[Solved]Dyn DNS usage in OpenWrt

I want to use dynamic DNS on my new OpenWrt installation (Netgear r7800). However, I don't understand how this is done. I checked the user_manual for DDNS but the page shows unexpected info. In the base Netgear r7800 install, it's pretty straightforward: a box says, "use DDNS" you check it and then chose the service you want (NO/IP, DynDNS, etc). That's how dynamic DNS services are done on even old routers I'm familiar with. I went to the OpenWrt page; DHCP and DNS and don't see anything obvious there. Pretty sure I'm missing it...how is this done?

https://openwrt.org/docs/guide-user/services/ddns/client

3 Likes

..alternatively use inadyn or a shell script.

@feffer777, why didn't you just ask me in the original thread?

You browse to Services > Dynamic DNS

If you don't see it, additionally install: https://openwrt.org/packages/pkgdata/luci-app-ddns

Screenshot%20from%202019-01-31%2010-15-04

The OP can additionally install: https://openwrt.org/packages/pkgdata/ddns-scripts

Also, all DDNS scripts available: https://openwrt.org/packages/table/start?dataflt[Description_wiki*~]=Dynamic+DNS+Client+scripts

OK, using NO-IP for ddns provider & set up my domain name with them. Installed luci-app-ddns, went to Services > Dynamic DNS > edit IPv4 Here, I understood everything except in the Provider (NO-IP) section: "yourhost.example.com" Should I repeat my lookup host name?

Second, should I repeat the process and edit IPv6 the same way?

Third, do I want secure communication with my service provider (use https)...I think so, but then I need to provide a CA certificate. Not sure how to do that.

Finally, NO-IP has what I think is a reminder app that I can download and install into my linux system as this has to refresh every 30 days. It does require compiling, which I can do...if the app is really necessary. However do the OpenWrt scripts handle this same task? In that case the NO-IP stuff would be unnecessary.

As far as asking in the original thread...probably could have, but marked it [Solved] already.

Make a copy form the relevant script...then edit it for your account details. Simple (don't forget to enable it). Or you could just use the GUI.

Wait...you're trying to do IPv6 too?

  • I suggest getting a working IPv4 DDNS first, so you don't confuse yourself doing 2 at the same time.
  • Yes, repeat.
  • Be advised, I don't how your provider instructs you to setup an IPv4 and IPv6 name - and you didn't say if the A and AAAA would be on the same DDNS name.

If the request is coming from your router...it has your IP...what are you actually securing?

Regarding making HTTPS requests to the server, you don't need a cert, you need to install the appropriate HTTPS library.

Please see your first topic on renewals. Regarding compiling - if it's not available in the PackageTable, that answer is normally yes.

They can be a bit dodgy in my experience but if it works sure why not? :slight_smile:
inadyn will do SSL just fine otherwise

1 Like

I've been using dns.he.net for my ddns needs (both ipv4 and ipv6) for a couple of years now, it works pretty well using dedicated instances for both protocols.

1 Like

OK, think I understand most of this. Enabled IPv4, disabled IPv6...at least for now.

this I don't understand...but perhaps https is NOT necessary between me and the provider.

DDNS overview page shows the following for IPv4:
Lookup hostname: my.name.net & WAN# ; Enabled ="checked"; Last Update = "never"; Next update="verify"; Process ID= "PID: 12345"
Sound about right?
Also installed CA-certs and showed path to them for https...seems to be right.

Not at all right. It should look like this:
image

1 Like

Nope, "Verify" means that your: account name, ID, password, key, or the script to update is not working. "Never" means it has yet to send an update to the server.

I told you this wasn't necessary. So, can you explain why you installed it?

I stated you may only need to install the libraries needed to browse to an HTTPS server. I don't know why you need to install CA-certs.

Unsure if the problem is how I've configured OpenWrt, or a mistake on the NO-IP site. Using basic (free) service, I think I only need to choose/accept an IP name, however, I'm uncertain whether it needs to be "configured" further. On the OpenWrt site, I unchecked "use https" for now. Stopped and started the service and got this info from the log:

ERROR: no certificate subject alternative name matches
	requested host name 'update.no-ip.pl'.
To connect to update.no-ip.pl insecurely, use `--no-check-certificate'.
 201104  WARN : Transfer failed - retry 950/0 in 60 seconds
 201204       : #> /usr/bin/wget-ssl -nv -t 1 -O /var/run/ddns/myddns_ipv4.dat -o /var/run/ddns/myddns_ipv4.err --ca-directory=/etc/ssl/certs/ --no-proxy 'https://username%40gmail.com:j6way45too89far@update.no-ip.pl/?hostname=my.ddns.net'
 201207 ERROR : GNU Wget Error: '5'

Edit the previous post and erase your credentials!

