pfSense English Support > DHCP and DNS

OpenDNS Dynamic DNS Not Working (SOLVED)

(1/2) > >>

shortspecialbus:
I'm not sure when this started, but I think at a minimum several months ago, based on the IP that OpenDNS had for me.  I have a Dynamic DNS set up for OpenDNS in pfsense 2.4.3 development version (2.4.3-DEVELOPMENT (amd64) built on Mon Dec 25 23:35:12 CST 2017).  The hostname is set to "Home" which matches what the network is called in OpenDNS.  I also have the correct username and password set in pfsense for it, or at least the username/password that allow me to log onto OpenDNS's website.

Here's a verbose log of the issue:

--- Code: ---Dec 30 20:55:01 optimus-prime php-fpm[58918]: /services_dyndns_edit.php: Dynamic DNS: updatedns() starting
Dec 30 20:55:01 optimus-prime php-fpm[58918]: /services_dyndns_edit.php: Dynamic DNS opendns (Home): <REDACTED> extracted from local system.
Dec 30 20:55:01 optimus-prime php-fpm[58918]: /services_dyndns_edit.php: Dynamic DNS (Home): running get_failover_interface for wan. found re1
Dec 30 20:55:01 optimus-prime php-fpm[58918]: /services_dyndns_edit.php: Dynamic DNS opendns (Home): _update() starting.
Dec 30 20:55:01 optimus-prime php-fpm[58918]: /services_dyndns_edit.php: Dynamic DNS opendns (Home): _checkStatus() starting.
Dec 30 20:55:01 optimus-prime php-fpm[58918]: /services_dyndns_edit.php: phpDynDNS (Home): (Error) Not a valid username or password!
--- End code ---

I've tried deleting and recreating and I keep getting this error.  I note that OpenDNS was bought (or at least something changed) by Cisco at some point, so maybe something changed up and things need updating.  Or perhaps I need to do something on my end.

Any ideas?  I know it used to work, because it had an old cached IP in pfsense as well.

Gertjan:

--- Quote from: shortspecialbus on December 30, 2017, 09:01:11 pm ---I'm not sure when this started, .....
--- End quote ---
If there is an issue, then it is  very, very recent.
You're running a dev version - so you should post here : https://forum.pfsense.org/index.php?board=69.0

But .... I checked out changes in this dev version : nothing has been changed since 2.4.2_1 "stable" that is related to DynDNS.

Btw : I have a router (ISP box that can be put in bridge mode) in front of my pfSense, but updating my IPv4 at OpenDNS works perfectly well :


--- Code: ---Dec 31 08:42:07 php-fpm 96868 /services_dyndns_edit.php: Dynamic DNS: updatedns() starting
Dec 31 08:42:08 php-fpm 96868 /services_dyndns_edit.php: Dynamic DNS opendns (office): 82.127.44.254 extracted from checkip.dyndns.org
Dec 31 08:42:08 php-fpm 96868 /services_dyndns_edit.php: Dynamic DNS (office): running get_failover_interface for wan. found rl0
Dec 31 08:42:08 php-fpm 96868 /services_dyndns_edit.php: Dynamic DNS opendns (office): _update() starting.
Dec 31 08:42:09 php-fpm 96868 /services_dyndns_edit.php: Dynamic DNS opendns (office): _checkStatus() starting.
Dec 31 08:42:09 php-fpm 96868 /services_dyndns_edit.php: Dynamic DNS opendns (office): 82.127.44.254 extracted from checkip.dyndns.org
Dec 31 08:42:09 php-fpm 96868 /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_wanopendns'office'1.cache: 82.127.44.254
Dec 31 08:42:09 php-fpm 96868 /services_dyndns_edit.php: phpDynDNS (office): (Success) IP Address Changed Successfully! (82.127.44.254)

--- End code ---

This is significant :

--- Code: ---Dec 31 08:42:07 php-fpm 96868 /services_dyndns_edit.php: Dynamic DNS: updatedns() starting
Dec 30 20:55:01 optimus-prime php-fpm[58918]: /services_dyndns_edit.php: phpDynDNS (Home): (Error) Not a valid username or password!
--- End code ---


--- Quote from: shortspecialbus on December 30, 2017, 09:01:11 pm ---I've tried deleting and recreating and I keep getting this error.  I note that OpenDNS was bought (or at least something changed) by Cisco at some point, so maybe something changed up and things need updating.  Or perhaps I need to do something on my end.
Any ideas?  I know it used to work, because it had an old cached IP in pfsense as well.

