Will be fixed soon
Some smoketests cannot pass
1 Like
Iāll try and provide a perspective on what all are happening here:
TL;DR: Dual stack config has is partially implemented in ddclient 3.10. It works for some services, but not all. And interpretation of use=, if=, web= have changed (deprecated).
@Viacheslav: your PRs were accurate back then (pre ddclient 3.10). The problem with having that option globally (instead of at per host level) is that there isnāt a way to have some configs with IPv4 while some with IPv6. One way to solve this would be to move the global config for IPv4/IPv6 to per host/protocol config. This will require modifying the config tree. I am working on a rewrite of this as part of ā T5144 Modernize dynamic dns operation. Hope you are okay with moving IPv4/IPv6 config from global scope to per-host scope.
As @Netboy3 pointed out use=if, if=ethN etc are indeed deprecated. ddclient.conf internal doc comments are confusing and misleading 
But then again, the IPv6 proposal document isnāt implemented for all protocols. Until then, weāll have to deal with special-casing on a per-protocol basis.
@debiansid new dynamic_dns.py changes that are in VyOS build are for op_mode, not conf_mode. Did it work for you in the past? Dual-stack support for he.net isnāt there in ddclient release 3.10 after all ā it is there in (unreleased) master though.
I should add another service to update v4 separately?
Once you set ipv6-enable globally, all individual service configurations are iPv6 only. However, even if you chose to hand-edit the config file /run/ddclient/ddclient.conf it is unlikely to work (havenāt verified though) for dns.he.net because of the way ddclient groups the configs. Notice that login, password, server are part of the group key and he.net requires that you have same login/password for both A record as well as AAAA record if the hostname is same.
1 Like
Quick follow-up, I have raised a few PRs to make things slightly better, hopefully.
1 Like
Not sure if this is related or notā¦
show configuration commands | match dynamic
set service dns dynamic interface eth1 service changeip host-name 'hostname'
set service dns dynamic interface eth1 service changeip login 'login'
set service dns dynamic interface eth1 service changeip password 'password'
set service dns dynamic interface eth1 service changeip server 'nic.changeip.com'
show log | grep ddclient | tail -12
May 23 15:08:22 ddclient[63286]: WARNING: skipping update of ***.changeip.co from <nothing> to 1.2.3.4.
May 23 15:08:22 ddclient[63286]: WARNING: last updated <never> but last attempt on Tue May 23 15:07:21 2023 failed.
May 23 15:08:22 ddclient[63286]: WARNING: Wait at least 5 minutes between update attempts.
May 23 15:10:22 ddclient[63293]: WARNING: skipping update of (.changeip.co from <nothing> to 1.2.3.4.
May 23 15:10:22 ddclient[63293]: WARNING: last updated <never> but last attempt on Tue May 23 15:09:22 2023 failed.
May 23 15:10:22 ddclient[63293]: WARNING: Wait at least 5 minutes between update attempts.
May 23 15:12:22 ddclient[63303]: WARNING: skipping update of ***.changeip.co from <nothing> to 1.2.3.4.
May 23 15:12:22 ddclient[63303]: WARNING: last updated <never> but last attempt on Tue May 23 15:11:22 2023 failed.
May 23 15:12:22 ddclient[63303]: WARNING: Wait at least 5 minutes between update attempts.
May 23 15:14:23 ddclient[63320]: WARNING: skipping update of ***.changeip.co from <nothing> to 1.2.3.4.
May 23 15:14:23 ddclient[63320]: WARNING: last updated <never> but last attempt on Tue May 23 15:13:22 2023 failed.
May 23 15:14:23 ddclient[63320]: WARNING: Wait at least 5 minutes between update attempts.
grep changeip /bin/ddclient
leads me to think Iām using the right settingsā¦
$ show dns dynamic status
Hostname IPv4 address IPv4 status IPv6 address IPv6 status Last update
--------------------- -------------- ------------- -------------- ------------- -------------------
***.changeip.co noconnect noconnect 1969-12-31 19:00:00
$ show version
Version: VyOS 1.4-rolling-202305210317
Release train: current
Built by: autobuild@vyos.net
Built on: Sun 21 May 2023 03:17 UTC
Build UUID: e6255891-3418-4fee-956d-7ae72dd875b8
Build commit ID: ee81a8a182c0e0
Architecture: x86_64
Boot via: installed image
System type: bare metal
This is unrelated. Looks like something strange happening with changeip. Since changeip uses dyndns2 protocol, can you please try overriding the protocol to dyndns2 (set service dns dynamic interface eth1 service changeip protocol dyndns2`) and see what happens?
