Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New ISP and Dynamic DNS fails with IPv6 update but fine for IPv4

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 2 Posters 533 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      daredevilbear
      last edited by

      My new ISP requires 6rd Tunnel for IPv6 and it is up and running correctly but when I try to update Route 53 with Dynamic DNS it fails to connect. I have no issues with the IPv4 update. The IPv6 update was working correctly before using 6rd Tunnel. Any ideas?Screenshot 2024-07-12 at 1.40.29 PM.png

      D 1 Reply Last reply Reply Quote 0
      • D
        daredevilbear @daredevilbear
        last edited by

        @daredevilbear

        After more troubleshooting, I can confirm the XML from the verbose log used for the upsert is correct and works as except using Postman. Not sure why it's timing out.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          That doesn't even resolve to a v6 address for me:

          [24.08-DEVELOPMENT][admin@fw1.stevew.lan]/root: curl -v -6 https://route53.amazonaws.com
          * Could not resolve host: route53.amazonaws.com
          * Closing connection
          curl: (6) Could not resolve host: route53.amazonaws.com
          

          Did it work over v6 previously?

          Steve

          D 1 Reply Last reply Reply Quote 0
          • D
            daredevilbear @stephenw10
            last edited by

            @stephenw10 yes and I have other pfsense installs working with route 53. I don’t believe that domain has ever had an AAAA record.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Oh so it's failing to update your IPV6 IP over IPv4?

              But you have a real IPv6 address on the pfSense WAN?

              Did you enable verbose logging on the client?

              D 1 Reply Last reply Reply Quote 0
              • D
                daredevilbear @stephenw10
                last edited by

                @stephenw10 Oh so it's failing to update your IPV6 IP over IPv4?
                -Yes but all route 53 API calls are over IPv4.

                But you have a real IPv6 address on the pfSense WAN?
                -Yes and IPv6 is working on the network.

                Did you enable verbose logging on the client?
                -Yes and here is the output. On a successful update both "/services_dyndns_edit.php: Response Header:" and "/services_dyndns_edit.php: Response Data:" have values but here they are blank.

                Screenshot 2024-07-12 at 9.57.36 PM.png

                After more testing, if I monitor another interface with IPv6 it works fine. I believe Curl might be having issues with WAN's address due to it ending in double colons. It looks something like "2602:xx:xxx:xxxx::" but the other interface is "2602:xx:xxx:xxxx::1" and it works. The reason I believe it is Curl and not AWS API since it is working work the XML from the log within Postman. I have also observed this behavior on another PfSense installation with the same ISP. With a WAN address ending in :: as in "2602:xx:xxx:xxxx::"the update fails as well.

                D stephenw10S 2 Replies Last reply Reply Quote 0
                • D
                  daredevilbear @daredevilbear
                  last edited by

                  It also looks like someone else is having a similar issue with 6rd and Dynamic DNS. It might be related.

                  https://forum.netgate.com/topic/188983/ipv6-ddns-not-working-with-6rd

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator @daredevilbear
                    last edited by

                    @daredevilbear said in New ISP and Dynamic DNS fails with IPv6 update but fine for IPv4:

                    I believe Curl might be having issues with WAN's address due to it ending in double colons.

                    Yup, that seems very likely. What subnet size is that?

                    D 2 Replies Last reply Reply Quote 0
                    • D
                      daredevilbear @stephenw10
                      last edited by

                      @stephenw10 24. The prefix from the ISP is 2602::/24.

                      1 Reply Last reply Reply Quote 0
                      • D
                        daredevilbear @stephenw10
                        last edited by

                        @stephenw10 After further testing I don't believe it is an issue with Curl. I set the IP address that ends in :: as a Static IP address on the WAN interface and the update is successful. So the issue is only reproducible when the WAN interface uses 6rd tunneling.

                        D 1 Reply Last reply Reply Quote 0
                        • D
                          daredevilbear @daredevilbear
                          last edited by

                          After more testing, I am confident it is an issue with 6rd and Dynamic DNS, unfortunately, I am unable to find the root cause.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            Hmm, so some issue detecting the WAN IP for the client script when it's dynamic?

                            Curious IP with all zero suffix. Are you able to send me the actual IP in chat to test against?

                            D 1 Reply Last reply Reply Quote 0
                            • D
                              daredevilbear @stephenw10
                              last edited by

                              @stephenw10 No issues detecting. The correct IP address is in the logs but the connection timeout when trying to update. Yes, will send you the IP address.

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                Mmm, it sure feels like something is choking on that address though. Different code path for a static IP.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.