1
23.1 Legacy Series / ddclient New opnsense backend and desec
« on: June 09, 2023, 06:36:27 am »
Hi,
As a preparation for 23.7 and migrating from legacy dyndns to ddclient, I experimented today a bit around with both ddclient backends (ddclient and the new opnsense) and dyndns2 protocol. I am with desec and I brought it up and running with the ddclient backend and the config as described here
https://forum.opnsense.org/index.php?topic=26446.msg134975#msg134975
Basically it works, however every second update cycle, an update is said to be performed successfully which does not take place according to the desec DNS logs. ddclient logs look like this:
I then tried the new python opnsense backend of ddclient and the result looks very encouraging:
I added simply two new lines into /usr/local/opnsense/scripts/ddclient/lib/account/dyndns2.py (line 37/38)
The configuration for desec and the opnsense backend look then like this:
- Services: Dynamic DNS: Settings: General Settings
Enabled [X]
Verbose [X]
Allow Ipv6 [X]
Interval [300]
Backend [OPNsense]
I added 2 services under the same desec account:
- Services: Dynamic DNS: Settings: Edit Account
Enabled [X]
Service [desec (v6)]
Protocol [DynDNS2]
Username [Your Domain]
Password [Your DeSec Token]
Hostname(s) [Your Domain]
Check ip method [Interface [IPv6]]
Force SSL [X]
Interface to monitor [Your WAN Interface]
- Services: Dynamic DNS: Settings: Edit Account
Enabled [X]
Service [desec (v4)]
Protocol [DynDNS2]
Username [Your Domain]
Password [Your DeSec Token]
Hostname(s) [Your Domain]
Check ip method [Interface [IPv4]]
Force SSL [X]
Interface to monitor [Your WAN Interface]
After activating, the ddclient logs look like
After the mentioned 55sec, also the ipv4 address is visible at desec as an A record.
Means desec is bacically working on the new OPNsense backend for ipv4 AND ipv6 with some very simple and straight extensions to the dyndns.py code; only oddity is the throttling of the sequential request to the same desec account for v4 and v6 which allows obviously only one update per minute. Perhaps there is a possibility to add an additional throttling config item into the new opnsense backend code.
Several reboots and reconnects leading to different ipv4 and ipv6 addresses confirmed that it is working.
I think that this example could open potentially a pretty fast integration path for some more dyndns2 based service providers into the new opnsense backend python code and facilitate therewith at least in parts a catch up to the legacy dyndns solution as far as support of providers is concerned. Indeed there are many non dyndns2 providers for which more code needs to be written.
If this report is perceived positive perhaps it could be taken into the mainstream code base or you let me know how I could do this.
Br br
As a preparation for 23.7 and migrating from legacy dyndns to ddclient, I experimented today a bit around with both ddclient backends (ddclient and the new opnsense) and dyndns2 protocol. I am with desec and I brought it up and running with the ddclient backend and the config as described here
https://forum.opnsense.org/index.php?topic=26446.msg134975#msg134975
Basically it works, however every second update cycle, an update is said to be performed successfully which does not take place according to the desec DNS logs. ddclient logs look like this:
Code: [Select]
<29>1 2023-06-08T00:53:49+02:00 OPNsense.zuhause.xx ddclient[61106] 34054 - [meta sequenceId="3"] WARNING: Wait at least 5 minutes between update attempts.
<29>1 2023-06-08T00:58:49+02:00 OPNsense.zuhause.xx ddclient[61106] 29212 - [meta sequenceId="1"] SUCCESS: updating crandale.dedyn.io: good: IP address set to 87.XXX.XXX.140
<29>1 2023-06-08T01:03:49+02:00 OPNsense.zuhause.xx ddclient[61106] 50446 - [meta sequenceId="1"] WARNING: skipping update of crandale.dedyn.io from <nothing> to 87.XXX.XXX.140.