May 26 08:06:33 systemd[1]: Stopping ddclient.service - Update dynamic domain name service entries...
May 26 08:06:33 systemd[1]: ddclient.service: Deactivated successfully.
May 26 08:06:33 systemd[1]: Stopped ddclient.service - Update dynamic domain name service entries.
May 26 08:06:33 systemd[1]: ddclient.service: Consumed 1min 33.028s CPU time.
May 26 08:06:33 systemd[1]: Starting ddclient.service - Update dynamic domain name service entries...
May 26 08:06:34 systemd[1]: Started ddclient.service - Update dynamic domain name service entries.
May 26 08:06:34 ddclient[69498]: WARNING: skipping update of ***.changeip.co from <nothing> to 1.2.3.4.
May 26 08:06:34 ddclient[69498]: WARNING: last updated <never> but last attempt on Fri May 26 08:05:48 2023 failed.
May 26 08:06:34 ddclient[69498]: WARNING: Wait at least 5 minutes between update attempts.
Feels like itās going to be the sameā¦
I cannot see the command lineā¦ I think ! is a forceā¦
root@vyos-20230521:/var/run/ddclient# for i in `ls`; do echo $i; echo; cat -n $i; done
ddclient.cache
1 ## ddclient-3.10.0
2 ## last updated at Fri May 26 08:14:35 2023 (1685103275)
3 atime=0,host=***.changeip.co,mtime=0,status=noconnect,status-ipv4=noconnect,status-ipv6=noconnect,warned-min-error-interval=1685103275,warned-min-interval=0,wtime=30 ***.changeip.co
ddclient.conf
1 ### Autogenerated by dynamic_dns.py ###
2 daemon=1m
3 syslog=yes
4 ssl=yes
5
6 # ddclient configuration for interface "eth1"
7 use=if, if=eth1
8
9
10 # DynDNS provider configuration for changeip, ***.changeip.co
11 protocol=changeip,
12 max-interval=28d,
13 login=login,
14 password='password',
15 server=nic.changeip.com,
16 ***.changeip.co
17
ddclient.pid
1 69494
root@vyos-20230521:/var/run/ddclient# show configuration commands | match changeip
set service dns dynamic interface eth1 service changeip host-name '*.changeip.co'
set service dns dynamic interface eth1 service changeip login 'login'
set service dns dynamic interface eth1 service changeip password 'password'
set service dns dynamic interface eth1 service changeip protocol 'dyndns2'
set service dns dynamic interface eth1 service changeip server 'nic.changeip.com'
Looks like the dyndns2 didnāt make a changeā¦
fwiw, nic.changeip.com is the default server if none is definedā¦ Iāve tried with and without that as wellā¦ made no difference that I could seeā¦
Thank you in advance.
Thank you @bcook for helping with triaging!
The following should work with VyOS 1.4-rolling-202306070317 which ships with a patched ddclient:
set service dns dynamic address eth7 service changeip host-name '****.changeip.co'
set service dns dynamic address eth7 service changeip protocol 'changeip'
set service dns dynamic address eth7 service changeip password 'passsw00rd'
set service dns dynamic address eth7 service changeip username 'username'
NB: Note that CLI has changed slightly in the latest rolling release.
so there is no way to get both ipv4 and ipv6 ddns working at same time?
202306080317ā¦
Jun 09 13:38:35 systemd[1]: Stopping ddclient.service - Update dynamic domain name service entries...
Jun 09 13:38:35 systemd[1]: ddclient.service: Deactivated successfully.
Jun 09 13:38:35 systemd[1]: Stopped ddclient.service - Update dynamic domain name service entries.
Jun 09 13:38:35 systemd[1]: ddclient.service: Consumed 58.629s CPU time.
Jun 09 13:39:39 systemd[1]: Starting ddclient.service - Update dynamic domain name service entries...
Jun 09 13:39:40 ddclient[10200]: WARNING: file /run/ddclient/ddclient.conf: file /run/ddclient/ddclient.conf must be accessible only by its owner (fixed).
Jun 09 13:39:40 ddclient[10200]: WARNING: file /run/ddclient/ddclient.conf: file /run/ddclient/ddclient.conf must be accessible only by its owner.
Jun 09 13:39:40 ddclient[10200]: WARNING: file /run/ddclient/ddclient.conf: file /run/ddclient/ddclient.conf must not be accessible by others.
Jun 09 13:39:40 systemd[1]: Started ddclient.service - Update dynamic domain name service entries.
Jun 09 13:39:40 ddclient[10205]: WARNING: skipping update of ****.changeip.co from <nothing> to 4.5.6.7.
