14:38 GMT Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: Response Header: server: nginx Jul 14 06:14:38 php-fpm 20760 /rc.newwanipv6: Response Header: HTTP/2 200 Jul 14 06:14:38 php-fpm 94559 /rc.newwanipv6: Dynamic DNS: updatedns() starting Jul 14 06:14:38 php-fpm 83479 /rc.newwanip: phpDynDNS (removed.strangled.net): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. Jul 14 06:14:37 php-fpm 20760 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): _update() starting. Jul 14 06:14:37 php-fpm 20760 /rc.newwanipv6: DynDns (removed.duia.eu): Dynamic Dns: cacheIP != wan_ip. Updating. Cached IP: xx.xx.31.45 WAN IP: xx.xx.6.192 Jul 14 06:14:37 php-fpm 20760 /rc.newwanipv6: Dynamic Dns (removed.duia.eu): Current WAN IP: xx.xx.6.192 Cached IP: xx.xx.31.45 Jul 14 06:14:37 php-fpm 20760 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): xx.xx.6.192 extracted from local system. Jul 14 06:14:37 php-fpm 20760 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): _checkIP() starting. Jul 14 06:14:37 php-fpm 20760 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): _detectChange() starting. Jul 14 06:14:37 php-fpm 20760 /rc.newwanipv6: Dynamic DNS (removed.duia.eu): running get_failover_interface for wan. found pppoe0 Jul 14 06:14:37 php-fpm 20760 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): xx.xx.6.192 extracted from local system. Jul 14 06:14:37 php-cgi 6197 notify_monitor.php: Message sent to removed@gmail.com OK Jul 14 06:14:37 php-fpm 94559 /rc.newwanipv6: phpDynDNS (removed.strangled.net): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. Jul 14 06:14:37 php-fpm 20760 /rc.newwanipv6: Dynamic DNS duiadns (removed.duia.eu): _checkIP() starting. Jul 14 06:14:37 php-fpm 20760 /rc.newwanipv6: Dynamic DNS: updatedns() starting Jul 14 06:14:37 upsmon 19995 Communications with UPS eaton@192.168.77.200:3493 established Jul 14 06:14:36 php-fpm 20760 /rc.newwanipv6: phpDynDNS (removed.strangled.net): (Success) IP Address Changed Successfully! Jul 14 06:14:36 php-fpm 20760 /rc.newwanipv6: phpDynDNS: updating cache file /conf/dyndns_wanfreedns'removed.strangled.net'0.cache: xx.xx.6.192 Jul 14 06:14:32 upsmon 19995 Communications with UPS eaton@192.168.77.200:3493 lost Jul 14 06:14:32 upsmon 19995 Poll UPS [eaton@192.168.77.200:3493] failed - Write error: Permission denied Jul 14 06:14:30 php-fpm 83479 /rc.newwanip: IP Address has changed, killing all states (ip_change_kill_states is set). Jul 14 06:14:29 php-fpm 401 /rc.filter_synchronize: Beginning XMLRPC sync data to https://192.168.88.2:443/xmlrpc.php. Jul 14 06:14:29 php-fpm 401 /rc.filter_synchronize: XMLRPC versioncheck: 22.9 -- 22.9 Jul 14 06:14:29 php-fpm 401 /rc.filter_synchronize: XMLRPC reload data success with https://192.168.88.2:443/xmlrpc.php (pfsense.host_firmware_version). Jul 14 06:14:29 php-fpm 400 /rc.filter_synchronize: XMLRPC reload data success with https://192.168.88.2:443/xmlrpc.php (pfsense.restore_config_section). Jul 14 06:14:29 php-fpm 94559 /rc.newwanipv6: The command '/sbin/ifconfig pppoe0 inet6 2001:xyxy:d248:ffff:c470:be30:e8d2:a3ca delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address' Jul 14 06:14:29 check_reload_status 480 Reloading filter Jul 14 06:14:29 php-fpm 94559 /rc.newwanipv6: dpinger: status socket /var/run/dpinger_WAN_PPPOE~xx.xx.6.192~8.8.4.4.sock not found Jul 14 06:14:29 php-fpm 94559 /rc.newwanipv6: dpinger: No dpinger session running for gateway WAN_DHCP6 Jul 14 06:14:29 php-fpm 94559 /rc.newwanipv6: dpinger: status socket /var/run/dpinger_WAN2_DHCP~192.168.100.100~8.8.8.8.sock not found Jul 14 06:14:29 php-fpm 83479 /rc.newwanip: