Will dyndns work with another router ahead of pfsense?

Guest

So will dyndns report the correct ip on say the WAN interface if the WAN interface has an ip of like 192.168.1.2

Will it report the public ip?

phil.davis

Yes, it will find out the public IP and set that with DynDNS (I use the actual company DynDNS). I have an ADSL router in front of my pfSense, not in bridge mode. But if the front-end device has its public WAN IP change, then pfSense is not going to notice an interface change (the local little private subnet will stay the same, and no hardware down/up on that for pfSense to react to.
There is a Cron job that wakes up once a day to check the dynamic DNS address. I schedule mine to run every 15 minutes to check if the address is current:

5,20,35,50  	*  	*  	*  	*  	root  	/usr/bin/nice -n20 /etc/rc.dyndns.update 

But I have noticed that it doesn't actually work.
I am having a look at the code now, services.inc services_dyndns_configure seems to only do its thing if the dynamic DNS interface is a gateway group. In my case, there is just a plain old WAN, no gateway group.

stephenw10

Looks interesting. So you just changed the interval on an existing cron job?
I use No-IP free service and I frequently get emails threatening to cut me off because I haven't updated recently. I have in fact been removed from their service several times. It's easy to renew it but very inconvenient. pfSense only updates if the address had changed or 25 (?) days have past and that's not often enough I have found.

I think you will need to modify the 25 day interval as well as scheduling more frequent checks.

Steve

phil.davis

The relevant chunk of code in services.inc services_dyndns_configure is:

foreach ($dyndnscfg as $dyndns) {
	$failovergroup = interface_gateway_group_member($int);
	if (!empty($int) && $int == $dyndns['interface']) {
		services_dyndns_configure_client($dyndns);
		sleep(1);
	} elseif (is_array($gwgroups[$dyndns['interface']])) {
		services_dyndns_configure_client($dyndns);
		sleep(1);				
	} else {
		continue;
	}
}

The regular cron job does not pass an interface parameter ($int is empty). So it goes to the "elseif" above, but that only happens for dyndns interfaces that are a gateway group.
I can't see why that check is needed, if $int is empty, then we want to do services_dyndns_configure_client for every $dyndns that is in the config.
This seems simpler and works:

foreach ($dyndnscfg as $dyndns) {
	$failovergroup = interface_gateway_group_member($int);
	if ((empty($int)) || (!empty($int) && $int == $dyndns['interface']) || (is_array($gwgroups[$dyndns['interface']]))) {
		services_dyndns_configure_client($dyndns);
		sleep(1);
	}
}

The dyndns entry gets actioned if $int is empty, if the $int parameter matches the the dyndns entry interface value or if the dyndns interface is a gateway group. This is the previous behaviour, plus some extra dyndns interfaces being actioned for the $int empty case.
To the developers: is there some special case I am missing here? or does this change look like a good thing in general?
(It works for me - now my WAN address gets updated in DynDNS when I run /etc/rc.dyndns.update)

phil.davis

I use the paid DynDNS service ($US20/year for up to about 30 names), so they don't cut anything off that hasn't been updated. I have a few names that I haven't used for a few months and I can still "nslookup" them on the internet and they resolve to the IP address they last had.
I guess the free services want to remove "unused" stuff from their DNS servers at some point, and (from their point of view) sooner rather than later.

stephenw10

Does it actually update though?
When I run /etc/rc.dyndns.update is runs fine but I see this in the log:

Dec 21 16:45:55 	php: : phpDynDNS: No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
Dec 21 16:45:55 	php: : DynDns: Current WAN IP: 31.185.***.*** Cached IP: 31.185.***.***
Dec 21 16:45:55 	php: : DynDns debug information: 31.185.***.*** extracted from local system.
Dec 21 16:45:55 	php: : DynDns: updatedns() starting

Steve

phil.davis

With the code changes above, installing Cron package, editing the cron job so it runs every 15 minutes, I am now getting this sequence in the system log each 15 minutes:

Dec 21 22:20:01 	php: : DynDns: updatedns() starting
Dec 21 22:20:02 	php: : DynDns debug information (myname.dyndns-ip.com): 49.123.111.11 extracted from checkip.dyndns.org
Dec 21 22:20:02 	php: : DynDNS (myname.dyndns-ip.com): running get_failover_interface for wan. found vr1
Dec 21 22:20:03 	php: : DynDns debug information (myname.dyndns-ip.com): 49.123.111.11 extracted from checkip.dyndns.org
Dec 21 22:20:03 	php: : DynDns (myname.dyndns-ip.com): Current WAN IP: 49.123.111.11 Cached IP: 49.123.111.11
Dec 21 22:20:03 	php: : phpDynDNS: No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.

(I replaced the actual name and real IP with "myname" and "49.123.111.11")
And in Services:Dynamic DNS Clients, the entry in the Cached IP column has changed from red to green and the IP matches the real public IP currently allocated to my front-end ADSL box.

phil.davis

And I put the code change on another system just now. At the next interval I got this in system log:

Dec 21 22:53:26 	php: : DynDns: updatedns() starting
Dec 21 22:53:27 	php: : DynDns debug information (ntc-ibp-inf.dyndns-ip.com): 49.244.236.229 extracted from checkip.dyndns.org
Dec 21 22:53:27 	php: : DynDNS (ntc-ibp-inf.dyndns-ip.com): running get_failover_interface for opt1\. found vr2
Dec 21 22:53:29 	php: : DynDns debug information (ntc-ibp-inf.dyndns-ip.com): 49.244.236.229 extracted from checkip.dyndns.org
Dec 21 22:53:29 	php: : DynDns (ntc-ibp-inf.dyndns-ip.com): Current WAN IP: 49.244.236.229 Cached IP: 49.244.224.120
Dec 21 22:53:29 	php: : DynDns debug information (name.dyndns-ip.com): DynDns: cacheIP != wan_ip. Updating. Cached IP: xx.xxx.224.120 WAN IP: xx.xxx.236.229
Dec 21 22:53:29 	php: : DynDNS (ntc-ibp-inf.dyndns-ip.com): DynDns _update() starting.
Dec 21 22:53:29 	kernel: Bump sched buckets to 256 (was 0)
Dec 21 22:53:33 	php: : DynDNS (name.dyndns-ip.com): DynDns _checkStatus() starting.
Dec 21 22:53:33 	php: : DynDNS (name.dyndns-ip.com): Current Service: dyndns
Dec 21 22:53:34 	php: : DynDns debug information (name.dyndns-ip.com): xx.xxx.236.229 extracted from checkip.dyndns.org
Dec 21 22:53:34 	php: : phpDynDNS: updating cache file /conf/dyndns_opt1dyndns'name.dyndns-ip.com'0.cache: xx.xxx.236.229
Dec 21 22:53:34 	php: : phpDynDNS (name.dyndns-ip.com): (Success) IP Address Changed Successfully! (xx.xxx.236.229)

This system has OpenVPN site-to-site servers. Now that the dynamic IP has been automatically updated with DynDNS, the clients have found the servers and the site-to-site VPN links came up.
I'm glad this post jogged my interest again and got me to look into this - I had been having trouble keeping OpenVPN servers accessible in these type of configs, where the server and DynDNS updater is on a pfSense box that hides behind an ADSL router.

stephenw10

Hmm, Ok.
My own box is not hidden behind NAT the WAN interface has my public IP. Thus it does not have to use a service like checkip.dyndns.org to discover the public address. The address doesn't change so it it does nothing and after about 18 days I get emails. After 25 days it will send the update information even it's still the same but it seems that interval is now too long, for No-IP at least.

Steve