plugins icon indicating copy to clipboard operation
plugins copied to clipboard
verified publisher icon opnsense

rfc2136: Failed nsupdate breaks cache

Open perryflynn opened this issue 1 year ago • 4 comments

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

  • [x] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
  • [x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
  • [x] The title contains the plugin to which this issue belongs

Describe the bug

Similar to #2752, updating my DynDNS Domain via the rfc2136 plugin does not work. I added some log lines to the plugin code and it looks like the update fails at rc.bootup because the internet connection is not established yet. Later on rc.newwanip the plugin reports the IP was not changed and the nsupdate call is skipped.

To Reproduce

  • Use pppoe connection
  • Create rfc2136 IPv4 entry for the pppoe interface
  • reboot

Expected behavior

The plugin should not create a cache file when the nsupdate fails and should retry the nsupdate when the router is finally online.

Relevant log files

2024-06-23T22:46:00	Error	opnsense	/usr/local/etc/rc.rfc2136: Dynamic DNS: Not updating ddns.example.com A record because the IP address has not changed.	
2024-06-23T22:38:43	Error	opnsense	/usr/local/etc/rc.newwanip: Dynamic DNS: result: 0;	
2024-06-23T22:38:43	Error	opnsense	/usr/local/etc/rc.newwanip: Dynamic DNS: update cmd: /usr/local/bin/nsupdate -k /var/etc/nsupdatekey1 -v /var/etc/nsupdatecmds1	
2024-06-23T22:38:43	Error	opnsense	/usr/local/etc/rc.newwanip: Dynamic DNS: update script: server ns1.dns42.de; update delete ddns.example.com. A; update add ddns.example.com. 60 A my.ip.add.ress; ;	
2024-06-23T22:38:43	Error	opnsense	/usr/local/etc/rc.newwanip: Dynamic DNS: updating cache file /var/cache/rfc2136_opt9_ddns.example.com_ns1.dns42.de.cache: my.ip.add.ress	
2024-06-23T22:37:08	Error	opnsense	/usr/local/etc/rc.bootup: Dynamic DNS: update failed, delete cache files	
2024-06-23T22:37:08	Error	opnsense	/usr/local/etc/rc.bootup: Dynamic DNS: result: ; Communication with my.dns.ser.ver#53 failed: operation canceled; could not reach any name server; 1;	
2024-06-23T22:37:08	Error	opnsense	/usr/local/etc/rc.bootup: Dynamic DNS: update cmd: /usr/local/bin/nsupdate -k /var/etc/nsupdatekey1 -v /var/etc/nsupdatecmds1	
2024-06-23T22:37:08	Error	opnsense	/usr/local/etc/rc.bootup: Dynamic DNS: update script: server ns1.dns42.de; update delete ddns.example.com. A; update add ddns.example.com. 60 A my.ip.add.ress; ;	
2024-06-23T22:37:08	Error	opnsense	/usr/local/etc/rc.bootup: Dynamic DNS: updating cache file /var/cache/rfc2136_opt9_ddns.example.com_ns1.dns42.de.cache: my.ip.add.ress

Additional context

My workaround is to delete the cache files when the exit code of the nsupdate command is not zero.

My change in /usr/local/etc/inc/plugins.inc.d/rfc2136.inc:

        if ($need_update) {
            @file_put_contents("/var/etc/nsupdatecmds{$i}", $upinst);
            unset($upinst);

            /* invoke nsupdate */
            $cmd = "/usr/local/bin/nsupdate -k {$keyfile}";
            if (isset($dnsupdate['usetcp'])) {
                $cmd .= " -v";
            }
            $cmd .= " /var/etc/nsupdatecmds{$i}";

            //mwexec_bg($cmd);
            $out = shell_exec($cmd." 2>&1; echo $?");
            $status = ((int)trim(end(explode("\n", trim($out)))));

            log_error("Dynamic DNS: update script: ".str_replace("\n", "; ", file_get_contents("/var/etc/nsupdatecmds".$i))>
            log_error("Dynamic DNS: update cmd: ".$cmd);
            log_error("Dynamic DNS: result: ".str_replace("\n", "; ", $out));

            if ($status > 0) {
                @unlink($cacheFile);
                @unlink($cacheFile6);
                log_error("Dynamic DNS: update failed, delete cache files");
            }

            unset($cmd);
            unser($out);
        }

Environment Software version used and hardware type if relevant. e.g.:

OPNsense 24.1.9_4-amd64 FreeBSD 13.2-RELEASE-p11 OpenSSL 3.0.14

Manufacturer: PC Engines Product Name: apu4

perryflynn avatar Jun 23 '24 20:06 perryflynn

When possible, please open a pull-request. currently the nsupdate action seems to be backgrounded, if you make it blocking, it might stall the boot process. (with a pull-request we can review and offer feedback)

AdSchellevis avatar Jun 24 '24 07:06 AdSchellevis

PR is opened.

perryflynn avatar Jun 24 '24 19:06 perryflynn

@AdSchellevis ddclient also supports nsupdate. But as it looks like that protocol is not yet exposed to the OPNSense UI. Does it maybe make sense to replace the rfc2136 plugin with os-ddclient?

https://sourceforge.net/p/ddclient/wiki/protocols/#nsupdate

perryflynn avatar Jun 26 '24 19:06 perryflynn

@perryflynn it might be worth a try if that works better, but my advise would be to first install ddclient (without our plugin package) and test it out. If it works as expected, just let me know what it needs so we can discuss how to implement it there.

