Dynamic DNS (DDNS) fails to obtain public IP

70tas

I installed CE 2.80 on a new box and have been trying to send my public IP to Cloudflare DNS for my domain. At first aI thought the problem had to do with the tokens, but after enabling detailed logging, I find that pfSense cannot obtain my IP address. I've tried enabling and disabling the default Check IP Services configuration in DDNS but I always get the same error.
The error is:
/services_dyndns_edit.php: Dynamic DNS (ingress.70tas.us) There was an error trying to determine the public IP for interface - wan (igc0 )

Has this been seen before. It was working perfectly on 2.7.2.

johnpoz

@70tas well you got something wrong - that responds with 1.1.1.1 as the address

;; QUESTION SECTION:
;ingress.70tas.us.              IN      A

;; ANSWER SECTION:
ingress.70tas.us.       300     IN      A       1.1.1.1

Gertjan

@70tas said in Dynamic DNS (DDNS) fails to obtain public IP:

/services_dyndns_edit.php: Dynamic DNS (ingress.70tas.us) There was an error trying to determine the public IP for interface - wan (igc0 )

What pfSense does at that moment : it visits the URL : you can see it here :

even better : you can use this URL yourself and see what it shows :

and the IP shown should be your WAN IP. It's the server that creates "the web page", that sends back the page request to the IP known by the server, your WAN IP.
That's can't be 1.1.1.1.

70tas

@johnpoz That is the default IP that is entered in Cloudflare. It should not be returned, as it it a post DNS A record, which shouldn’t be populated until the DDNS client update executes. It is somewhat akin to the what came first, the chicken or the egg.

I’ve used another service to return the correct IP, unfortunately I have to connect to one of my systems to get the curl address.

Thank you all for responding. I am sure it is something I’ve misconfigured and will post more later when I get access to my systems.

johnpoz

@70tas when you setup a cloudflare record - you can put in whatever you want.. It sure doesn't default to 1.1.1.1, so yo put 1.1.1.1 into the record you created.

Per what @Gertjan posted - if you just go to that url what does it show for your IP?

If your system can not go to that url - then no it wouldn't be able to update your ddns. So you for some reason are not able to go to that url - maybe your blocking it?

Gertjan

@johnpoz said in Dynamic DNS (DDNS) fails to obtain public IP:

maybe your blocking it?

@70tas :
Or, the other favorite problem could be : your LAN device, where you use "http://checkip.dyndns.org" in a web browser, it shows the IP as the browser on your PV could use another DNS server, which is not pfSense.

The best test method will be : console or SSH into pfSense, use menu option 8 and then

[25.07-BETA][root@pfSense.bhf.tld]/root: curl http://checkip.dyndns.org
<html><head><title>Current IP Check</title></head><body>Current IP Address: 82.127.xx.108</body></html>

which tells me that pfSEnse has a working DNS, as it has to resolve "checkip.dyndns.org" before it can connect to it.

70tas

@Gertjan Thank you, will try later tonight

70tas

@Gertjan I used a browser to go to "http://checkip.dyndns.org" and it came back with the correct IP assigned by my ISP.

I then ssh'ed to the pfSense, and ran "curl http://checkip.dyndns.org" from the cli. It also came back with the proper IP address.

The log shows:
/services_dyndns_edit.php: Dynamic DNS (ingress.70tas.us) There was an error trying to determine the public IP for interface - wan (igc0)

AndyRH

My favorite is icanhazip.com It only returns the IP address. Much easier when messing with DDNS.

Gertjan

@70tas said in Dynamic DNS (DDNS) fails to obtain public IP:

I used a browser to go to "http://checkip.dyndns.org" and it came back with the correct IP assigned by my ISP.

I then ssh'ed to the pfSense, and ran "curl http://checkip.dyndns.org" from the cli. It also came back with the proper IP address.

Ok, so pfSense 'can' check if needed.

Some reasons why it could fail :

Check the exact moment when "/services_dyndns_edit.php: Dynamic DNS (ingress.70tas.us) There was an error .... " showed up
Now check also the Status > System Logs > System > DNS Resolver log.
Do you see any "notice: Restart of unbound 1.23.0." and "start of service (unbound 1.23.0)." at or around the moment of the "services_dyndns_edit.php" ?
After all, an URL has to be resolved first, and if DNS is not present at that moment, you have your issue explained.

