Posted: Wed May 31, 2023 0:55 Post subject: DDNS update failing (no-ip.com)
Hello everyone,
i just noticed that the DDNS client fails to work properly when "Use SSL" is enabled.
Here's an excerpt from the log, which updated after disabling and reenabling SSL. Before that it was a very long list of failures and the domain IP wasn't updated at all.
Quote:
In-a-dyn version 2.10.0 -- Dynamic DNS update client.
Failed connecting to ip1.dynupdate.no-ip.com: Operation in progress
Communication with checkip server ip1.dynupdate.no-ip.com failed, run again with 'inadyn -l debug' if problem persists
Retrying with built-in 'default', api.ipify.org ...
Error creating client socket: Address family not supported by protocol
Failed to get IP address for default@no-ip.com, giving up!
Update forced for alias XXXXX, new IP# XXXXX
Updating IPv4 cache for XXXXX
Failed connecting to ip1.dynupdate.no-ip.com: Operation in progress
Communication with checkip server ip1.dynupdate.no-ip.com failed, run again with 'inadyn -l debug' if problem persists
Retrying with built-in 'default', api.ipify.org ...
Error creating client socket: Address family not supported by protocol
Failed to get IP address for default@no-ip.com, giving up!
Failed connecting to ip1.dynupdate.no-ip.com: Operation in progress
Communication with checkip server ip1.dynupdate.no-ip.com failed, run again with 'inadyn -l debug' if problem persists
Retrying with built-in 'default', api.ipify.org ...
Error creating client socket: Address family not supported by protocol
Failed to get IP address for default@no-ip.com, giving up!
Failed connecting to ip1.dynupdate.no-ip.com: Operation in progress
Communication with checkip server ip1.dynupdate.no-ip.com failed, run again with 'inadyn -l debug' if problem persists
Retrying with built-in 'default', api.ipify.org ...
Error creating client socket: Address family not supported by protocol
Failed to get IP address for default@no-ip.com, giving up!
I'm running DD-WRT v3.0-r52369 big on an RT-N66U, "Use External IP Check" is enabled. Disabling "Use SSL" seems to work fine. The time zone and current time are set correctly. "Force Update Interval" is 1.
Edit: upgraded to 52720, now i get this :
Quote:
In-a-dyn version 2.11.0 -- Dynamic DNS update client.
Startup delay: 30 sec ...
Failed connecting to ip1.dynupdate.no-ip.com: Operation in progress
Communication with checkip server ip1.dynupdate.no-ip.com failed, run again with 'inadyn -l debug' if problem persists
Retrying with built-in 'default', http://ifconfig.me/ip ...
Please note, ip1.dynupdate.no-ip.com seems unstable, consider overriding it in your configuration with 'checkip-server = default'
Update forced for alias XXXX, new IP# XXXX
Updating IPv4 cache for XXXX
Did you try disabling external IP check and SSL, save, apply, reboot? There was one of the supported services modules that prompted the addition of disabling SSL because it would fail and normally, you don't need to use external IP check. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Wed May 31, 2023 14:39 Post subject:
ciscodlink wrote:
Thanks for the reply, I upgrded to 52720, disabled SSL and external IP check, rebooted as suggested. Now i get this
Quote:
In-a-dyn version 2.11.0 -- Dynamic DNS update client.
Startup delay: 30 sec ...
Error running 'INADYN_PROVIDER="default@no-ip.com" INADYN_USER="XXXXX" /sbin/service checkwanip main': 0 bytes read
Update forced for alias XXXX, new IP# XXXXX (public IP, correct)
Updating IPv4 cache for XXXX
I should also say that the router has no WAN and only a private class C IP.
In-a-dyn is supposed to use the IP address of the WAN port to update your DDNS domain name. It seemed that your DD-WRT was not used as DDNS device. You should just disable the DDNS function?
I dunno whether you could specify a different interface as the source of DDNS IP address.
You might wanna post your /tmp/ddns/inadyn.conf (without exposing password, username & hostname) and maybe /tmp/ddns/ddns.log. _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Ah, so we failed to mention that the device is configured as a Wireless AP; "Use External IP Check" should be enabled, then. Are you sure that there aren't any DNS errors involved? Why exactly is this not being done on your edge router? _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
In-a-dyn version 2.11.0 -- Dynamic DNS update client.
Failed connecting to ip1.dynupdate.no-ip.com: Operation in progress
Communication with checkip server ip1.dynupdate.no-ip.com failed, run again with 'inadyn -l debug' if problem persists
Retrying with built-in 'default', http://ifconfig.me/ip ...
