Enabling dynamic DNS is too convoluted, difficult

I have added two IP addresses as DNS server on the LAN interface as you ask.

root@netbook:~# cat /etc/config/network 

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd42:0bfd:d34a::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.50.2'
        option netmask '255.255.255.0'
        option gateway '192.168.50.1'
        list dns '1.0.0.1'
        list dns '1.1.1.1'

But the DDNS service still does not activate

root@netbook:~# logread | grep ddns
root@netbook:~#

Screenshot_20230626_1852291366×768 71.9 KB

How not? LAN is the network with internet access. Haven't you seen that the service works when I reload the service with the "Reload" or "Recargar" button?

Here it has been shown that it is not true and that having a DNS server in OpenWrt is enough without having to enter DNS servers in the LAN interface configuration.

With this you are giving me to understand that you are not sure of what you have said regarding having a public DNS server on the LAN interface and that entering the IP 127.0.0.1 is the same as having the forwarding in /etc/config/dhcp.

• No, DHCP is your dnsmaq config
• You told dnsmasq to use AdGuard
• You had no DNS server specified whatsoever on your network
• 127.0.0.1 specifies dnssmasq, which specified AdGuard
• AdGuard is just another DNS resolver I assume

This is why I don't know:

I don't know what you have configured here, and it would be a dramatic comedy if you specified chicken-in the-egg DNS setup here. Or you had no DNS servers setup there whatsoever.

So, that is eliminated by specifying a Public DNS server - especially for DDNS. Best practice - and trying to configure the machine so the issue or bug can be reproduced.

Thus far, I cannot reproduce a non working ddns config, except removing my DNS.

Did you reboot after this?

Reload network?

I'm not sure what you mean.

screen505168×687 12.5 KB

I'm also able to reproduce the issue with an erroneous DDNS config

I assume you removed the curl config for testing (unless you removed the default from the custom image from the firmware builder)?

Yes, the dhcp file has dnsmasq settings. It should be noted that it is the only DNS server. Requests are forwarded to the specified IP 127.0.0.1#5300 which is AdGuardHome. This ad blocker has Cloudflare as upstream DNS.

In what network? In the LAN? I have already presented that it has not been fixed if I add public DNS servers in LAN as you are asking.

But it is not reachable as a DNS server. It is only for dnsmasq.

I already said that Cloudflare is the upstream DNS of AdGuardHome.

Screenshot_20230626_1922371366×768 66.8 KB

I have added 1.0.0.1 in DDNS as DNS server

root@netbook:~# cat /etc/config/ddns 

config ddns 'global'
        option ddns_dateformat '%F %R'
        option ddns_loglines '250'
        option ddns_rundir '/var/run/ddns'
        option ddns_logdir '/var/log/ddns'
        option use_curl '1'

config service 'duckdns'
        option service_name 'duckdns.org'
        option use_ipv6 '0'
        option enabled '1'
        option lookup_host 'x.duckdns.org'
        option domain 'x.duckdns.org'
        option username 'x'
        option password 'password'
        option ip_source 'web'
        option use_syslog '2'
        option check_unit 'minutes'
        option force_unit 'minutes'
        option retry_unit 'seconds'
        option ip_url 'https://ifconfig.me/ip'
        option interface 'wan'
        option dns_server '1.0.0.1'

Screenshot_20230626_1925471366×768 101 KB

Now I see that option interface 'wan' was added by adding option dns_server '1.0.0.1'. This is another bug.

Screenshot_20230626_1930311366×768 87.4 KB

Because probably the errors are not triggered with your configuration.

I'm talking about the "new IP" not being sent if I don't press the "Reload" button in the service, which in this case is DuckDNS.

You're not using WARP, as DNS are you?

• WAN was always there
• Did you add that IP address there?

Something is wrong - I would advise trying a standard setup first. I'm not even sure how your DNS server would be added. Clearly from my screenshot I have the same version as you and I do not have this issue.

Adding an IP in /etc/config network on LAN does not add one in DDNS.

You likely must reboot; or:

/etc/init.d/network restart
#and
/etc/init.d/ddns restart

What made you think I use WARP? There is nothing mentioning that service.

There is no WAN interface. I did not add option interface 'wan'. It added itself. This is an error and can be seen in the screenshots.

I added 1.0.0.1 in the DDNS config file so that it uses that DNS server as you asked above. It's not a DNS problem.

Screenshot_20230626_1941001366×768 107 KB

I have rebooted the device directly and it does not automatically update the IP for the domain. It's a DDNS problem, not DNS.