Same thing : check the system log. Was the WAN interface going down and up at that same moment ? When the WAN is temporary down, it will fail.

70tas

@Gertjan Here is what I see a few seconds before DDNS, in the Unboud log:

Jul 15 08:31:21 unbound 62262 [62262:0] info: generate keytag query _ta-4f66-9728. NULL IN
Jul 15 08:31:20 unbound 62262 [62262:0] info: start of service (unbound 1.22.0).
Jul 15 08:31:20 unbound 62262 [62262:0] notice: init module 1: iterator
Jul 15 08:31:20 unbound 62262 [62262:0] notice: init module 0: validator
Jul 15 08:31:20 unbound 62262 [62262:0] notice: Restart of unbound 1.22.0.
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 2: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:20 unbound 62262 [62262:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:20 unbound 62262 [62262:0] info: service stopped (unbound 1.22.0).
Jul 15 08:31:20 unbound 62262 [62262:2] info: generate keytag query _ta-4f66-9728. NULL IN
Jul 15 08:31:20 unbound 62262 [62262:0] info: start of service (unbound 1.22.0).
Jul 15 08:31:20 unbound 62262 [62262:0] notice: init module 1: iterator
Jul 15 08:31:20 unbound 62262 [62262:0] notice: init module 0: validator
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Jul 15 08:31:18 unbound 11265 [11265:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Jul 15 08:31:18 unbound 11265 [11265:0] info: service stopped (unbound 1.22.0).
Jul 15 08:31:18 unbound 11265 [11265:0] info: start of service (unbound 1.22.0).

I also see the following in General log:

Jul 15 08:31:47 php-fpm 30381 /services_dyndns_edit.php: Dynamic DNS (kerveros.70tas.us) There was an error trying to determine the public IP for interface - wan (igc0 ).
Jul 15 08:31:47 php-fpm 30381 /services_dyndns_edit.php: Dynamic DNS: updatedns() starting
Jul 15 08:31:47 check_reload_status 590 Syncing firewall
Jul 15 08:31:47 php-fpm 30381 /services_dyndns_edit.php: Configuration Change: admin@128.244.221.135 (Local Database): Dynamic DNS client configured.
Jul 15 08:31:20 check_reload_status 590 Reloading filter
Jul 15 08:31:20 php-fpm 493 /system.php: NTPD is starting up.
Jul 15 08:31:16 root 45579 /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
Jul 15 08:31:16 check_reload_status 590 Syncing firewall
Jul 15 08:31:16 php-fpm 493 /system.php: Configuration Change: admin@128.244.221.135 (Local Database): System:
Jul 15 08:30:04 php-fpm 2106 /index.php: Successful login for user 'admin' from: 128.244.221.135 (Local Database)
Jul 15 08:15:36 nginx 2025/07/15 08:15:36 [error] 24554#100354: *1888 open() "/usr/local/www/actuator/gateway/routes" failed (2: No such file or directory), client: 79.124.58.198, server: , request: "GET /actuator/gateway/routes HTTP/1.1", host: "76.151.201.197:443"
Jul 15 08:02:58 nginx 2025/07/15 08:02:58 [error] 24554#100354: *1883 open() "/usr/local/www/KVfU" failed (2: No such file or directory), client: 96.126.104.20, server: , request: "GET /KVfU HTTP/1.1", host: "76.151.201.197"
Jul 15 07:41:46 nginx 2025/07/15 07:41:46 [error] 24554#100354: *1880 open() "/usr/local/www/logincheck" failed (2: No such file or directory), client: 198.135.51.111, server: , request: "POST /logincheck HTTP/1.1", host: "76.151.201.197"
Jul 15 07:16:00 nginx 2025/07/15 07:16:00 [error] 24554#100354: *1871 open() "/usr/local/www/_ignition/execute-solution" failed (2: No such file or directory), client: 79.124.58.198, server: , request: "GET /_ignition/execute-solution HTTP/1.1", host: "76.151.201.197:443"
Jul 15 06:54:39 nginx 2025/07/15 06:54:39 [error] 24234#100286: *1864 "/usr/local/www/console/index.php" is not found (2: No such file or directory), client: 79.124.58.198, server: , request: "GET /console/ HTTP/1.1", host: "76.151.201.197:443"

Not sure what the next to last error is about not finding /usr/loca/www/console/index.php

Gertjan

@70tas

During the 2 seconds interval, from 08:31:18 to 08:31:20, the resolver 'Unbound' stopped and started twice [ ].