Removing static route for monitor 8.8.8.8 and adding a new route through 192.168.100.1 Jul 14 06:14:29 php-fpm 83479 /rc.newwanip: Removing static route for monitor 8.8.4.4 and adding a new route through yy.yy.29.248 Jul 14 06:14:29 php-fpm 20760 /rc.newwanipv6: dpinger: No dpinger session running for gateway WAN_DHCP6 Jul 14 06:14:29 php-fpm 83479 /rc.newwanip: dpinger: No dpinger session running for gateway WAN_DHCP6 Jul 14 06:14:29 php-fpm 94559 /rc.newwanipv6: Removing static route for monitor 8.8.8.8 and adding a new route through 192.168.100.1 Jul 14 06:14:29 php-fpm 94559 /rc.newwanipv6: Removing static route for monitor 8.8.4.4 and adding a new route through yy.yy.29.248 Jul 14 06:14:28 php-fpm 20760 /rc.newwanipv6: The command '/sbin/ifconfig pppoe0 inet6 2001:xyxy:d248:ffff:c470:be30:e8d2:a3ca delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address' Jul 14 06:14:28 check_reload_status 480 Reloading filter Jul 14 06:14:28 php-fpm 20760 /rc.newwanipv6: Default gateway setting Interface WAN_PPPOE Gateway as default. Jul 14 06:14:28 php-fpm 20760 /rc.newwanipv6: Gateway, switch to: WAN_PPPOE Jul 14 06:14:27 php-fpm 20760 /rc.newwanipv6: Removing static route for monitor 8.8.8.8 and adding a new route through 192.168.100.1 Jul 14 06:14:27 php-fpm 20760 /rc.newwanipv6: Removing static route for monitor 8.8.4.4 and adding a new route through yy.yy.29.248 Jul 14 06:14:27 php-fpm 94559 /rc.newwanipv6: rc.newwanipv6: on (IP address: 2001:xyxy:d248:ffff:1f:c9bd:c7bf:9e1d) (interface: wan) (real interface: pppoe0). Jul 14 06:14:27 php-fpm 94559 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Jul 14 06:14:26 php-fpm 83479 /rc.newwanip: rc.newwanip: on (IP address: xx.xx.6.192) (interface: WAN[wan]) (real interface: pppoe0). Jul 14 06:14:26 php-fpm 83479 /rc.newwanip: rc.newwanip: Info: starting on pppoe0. Jul 14 06:14:26 php-fpm 20760 /rc.newwanipv6: rc.newwanipv6: on (IP address: 2001:xyxy:b248:d7:76:c6ff:fe00:b317) (interface: wan) (real interface: pppoe0). Jul 14 06:14:26 php-fpm 20760 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Jul 14 06:14:26 php-cgi 6197 notify_monitor.php: Message sent to removed@gmail.com OK Jul 14 06:14:25 check_reload_status 480 rc.newwanip starting pppoe0 Jul 14 06:14:25 rtsold 44630 RTSOLD Lock in place - sending SIGHUP to dhcp6c Jul 14 06:14:25 rtsold 44121 Received RA specifying route fe80::669e:f3ff:fe94:dd00 for interface wan(pppoe0) Jul 14 06:14:25 ppp 38694 [wan] xx.xx.6.192 -> yy.yy.29.248 Jul 14 06:14:25 ppp 38694 [wan] IPCP: LayerUpdebug active only for PPPoE duia.eu entry
-
@w0w said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
Jul 14 06:14:37 php-fpm 20760 /rc.newwanipv6: DynDns (removed.duia.eu): Dynamic Dns: cacheIP != wan_ip. Updating. Cached IP: xx.xx.31.45 WAN IP: xx.xx.6.192
That's just great.
The script /rc.newwanipv6 should handle IPv6 WAN events.
Or, /rc.newwanipv6 will, if needed, start the DynDNS handling - and it seems to do a IPv4 thing => "Cached IP: xx.xx.31.45 WAN IP: xx.xx.6.192" looks like an WAN IPv4 change.Btw :
if (!in_array($config['interfaces'][$interface]['ipaddr'], array('pppoe', 'pptp', 'ppp'))) {Example :
My interfaces :
<interfaces> <wan> <enable></enable> <if>ix3</if> <descr><![CDATA[WAN]]></descr> ...... <ipaddr>dhcp</ipaddr> ....... <ipaddrv6>dhcp6</ipaddrv6> ....... </wan>why is $config['interfaces'][$interface]['ipaddr'] used here, and not $config['interfaces'][$interface]['ipaddrv6'] ?
edit : sorry, I can't be clear right now. these two /rc.newwanip and /rc.newwanipv6 are ..... dono, need the weekend to get my head around them. So many conditions.
