Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Dynamic DNS + XMLRPC SYNC

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    3 Posts 2 Posters 287 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • luckman212L Offline
      luckman212 LAYER 8
      last edited by

      All I could find was a 6-year old post about this so I thought I'd ask again since this "bit" me today:

      I have a 25.11+ cluster of 1537's with 2 WANs (both static IP) and a DynDNS bound to the Failover GW Group so our VPN server IP floats to WAN2 during outages. The GW Group is set to use the CARP VIP address, not the Interface Addresses.

      I noticed that the DynDNS XML is not synced to the backup HA node.

      I feel the decision to not sync that config no longer makes sense. I understand there is a possible footgun here if the user forgets to switch the Gateway Group to the VIP instead of the Interface IP (and they end up fighting each other) but a warning or some input validation would fix that.

      Can #7292 be reconsidered?

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        The problem you run into there is the secondary could trigger updates when you don't want them to happen.

        Making that behave properly would require adding a lot more logic to DDNS updates to know when they're using a CARP VIP (directly or via gateway groups) and to not update unless the node has control of that VIP. Then you'd also practically have to force using a CARP VIP in every possible context of a DDNS entry that's eligible to sync.

        While it's technically possible, there are so many pitfalls there it becomes impractical. Trying to sort all that out is a logistical nightmare and has the potential to introduce problems that affect unrelated use cases.

        tl;dr: Extremely high effort, extremely high potential for problems, very few requests for the behavior.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        luckman212L 1 Reply Last reply Reply Quote 0
        • luckman212L Offline
          luckman212 LAYER 8 @jimp
          last edited by

          What is the recommended method of ensuring high availability of a service running on or behind an HA cluster then? Require running the DynDNS client on a separate system (not the firewall itself?)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.