Project

General

Profile

Bug #11815

NoIP.com Dynamic DNS update failure is not detected properly

Added by I Ivanov about 2 months ago. Updated 17 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Dynamic DNS
Target version:
Start date:
04/19/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:
amd64

Description

DynDNS does not update IP address on service NoIP.com (paid), even though the address has changed, in 2.5.0 CE and 2.5.1 CE

With new IP is YY.YY.YY.YY, and old IP XX.XX.XX.XX it is in log:

php-fpm 59326 /services_dyndns_edit.php: Dynamic DNS noip (mydomain.ddns.net): _checkStatus() starting.
php-fpm 59326 /services_dyndns_edit.php: Dynamic DNS noip (mydomain.ddns.net): XX.XX.XX.XX extracted from local system.
php-fpm 59326 /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_wannoip'mydomain.ddns.net'0.cache: XX.XX.XX.XX
php-fpm 59326 /services_dyndns_edit.php: phpDynDNS (mydomain.ddns.net): (Success) IP address is current, no update performed.

243.diff (2.16 KB) 243.diff Viktor Gurov, 05/06/2021 05:35 AM

Associated revisions

Revision 8ec7864a (diff)
Added by Viktor Gurov about 1 month ago

NoIP.com DynDNS fix. Issue #11815

History

#1 Updated by Viktor Gurov about 2 months ago

Could be related to #6638

#2 Updated by Marcos Mendoza about 2 months ago

The logs make it sound less like it failed to update with the service, and more-so that the public IP at the time remained the same. Does the WAN actually show a different public IP at the time of DDNS update?

#3 Updated by Kris Phillips about 1 month ago

I Ivanov wrote:

DynDNS does not update IP address on service NoIP.com (paid), even though the address has changed, in 2.5.0 CE and 2.5.1 CE

With new IP is YY.YY.YY.YY, and old IP XX.XX.XX.XX it is in log:

php-fpm 59326 /services_dyndns_edit.php: Dynamic DNS noip (mydomain.ddns.net): _checkStatus() starting.
php-fpm 59326 /services_dyndns_edit.php: Dynamic DNS noip (mydomain.ddns.net): XX.XX.XX.XX extracted from local system.
php-fpm 59326 /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_wannoip'mydomain.ddns.net'0.cache: XX.XX.XX.XX
php-fpm 59326 /services_dyndns_edit.php: phpDynDNS (mydomain.ddns.net): (Success) IP address is current, no update performed.

Tested with Afraid Free DNS and a RFC2136 DynDNS client and these both work just fine. Whatever is going on here isn't systemic in the DynDNS client. As Viktor pointed out, it may be something with the API change we made in 2.5.0, but the logs would seem to indicate that the WAN IP just didn't change as far as pfSense can tell.

#4 Updated by Jim Pingle about 1 month ago

  • Status changed from New to Rejected

Rejecting for now. If OP can provide more detail pointing to a potential cause or a reliable means of reproducing the problem, we can reopen the issue.

From the logs provided it does appear that the address did not change from the perspective of pfSense at the time those logs were taken.

#5 Updated by Stefan Bauer about 1 month ago

Hi pleas re-open. Problem still exists here as well. Looks like its a parsing issue as the username is 'GROUPNAME:USERNAME' (thats a way to have multiple tenants on a single no-ip account).

Username is TEST:

Steps to reproduce:

Create new dyndns hostname in no-ip web-interface.
setup credentials in pfsense.
Hit save.