-
@Gertjan
For me, it was also strange why IPv6 is present in the name of the script, but I thought that this was just the name for the code that supports the protocol, i.e. not necessarily only IPv4 but also IPv6.Just another thought.
Perhaps in this case, the duia provider itself does not update. Well, for example, it blocks the update for spamming, as you said. All this happens with some fairly frequent transitions, let's say updating one firewall and then another, which causes 2-3 IP address changes in a certain period of time. But in theory, this should only happen with one dynamic DNS provider, and when this first happened, a couple of years ago, in my opinion, I specifically made a new one. In general, freedns and duia.eu both did not work at that moment. I didn't even check last time...
So when this will happen, I'll check both again… -
I just ran into this again myself today setting up a new router:
- set up pfSense
- set up no-IP dyndns account from my office, which uses my office address by default
- configure no-IP in pfSense
A success shows:
/services_dyndns_edit.php: phpDynDNS (example.com): (Success) No Change In IP Address
As noted this is because pfSense doesn't think its IP changed, but no-IP still has the wrong IP, my office IP. At this point Save and Force Update does not update the hostname.
I can set it manually at no-IP of course but that defeats the purpose. Presumably it would update when the WAN IP changes when it is moved on site.
Edit: it doesn't seem to work to delete the .cache file either. It still logs "No Change In IP Address."
-
@SteveITS
Use verbose logging. Does it create cache file again after delete?The other question is why 25 days? Why not 500 days or 1 hour? Is it some standard specified option?
EDIT: Found this https://redmine.pfsense.org/issues/9092
Looks like we have this option for some DNS providers in the GUI, but not for others. BTW I did not find any limitations on duiaDNS service, except
1k DNS queries / day
300 sec. TTL (Time to Live)
So I don't think I've somehow violated rules/limits. -
@w0w Got sidetracked by a new router with a bad WAN port.
If I change the IP in the no-IP web site, delete the cache file and force an update, verbose logs show:
Jul 18 11:38:50 php-fpm 1108 /services_dyndns_edit.php: Dynamic DNS noip (example.com): _update() ending. Jul 18 11:38:50 php-fpm 1108 /services_dyndns_edit.php: Dynamic DNS noip (example.com): _checkStatus() ending. Jul 18 11:38:50 php-fpm 1108 /services_dyndns_edit.php: phpDynDNS (example.com): (Success) No Change In IP Address Jul 18 11:38:50 php-fpm 1108 /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_wannoip'example.com'0.cache: 173.x.x.x Jul 18 11:38:50 php-fpm 1108 /services_dyndns_edit.php: Dynamic DNS noip (example.com): 173.x.x.x extracted from Check IP Service Jul 18 11:38:49 php-fpm 1108 /services_dyndns_edit.php: Dynamic DNS noip (example.com): _checkIP() starting. Jul 18 11:38:49 php-fpm 1108 /services_dyndns_edit.php: Dynamic DNS noip (example.com): _checkStatus() starting. Jul 18 11:38:49 php-fpm 1108 /services_dyndns_edit.php: Response Data: nochg 173.x.x.x\x0d...and the IP at no-IP isn't updated. The cache file does get recreated and does contain the correct IP.
If I manually change the IP in the cache file, I get "No Change In IP Address" again. At this point the dyndns page in pfSense shows the wrong IP which I typed in.
I then lowered the second number in the cache file, presumably a timestamp. If I force it, it seems to try to update.
However another thing I seem to be fighting sometimes, and just showed up again, is I keep getting an invalid password message. When that happens it seems like I have to both paste in the same password and type (and remove) a character in the username box to get it to work (i.e. edit the field). Which is weird since I'm not actually changing either field but it would be a large coincidence at this point otherwise as it has happened several times.
Anyway, after re entering the password the cache file is updated, I get the "DynDNS updated IP Address" email from pfSense, but pfSense again logs "No Change In IP Address" and the IP is not updated at the service.
Maybe No-IP integration is broken again? could be that, and is just hidden if none of our clients with it set up have had an IP change.
-
@SteveITS said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
...and the IP at no-IP isn't updated. The cache file does get recreated and does contain the correct IP
Before this line :
Jul 18 11:38:49 php-fpm 1108 /services_dyndns_edit.php: Response Data: nochg 173.x.x.x\x0d
Is this line noip related ? Do you have more then one dyndns host name ? (they are executed in parallel, and log lines can get intermixed).