I thought WARP because you said Cloudflare and you seem to have tls (DoT) on your DNS servers. I didn't know if you had a CloudFlare wireguard tunnel, cool.

Yes, it was always there from your screenshiots, I understand you are concerned in any case, I see it. I need a test device to see if I have the same behavior. Nonetheless, one pick noted it didn't exist - I could only get that to occur when specifying wan in UCI when it doesn't exist. I'll need to test on another device.

I didn't say there. I mean on your LAN config. 127.0.0.1 should be fine - as discussed now.

It's just DNS over TLS. No WARP.

At some point I added 127.0.0.1 on LAN as you asked and it didn't fix anything.

root@netbook:~# cat /etc/config/ddns 

config ddns 'global'
        option ddns_dateformat '%F %R'
        option ddns_loglines '250'
        option ddns_rundir '/var/run/ddns'
        option ddns_logdir '/var/log/ddns'
        option use_curl '1'

config service 'duckdns'
        option service_name 'duckdns.org'
        option use_ipv6 '0'
        option enabled '1'
        option lookup_host 'x.duckdns.org'
        option domain 'x.duckdns.org'
        option username 'x'
        option password 'password'
        option ip_source 'web'
        option use_syslog '2'
        option check_unit 'minutes'
        option force_unit 'minutes'
        option retry_unit 'seconds'
        option ip_url 'https://ifconfig.me/ip'
        option interface 'wan'
        option dns_server '1.0.0.1'

root@netbook:~# cat /etc/config/network 

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd42:0bfd:d34a::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.50.2'
        option netmask '255.255.255.0'
        option gateway '192.168.50.1'
        list dns '127.0.0.1'

I was trying to setup this thing https://github.com/BigNerd95/ASUSddns
I was trying to use custom DDNS service with custom script defined. But it turned out, that you can't define any parameters in this config line. Instead you are supposed to create a wrapper script that will be able to use such variables as $domain, $username, $password which will contain values from corresponding config lines. Documentation does not say anything about this.

It doesn't look like that script has been created by, or is officially support by, OpenWRT. Any issues with it should be reported to the author.

The problem is that DDNS client supports custom scripts through "update_script" config param. It is even properly displayed in UI. But documentation does not give any hints on how this parameter should be used. For example in my case value of this parameter is "/usr/lib/ddns/AsusCommDNS.sh" and contents of the script

#!/bin/bash 
/usr/lib/ddns/ASUSddns.sh $username $password $domain update logger

This is very simple wrapper, but I had to dig a few hours, because docs did not give me any hints.

Feel free to update Applying for OpenWrt wiki account

Untrue, I can insert those variables directly into a URL field. I don't need a script for custom DNS. In fact, I do this for HE.net DDNS - as there is a custom URL for doing both DDNS and updating a 6in4 tunnel.

I would advise reviewing the official Wiki before editing it.

If your DDNS service provides a single URL that you can use, that is great. This situation is covered in docs very well. But don't talk for everyone.

The script you linked only has 1 URL. It is expressed in this line:

 echo $(curl --write-out %{http_code} --silent --output /dev/null --user-agent "ez-update-3.0.11b5 unknown [] (by Angus Mackay)" --basic --user $user:$password "http://ns1.asuscomm.com/$path?hostname=$host&myip=$wanIP")

You would express/add this as a URL using the OpenWrt variables. So, either I don't understand your point; or you linked the incorrect GitHub page?

Or you still think a script is needed?

EDIT:

To be clear, there are other URLs, one obtains the Public IP, the other is a link to the GitHub page. The single URL above updates the DDNS provider.

I found it simplest to just add a trigger to my PPPoE interface to update the DNS whenever it comes up, i.e. my public IP changes. The main reason is that my firewall is set not to allow the router itself to make outbound connections, so I needed an event-driven hook to temporarily enable a firewall rule to allow the http(s) connection. It's straightforward enough; I'll post the code if anyone's interested.

(Note if you do this, remember to add the script(s) to the things that get backed up and restored at upgrade time.)

(The downside of this approach is that your provider's dyn dns interface may be nonfunctional or unreachable for some reason at interface-up time. I decided to deal with that case with a belt-and-braces approach: another system on my network, one which is always allowed outbound connections, has a cron entry to hit the URL every couple of hours to be on the safe side. So in the rare case that it doesn't happen in a timely way it'll still happen eventually.)

Asus may block connections from clients with wrong user agents at any time. Or change anything else. It is better to use a script that is regularly updated by author, when changes happen.