New ISP and Dynamic DNS fails with IPv6 update but fine for IPv4

daredevilbear

My new ISP requires 6rd Tunnel for IPv6 and it is up and running correctly but when I try to update Route 53 with Dynamic DNS it fails to connect. I have no issues with the IPv4 update. The IPv6 update was working correctly before using 6rd Tunnel. Any ideas? Screenshot 2024-07-12 at 1.40.29 PM.png

daredevilbear

@daredevilbear

After more troubleshooting, I can confirm the XML from the verbose log used for the upsert is correct and works as except using Postman. Not sure why it's timing out.

stephenw10

That doesn't even resolve to a v6 address for me:

[24.08-DEVELOPMENT][admin@fw1.stevew.lan]/root: curl -v -6 https://route53.amazonaws.com
* Could not resolve host: route53.amazonaws.com
* Closing connection
curl: (6) Could not resolve host: route53.amazonaws.com

Did it work over v6 previously?

Steve

daredevilbear

@stephenw10 yes and I have other pfsense installs working with route 53. I don’t believe that domain has ever had an AAAA record.

stephenw10

Oh so it's failing to update your IPV6 IP over IPv4?

But you have a real IPv6 address on the pfSense WAN?

Did you enable verbose logging on the client?

daredevilbear

@stephenw10 Oh so it's failing to update your IPV6 IP over IPv4?
-Yes but all route 53 API calls are over IPv4.

But you have a real IPv6 address on the pfSense WAN?
-Yes and IPv6 is working on the network.

Did you enable verbose logging on the client?
-Yes and here is the output. On a successful update both "/services_dyndns_edit.php: Response Header:" and "/services_dyndns_edit.php: Response Data:" have values but here they are blank.

Screenshot 2024-07-12 at 9.57.36 PM.png

After more testing, if I monitor another interface with IPv6 it works fine. I believe Curl might be having issues with WAN's address due to it ending in double colons. It looks something like "2602:xx:xxx:xxxx::" but the other interface is "2602:xx:xxx:xxxx::1" and it works. The reason I believe it is Curl and not AWS API since it is working work the XML from the log within Postman. I have also observed this behavior on another PfSense installation with the same ISP. With a WAN address ending in :: as in "2602:xx:xxx:xxxx::"the update fails as well.

daredevilbear

It also looks like someone else is having a similar issue with 6rd and Dynamic DNS. It might be related.

https://forum.netgate.com/topic/188983/ipv6-ddns-not-working-with-6rd

stephenw10

@daredevilbear said in New ISP and Dynamic DNS fails with IPv6 update but fine for IPv4:

I believe Curl might be having issues with WAN's address due to it ending in double colons.

Yup, that seems very likely. What subnet size is that?

daredevilbear

@stephenw10 24. The prefix from the ISP is 2602::/24.

daredevilbear

@stephenw10 After further testing I don't believe it is an issue with Curl. I set the IP address that ends in :: as a Static IP address on the WAN interface and the update is successful. So the issue is only reproducible when the WAN interface uses 6rd tunneling.

daredevilbear

After more testing, I am confident it is an issue with 6rd and Dynamic DNS, unfortunately, I am unable to find the root cause.

stephenw10

Hmm, so some issue detecting the WAN IP for the client script when it's dynamic?

Curious IP with all zero suffix. Are you able to send me the actual IP in chat to test against?

daredevilbear

@stephenw10 No issues detecting. The correct IP address is in the logs but the connection timeout when trying to update. Yes, will send you the IP address.

stephenw10

Mmm, it sure feels like something is choking on that address though. Different code path for a static IP.