1 Like

OK, tried various settings in OpenWrt, checked and changed NO-IP credentials; now getting this in the log:

211907       : uci configuration:
ddns.myddns_ipv4.domain='my-own.ddns.net'
ddns.myddns_ipv4.enabled='1'
ddns.myddns_ipv4.interface='wan'
ddns.myddns_ipv4.ip_network='wan'
ddns.myddns_ipv4.ip_source='network'
ddns.myddns_ipv4.lookup_host='my-own.ddns.net'
ddns.myddns_ipv4.password='***PW***'
ddns.myddns_ipv4.service_name='no-ip.pl'
ddns.myddns_ipv4.username='my-email@notmail.com'
ddns.myddns_ipv4=service
 211909       : verbose mode  : 0 - run normal, NO console output
 211909       : check interval: 600 seconds
 211910       : force interval: 259200 seconds
 211910       : retry interval: 60 seconds
 211910       : retry counter : 0 times
 211910       : No old process
 211911       : last update: never
 211911       : Detect registered/public IP
 211911       : #> /usr/bin/host -t A my-own.ddns.net  >/var/run/ddns/myddns_ipv4.dat 2>/var/run/ddns/myddns_ipv4.err
 211912       : Registered IP '65.333.444.555' detected
 211912  info : Starting main loop at 2019-02-01 21:19
 211912       : Detect local IP on 'network'
 211912       : Local IP '65.333.444.555' detected on network 'wan'
 211913       : Forced Update - L: '65.333.444.555' == R: '65.333.444.555'
 211913       : #> /usr/bin/wget-ssl -nv -t 1 -O /var/run/ddns/myddns_ipv4.dat -o /var/run/ddns/myddns_ipv4.err --no-proxy 'http://username%40gmail.com:***PW***@update.no-ip.pl/?hostname=my-own.ddns.net'
 211915 ERROR : GNU Wget Error: '6'
 211915       : Authentication selected: Basic realm="No-IP.pl Authenticator"
Username/Password Authentication Failed.
 211916  WARN : Transfer failed - retry 1/0 in 60 seconds

Is see that Username/Password Authentication Failed but they seem to be right; very confused about this?? Am I using the right service provider? It is NO-IP In the OpenWrt drop down menu, I chose "no-ip.pl" which I assume is correct (did not see any other "no-ip" choice). Don't think this should be so hard...am I missing something simple?

You are not using the right service provider. A translation from your own provider:

Installation on hardware routers

The No-IP.pl service allows you to cooperate with hardware routers that have a co-op option with a dynamic 'custom' diecut.

There is no need to run the client program on the computer.

The router must update the address via the HTTP protocol. In the configuration properties, the server type / method should be set to 'custom' ('own'),

as the server enter the name 'update.no-ip.pl', enter your username, password and hostname.

The URL for updating will then look like this (you can also check the operation directly in the browser):

http://update.no-ip.pl/?hostname=mojanazwahosta.no-ip.pl

I think it will become easier - if you read the instructions.

My service provider is NO-IP When I hit your link, http://update.no-ip.pl/?hostname=mojanazwahosta.no-ip.pl an authentication window opens: user/pw but putting in the credentials (that I use to log in to NO-IP) do not work. So yes, you're right, it does seem to be the wrong SP, but there is no other choice on: OpenWrt > Services > DynDNS > DDNS Service provider [IPv4]; drop down menu. The menu has a custom choice, but does not allow me to type in "update.no-ip.pl" In any case, I'm not sure I want that because user/pw doesn't work...that is NOT my SP.

Mine is also NO-IP. Directly above this PL provider:

Screenshot%20from%202019-02-01%2017-18-50

You find:

https://openwrt.org/packages/pkgdata/ddns-scripts_no-ip_com

Please install and let us know your results.

@ lleachii, thx for your patience. Installed ddns-scripts_no-ip first, after the no-ip.com choice appeared in the drop down. Everything good from there.

I probably asked this before, but in the distraction of using the similar, but wrong no-ip link forgot about it:
Basic NO-IP (as others) service is free, but requires monthly re-verification. I don't think the OpenWrt scripts take care of this...right? The NO-IP site has a DUC app that will download to linux, compile etc to act as a reminder. Is that what it is (and only that), is it a good idea, and do you use it?


No...can you just add a calendar reminder on a smartphone or something???

That's where I usually am when I renew it anyways...I just never thought about it as much as your are...

:thinking:


:+1:

Glad you got it working!

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).

grafik

1 Like