I’ve edited the wiki article to reflect the new settings.
For the records.
Remains the problem to check all implemented providers. Do we have enough ‘responsive’ users reporting those issues?
Thanks for the investigation …
So here’s the latest follow on:
I just went in and I ran the ddns -d update-all --force
and here is the output 
################################
root@192.168.63.1’s password:
Last login: Fri Oct 22 15:47:13 2021 from 10.121.229.6
[root@FIREWALL ~]# ddns -d update-all --force > ddnsupdate.log
Debugging mode enabled
Registered new provider: All-inkl.com (all-inkl.com)
Registered new provider: ChangeIP.com (changeip.com)
Registered new provider: DDNSS (ddnss.de)
Registered new provider: desec.io (desec.io)
Registered new provider: DHS International (dhs.org)
Registered new provider: Lightning Wire Labs DNS Service (dns.lightningwirelabs.com)
Registered new provider: DNSmadeEasy.com (dnsmadeeasy.com)
Registered new provider: DNS Park (dnspark.com)
Registered new provider: Domain-Offensive (do.de)
Registered new provider: Google Domains (domains.google.com)
Registered new provider: domopoli.de (domopoli.de)
Registered new provider: DtDNS (dtdns.com)
Registered new provider: Duck DNS (duckdns.org)
Registered new provider: dy.fi (dy.fi)
Registered new provider: Dyn (dyndns.org)
Registered new provider: DyNS (dyns.net)
Registered new provider: Dynu (dynu.com)
Registered new provider: DynUp.DE (dynup.de)
Registered new provider: EasyDNS (easydns.com)
Registered new provider: eNom Inc. (enom.com)
Registered new provider: EntryDNS (entrydns.net)
Registered new provider: freedns.afraid.org (freedns.afraid.org)
Registered new provider: he.net (he.net)
Registered new provider: INWX (inwx.com)
Registered new provider: it’s DNS (itsdns.de)
Registered new provider: Joker.com Dynamic DNS (joker.com)
Registered new provider: dynamicdns.key-systems.net (key-systems.net)
Registered new provider: Loopia AB (loopia.se)
Registered new provider: myonlineportal.net (myonlineportal.net)
Registered new provider: Namecheap (namecheap.com)
Registered new provider: NoIP (no-ip.com)
Registered new provider: NOW-DNS (now-dns.com)
Registered new provider: BIND nsupdate utility (nsupdate)
Registered new provider: nsupdate.info (nsupdate.info)
Registered new provider: OpenDNS (opendns.com)
Registered new provider: OVH (ovh.com)
Registered new provider: Regfish GmbH (regfish.com)
Registered new provider: Schokokeks (schokokeks.org)
Registered new provider: Selfhost.de (selfhost.de)
Registered new provider: servercow.de (servercow.de)
Registered new provider: SPDYN (spdns.org)
Registered new provider: Strato AG (strato.com)
Registered new provider: TwoDNS (twodns.de)
Registered new provider: Udmedia GmbH (udmedia.de)
Registered new provider: Variomedia (variomedia.de)
Registered new provider: XLhost (xlhost.de)
Registered new provider: Zoneedit (zoneedit.com)
Registered new provider: zzzz (zzzz.io)
Running on distribution: ipfire-2
Loading configuration file /var/ipfire/ddns/ddns.conf
Updating XXXXX.freeddns.org forced
Sending request (GET): https://checkip4.dns.lightningwirelabs.com
Request header:
User-agent: IPFireDDNSUpdater/014
Pragma: no-cache
Response header (Status Code 200):
content-length: 33
vary: Accept-Encoding
etag: “86661dbdfb1c58774222da0d7ebdf5722d8475c9”
date: Sun, 24 Oct 2021 16:43:44 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000; includeSubDomains; preload
connection: close
Sending request (GET): https://api.dynu.com/nic/update?hostname=XXXXX.freeddns.org&myip=2.87.219.147
Request header:
Authorization: Basic c29waGlhZ2tpb2thOkxldG1lMW4xMjM=
User-agent: IPFireDDNSUpdater/014
Pragma: no-cache
Response header (Status Code 200):
Date: Sun, 24 Oct 2021 16:43:45 GMT
Server: Dynu Web Server
X-Powered-By: Dynu Dynamic DNS Service
Content-Length: 5
Content-Type: text/html; charset=UTF-8
Dynamic DNS update for XXXXX.freeddns.org (Dynu) successful
Logging successful update for XXXXX.freeddns.org
Opening database /var/lib/ddns.db
Updating XXXXX.mooo.com forced