I presume you have only one.
The DynDNS had decided to update the info stored @no-ip.
no-ip came back with what is a soft-warning : "there was no change, the IP that I had to put it place was was already stored in the no-ip records". This messages is known as "nochg" and means that the client decided to update the IP at dynsnds service (no-ip ) but the local dyndns code forgot that it already send that IP to no-ip. This, in theory, is already an error condition. To many of them an the dyndns will lock you out.Whne you see this (one second later !) :
Jul 18 11:38:50 php-fpm 1108 /services_dyndns_edit.php: Dynamic DNS noip (example.com): 173.x.x.x extracted from Check IP Service
Then pfSense / dyndns uses this Services > Dynamic DNS > Check IP Services == http://checkip.dyndns.org ti check the IPv4 (only ?) address of the interface that is use to map the WAN IPv4.
The IP that you get back, a simple html page like : "Current IP Address: 82.127.27.108" is parsed out to extract the IPv4 "82.127.27.108". This IPv4 is compared with the content of the cache file.
Have a look at this file : it contains de IP and a 'nix' time stamp. The time stamp is the date/moment of the last successful dyndns service update.
If the IP in the cache file is the same as the IP obtained by "http://checkip.dyndns.org" then all is well and nothing needs to be done => the WAN IP didn't change.
The time stamp is used for the "25 days refresh" : if the last successful time stamp was more then 25 days ago (in the past) then the dyndns service is updated with the IP even when it didn't change. See this as a "service is still active" heart-beep. In the past, some dyndns services could consider that the dyndns host wasn't there anymore as it wasn't updated anymore : the host name would be deleted.In your case, less then a second later :
Jul 18 11:38:50 php-fpm 1108 /services_dyndns_edit.php: phpDynDNS (example.com): (Success) No Change In IP Address
The IP in the cache file cache file was identical to the actual WAN IP, so nothing needs to be done.
That is : the cache file is updated with (the same, I hope, as it is extracted again from http://checkip.dyndns.org) IP, and a current time stamp.
A message notification (mail, telegram, etc) is send "DynDNS updated IP Address on...." and a log line is added "phpDynDNS: updating cache file ...." : you have that line shown.Note that your log lines are not complete.
A dyndns check/update/whatever start with
Dynamic DNS: updatedns() startingas that line is shown when "dyndns.class" is invoked.
Right now : the fact that a '_error' happened says to me :
an _update() happened. That means that you :
Forced the update in the GUI
or
The cached file didn't contain the current WAN IPv4 ( or more then 25 days have past)What was it ?
edit :
@SteveITS said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
Maybe 'whatever dyndns' integration is broken again?
Yeah, that one.
And that person that said to me ones : "master DNS, or do something entirely different, like growing flowers"
made me to have a face-to-face with 'bind'.
To make a long story short : with bind, you don't bother with DNS (all of it) anymore **. A sub-advantage is also : free dyndns for live. The one that works.** not considering DNSSEC.
-
@Gertjan Only one dyndns for me. Yes I just snipped the logs.
I was trying to Save and Force each time on my testing yesterday. The public WAN IP on the router is detected correctly by pfSense but No-IP isn't updating the A record on its end. The recurring "wrong password" issue also makes me think something is incorrect in the process. I was going to try the No-IP software client and if it works not use pfSense in this case, but it makes me wonder if others with No-IP are silently not being updated.
-
@SteveITS
I don't remember exactly all the reasons why I have been stopped using no-ip, because it was about 7 years ago. But definitely there were some changes made in their use policy and some lack of free service since. So I just moved to strangled.net and then to duia.eu as far as I can remember it.I don't know what exactly happens when IP is suddenly not updated. But if I understand it correctly, it should be possible to dig the current IP directly from DNS service and compare it with saved one and current one existing on interface.
If DNS returns some IP that differs from that one currently used on the interface and some minimal period, not that “25 days” one, is over, then IP should be forced to update or give some clear warning, send notification. It can be also adjustable, option “use at own risk” warning included.
I am not sure do we really need this cached IP locally? Can't it just compare the IP online? Just using “safe” interval in between of updates and checks if it already updated? A couple of hours or days, adjustable?
Just stupid thoughts.
Currently, I have played with maxcacheage option in config. Will report back if this helps. -
@w0w said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
stopped using no-ip, because it was about 7 years ago. But definitely there were some changes made in their use policy and some lack of free service
Last I knew they still have free accounts but you have to click a link in a monthly email to keep it active. The one I'm using is a paid account though. We gave up on "free" pretty quickly...which was obviously their goal.