Jun 09 13:39:40 ddclient[10205]: WARNING: last updated <never> but last attempt on Fri Jun 9 13:37:43 2023 failed.
Jun 09 13:39:40 ddclient[10205]: WARNING: Wait at least 5 minutes between update attempts.
vyos@202306020317:~$ show configuration commands | match dynamic
set service dns dynamic address eth1 service changeip host-name '****.changeip.co'
set service dns dynamic address eth1 service changeip password 'password'
set service dns dynamic address eth1 service changeip protocol 'changeip'
set service dns dynamic address eth1 service changeip username 'username'
vyos@202306020317:~$ show version | grep āVersion|Built|typeā
Version: VyOS 1.4-rolling-202306080317
Built by: autobuild@vyos.net
Built on: Thu 08 Jun 2023 03:17 UTC
System type: bare metal
vyos@202306020317:~$ show dns dynamic status
--------------------- -------------- ------------- -------------- ------------- -------------------
****.changeip.co noconnect noconnect 1969-12-31 19:00:00
for i in ls /var/run/ddclient/; do echo $i; cat $i; done
ddclient.cache
## ddclient-3.10.0
## last updated at Fri Jun 9 13:47:41 2023 (1686332861)
atime=0,host=****.changeip.co,mtime=0,status=noconnect,status-ipv4=noconnect,status-ipv6=noconnect,warned-min-error-interval=1686332861,warned-min-interval=0,wtime=30 ****.changeip.co
ddclient.conf
### Autogenerated by dns_dynamic.py ###
daemon=1m
syslog=yes
ssl=yes
pid=/run/ddclient/ddclient.pid
cache=/run/ddclient/ddclient.cache
# Web service dynamic DNS configuration for changeip: [changeip, ****.changeip.co]
use=if, \
if=eth1, \
protocol=changeip, \
login=username, \
password=password \
****.changeip.co
ddclient.pid
10201
@debiansid, I am guessing you are after a dual stack with Hurricane Electric. If thatās the case, unfortunately, both ipv4 and ipv6 for the same host isnāt going to work. This is because the way he.net dual stack expects IPv4 and IPv6 address is different from the way it is implemented in ddclient for dyndns2 protocol (which adheres more to dyndns.org).
So to summarize:
Both A and AAAA records foo.example.com (same host) wonāt work.
However, A record for foo4.example.com and AAAA record for foo6.example.com (different hosts) will work.
@bcook, your ddclient.conf looks fine. Can you please try the following command and verify that the correct request is sent to nic.changeip.com and that the server response is a valid one?
sudo ddclient -daemon=0 -debug -force -verbose -noquiet -cache /run/ddclient/ddclient.cache -file /run/ddclient/ddclient.conf
As evident based on the cli switches, this runs ddclient in foreground with verbosity enabled.
which dns service can support dual stack? thanks
Looks like opnsense made it.
OPNSense project architecture is different . It maintains itās own plugin which wraps ddclient but with quite a few customizations.
Like I said in the past, Hurricane Electric config has its uniqueness. There are two ways to make it work on VyOS side (either change the way dyndns2 is implemented to cover this use case or have a separate ddclient protocol, say he-net). Neither of them are too difficult as such and would require an upstream PR.
@debiansid, would you consider making a PR to the upstream project? Iāll be happy to test and apply a patch if there is an existing PR on upstream. The general direction on VyOS side is to avoid custom a fork unless absolutely necessary (and based on my personal experience so far, I cannot agree more).
Currently, ddclient protocols cloudflare, freedns, njalla and dyndns2 (for some hosts) support dual stack.
For dyndns2, I have tested dual stack for the server members.dyndns.org and dynv6.com. There might be more servers that might work (and the working ones can be selectively enabled in the code as and when discovered).
Another option is if there exists a better tool/package (from Debian) to be used.
For example FRR contains several modules but the following have been disabled for various reasons because another package in Debian have been found to be better:
# pimd Replaced by package igmpproxy.
# nhrpd Replaced by package opennhrp.
# pbrd Replaced by PBR in nftables.
# vrrpd Replaced by package keepalived.
There is inadyn as an alternative. It covers most of the use cases that VyOS supports via ddclient except RFC3126 (via direct nsupdate call).
@Apachez are you aware of any other alternative?
Unfortunately Im not.
I just wanted to give a hint that if a better tool exists then it could be filed as a feature request to have the original one replaced and by that also avoid having custom compiles (as I understand is the path OPNsense choosed to use to resolve this).
Of course such replacement would need to adjust the xml.in and the templates being used but still.