Posted: Thu Jul 30, 2020 18:41 Post subject: [SOLVED] DDNS updater error with OpenDNS/DNS-O-Matic
Something is going on with the DDNS updater. I've had a stable setup for years using OpenDNS' DNS-O-Matic service, but in the last week or so something has changed and is now causing an error.
I also added the command to my startup commands (minus the cron numerics).
That's a good workaround, if used disable GUI DDNS. Just a note about my_user_name, if it is your email address eg. user@yahoo.com use user%40yahoo.com _________________ Home Network on Telus 1Gb PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r53562 Std k4.9
Off Site 1
R7000 - Gateway & WiFi & WireGuard - DDWRT r54517 Std
E3000 - Station Bridge - DDWRT r49626 Mega K4.4
Off Site 2
R7000 - Gateway & WiFi - DDWRT r54517 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531
Posted: Mon Aug 24, 2020 22:39 Post subject: Problem solved!
OpenDNS support got back to me today. They said this:
Quote:
Can you try updating your router/application to send updates to updates.dnsomatic.com using port 443 (https://updates.dnsomatic.com)? We no longer allow updates to this service using port 80.
Leaving everything else as-is, adding port 443 in the URL works like a champ. (https://updates.dnsomatic.com:443/nic/update?hostname=) No more need for cron or startup scripts.
I've attached a screen shot for posterity. Hope this helps in the future.
Posted: Sat Oct 03, 2020 11:18 Post subject: Re: Problem solved!
siege wrote:
OpenDNS support got back to me today. They said this:
Quote:
Can you try updating your router/application to send updates to updates.dnsomatic.com using port 443 (https://updates.dnsomatic.com)? We no longer allow updates to this service using port 80.
Leaving everything else as-is, adding port 443 in the URL works like a champ. (https://updates.dnsomatic.com:443/nic/update?hostname=) No more need for cron or startup scripts.
I've attached a screen shot for posterity. Hope this helps in the future.
Thank you so much! Works great!
Any idea why this issue has started occurring in the first place?
Posted: Sat Aug 07, 2021 19:42 Post subject: Re: Problem solved!
siege wrote:
OpenDNS support got back to me today. They said this:
Quote:
Can you try updating your router/application to send updates to updates.dnsomatic.com using port 443 (https://updates.dnsomatic.com)? We no longer allow updates to this service using port 80.
Leaving everything else as-is, adding port 443 in the URL works like a champ. (https://updates.dnsomatic.com:443/nic/update?hostname=) No more need for cron or startup scripts.
I've attached a screen shot for posterity. Hope this helps in the future.
Joined: 01 Feb 2016 Posts: 54 Location: Oregon, U.S.
Posted: Fri Feb 03, 2023 7:52 Post subject:
I know this is resurrecting a really old topic, but I have finally obtained some rather useful information in regards to DNS-O-MATIC.
I stumbled across what makes DNSOMATIC work consistently and reliably while trying to resolve a NTP issue.
There are just three simple rules that must be satisfied in order for update requests to be accepted.
1) Update requests must be sent using HTTPS/SSL to port 443.
2) updates.dnsomatic.com must be resolved using OPENDNS servers. No exceptions.
3) You must add OPENDNS as one of your services to be updated.
NOTE: myip.dnsomatic.com must be resolved using OPENDNS servers, if you are using one of their update clients.
Rule #1 is pretty self explanatory - You send your update requests to PORT 443 using SSL.
Rule #2 Cisco added a layer of validation so only Cisco Umbrella or OpenDNS users are able to use dns-o-matic. Update requests are validated by checking the IP of the request against DNS requests at OPENDNS servers. If corresponding DNS request is not found, the update request is dropped.
Rule #3 is fairly straight forward also. You need to add the OPENDNS service to DNSOMATIC account. If you do not it means you are not a OPENDNS customer and your updates will be dropped. You don't have to use OPENDNS, you just need to update it.
So how do you make it work?
Easy! If you are not using OPENDNS as your primary DNS just add these two lines to your DNSMASQ Additional Options in the GUI:
You could also use 208.67.220.220 (resolver2.opendns.com)
It struck me while trying to get the NTP client to resolve 'time-c-b.nist.gov' using encrypted DNS with the wrong system time at bootup, which doesn't work. Then I saw a thread that said to use an IP address or add server=/[NTP URL}/{DNS IP} line to resolve the NTP URL using unencrypted dns. Hmmmm? Could I use that to make DNSMASQ use OPENDNS to resolve the DNSOMATIC URL's without changing my primary DNS. And it worked.
Basically I was trying to solve one problem and stubbed my toe on the solution to another.