Notice following logs:

May 5 17:35:48    php-fpm    2717    /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_lannoip'dh.viewdns.net'1.cache: 24.134.97.169
May 5 17:35:48    php-fpm    2717    /services_dyndns_edit.php: phpDynDNS (dh.viewdns.net): (Success) IP address is current, no update performed.
May 5 17:39:32    php-fpm    86989    /services_dyndns_edit.php: Dynamic DNS: updatedns() starting
May 5 17:39:32    php-fpm    86989    /services_dyndns_edit.php: Dynamic DNS noip (dh.viewdns.net): 24.134.97.169 extracted from Check IP Service
May 5 17:39:32    php-fpm    86989    /services_dyndns_edit.php: Dynamic DNS (dh.viewdns.net): running get_failover_interface for wan. found vtnet2
May 5 17:39:32    php-fpm    86989    /services_dyndns_edit.php: Dynamic DNS noip (dh.viewdns.net): _update() starting.
May 5 17:39:33    php-fpm    86989    /services_dyndns_edit.php: Response Header: HTTP/2 401
May 5 17:39:33    php-fpm    86989    /services_dyndns_edit.php: Response Header: server: nginx
May 5 17:39:33    php-fpm    86989    /services_dyndns_edit.php: Response Header: content-type: text/plain; charset=UTF-8
May 5 17:39:33    php-fpm    86989    /services_dyndns_edit.php: Response Header: cache-control: no-cache
May 5 17:39:33    php-fpm    86989    /services_dyndns_edit.php: Response Header: www-authenticate: Basic realm="No-IP DNS Update API" 
May 5 17:39:33    php-fpm    86989    /services_dyndns_edit.php: Response Header: date: Wed, 05 May 2021 15:39:33 GMT
May 5 17:39:33    php-fpm    86989    /services_dyndns_edit.php: Response Header: content-length: 9
May 5 17:39:33    php-fpm    86989    /services_dyndns_edit.php: Response Header:
May 5 17:39:33    php-fpm    86989    /services_dyndns_edit.php: Response Header:
May 5 17:39:33    php-fpm    86989    /services_dyndns_edit.php: Response Data: badauth\x0d
May 5 17:39:33    php-fpm    86989    /services_dyndns_edit.php: Dynamic DNS noip (dh.viewdns.net): _checkStatus() starting.
May 5 17:39:34    php-fpm    86989    /services_dyndns_edit.php: Dynamic DNS noip (dh.viewdns.net): 24.134.97.169 extracted from Check IP Service
May 5 17:39:34    php-fpm    86989    /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_lannoip'dh.viewdns.net'1.cache: 24.134.97.169
May 5 17:39:34    php-fpm    86989    /services_dyndns_edit.php: phpDynDNS (dh.viewdns.net): (Success) IP address is current, no update performed.

I'm not the only one.
https://forum.netgate.com/topic/162498/solved-dynamic-dns-stop-updating-no-ip-but-from-pfsense-status-is-updated/6

Pasword is double checked and correct.

#6 Updated by Stefan Bauer about 1 month ago

Please note, above hostname is the real hostname as well as the ip. You can check public DNS, it's not updated, even though reported by PFsense.

#7 Updated by Jim Pingle about 1 month ago

  • Subject changed from DynDNS does not update IP address on service NoIP.com (paid) to NoIP.com DynDNS update failure not detected properly, treated as successful
  • Status changed from Rejected to New

The only actionable thing I see here is that the process returned an error but was treated as a success. It should have detected that a failure occurred.

Not sure why it might have rejected your auth but the server rejected it. If there is some special change needed in the formatting then someone with a paid account there and some development skills will have to submit a PR that fixes it since we can't test against paid third party services. That part should probably be moved to a separate feature request to support that alternate username style.

#8 Updated by Stefan Bauer about 1 month ago

problem is

curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser . ':' . $this->_dnsPass);

from https://github.com/pfsense/pfsense/blob/f528b6a9cba18d7f299fdeed8c84f22abb16fcf1/src/etc/inc/dyndns.class#L541

The user and password strings are not URL decoded, so there's no way to send in a user name containing a colon using this option.

What works is, according to noip API, replacing the semicolon(:) with a hash (#)

I just had to extend the username check to allow the hash-sign. here is my fix, that works for me:

/usr/local/www/services_dyndns_edit.php

31 /* returns true if $uname is a valid DynDNS username */
32 function is_dyndns_username($uname) {
33 if (!is_string($uname)) {
34 return false;
35 }
36
37 if (preg_match("/[^a-z0-9\-\+.@_:#]/i", $uname)) { // added the hash sign.
38 return false;
39 } else {

dunno if this breaks anything else. Should also be mentioned in the gui. will provide PR to review.