Please note, ip1.dynupdate.no-ip.com seems unstable, consider overriding it in your configuration with 'checkip-server = default'
Update forced for alias XXXX, new IP# XX
Updating IPv4 cache for XXX
Failed connecting to ip1.dynupdate.no-ip.com: Operation in progress
Communication with checkip server ip1.dynupdate.no-ip.com failed, run again with 'inadyn -l debug' if problem persists
Retrying with built-in 'default', http://ifconfig.me/ip ...
Please note, ip1.dynupdate.no-ip.com seems unstable, consider overriding it in your configuration with 'checkip-server = default'
Failed connecting to ip1.dynupdate.no-ip.com: Operation in progress
Communication with checkip server ip1.dynupdate.no-ip.com failed, run again with 'inadyn -l debug' if problem persists
Retrying with built-in 'default', http://ifconfig.me/ip ...
Please note, ip1.dynupdate.no-ip.com seems unstable, consider overriding it in your configuration with 'checkip-server = default'
[truncated, same lines repeating over and over]'
Indeed, I use it only as an AP and switch, reasons for wich I always had external IP check on. The WAN port is assigned to LAN VLAN 1 (tagged), it's connected to a switch and through it to my edge router over a VLAN Trunk which carries my LAN VLAN and WAN VLAN (yeah, convoluted, I made it this way in order to ditch a wireless bridge and because of the way the house is cabled, and I'm fairly confident VLANS are not the issue here). It never was my edge router, an Archer C7 V5 running OpenWrt took over the duty when I changed providers (I couldn't configure a VLAN 7 tag on the WAN interface on DDWRT for the life of it). So it's more of a legacy that I run DDNS on this ASUS/DDWRT. It worked fine for a long time on 42617 (same VLAN setup) as far as I can remember, then I switched to 52369, aftrer which I first started to see this issue when an internal service wasn't reachable over the not up to date domain.
I believe there are no DNS issues, it's configured under "Network Setup / Router IP, Local DNS" to query a PiHole which in turn queries Unbound on the same Raspberry Pi. All my network devices use it w/o an issue. The NTP client also works properly, the time and timezone are correct.
Here's an "nslookup ip1.dynupdate.no-ip.com" on DDWRT:
In-a-dyn version 2.11.0 -- Dynamic DNS update client.
Update forced for alias XXX, new IP# XXX
Updating IPv4 cache for XXX
edit:
There appears to be no HTTPS version of ip1.dynupdate.no-ip.com, see https://www.noip.com/integrate/ip-detection
Is there a way to enforce using HTTPS for updating the IP but not for checking it?
Could you ping ifconfig.me from your DD-WRT?
Can you access "https://ifconfig.me/ip" from your browser?
Could you execute "curl https://ifconfig.me/ip" from your DD-WRT?
Could you execute "curl ip1.dynupdate.no-ip.com"?
Accessing ifconfig.me/ip (External IP Check) should show your public IP address, which would be used to update your DDNS domain.
The error message mentioned "inadyn -l debug". Maybe you should try it and post its output.
For the mean time, maybe you should just NOT use SSL.
Someone isn't getting enough sleep or paying attention <lol> It happens.
mwchang wrote:
I guess you're using "Using External IP Check"!
ciscodlink wrote:
Indeed, I use it only as an AP and switch, reasons for wich I always had external IP check on.
dale_gribble39 wrote:
Ah, so we failed to mention that the device is configured as a Wireless AP; "Use External IP Check" should be enabled, then.
Uhm, 'fraid not, most likely.
ciscodlink wrote:
There appears to be no HTTPS version of ip1.dynupdate.no-ip.com, see https://www.noip.com/integrate/ip-detection
Is there a way to enforce using HTTPS for updating the IP but not for checking it?
_________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
PING ifconfig.me (34.160.111.145): 56 data bytes
64 bytes from 34.160.111.145: seq=0 ttl=119 time=5.232 ms
64 bytes from 34.160.111.145: seq=1 ttl=119 time=5.312 ms
64 bytes from 34.160.111.145: seq=2 ttl=119 time=5.291 ms
--- ifconfig.me ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 5.232/5.278/5.312 ms
Quote:
Can you access "https://ifconfig.me/ip" from your browser?
The error message mentioned "inadyn -l debug". Maybe you should try it and post its output.
- it outputs nothing
meanwhile the Service Status reports the following, IP Check and SSL are active:
Quote:
No write permission to //.inadyn: Read-only file system
Cannot guarantee DDNS server won't lock you out for excessive updates.
In-a-dyn version 2.11.0 -- Dynamic DNS update client.