Sending request (GET): https://sync.afraid.org/u/xxxxxxxxxxxxxxxxxxxxxxxxxxx/
Request header:
User-agent: IPFireDDNSUpdater/014
Pragma: no-cache
Response header (Status Code 200):
Server: nginx
Date: Sun, 24 Oct 2021 16:43:45 GMT
Content-Type: text/plain;charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Dynamic DNS update for XXXXX.mooo.com (freedns.afraid.org) successful
Logging successful update for XXXXX.mooo.com
[root@FIREWALL ~]# ls -l
total 0
-rw-r–r-- 1 root root 0 Oct 24 19:43 ddnsupdate.log
-rw-r–r-- 1 root root 0 May 4 11:00 ipfire
[root@FIREWALL ~]# cat /var/log/messages | grep DNS
Oct 24 19:43:47 FIREWALL ddns[4014]: Dynamic DNS update for XXXXX.freeddns.org (Dynu) successful
########################
What is interesting I then went and rechecked the logs and noticed after a scheduled system restart ( Sunday 04:25) without doing anything further the problem seems to have gone away:
** PS I had rebooted yesterday both after running your fix ( removing the letter d) and after running the ddns -d update-all --force
weird…
I have another site I can try I will do the token change with freedns and then the “D” fix for the record do you think it is necessary to then run ddns -d update-all --force…
Or better just reboot and let it update on reboot ??
DYI
All of todays logs :
19:43:48 ddns[4014]: Dynamic DNS update for xxxxxx.mooo.com (freedns.afraid.org) successful
19:43:47 ddns[4014]: Dynamic DNS update for xxxxxx.freeddns.org (Dynu) successful
Previous days log: ( prior to scheduled reboot)
03:35:01 ddns[30496]: Further updates will be withheld until 2021-10-23 00:35:01.570360
03:35:01 ddns[30496]: DDNSUpdateError: The update could not be performed
03:35:01 ddns[30496]: Last failure message:
03:35:01 ddns[30496]: An update has not been performed because earlier updates failed for xxxxxx.mooo .com
03:30:00 ddns[30309]: Further updates will be withheld until 2021-10-23 00:35:01.570360
03:30:00 ddns[30309]: DDNSUpdateError: The update could not be performed
03:30:00 ddns[30309]: Last failure message:
03:30:00 ddns[30309]: An update has not been performed because earlier updates failed for xxxxxx.mooo .com
03:25:01 ddns[30144]: Further updates will be withheld until 2021-10-23 00:35:01.570360
…
So just for the information … 3rd Site test
with regard to freedns.afraid.org after update to 160 and changing the token to a V2 one, remove the extra letter D in the providers.py ( then a reboot)
No update for DNS occurs you just keep getting the logs every few minutes similar to:
“Further updates will be withheld until…
DDNSUpdateError: The update could not be performed
Last failure message:
An update has not been performed because earlier updates failed for …”
After running ddns -d update-all --force
It seems to clear this and then the updater appears to work correctly ( so far) Tested with a reboot and a disconnect and reconnect on the dial up and logs appear clean
And no erroneous logs (unhandle d exception etc)
I think the “withheld” and “DDNSUpdateError” messages are to be expected in this situation.
The --force update clears the withhold after the successful update.
1 Like
All seems to work A-OK with Core Update 162. I needed to update freedns.afraid.org to Version 2 and change my token info. Once that was done it all worked as expected.
I also added a wiki page to help others with freedns.afraid.org:
wiki.ipfire.org - Additional info - FreeDNS
3 Likes
Yes, you are right. C162 includes the changes for Version2 of freedns.afraid.org.
And thanks for your good explanation of these ‘mysteries’.
Regards,
Bernhard
Since I got everything working for freedns.afraid.org, I have a new problem. It looks like the WUI (at least) thinks that the dynamic DNS IP is incorrect (and lists it as red) and keeps trying to update every 5 minutes. The updates are showing in the log as successful and I verified that the IP is correct, but IP Fire seems to think it’s not.
The service URL is in red, but the host column reflects the state.
See wiki.ipfire.org - Dynamic DNS
I am aware of that fact. Hostname is red even though it should be green.
