Odd DNS issue, different IP returned with nslookup for my DDNS hostname

alirz1 · July 22, 2018, 1:50am

Running LEDE build from June 2018. Having an odd issue. I have a DDNS hostname at xxxxxxx.changeip.com
Im using the LEDE built in ddns script to update that. While the update itselft works fine, i am noticing a lot of unnecessary update attempts being made.

Upon further troubleshooting i have found that every now and then(like few times within the hour) nslookup from my openwrt router seems to return an old WAN IP that my modem had from my ISP few about two days ago.
I know that the ddns script also uses nslookup also to determine if an IP update is needed or not. So when this wrong IP is returned, the script tries to update the DDNS record, but fails for whatever reason! and then goes into a retry loop.
When this issue is occurring, nslookup from my PC also returns the wrong IP address. However at that time, a nslookup from my ISP's mode seems to return the correct IP. So it seems like an issue with openwrt DNS.

Though this odd lookup behavior resolves it after a few minutes, only to re-occur some time later. I can replicate it by restarting the dnsmasq service on the router. It then starts returning the old IP again for a few minutes. This is driving me nuts.
i think something in the router has cached this old record of my DDNS. Would really like some input.

Notes:
Router is the only authoritative dhcp/dns server.
Router itself uses the DNS servers from the ISP.
I have a PPPoE connection to the ISP

log extract. note that IP ending in X.X is the correct WAN ip whereas IP ending in Y.Y is the incorrect IP returned from nslookup.

 185945       : Waiting 600 seconds (Check Interval)
 190945       : Detect registered/public IP
 190945       : #> /usr/bin/nslookup xxxxxx.changeip.org  >/var/run/ddns/changeip.dat 2>/var/run/ddns/changeip.err
 190945       : Registered IP '69.156.X.X' detected
 190945  info : Rerun IP check at 2018-07-21 19:09
 190945       : Detect local IP on 'network'
 190945       : Local IP '69.156.X.X' detected on network 'wan'
 190945       : Waiting 600 seconds (Check Interval)
 191945       : Detect registered/public IP
 191945       : #> /usr/bin/nslookup xxxxxx.changeip.org  >/var/run/ddns/changeip.dat 2>/var/run/ddns/changeip.err
 191946       : Registered IP '69.156.Y.Y' detected
 191946  WARN : Updating IP at DDNS provider failed - starting retry 1/0
 191946       : Detect local IP on 'network'
 191946       : Local IP '69.156.X.X' detected on network 'wan'
 191946       : Update needed - L: '69.156.X.X' <> R: '69.156.Y.Y'
 191946       : #> /usr/bin/curl -RsS -o /var/run/ddns/changeip.dat --stderr /var/run/ddns/changeip.err --noproxy '*' 'http://xxxxxxx%40hotmail.com:*password*@nic.changeip.com/nic/update?u=xxxxxxx%40hotmail.com&p=*password*&cmd=update&hostname=xxxxxx.changeip.org&ip=69.156.X.X&cmd=update&set=1'
 191946       : DDNS Provider answered:\n200 Successful Update
 191946  info : Update successful - IP '69.156.X.X' send
 191946  info : Forced update successful - IP: '69.156.X.X' send
 191946       : Waiting 600 seconds (Check Interval)
 192946       : Detect registered/public IP
 192946       : #> /usr/bin/nslookup xxxxxx.changeip.org  >/var/run/ddns/changeip.dat 2>/var/run/ddns/changeip.err
 192946       : Registered IP '69.156.Y.Y' detected
 192946  WARN : Updating IP at DDNS provider failed - starting retry 2/0
 192946       : Detect local IP on 'network'
 192946       : Local IP '69.156.X.X' detected on network 'wan'
 192946       : Update needed - L: '69.156.X.X' <> R: '69.156.Y.Y'
 192947       : #> /usr/bin/curl -RsS -o /var/run/ddns/changeip.dat --stderr /var/run/ddns/changeip.err --noproxy '*' 'http://xxxxxxx%40hotmail.com:*password*@nic.changeip.com/nic/update?u=xxxxxxx%40hotmail.com&p=*password*&cmd=update&hostname=xxxxxx.changeip.org&ip=69.156.X.X&cmd=update&set=1'
 192947       : DDNS Provider answered:\n200 Successful Update
 192947  info : Update successful - IP '69.156.X.X' send
 192947  info : Forced update successful - IP: '69.156.X.X' send
 192947       : Waiting 600 seconds (Check Interval)

alirz1 · July 22, 2018, 2:23am

More weird behavior. If this command is correct then even google DNS returned the wrong IP once.Again, IP ending in Y.Y is wrong.

