I have been using opnsense for a while now, including the old dyndns and recently also the ddclient dyndns service.
After the latest update to 23.1.4_1, I got a notification from my dyndns provider (do.de), that I have been temporarily blocked due to a rate limit on unnecessary updates.
The used general configuration is:
It is enabled and set to verbose, IPv6 is not enabled, the interval is set to 300 and the backend is set to ddclient
The used account is set to the following values:
Service: Custom
Protocol: DynDns2
Server: ddns.do.de
resourceId: <Empty>
Username: <My do.de flexDNS username>
Password: ***
Wildcard: Not set
Hostnames: <My hostname as configured with do.de>
Check ip method: Interface
Check ip timeout: 10
Force SSL: Yes
Interface to monitor: WAN
Description: -
I know that the parameters are correct in the sense of I can see that username and password match as do.de logs the requests. But all of these requests repeat the (already set) IP.
The logs in the Dynamic DNS section of opnsense show (read from bottom to top):
2023-03-27T21:05:12 Notice ddclient[35604] 90378 - [meta sequenceId="30"] FAILED: was not updated because protocol <undefined> is not supported.
2023-03-27T21:05:12 Notice ddclient[35604] 88399 - [meta sequenceId="29"] FAILED: updating : unexpected status (0)
2023-03-27T21:05:12 Notice ddclient[35604] 85809 - [meta sequenceId="28"] WARNING: updating : nochg: No update required; unnecessary attempts to change to the current address are considered abusive
2023-03-27T21:05:12 Notice ddclient[35604] 83992 - [meta sequenceId="27"] FAILED: updating <My hostname>: unexpected status (12)
2023-03-27T21:05:12 Notice ddclient[35604] 82923 - [meta sequenceId="26"] RECEIVE:
2023-03-27T21:05:12 Notice ddclient[35604] 81489 - [meta sequenceId="25"] RECEIVE: 0
2023-03-27T21:05:12 Notice ddclient[35604] 79951 - [meta sequenceId="24"] RECEIVE: nochg <My public IP>
2023-03-27T21:05:12 Notice ddclient[35604] 78542 - [meta sequenceId="23"] RECEIVE: 12
2023-03-27T21:05:12 Notice ddclient[35604] 77057 - [meta sequenceId="22"] RECEIVE:
2023-03-27T21:05:12 Notice ddclient[35604] 74365 - [meta sequenceId="21"] RECEIVE: Set-Cookie: coreSID=j2js2kn1f6kac3ub2vah2jikr7; path=/; secure; HttpOnly
2023-03-27T21:05:12 Notice ddclient[35604] 72050 - [meta sequenceId="20"] RECEIVE: Pragma: no-cache
2023-03-27T21:05:12 Notice ddclient[35604] 70777 - [meta sequenceId="19"] RECEIVE: Cache-Control: no-store, no-cache, must-revalidate
2023-03-27T21:05:12 Notice ddclient[35604] 68587 - [meta sequenceId="18"] RECEIVE: Expires: Thu, 19 Nov 1981 08:52:00 GMT
2023-03-27T21:05:12 Notice ddclient[35604] 66912 - [meta sequenceId="17"] RECEIVE: Vary: Accept-Encoding
2023-03-27T21:05:12 Notice ddclient[35604] 63853 - [meta sequenceId="16"] RECEIVE: Connection: close
2023-03-27T21:05:12 Notice ddclient[35604] 61415 - [meta sequenceId="15"] RECEIVE: Transfer-Encoding: chunked
2023-03-27T21:05:12 Notice ddclient[35604] 59381 - [meta sequenceId="14"] RECEIVE: Content-Type: text/html; charset=UTF-8
2023-03-27T21:05:12 Notice ddclient[35604] 57406 - [meta sequenceId="13"] RECEIVE: Date: Mon, 27 Mar 2023 21:05:12 GMT
2023-03-27T21:05:12 Notice ddclient[35604] 54512 - [meta sequenceId="12"] RECEIVE: Server: nginx
2023-03-27T21:05:12 Notice ddclient[35604] 52101 - [meta sequenceId="11"] RECEIVE: HTTP/1.1 200 OK
2023-03-27T21:05:11 Notice ddclient[35604] 49894 - [meta sequenceId="10"] SENDING:
2023-03-27T21:05:11 Notice ddclient[35604] 49894 - [meta sequenceId="9"] SENDING: Connection: close
2023-03-27T21:05:11 Notice ddclient[35604] 49894 - [meta sequenceId="8"] SENDING: User-Agent: ddclient/3.10.0
2023-03-27T21:05:11 Notice ddclient[35604] 49894 - [meta sequenceId="7"] SENDING: Authorization: Basic ***
2023-03-27T21:05:11 Notice ddclient[35604] 49894 - [meta sequenceId="6"] SENDING: Host: ddns.do.de
2023-03-27T21:05:11 Notice ddclient[35604] 49894 - [meta sequenceId="5"] SENDING: GET /nic/update?system=dyndns&hostname=<My hostname>&myip=<My public IP> HTTP/1.1
2023-03-27T21:05:11 Notice ddclient[35604] 47763 - [meta sequenceId="4"] CONNECTED: using SSL
2023-03-27T21:05:11 Notice ddclient[35604] 45780 - [meta sequenceId="3"] CONNECT: ddns.do.de
2023-03-27T21:05:11 Notice ddclient[35604] 44284 - [meta sequenceId="2"] UPDATE: updating <My hostname>
2023-03-27T21:05:11 Notice ddclient[35604] 42548 - [meta sequenceId="1"] INFO: setting IP address to <My public IP> for <My hostname>
I have replaced my hostname with <My hostname>, my IP address with <My public IP> in the log above and replaced the basic authorization string with ***.
