Bug #11815
closed
NoIP.com Dynamic DNS update failure is not detected properly
0%
Description
DynDNS does not update IP address on service NoIP.com (paid), even though the address has changed, in 2.5.0 CE and 2.5.1 CE
With new IP is YY.YY.YY.YY, and old IP XX.XX.XX.XX it is in log:
php-fpm 59326 /services_dyndns_edit.php: Dynamic DNS noip (mydomain.ddns.net): _checkStatus() starting.
php-fpm 59326 /services_dyndns_edit.php: Dynamic DNS noip (mydomain.ddns.net): XX.XX.XX.XX extracted from local system.
php-fpm 59326 /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_wannoip'mydomain.ddns.net'0.cache: XX.XX.XX.XX
php-fpm 59326 /services_dyndns_edit.php: phpDynDNS (mydomain.ddns.net): (Success) IP address is current, no update performed.
Files
Updated by Marcos M about 3 years ago
The logs make it sound less like it failed to update with the service, and more-so that the public IP at the time remained the same. Does the WAN actually show a different public IP at the time of DDNS update?
Updated by Kris Phillips almost 3 years ago
I Ivanov wrote:
DynDNS does not update IP address on service NoIP.com (paid), even though the address has changed, in 2.5.0 CE and 2.5.1 CE
With new IP is YY.YY.YY.YY, and old IP XX.XX.XX.XX it is in log:
php-fpm 59326 /services_dyndns_edit.php: Dynamic DNS noip (mydomain.ddns.net): _checkStatus() starting.
php-fpm 59326 /services_dyndns_edit.php: Dynamic DNS noip (mydomain.ddns.net): XX.XX.XX.XX extracted from local system.
php-fpm 59326 /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_wannoip'mydomain.ddns.net'0.cache: XX.XX.XX.XX
php-fpm 59326 /services_dyndns_edit.php: phpDynDNS (mydomain.ddns.net): (Success) IP address is current, no update performed.
Tested with Afraid Free DNS and a RFC2136 DynDNS client and these both work just fine. Whatever is going on here isn't systemic in the DynDNS client. As Viktor pointed out, it may be something with the API change we made in 2.5.0, but the logs would seem to indicate that the WAN IP just didn't change as far as pfSense can tell.
Updated by Jim Pingle almost 3 years ago
- Status changed from New to Rejected
Rejecting for now. If OP can provide more detail pointing to a potential cause or a reliable means of reproducing the problem, we can reopen the issue.
From the logs provided it does appear that the address did not change from the perspective of pfSense at the time those logs were taken.
Updated by Stefan Bauer almost 3 years ago
Hi pleas re-open. Problem still exists here as well. Looks like its a parsing issue as the username is 'GROUPNAME:USERNAME' (thats a way to have multiple tenants on a single no-ip account).
Username is TEST:max@customer.com
Steps to reproduce:
Create new dyndns hostname in no-ip web-interface.
setup credentials in pfsense.
Hit save.
Notice following logs:
May 5 17:35:48 php-fpm 2717 /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_lannoip'dh.viewdns.net'1.cache: 24.134.97.169
May 5 17:35:48 php-fpm 2717 /services_dyndns_edit.php: phpDynDNS (dh.viewdns.net): (Success) IP address is current, no update performed.
May 5 17:39:32 php-fpm 86989 /services_dyndns_edit.php: Dynamic DNS: updatedns() starting
May 5 17:39:32 php-fpm 86989 /services_dyndns_edit.php: Dynamic DNS noip (dh.viewdns.net): 24.134.97.169 extracted from Check IP Service
May 5 17:39:32 php-fpm 86989 /services_dyndns_edit.php: Dynamic DNS (dh.viewdns.net): running get_failover_interface for wan. found vtnet2
May 5 17:39:32 php-fpm 86989 /services_dyndns_edit.php: Dynamic DNS noip (dh.viewdns.net): _update() starting.
May 5 17:39:33 php-fpm 86989 /services_dyndns_edit.php: Response Header: HTTP/2 401
May 5 17:39:33 php-fpm 86989 /services_dyndns_edit.php: Response Header: server: nginx
May 5 17:39:33 php-fpm 86989 /services_dyndns_edit.php: Response Header: content-type: text/plain; charset=UTF-8
May 5 17:39:33 php-fpm 86989 /services_dyndns_edit.php: Response Header: cache-control: no-cache
May 5 17:39:33 php-fpm 86989 /services_dyndns_edit.php: Response Header: www-authenticate: Basic realm="No-IP DNS Update API"
May 5 17:39:33 php-fpm 86989 /services_dyndns_edit.php: Response Header: date: Wed, 05 May 2021 15:39:33 GMT
May 5 17:39:33 php-fpm 86989 /services_dyndns_edit.php: Response Header: content-length: 9
May 5 17:39:33 php-fpm 86989 /services_dyndns_edit.php: Response Header:
May 5 17:39:33 php-fpm 86989 /services_dyndns_edit.php: Response Header:
May 5 17:39:33 php-fpm 86989 /services_dyndns_edit.php: Response Data: badauth\x0d
May 5 17:39:33 php-fpm 86989 /services_dyndns_edit.php: Dynamic DNS noip (dh.viewdns.net): _checkStatus() starting.
May 5 17:39:34 php-fpm 86989 /services_dyndns_edit.php: Dynamic DNS noip (dh.viewdns.net): 24.134.97.169 extracted from Check IP Service
May 5 17:39:34 php-fpm 86989 /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_lannoip'dh.viewdns.net'1.cache: 24.134.97.169
May 5 17:39:34 php-fpm 86989 /services_dyndns_edit.php: phpDynDNS (dh.viewdns.net): (Success) IP address is current, no update performed.