<29>1 2023-06-08T01:03:49+02:00 OPNsense.zuhause.xx ddclient[61106] 50446 - [meta sequenceId="2"] WARNING: last updated Thu Jun 8 00:58:49 2023 but last attempt on Thu Jun 8 00:58:49 2023 failed.
Could not yet find out why a SUCCESS for an update is noted in the logs which desec is not confirming.I then tried the new python opnsense backend of ddclient and the result looks very encouraging:
I added simply two new lines into /usr/local/opnsense/scripts/ddclient/lib/account/dyndns2.py (line 37/38)
Code: [Select]
35 _services = {
36 'dyndns2': 'members.dyndns.org',
37 'desec(v4)': 'update.dedyn.io',
38 'desec(v6)': 'update6.dedyn.io',
39 'dns-o-matic': 'updates.dnsomatic.com',
The configuration for desec and the opnsense backend look then like this:
- Services: Dynamic DNS: Settings: General Settings
Enabled [X]
Verbose [X]
Allow Ipv6 [X]
Interval [300]
Backend [OPNsense]
I added 2 services under the same desec account:
- Services: Dynamic DNS: Settings: Edit Account
Enabled [X]
Service [desec (v6)]
Protocol [DynDNS2]
Username [Your Domain]
Password [Your DeSec Token]
Hostname(s) [Your Domain]
Check ip method [Interface [IPv6]]
Force SSL [X]
Interface to monitor [Your WAN Interface]
- Services: Dynamic DNS: Settings: Edit Account
Enabled [X]
Service [desec (v4)]
Protocol [DynDNS2]
Username [Your Domain]
Password [Your DeSec Token]
Hostname(s) [Your Domain]
Check ip method [Interface [IPv4]]
Force SSL [X]
Interface to monitor [Your WAN Interface]
After activating, the ddclient logs look like
Code: [Select]
<165>1 2023-06-08T16:45:53+02:00 OPNsense.zuhause.xx ddclient 60835 - [meta sequenceId="4"] Account yyyyyyyyyy-18d2-47a7-b45a-4468975dc2e7 [desecv6 - dedyn] set new ip 2003:XXXX:XXXX:XXXX:XXXX:efff:fe57:21ce [good]
<165>1 2023-06-08T16:45:53+02:00 OPNsense.zuhause.xx ddclient 60835 - [meta sequenceId="5"] Account yyyyyyyyy-18d2-47a7-b45a-4468975dc2e7 [desecv6 - dedyn] changed
<165>1 2023-06-08T16:45:53+02:00 OPNsense.zuhause.xx ddclient 60835 - [meta sequenceId="6"] Account zzzzzzzzzz-f19d-4b4e-98a8-1bf71b62ee24 [desecv4 - dedyn] execute
<163>1 2023-06-08T16:45:59+02:00 OPNsense.zuhause.xx ddclient 60835 - [meta sequenceId="7"] Account zzzzzzzzzz-f19d-4b4e-98a8-1bf71b62ee24 [desecv4 - dedyn] failed to set new ip 87.XXX.XXX.236 [429 -
Request was throttled. Expected available in 55 seconds.]
After the mentioned 55sec, also the ipv4 address is visible at desec as an A record.
Means desec is bacically working on the new OPNsense backend for ipv4 AND ipv6 with some very simple and straight extensions to the dyndns.py code; only oddity is the throttling of the sequential request to the same desec account for v4 and v6 which allows obviously only one update per minute. Perhaps there is a possibility to add an additional throttling config item into the new opnsense backend code.
Several reboots and reconnects leading to different ipv4 and ipv6 addresses confirmed that it is working.
I think that this example could open potentially a pretty fast integration path for some more dyndns2 based service providers into the new opnsense backend python code and facilitate therewith at least in parts a catch up to the legacy dyndns solution as far as support of providers is concerned. Indeed there are many non dyndns2 providers for which more code needs to be written.
If this report is perceived positive perhaps it could be taken into the mainstream code base or you let me know how I could do this.
Br br