--- End quote ---
See it like this : if something changed on their side, then not only you, but everybody should be impacted, using pfSEnse, or not  ;)

shortspecialbus:

--- Quote from: Gertjan on December 31, 2017, 01:53:18 am ---See it like this : if something changed on their side, then not only you, but everybody should be impacted, using pfSEnse, or not  ;)

--- End quote ---

Sure - I meant more that it's entirely possible something is screwed up on my end regardless of the change of ownership.

So the question is then, what broke exactly for me?  There's not a heck of a lot to the settings - I have it set up in Services -> Dynamic DNS, with OpenDNS as the provider, and then the same username and password that I use to log into the site, with the hostname of "Home".  I'm able to successfully log into OpenDNS with that login/password myself, so I'm wondering more if I'm using an invalid hostname.

For someone who has it working, what do you have that set to?  "Home" matches what I have the network named in OpenDNS, and it's the only network that I have, since I only use it for minor personal use.

As for it working and then breaking, I don't really know when that happened.  I don't generally keep track of my IP since my afraid.org FreeDNS in pfsense works just fine for connecting via ssh remotely, so I don't really ever notice when it changes.  But it definitely had a cached IP for OpenDNS displayed until I deleted and recreated it.

Anyone have a starting point for where I could check for a problem?  The verbose error I pasted didn't really have anything obvious in it.  I tried both my OpenDNS username and my e-mail address to see if that would help, and I get the same issue regardless.  I've verified OpenDNS is working properly (after manually updating my IP on their end) by testing the main and phishing test sites.

For what it's worth, I modified the network name to be "home" in the OpenDNS config and updated the hostname to "home" in pfsense and get the same issue.

--- Code: ---Jan  1 13:04:19 optimus-prime php-fpm[63438]: /services_dyndns_edit.php: Dynamic DNS: updatedns() starting
Jan  1 13:04:19 optimus-prime php-fpm[63438]: /services_dyndns_edit.php: Dynamic DNS opendns (home): <REDACTED> extracted from local system.
Jan  1 13:04:19 optimus-prime php-fpm[63438]: /services_dyndns_edit.php: Dynamic DNS (home): running get_failover_interface for wan. found re1
Jan  1 13:04:19 optimus-prime php-fpm[63438]: /services_dyndns_edit.php: Dynamic DNS opendns (home): _update() starting.
Jan  1 13:04:20 optimus-prime php-fpm[63438]: /services_dyndns_edit.php: Dynamic DNS opendns (home): _checkStatus() starting.
Jan  1 13:04:20 optimus-prime php-fpm[63438]: /services_dyndns_edit.php: phpDynDNS (home): (Error) Not a valid username or password!
--- End code ---

Edit: I've solved this.  It turns out that pfsense doesn't like passwords with certain special characters, including '%' and '*'.  I reset my OpenDNS password to one that had a much more benign special character and now it works fine.  I use LastPass to generate passwords, and OpenDNS requires a special character, and lastpass happened to pick one with * and one with % and they both fail in pfsense.  Should I file a bug report for this somewhere?  If nothing else, there should probably be some help text that warns about it if it's going to be a limitation.  I notice that it's doing input validation but it's apparently not working quite right.  I'm a sysadmin, not a PHP programmer, so I'm not exactly sure how to fix it (or even if this is where the error is) but I'm guessing it's something in services_dyndns_edit.php around this:


--- Code: ---        if ($pconfig['type'] != "custom" && $pconfig['type'] != "custom-v6"
) {
                $reqdfields[] = "host";
                $reqdfieldsn[] = gettext("Hostname");
                $reqdfields[] = "passwordfld";
                $reqdfieldsn[] = gettext("Password");
                $reqdfields[] = "username";
                $reqdfieldsn[] = gettext("Username");
                if (in_array($pconfig['type'], $dyndns_split_domain_types))
 {
                        $reqdfields[] = "domainname";
                        $reqdfieldsn[] = gettext("Domain name");
                }
        } else {
                $reqdfields[] = "updateurl";
                $reqdfieldsn[] = gettext("Update URL");
        }

        do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_error
s);
--- End code ---

Let me know if I should file a bug report somewhere.  Thanks again for the help!

Gertjan:

--- Quote from: shortspecialbus on January 01, 2018, 01:05:47 pm ---...  I'm a sysadmin, not a PHP programmer, so I'm not exactly sure how to fix it ...

--- End quote ---
Password entered in the GUI are "base64_encode" ( /usr/local/wwwservices_dyndns_edit.php line 150)
When used, they are "base64_decode" ( /etc/inc/dynclass.inc - line 262).

I don't know if this test always works : "password == base64_decode(base64_encode("password"))" for any "password" but I works for fine "close-to-everything" - see http://php.net/manual/en/function.base64-encode.php for tons of examples.
Which means : What does OpenDNS with your password ? How do they store it ? Where should you bring your bug report  finally ?

Btw : PHP has a complexity of about "zero". What about 'logging' (write a line or two) when the password is decoded by base64_decode() here /etc/inc/dynclass.inc - line 262, so you could see what password is actually send over. You'll be in for a surprise - it will be the correct password, I'm pretty sure ;)

shortspecialbus:
Ok, I had a bit of time this evening so I decided to spend about 45 minutes testing things.  After adding a bunch of debug code, I verified that it is correctly storing the password, as well as correctly passing it along to the curl in dyndns.class (no longer dyndns.inc in the dev branch, apparently.)  So, while a password with characters such as '*' and '&' works when logging in to OpenDNS via the web, it would appear that it doesn't work via curl.  This does not appear offhand to be a PFsense bug.  I'm not sure whose bug it is, to be honest.  Either curl (unlikely) or something on OpenDNS's end (more likely.)

Relevant debug info (I've edited the base64 hash to have a password similar but not the same as the one I was using, even though I'm no longer using it.).  That auth string decodes correctly.  I got that via a debug with curl_setopt($ch, CURLINFO_HEADER_OUT, true), grabbing the curl_getinfo, and dumping it out to the log:


--- Code: ---Jan  3 22:13:44 optimus-prime php-fpm[66025]: /services_dyndns_edit.php: DNS Info Is: GET /nic/update?hostname=home HTTP/1.1^M Host: updates.opendns.com^M Authorization: Basic c2hvcnRzcGVjaWFsYnVzOjVKM013dUBLKlEmQg==^M User-Agent: phpDynDNS/0.7^M Accept: */*^M ^M
--- End code ---

If one decodes that, they get the auth details as "shortspecialbus:5J3Mwu@K*Q&B" which (aside from the password being changed because I'm posting this publicly) correctly matched what it should have been.  This is probably interesting to nobody, but I did some due dilligence and tried to identify where the problem actually lies.  About the best I can say is that it doesn't appear to be with pfsense :)

Thanks for pointing me in the right direction to debug to satisfy my own curiosity.  I'm fairly fluent in shell scripting and perl (and at one point C, but not so much now) but pretty much never touch PHP, and as a lazy sysadmin, I will latch onto any excuse to avoid doing something, and a previous cursory search to try to find the actual dyndns communication code went nowhere in the 12 seconds I spent on it before moving on.

Navigation

[0] Message Index

[#] Next page

Go to full version