The error

@70tas said in Dynamic DNS (DDNS) fails to obtain public IP:

Jul 15 08:31:47 php-fpm 30381 /services_dyndns_edit.php: Dynamic DNS (kerveros.70tas.us) There was an error trying to determine the public IP for interface - wan (igc0 ).

was shown at 08:31:47, that 27 seconds later ... what happened at that moment (20 sec before, 0 sec after).
If unbound was still stopping and starting, then you've found the issue.

Normally, unbound never stops (or : gets restarted).
unbound will get restarted if you hook up physically an internet cable -or deactivate a device hooked up on to that cable. Or the device gets powered down / up. (solution : place pnly switches on your LAN and WAN interfaces, and power these with an UPS)
unbound can get restarted under the the control of pfBlockerng - example : if you ask to sync the pfBlockerng feeds every hour, don't be surprised unbound can also get restarted every hours.

But yours restarted twice in 2 seconds. Does it do that all the time ?

About this :

Not sure what the next to last error is about not finding /usr/loca/www/console/index.php

Look two lines up, you posted yourself where that request came from :

Who is this 79.124.58.198 ? you've Bulgarian friends ?

Did you really open up the WAN interface ?? [ ]

Same thing for 198.135.51.111, 96.126.104.20 etc dono what the entire Internet is doing against your pfSense GUI, consider that as 'bad' practice.

70tas

Unbound keeps restarting a few times, but not lately.

Yes I did open 443, so I can get in. 76.151.201.197 is my assigned IP. I can get it via curl and use it to connect temporarily. 76.151.xxx.xxx is my current outbound NAT.
79.124.58.198 is 4vendeta.com a Communication provider, which looks like I am currently hopping from. However, I am still concerned that it cannot find /usr/loca/www/console/index.php. Any ideas?

Tas

70tas

@70tas I ran a traceroute to checkip.dyndns.org, seems okay.

I can resolve checkip.dyndns.org, so that means I have a good DNS.
I can curl checkip.dyndns.org and other IP checkers and I get the proper address back.

I just don't see how this has anything to do with IP addresses, or I wouldn't be able to resolve checkip.dyndns.org. I think the problem has to do with the DDNS updater; the logs don't show that it even tries to connect to Cloudflare, it is just saying it can't get my IP.

70tas

Well, I guess I have to go back to 2,72. I may try reinstalling 2.80 for the third time, but I don’t expect it to work. I wish there were more logs available as to where the (dydns) service is failing, that would make it a lot easier to troubleshoot. I am using Xfinity, pfsense and Cloudflare, it should just work.
Tas

Gertjan

@70tas said in Dynamic DNS (DDNS) fails to obtain public IP:

more logs available as to where the (dydns) service is failing

You checked : Services > Dynamic DNS > Dynamic DNS Clients > Edit :

Plan B :
According to the documentation there is a debug mode.
See here : the source.
Go to line 3377.
Place '//' in front of the return; statement.
Save.

From now on, according to line 239, there will be a log file here /var/etc/, the filebname starts with with "dyndns_" that will contain the debug info.

Don't forget to remove the '//' when your done.

70tas

@Gertjan Thanks for the help. A '//' on that line, which is the end of the conditional crashed the app. I placed a '//' on each of the lines in the conditional, but I do not see any log files in the stated directory. I will have to read the script again to try to figure out where it puts the output; however, I'm a bash guy, so we'll see.

Thanks again.
Tas

Gertjan

@70tas said in Dynamic DNS (DDNS) fails to obtain public IP:

A '//' on that line, which is the end of the conditional crashed the app.

Like this :

worked for me.
No issues / errors.
I did found a log file now :

but not very helpful - it contained just one line :

07-17-25 03:15:27 - (6013287) - [freedns2] - 82.127.26.108/1752758073

let's say that's ok because "all went well".

edit :
bash ? That' way to complicated.
This is PHP, which is somewhat comparable to BASIC.

70tas

Ok, so the equivalent line on my 2.8 is 3369.
No errors this time, but I can't find a log file. I searched the entire file system.
Tas

Gertjan

@70tas

If one is created, its in /var/etc/

If none is created, the the update was deemed not necessary, and was skipped.
You can force an update of course. Delete the 'cache' file, you'll find it in /cf/conf/ - and the file starts with dyndns.... and end with dot cache.