@w0w said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
do we really need this cached IP locally? Can't it just compare the IP online?
In essence it does seem overly complicated. The two things that need comparing are the dynamic DNS A record answer, and the detected public IP. The value the WAN IP had last time is actually irrelevant. It might be correct, or it might not, but if it's correct and the dyndns service is wrong it still needs updating.
Perhaps there's some edge case or service where the hostname is deleted by the service after "n" days but can still be updated? Actually even then the update wouldn't work because the cached value in pfSense would still be correct...unless the 25 days had expired.
-
@w0w said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
I am not sure do we really need this cached IP locally?
That file is needed.
The file contains an IP : that was the IP that was 'updated' successfully the last time by the pfSEnse the dyndns service.
It also contains a time stamp, so locally it is known when the last update happened.
Even if the IP didn't not change, after every (daily) test the time stamp will be updated.The "25" days test was created as, because the orignal dyndns.org wanted you to update the IP even if it did not change on your side for 25 days.
See this as a sort of "I'm still there, I still need the service, just my WAN I did not change".
The dyndns host name were used a lot as a sort of free domain name, and dydns didn't wanted that to happen. dyndns.org type of domain names are 'expensive' for them as the domain name has a very low TTL, so, when it gets asked for DNS resolving, a lot more then normal DNS traffic is generated.
Normal DNS master name servers use a TTL of hours or even days. because IP are static == never change anyway. This means that resolvers can cache the info, so overall DNS get less.Btw : you can test the entire sequences yourself.
First : make the pfSEnse dyndns service log with details / verbose.Now, connect with a browser to no-ip, login, and manually change your IP registerd : make it for example 1.2.3.4 - anything else as your WAN actual WAN IP.
When done. Stop pfSense. Count to 30. Start pfSense.
Let it boot.
Now, console or SSH in (or if you have to : use the GUI) and look at the logs.
Look at all dyndns log lines. Especially the data payload lines (the answer that came back when the update happens) as that one shows the result of the update.
name-cheap, no-ip etc can change a letter or two in the result-payload. Instead of "Ok, ....." it could now reply with "OK ....." and that answer will be seen as a fail by pfSense as a (one) letter changed.
The update did happen, but pfSense will show you something went wrong.
This forces you to "do something" and "get fed up with it" and "make you think something is wrong" and changes are great that you become tired of all this so you take the $$ option. The $$ option won't "break" suddenly, as you now pay for a service.Why all this ?
Because that's the first thing you and I would do if we worked for this company
@SteveITS said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
or it might not, but if it's correct and the dyndns service is wrong it still needs updating.
I'll present you with a case.
You (your script) updates the IP, as there was a mismatch.
The dyndns service accepts your update, but fails to transmit the updated hostname to its DNS name server.
On your side, an event restarts packages. dyndns locally is restarted, and finds again a mismatch.
An update happens ...Now, take in consideration you are not the one and only client of the dyndns service, they have millions of clients. Their back end upgrade service will get wiped of the "Internet surface", it will melt down : a real DDOS will take place.
This scenario really happened. And not just ones.
-
@Gertjan said in Dynamic DNS not updating (PPPoE) WAN IP sometimes:
You (your script) updates the IP, as there was a mismatch.
The dyndns service accepts your update, but fails to transmit the updated hostname to its DNS name server.
On your side, an event restarts packages. dyndns locally is restarted, and finds again a mismatch.
An update happens ...Well, I do not know…
What prevents you from continuing to record the time stamp of the last update without writing down the IP itself and, based on this stamp, choose the next period for updating, so DDoS does not happen, with a safe interval? Each time checking if the record has been updated and only trying to update if the IP is not the same? You don’t even need to process dyndns server responses.
And yes, you can also force it to update as it doing after desired period of time 25 days by default or 6 for some services.If it comes to that, you can also write to the file the number of FAILURE attempts to update the record. Failure attempts are how many times the address comparison on the interface was incorrect and after some attempt, say the 10th, stop everything altogether or set new safe interval for whatever you think, ex. one week and giving clear error to user that something is definitely wrong with that service or it's settings.
-
So....finally figured out I had the incorrect credentials when I couldn't get it to log in using the No-IP software. Using a group, the login field is format groupname:account-username not groupname:dyndns-first-part-of-hostname.
However, I am left wondering why it "succeeded" so often using pfSense, in that I only got the "mysterious" credential error sometimes.