root@OpenWrt:/home/user# nslookup xxxxxxx.changeip.org 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Name:      xxxxxxx.changeip.org
Address 1: 69.156.Y.Y
*** Can't find xxxxxxx.changeip.org: No answer

root@OpenWrt:/home/user# nslookup xxxxxxx.changeip.org
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:      xxxxxxx.changeip.org
Address 1: 69.156.X.X
*** Can't find xxxxxxx.changeip.org: No answer

slh · July 22, 2018, 2:23am

Check the TTL setting for your DNS entry

$ dig +nocmd +noall +answer A xxxxxxx.changeip.com
xxxxxxx.changeip.com.   300     IN      A       170.178.190.213

...and check all authoritative nameservers for changeip.com

$ dig NS xxxxxxx.changeip.com
[...]

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xxxxxxx.changeip.com.          IN      NS

;; AUTHORITY SECTION:
changeip.com.           14      IN      SOA     ns3.changeip.com. support.changeip.com. 469055 3600 150 604800 30

...to finish it, check them individually

$ dig +nocmd +noall +answer A xxxxxxx.changeip.com @ns3.changeip.com.
xxxxxxx.changeip.com.   300     IN      A       170.178.190.213

...

alirz1 · July 22, 2018, 2:41am

Whatever its worth, I've always had the TTL set to the default of 60 (seconds?) with my DDNS provide, changeip.com
I also wanted to point out that with all of the above i said being correct, my ddns host NEVER actually has the old IP registered with it on changeip.com, even when nslookup is reporting it!

alirz1 · July 22, 2018, 2:48am

Here are the results of your suggest commands. Though i dont know, how to read that.

root@OpenWrt:/home/user# dig +nocmd +noall +answer A xxxxxx.changeip.com
xxxxxx.changeip.com.     299     IN      A       170.178.190.213

------------------------------------------------------------------------------------------------------------------------
root@OpenWrt:/home/user# dig NS xxxxxx.changeip.com

; <<>> DiG 9.11.3 <<>> NS xxxxxx.changeip.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55888
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;xxxxxx.changeip.com.            IN      NS

;; AUTHORITY SECTION:
changeip.com.           29      IN      SOA     ns3.changeip.com. support.changeip.com. 469055 3600 150 604800 30

;; Query time: 94 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jul 21 22:44:19 EDT 2018
;; MSG SIZE  rcvd: 95

-------------------------------------------------------------------------------------------------------------------------
root@OpenWrt:/home/user# dig +nocmd +noall +answer A xxxxxx.changeip.com @ns3.changeip.com
xxxxxx.changeip.com.     300     IN      A       170.178.190.213

root@OpenWrt:/home/user# dig +nocmd +noall +answer A xxxxxx.changeip.com@ support.changeip.com
support.changeip.com.   29      IN      A       8.25.37.18

alirz1 · July 22, 2018, 2:48pm

A new finding. I decided to some nslookup tests from outside my network and i found that the old IP is also returned sometimes. So based on that result, i cannot blame openwrt. instead changeip.com itself. I'm going to reach to them!

alirz1 · July 24, 2018, 1:06am

It looks like the ddns script in openwrt uses nslookup to determine if the DDNS IP needs to be updated or not. My issue turns out to be that ONE of the DNS servers of changeip.com is the returning the wrong IP address.

Is there a place where i can modify the ddnsc script so that the nslookup is done against a specfic DNS server?

mbo2o · July 24, 2018, 1:15am

Im not sure about ddnsc but to use a specific server add the server to the nslookup command

# nslookup openwrt.org 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1#53

Name:      openwrt.org
Address 1: 139.59.209.225
Address 2: 2a03:b0c0:3:d0::1af1:

jeff · July 24, 2018, 1:17am

First thing is that if your router can't reliably get your IP from your DDNS provider, you others won't be able to either. Might be worth considering another DDNS provider!

Looks like the script is in feeds/luci/applications/luci-app-ddns/luasrc/tools/ddns.lua

$ nslookup
BusyBox v1.28.3 () multi-call binary.

Usage: nslookup [HOST] [SERVER]

Query the nameserver for the IP address of the given HOST
optionally using a specified DNS server

so it looks like you could "hack" the script to define the server you wish to query.

alirz1 · July 24, 2018, 2:59am

Thanks, I agree this is not a fix. I finally convinced changeip support team that the issue was coming from one of their dns servers. They say they found the issue and fixed it. Let’s see.