Looking back on my logs, it looks like 5 minute updates even when the IP is already correct has been standard. That seems excessive to me but shrug
I just checked by setting my cable device to router mode. IPFire gets a local IP on red0.
host name went red. Setting ‘Guess the real public IP…’ turned it green again.
To elaborate a bit more about these ‘miracles’. If you are behind a router, your red0 IP is out of the private pool at the LAN of the router. The DDNS update publishes the public IP of the router’s WAN port.
So your host resolves to this IP. ddns.cgi does a DNS lookup of your DDNS host and compares it to the red0 IP. Because they are different the host name shows up in red.
2 Likes
That would be expected behavior. You set your cable modem to router mode and your IP Fire box is going to get an inside IP from the router instead of the outside one and you’ll be double-firewalled. Changing the setting to “Guess my real IP” is made precisely for that situation since IP Fire otherwise wouldn’t know the correct IP.
I’m not using my cable modem as a router so I’m getting the correct outside IP already and it is updating correctly, it just isn’t showing correctly in the WUI.
I do know what I am doing here, and it was working prior to CU 160. Then it broke as posted above and I had to change to the V2 API, force an update through the shell, etc. It’s updating correctly and I can connect to my network using it but showing wrong in the WUI.
I am not sure what is causing the problem here but in my CU162 my DDNS is not updating every 5 minutes and is showing green in the WUI.
What does your log say the reason for the check every 5 minutes is?
It doesn’t give a reason, the update just shows as succesful. This is all that shows up. I hashed out the hostname for security reasons, but it is correct.
00:40:01 ddns[10699]: Dynamic DNS update for ######### (freedns.afraid.org) successful
00:45:00 ddns[10920]: Dynamic DNS update for ######### (freedns.afraid.org) successful
00:50:03 ddns[11141]: Dynamic DNS update for ######### (freedns.afraid.org) successful
00:55:01 ddns[11361]: Dynamic DNS update for ######### (freedns.afraid.org) successful
01:00:00 ddns[11586]: Dynamic DNS update for ######### (freedns.afraid.org) successful
I checked my account at freedns.org.
The IP followed my changes. This is possible because my provider just hands out different IPs for different MACs. Don’t know whether this is an effect of my ‘dynamic IPv4 contract’.
Again, IP Fire shows the correct external IP. It is updating freedns.afraid.org successfully. The IP on freedns.afraid.org is correct. It works when I try to connect to my network from work. The only issue is that IP Fire is showing it in red as though it ISN’T correct and trying to update it every 5 minutes.
Have you tried ddns -d update-all --force from the shell?
This should give a bit more information.
Can your IPFire system resolve your host name to the correct IP?
You’ll get a successful if your token is correct but the hostname ( freedns.afraid.org subdomain name) is wrong.
I added and “xyz” the the end of my working hostname and is causes successful to appear in the log but red on the WebGUI.
Dec 30 17:49:08 ipfire ddns[17072]: Dynamic DNS update for nnnnnxyz.dynet.com (freedns.afraid.org) successful
1 Like
Interesting. But clear, if we look at the update process.
The ddnsupdater just sends the token. The association host name – token is only defined at the freedns.afraid.org server. But the hostname at IPFire can be arbitrary to be successful.
We can’t check this. So the red signals "an update of some sort is required " as the wiki states.
From the freedns site:
You can include: content-type=json in your request, as part of the request URI, you’ll receive a detailed JSON encoded response.
I don’t know theIPFire ddns code, but maybe the IPFire request includes json and reply from freedns includes the hostname:
[root@ipfire ~] # curl https://sync.afraid.org/u/[yourToken]/?content-type=json
{"system":"randomkey","changedrecords":0,"targets":[{"host":"gizmo.dynet.com","lastip":"73.nnn.nn.n","thisip":"73.nnn.nn.n","ts":1640811084,"statuscode":100,"statustext":"No IP change detected for abcdef.ghijk.com with IP 73.nnn.nn.n, skipping update"}],"summary":"No IP change detected for abcdef.ghijk.com with IP 73.nnn.nn.n, skipping update"}
EDIT: or not:
I found my particular problem and found that it’s a known issue with dyndns when you have a matching listing in hosts. Dyndns resolves the URL to the locally defined green address instead of the correct external one. That results in dyndns thinking it’s wrong even though it’s not.
1 Like