#10 Updated by John Clark about 1 month ago

This appears to be a regression from 2.4.5, as the code changed during the update for #6638, as Viktor noted.

In 2.4.5, the _dnsUser and _dnsPass are urlencode'ed.

A more targeted fix for noip/noip_v6 might be to urlencode the username again.

curl_setopt($ch, CURLOPT_USERPWD, urlencode($this->_dnsUser) . ':' . $this->_dnsPass);

It might also be good to urlencode the password.

Sucessfully tested on 2.5.1 with noip group:username.

#11 Updated by John Clark about 1 month ago

In addition to changes in the noip ddns update api, the response codes/status may have also changed.
See https://www.noip.com/integrate/response

This could be why the update failure was not detected properly, and treated as successful.

#12 Updated by Stefan Bauer about 1 month ago

Should i prepare a PR to address the urlencode thing?
I do not have the skills to take care of the API change but would be happy to have a fix for the no-ip issue in general.

#13 Updated by Viktor Gurov about 1 month ago

Could you please test the attached patch?

fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/243

#14 Updated by Stefan Bauer about 1 month ago

Viktor Gurov wrote:

Could you please test the attached patch?

Unfortunately does not work.

Username is encoded, in the following way (checked with tcpdump and de-coded base64)

groupname%3Astefan.bauer%40mydomain.tld

The %3A is correct for the semicolon, but the %40 is not something, NoIP likes.

see:
https://www.noip.com/support/knowledgebase/no-ip-account-password-with-ddns-devices/

Note: With a group you will need to separate the group name and the username with a colon (:).

Example:

Groupname:Username

The following are also acceptable (‘%23’ or ‘%3A’ or ‘#’)

Groupname%23Username
Groupname%3AUsername
Group#Username

#15 Updated by Jim Pingle about 1 month ago

  • Status changed from New to Pull Request Review
  • Target version set to 2.6.0

#16 Updated by Viktor Gurov about 1 month ago

Stefan Bauer wrote:

Viktor Gurov wrote:

Could you please test the attached patch?

Unfortunately does not work.

Username is encoded, in the following way (checked with tcpdump and de-coded base64)

groupname%3Astefan.bauer%40mydomain.tld

The %3A is correct for the semicolon, but the %40 is not something, NoIP likes.

see:
https://www.noip.com/support/knowledgebase/no-ip-account-password-with-ddns-devices/

Are you sure No-IP supports 'groupname:email' ddns format? It looks like you need to use the 'groupname:username' format.

at least No-IP works fine with username/email login format in my tests.

#17 Updated by Stefan Bauer about 1 month ago

Viktor Gurov wrote:

Are you sure No-IP supports 'groupname:email' ddns format? It looks like you need to use the 'groupname:username' format.

Yes I'm sure.

It works with the username. Thank you. However the e-mail address is the regular style and also in no-ip docs mentioned first.


Username: Your full No-IP Account Email Address or Username

------
https://www.noip.com/support/knowledgebase/how-to-configure-ddns-in-router/

#19 Updated by Jim Pingle about 1 month ago

So it doesn't get lost in the comments, there are two PRs here:

1: Fix the return code checking: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/243/diffs
2: Allow '#' in the username as a way to let the group auth work: https://github.com/pfsense/pfsense/pull/4518

#20 Updated by Jim Pingle about 1 month ago

  • Plus Target Version set to 21.05

#21 Updated by Steve Beaver about 1 month ago

  • Status changed from Pull Request Review to Feedback

#22 Updated by Jim Pingle about 1 month ago

  • Subject changed from NoIP.com DynDNS update failure not detected properly, treated as successful to NoIP.com Dynamic DNS update failure is not detected properly

Updating subject for release notes.

#23 Updated by Jim Pingle 19 days ago

  • Target version changed from 2.6.0 to 2.5.2

#24 Updated by Jim Pingle 17 days ago

  • Status changed from Feedback to Closed

Closing for lack of feedback. No way for us to test this here.

Also available in: Atom PDF