AdSchellevis avatar Jun 26 '24 19:06 AdSchellevis

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

OPNsense-bot avatar Dec 20 '24 20:12 OPNsense-bot

I'm also being hit by this bug which makes the plugin useless for me as I reboot my router often and I need it to update the DNS when booting up. @perryflynn Are you using this fix or does ddclient support this now?

z411 avatar May 16 '25 20:05 z411

@z411 I gave up on this as there was no real interest in fixing the issue and I was unable to figure out a nice solution all by myself. Also I am unwilling to keep a workaround alive outside of the official source tree.

perryflynn avatar May 18 '25 17:05 perryflynn 

$ sudo grep 2136 system/system_20250529.log
<11>1 01:16:00 opnsense 63541 - [meta sequenceId="1"] /usr/local/etc/rc.rfc2136: Dynamic DNS: Not updating lab.ddns.foulab.org A record because the IP address has not changed.
<11>1 01:16:00 opnsense 63541 - [meta sequenceId="2"] /usr/local/etc/rc.rfc2136: Dynamic DNS: Not updating lab.ddns.foulab.org AAAA record because the IPv6 address has not changed.
<13>1 18:56:26 opnsense 296 - [meta sequenceId="255"] /usr/local/etc/rc.bootup: plugins_configure bootup (execute task : rfc2136_configure_do(1))
<11>1 18:56:26 opnsense 296 - [meta sequenceId="256"] /usr/local/etc/rc.bootup: Dynamic DNS: updating cache file /var/cache/rfc2136_wan_lab.ddns.foulab.org_ns1.foulab.org.cache: <snip>
<11>1 18:56:26 opnsense 296 - [meta sequenceId="257"] /usr/local/etc/rc.bootup: Dynamic DNS: updating cache file /var/cache/rfc2136_wan_lab.ddns.foulab.org_ns1.foulab.org_v6.cache: 2606:6d00:10:5a83:<snip>
<13>1 18:56:26 kernel - - [meta sequenceId="261"] <118>Configuring RFC 2136 clients...done.
<13>1 18:56:33 opnsense 22163 - [meta sequenceId="55"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : rfc2136_configure_do(,wan,lan))
<13>1 18:56:33 opnsense 15899 - [meta sequenceId="59"] /usr/local/etc/rc.newwanip: plugins_configure newwanip_map (execute task : rfc2136_configure_do(,wan))
<13>1 20:30:54 opnsense 281 - [meta sequenceId="248"] /usr/local/etc/rc.bootup: plugins_configure bootup (execute task : rfc2136_configure_do(1))
<11>1 20:30:54 opnsense 281 - [meta sequenceId="249"] /usr/local/etc/rc.bootup: Dynamic DNS: updating cache file /var/cache/rfc2136_wan_lab.ddns.foulab.org_ns1.foulab.org.cache: <snip>
<13>1 20:30:54 kernel - - [meta sequenceId="255"] <118>Configuring RFC 2136 clients...done.
<13>1 20:31:02 opnsense 48296 - [meta sequenceId="50"] /usr/local/etc/rc.newwanip: plugins_configure newwanip_map (execute task : rfc2136_configure_do(,wan))
<11>1 20:31:02 opnsense 48296 - [meta sequenceId="52"] /usr/local/etc/rc.newwanip: Dynamic DNS: updating cache file /var/cache/rfc2136_wan_lab.ddns.foulab.org_ns1.foulab.org_v6.cache: 2606:6d00:17:3e65:<snip>

nsupdate most likely failed here.

nsupdate is executed via mwexec_bg (https://github.com/opnsense/plugins/blob/f7c0282132d57596d1ff3436918e619762aaa062/dns/rfc2136/src/etc/inc/plugins.inc.d/rfc2136.inc#L209), which uses /usr/sbin/daemon but I think syslog redirect is disabled by default, so I don't have any logs of what nsupdate said.

AAAA record is now out of date but cache is updated.

<13>1 20:31:02 opnsense 51020 - [meta sequenceId="57"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : rfc2136_configure_do(,wan,lan))
<13>1 20:34:43 opnsense 13771 - [meta sequenceId="18"] /usr/local/etc/rc.linkup: plugins_configure newwanip_map:rfc2136 (,lan)
<13>1 20:34:43 opnsense 13771 - [meta sequenceId="19"] /usr/local/etc/rc.linkup: plugins_configure newwanip_map (execute task : rfc2136_configure_do(,lan))
<13>1 20:34:48 opnsense 34409 - [meta sequenceId="44"] /usr/local/etc/rc.newwanipv6: plugins_configure newwanip_map (execute task : rfc2136_configure_do(,wan,lan))

$ sudo grep 2136 system/system_20250530.log
<11>1 01:16:00 opnsense 23033 - [meta sequenceId="1"] /usr/local/etc/rc.rfc2136: Dynamic DNS: Not updating lab.ddns.foulab.org A record because the IP address has not changed.
<11>1 01:16:00 opnsense 23033 - [meta sequenceId="2"] /usr/local/etc/rc.rfc2136: Dynamic DNS: Not updating lab.ddns.foulab.org AAAA record because the IPv6 address has not changed.

and because cache appears up to date, rfc2136 does not update it again for days. In fact it would take 25 days ($maxCacheAgeSecs) for this to recover automatically.

cpatulea avatar Jun 02 '25 23:06 cpatulea