I'm not the only one.
https://forum.netgate.com/topic/162498/solved-dynamic-dns-stop-updating-no-ip-but-from-pfsense-status-is-updated/6
Pasword is double checked and correct.
Updated by Stefan Bauer almost 3 years ago
Please note, above hostname is the real hostname as well as the ip. You can check public DNS, it's not updated, even though reported by PFsense.
Updated by Jim Pingle almost 3 years ago
- Subject changed from DynDNS does not update IP address on service NoIP.com (paid) to NoIP.com DynDNS update failure not detected properly, treated as successful
- Status changed from Rejected to New
The only actionable thing I see here is that the process returned an error but was treated as a success. It should have detected that a failure occurred.
Not sure why it might have rejected your auth but the server rejected it. If there is some special change needed in the formatting then someone with a paid account there and some development skills will have to submit a PR that fixes it since we can't test against paid third party services. That part should probably be moved to a separate feature request to support that alternate username style.
Updated by Stefan Bauer almost 3 years ago
problem is
curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser . ':' . $this->_dnsPass);
The user and password strings are not URL decoded, so there's no way to send in a user name containing a colon using this option.
What works is, according to noip API, replacing the semicolon(:) with a hash (#)
I just had to extend the username check to allow the hash-sign. here is my fix, that works for me:
/usr/local/www/services_dyndns_edit.php
31 /* returns true if $uname is a valid DynDNS username */
32 function is_dyndns_username($uname) {
33 if (!is_string($uname)) {
34 return false;
35 }
36
37 if (preg_match("/[^a-z0-9\-\+.@_:#]/i", $uname)) { // added the hash sign.
38 return false;
39 } else {dunno if this breaks anything else. Should also be mentioned in the gui. will provide PR to review.
Updated by Stefan Bauer almost 3 years ago
Updated by John Clark almost 3 years ago
This appears to be a regression from 2.4.5, as the code changed during the update for #6638, as Viktor noted.
In 2.4.5, the _dnsUser and _dnsPass are urlencode'ed.
A more targeted fix for noip/noip_v6 might be to urlencode the username again.
curl_setopt($ch, CURLOPT_USERPWD, urlencode($this->_dnsUser) . ':' . $this->_dnsPass);
It might also be good to urlencode the password.
Sucessfully tested on 2.5.1 with noip group:username.
Updated by John Clark almost 3 years ago
In addition to changes in the noip ddns update api, the response codes/status may have also changed.
See https://www.noip.com/integrate/response
This could be why the update failure was not detected properly, and treated as successful.
Updated by Stefan Bauer almost 3 years ago
Should i prepare a PR to address the urlencode thing?
I do not have the skills to take care of the API change but would be happy to have a fix for the no-ip issue in general.
Updated by Viktor Gurov almost 3 years ago
Could you please test the attached patch?
fix:
https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/243
Updated by Stefan Bauer almost 3 years ago
Viktor Gurov wrote:
Could you please test the attached patch?
Unfortunately does not work.
Username is encoded, in the following way (checked with tcpdump and de-coded base64)
groupname%3Astefan.bauer%40mydomain.tld
The %3A is correct for the semicolon, but the %40 is not something, NoIP likes.
see:
https://www.noip.com/support/knowledgebase/no-ip-account-password-with-ddns-devices/
Note: With a group you will need to separate the group name and the username with a colon (:).
Example:
Groupname:UsernameThe following are also acceptable (‘%23’ or ‘%3A’ or ‘#’)
Groupname%23Username
Groupname%3AUsername
Group#Username
Updated by Jim Pingle almost 3 years ago
- Status changed from New to Pull Request Review
- Target version set to 2.6.0
Updated by Viktor Gurov almost 3 years ago
Stefan Bauer wrote:
Viktor Gurov wrote:
Could you please test the attached patch?
Unfortunately does not work.
Username is encoded, in the following way (checked with tcpdump and de-coded base64)
groupname%3Astefan.bauer%40mydomain.tld
The %3A is correct for the semicolon, but the %40 is not something, NoIP likes.
see:
https://www.noip.com/support/knowledgebase/no-ip-account-password-with-ddns-devices/
Are you sure No-IP supports 'groupname:email' ddns format? It looks like you need to use the 'groupname:username' format.
at least No-IP works fine with username/email login format in my tests.
Updated by Stefan Bauer almost 3 years ago
Viktor Gurov wrote:
Are you sure No-IP supports 'groupname:email' ddns format? It looks like you need to use the 'groupname:username' format.
Yes I'm sure.
It works with the username. Thank you. However the e-mail address is the regular style and also in no-ip docs mentioned first.
Username: Your full No-IP Account Email Address or Username
------
https://www.noip.com/support/knowledgebase/how-to-configure-ddns-in-router/
Updated by Viktor Gurov almost 3 years ago
Updated by Jim Pingle almost 3 years ago
So it doesn't get lost in the comments, there are two PRs here:
1: Fix the return code checking: https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/243/diffs
2: Allow '#' in the username as a way to let the group auth work: https://github.com/pfsense/pfsense/pull/4518
Updated by Anonymous almost 3 years ago
- Status changed from Pull Request Review to Feedback
Updated by Jim Pingle almost 3 years ago
- Subject changed from NoIP.com DynDNS update failure not detected properly, treated as successful to NoIP.com Dynamic DNS update failure is not detected properly
Updating subject for release notes.
Updated by Jim Pingle almost 3 years ago
- Target version changed from 2.6.0 to 2.5.2
Updated by Jim Pingle almost 3 years ago
- Status changed from Feedback to Closed
Closing for lack of feedback. No way for us to test this here.
Updated by