DDNS Security Question and Registration Problem

Hi all, I setup DDNS with Google Domains and it works great. Security question: I have a security camera system I connect to on my phone. Since I setup DDNS I can now connect to my custom domain (instead of a dynamic IP that keeps changing) through the security camera app, with the proper port and password. I have upnp on the router forwarding the port--are there any security problems with this?

My important question though is related to the constant errors I'm receiving in the syslog:

user.warn ddns-scripts[4806]: myddns_ipv4: NO valid IP found
user.warn ddns-scripts[4806]: myddns_ipv4: Get registered/public IP for 'xxxxx.com' failed - retry 478/0 in 60 seconds
user.warn ddns-scripts[4806]: myddns_ipv4: NO valid IP found
user.warn ddns-scripts[4806]: myddns_ipv4: Get registered/public IP for 'xxxxx.com' failed - retry 479/0 in 60 seconds

Here's my config:

config ddns 'global'
        option ddns_dateformat '%F %R'
        option ddns_loglines '250'
        option upd_privateip '0'

config service 'myddns_ipv4'
        option interface 'wan'
        option ip_source 'network'
        option ip_network 'wan'
        option service_name 'google.com'
        option use_https '1'
        option cacert '/etc/ssl/certs'
        option enabled '1'
        option domain 'xxxxx.com'
        option username 'xxxxxx'
        option password 'xxxxxx'
        option lookup_host 'xxxxx.com'

Is it because I set my lookup_host to be the same as my domain? I didn't really know what to put there. Should I put a DNS service like 8.8.8.8? Thanks all!

Yes, not because of ddns, but because virtually all ip cameras are plagued with horrible security track records. You'd better disallow them from talking to the internet (in all directions) and only access them via VPN into your home network.

1 Like

Yes, understand, although that's a little more work to solve a problem I'm not sure exists yet (the system we have works pretty well and hasn't had any security problems in my research).

Any idea on how to fix the constant errors I'm seeing in the syslog?

Does your WAN interface have a public IP address?
Are you sure "google.com" is your DDNS provider?

1 Like

Yes, under Network > Interfaces, WAN is showing up with an external IP that is my IP for the web, or "public IP" as you put it.

I bought the domain from domains.google.com and set up DDNS through that and it's working so yes, pretty sure they are the provider.

Your config impiles you are using your openwrt router’s wan ip within the update to your ddns provider. Does that interface actually have the public ip? Maybe you want to use one of these services? https://wtfismyip.com/text

Look in the logs for the ddns client. You should see the raw command its using to do the update. Try running that manually and check what happens. The error log you posted says its not actually updating anything.

Edit: i setup ddns myself just the other week, and the ip i currently had was automatically registered by my ddns provider when i set up my account. This gave false impression that ddns client was working . Only after i rebooted the modem did i discover the problem some days later..

I think I found the error. I changed the name of the configuration myddns_ipv4 to something else, but I did not restart the DDNS service. For whatever reason, I think those errors were coming from myddns_ipv4 still being left in memory or something, because after I restarted the router I don't see those errors anymore.

However, I am still getting an "HTTPS not supported!" error on the LuCI page, see here: DDNS claiming "HTTPS not supported" with curl

Thanks all!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.