Cannot read configuration file /usr/etc/inadyn.conf
Error code 74: Missing .conf file
I guess I could make use of these in the config file, if I knew where it was. /etc/inadyn.conf does not exist and /tmp/ddns/inadyn.conf smells of nonpersistence upon reboot.
This setting allows overriding the provider’s default checkip server. The default keyword resolves to the built-in default, http://ifconfig.me/ip, which affect not only this setting, but also checkip-path and checkip-ssl. Any other value is the server name to query periodically for IP address changes. The optional :port argument defaults to 443, see checkip-ssl for details.
This is an optional setting. For provider{} sections it defaults to a pre-defined checkip-server and checkip-path for the given DDNS provider. For custom() DDNS setups it defaults to the built-in default (abvove).
checkip-path = /some/checkip/url
Optional server path for check IP server, defaults to "/". When the checkip-server is set to default, this setting is ignored.
checkip-ssl = <true | false>
This setting usually follows the ssl setting, but can be used to disable HTTPS for the IP address check. This might be needed for some providers that only support HTTPS for the DNS record update.
However, when a custom checkip-server is defined for a provider, this setting does not follow the ssl setting. Default is to use HTTPS (true).
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Fri Jun 02, 2023 1:33 Post subject:
You've already stated that no-ip has no SSL support on their end to communicate with their system. Don't know why you'd still clobber away at it by re-enabling SSL. If you want SSL support for no-ip, you have to take it up with them, not DD-WRT. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Joined: 26 Mar 2013 Posts: 1858 Location: Hung Hom, Hong Kong
Posted: Fri Jun 02, 2023 2:46 Post subject:
ciscodlink wrote:
meanwhile the Service Status reports the following, IP Check and SSL are active:
Quote:
No write permission to //.inadyn: Read-only file system
Cannot guarantee DDNS server won't lock you out for excessive updates.
In-a-dyn version 2.11.0 -- Dynamic DNS update client.
Cannot read configuration file /usr/etc/inadyn.conf
Error code 74: Missing .conf file
there are only "mc" and "tor" under /usr/etc
By default, In-a-dyn is using /tmp/ddns/inadyn.conf not other folders.
If you wanna try custom setup, be aware that it might break things. You possibly mixed up your custom In-a-dyn and DD-WRT's In-a-adyn, because of Tor? mc (Midnight Commander?) is not in DD-WRT's default program list. Are you toying with Entware?
You might consider resetting all settings to factory defaults, deleteing Entware and start all over again. This time, don't try unsupported things and clearly memorize what had done. _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
You've already stated that no-ip has no SSL support on their end to communicate with their system. Don't know why you'd still clobber away at it by re-enabling SSL. If you want SSL support for no-ip, you have to take it up with them, not DD-WRT.
So I tried to add checkip-ssl = false and checkip-server = default, into inadyn.conf by using a startup script but it results in the same behaviour. Using ifconfig.me for the server and /ip for the path also changed nothing.
I have a similar problem with Dnsomatic and have tried toggling on and off ssl and use external ip check on my main r7000p using #53469.
Code:
In-a-dyn version 2.12.0-dev -- Dynamic DNS update client.
Startup delay: 30 sec ...
Update forced for alias all.dnsomatic.com, new IP# blahblah
Fatal error in DDNS server response: DDNS server response not OK
Error response from DDNS server, ignoring ...
Update forced for alias all.dnsomatic.com, new IP# blahblahblah
Fatal error in DDNS server response: DDNS server response not OK
It is updating to the correct ip, and i saw someone reference that the problem might be that i am using adguard on a raspberry pi as my dns server and something about needing to send just the update thru the firewall to use their servers. But the routing and dnsmasq instructions that post had did not work for me and im asking for help as that might not be the issue at all I guess.
Updates seem to work with ssl selected and not selected but i get the error and it checks every few seconds...I've read many posts, and tried many things, cant figure out how to solve....
here is my config...
from looking at that, i do see it is configured to check some wanip, but i have it set not to in the gui....so not sure where its getting that...or that might be the problem, but dont know how to change, or that might just be the command it uses to update...
Anyway, im happy to provide any other info, just let me know what i need.
just in case it matters
Pi dns server is 192.168.0.149
router is 192.168.0.1
wap/secondary router at 192.168.1.1/192.168.0.113 in routing table
wap/tertiary router at 192.168.2.1/192/168.0.114 in routing table.
This worked fine for years, but was a custom command until the wizards put in the dnsomatic drop down and i think worked after that. Im guessing it is not a ddwrt issue, a change was made on dnsomatic and i have not been able to change the ddwrt setting correctly.
I do have access points and other stuff going on but dns is working and im guessing those other routers are not the problem...but im sure its something easy im missing...