Dynamic DNS with Cloudflare does not work, change my mind
-
I have setup my domain on cloudflare.
Cloudflare reports the domain is "the primary DNS provider for this domain, it's authoritaviley answers all DNS queries."
On Cloudflare ai created an A record for pfsense, I entered my current IP address. I am doubleNAT on Starlink. It is set to DNS only, not proxy and TTL is auto.
In PFSense I added a new client under ServicesDynamic DNSDynamic DNS Clients. Interface is WAN Service is Cloudlfare. Host name is correct pfsense.mydomain.cloud Cached IP is N/A.
I created a new API Token on Cloudflare with the permission of Zone.DNS I used this as "password" on pfsense.
Logs report failures:
Jan 1 08:24:33 check_reload_status 699 Syncing firewall
Jan 1 08:24:33 php-fpm 99675 /services_dyndns_edit.php: Dynamic DNS: updatedns() starting
Jan 1 08:24:33 php-fpm 99675 /services_dyndns_edit.php: Dynamic DNS cloudflare (pfsense.mydomain.cloud): _checkIP() starting.
Jan 1 08:24:33 php-fpm 99675 /services_dyndns_edit.php: Dynamic DNS cloudflare (pfsense.mydomain.cloud): REDACTED extracted from Check IP Service
Jan 1 08:24:33 php-fpm 99675 /services_dyndns_edit.php: Dynamic DNS (pfsense.mydomain.cloud): running get_failover_interface for wan. found mvneta0
Jan 1 08:24:33 php-fpm 99675 /services_dyndns_edit.php: Dynamic DNS cloudflare (pfsense.mydomain.cloud): _update() starting.
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: HTTP/2 400
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: date: Wed, 01 Jan 2025 14:24:34 GMT
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: content-type: application/json
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: cf-ray: REDACTED
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: cf-cache-status: DYNAMIC
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: expires: Sun, 25 Jan 1981 05:00:00 GMT
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: set-cookie: __cflb=REDACTED; SameSite=Lax; path=/; expires=Wed, 01-Jan-25 16:54:35 GMT; HttpOnly
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: strict-transport-security: max-age=31536000
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: pragma: no-cache
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: cf-auditlog-id: REDACTED
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: x-content-type-options: nosniff
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: x-frame-options: SAMEORIGIN
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: set-cookie: __cf_bm=REDACTED; path=/; expires=Wed, 01-Jan-25 14:54:34 GMT; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: set-cookie: __cfruid=REDACTED; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header: server: cloudflare
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header:
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Header:
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Response Data: {"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Dynamic DNS cloudflare (pfsense.mydomain.cloud): _checkStatus() starting.
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: phpDynDNS (pfsense): PAYLOAD: {"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: phpDynDNS (pfsense): UNKNOWN ERROR - Invalid request headers
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Dynamic DNS cloudflare (pfsense.mydomain.cloud): _checkStatus() ending.
Jan 1 08:24:34 php-fpm 99675 /services_dyndns_edit.php: Dynamic DNS cloudflare (pfsense.mydomain.cloud): _update() ending.
Jan 1 08:25:01 php-cgi 15793 servicewatchdog_cron.php: Service Watchdog detected service openvpn stopped. Restarting openvpn (OpenVPN client: PIA)To me this looks like a software error and I cannot imagine how basic Cloudflare DDNS would make it out of the door of QA without it working?
I would like to think this was my error but there are not a lot of settings here...?
-
@blackburd said in Dynamic DNS with Cloudflare does not work, change my mind:
To me this looks like a software error and I cannot imagine how basic Cloudflare DDNS would make it out of the door of QA without it working?
A basic QA exist ^^
Test for yourself : cloudflare invalid format for x-auth-key header and the very first link is a 100 % match (identical issue).I used Google here, but any search engine would yield the same result.
Have a look at the other proposed search results also.
You are using pfSense 2.7.2 or 24.11, right ?
edit : I knew I've seen this one before : https://forum.netgate.com/topic/189759/cloudflare-ddns-update-request-no-longer-valid
-
@Gertjan 24.11-RELEASE (arm64)
built on Wed Nov 27 12:22:00 CST 2024
FreeBSD 15.0-CURRENT"A basic QA exsist ^^"
"The for yourself : cloudflare invalid format for x-auth-key header and.."I am a new user to pfsense and not a network expert. If you could put your reply in plain English I would understand it.
I think I have narrowed my problem down myself to an issue with Starlink and CGNAT. Perhaps the only solution to get open ports in the public for me is to use a VPN that attaches to my domain name?
Thank you for your time.
-
@blackburd said in Dynamic DNS with Cloudflare does not work, change my mind:
I think I have narrowed my problem down myself to an issue with Starlink and CGNAT
I would have though that Cloudflare would inform you that the IP the (your) dynDNS wants to register isn't applicable. Not this strange looking error "cloudflare invalid format for x-auth-key header".
Registering RFC1918 (IPs like 192.168.1.1) or any IP lying in the CGNAT range range can't (shouldn't) be used for DynDNS as that wouldn't make sense.@blackburd said in Dynamic DNS with Cloudflare does not work, change my mind:
Perhaps the only solution to get open ports in the public for me is to use a VPN that attaches to my domain name?
Exact.