Prior to the update I just got messages confirming that the IP address is already set and no update is performed in the log.
Directly after the update I see an additional:
2023-03-27T07:24:11 Notice ddclient[33712] 46537 - [meta sequenceId="2"] INFO: forcing updating <My hostname> because no cached entry exists.
2023-03-27T07:24:11 Notice ddclient[33712] 41640 - [meta sequenceId="1"] WARNING: file /var/tmp/ddclient.cache, line 1: program version mismatch; ignoring /var/tmp/ddclient.cache
Even with the leftover ddclient cache file I would expect ddclient to only try to update once, receive the nochg and update the cache file. Sadly it seems like it does not parse and understand the response correctly and although it even prints a warning that the update was not required after receiving the nochg, it still fails and does not store the state.
This repeats every 5min (300s) until do.de blocks my IP from further updates due to the rate limit on nochg updates.
Has anyone experienced a similar issue? Is there anything I can do about it? Restarting the ddclient multiple times and updating the configuration did not change this behavior so far. While it seems like this would still update my IP every 12 hours (this is the timeout of do,de blocking me from updating the entries), I do not feel good about it beeing 12 hours and would also like to avoid all the unnecessary update messages.
I would be glad about any hints and would be happy to try any suggestions to find a solution to this issue.
Hello srueckerl,
I have the same issue with the other brand of Greenmark IT GmbH (resellerinterface.de)
I use 2 configs (IPv4 & IPv6), with interval 900.
With ddclient backend, I see same logs.
With OPNsense backend, the service carsh after the first run.
Logs with OPNsense backend:
2023-04-22T23:24:21 Notice ddclient Flush dyndns status to disk
2023-04-22T23:24:21 Notice ddclient Account 1a94e488-9717-44ce-b958-8bcc10d1a595 [custom - Resellerinterface - FlexDNS IPv6] changed
2023-04-22T23:24:21 Notice ddclient Account 1a94e488-9717-44ce-b958-8bcc10d1a595 [custom - Resellerinterface - FlexDNS IPv6] set new ip <My public IPv6> [nochg <My public IPv4>]
2023-04-22T23:23:05 Notice ddclient Account 1a94e488-9717-44ce-b958-8bcc10d1a595 [custom - Resellerinterface - FlexDNS IPv6] execute
2023-04-22T23:23:05 Notice ddclient Account 847eef1d-0ef6-47ee-a0df-eea1414b096e [custom - Resellerinterface - FlexDNS IPv4] changed
2023-04-22T23:23:05 Notice ddclient Account 847eef1d-0ef6-47ee-a0df-eea1414b096e [custom - Resellerinterface - FlexDNS IPv4] set new ip <My public IPv4> [nochg <My public IPv4>]
2023-04-22T23:21:49 Notice ddclient Account 847eef1d-0ef6-47ee-a0df-eea1414b096e [custom - Resellerinterface - FlexDNS IPv4] execute
2023-04-22T23:21:49 Notice ddclient Account 1a94e488-9717-44ce-b958-8bcc10d1a595 [custom - Resellerinterface - FlexDNS IPv6] uses DynDNS2 for service
2023-04-22T23:21:49 Notice ddclient Account 847eef1d-0ef6-47ee-a0df-eea1414b096e [custom - Resellerinterface - FlexDNS IPv4] uses DynDNS2 for service
On dashboard the service is stopped all the time, under services its running until the log show "Flush dyndns status to disk".
In /var/tmp i can't find any files about ddclient.
Different configs, everytime same issue.
OPNsense 23.1.6
Regarding the crash at start when using the opnsense backend, I was having similar issues and made this change and am running it now and it seems to work, will wait to see if any other devs with more experience chime in
https://github.com/opnsense/plugins/pull/3406
This looks to only impact you if you are using the interface to get the IP, if you change the method to one of the webservices I think it should work