Modify

Opened 7 years ago

Closed 3 years ago

#7820 closed enhancement (fixed)

Enhancements to ddns-scripts to prevent possible dyndns.org abuse blockings

Reported by: Isti Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: Kamikaze 8.09
Keywords: ddns-script Cc:

Description

Updates on a bad connection (frequent disconnects) result in "blocked for abuse" scenario at dyndns.org

The dynamic_dns_updater.sh script checks for the current IP of the wan interface and compares it with what nslookup returns for the configured dynamic dns host.
If the wan interface is about to come up, or not up at all, it does not yet have an IP, the "current_ip" variable will be empty. Comparing it to the resolved IP will result in ddns wanting to upgrade. If in the meantime the wan interface does come up (or if there is another wan connection), ddns will succeed in issuing an update with an empty IP:
updating with url="http://XXX:XXX@members.dyndns.org/nic/update?hostname=XXX.ath.cx&myip="
Suggest checking for current_ip, and if empty skipping the update:

-       if [ "$current_ip" != "$registered_ip" ]  || [ $force_interval_seconds -lt $time_since_update ]
+       if [ -n "$current_ip" ] && ( [ "$current_ip" != "$registered_ip" ] || [ $force_interval_seconds -lt $time_since_update ] )

Buggy nslookup (ticket open for busybox) and locally defined hostname in dnsmasq - blocked dyndns for abuse

Since dynamic_dns_updater.sh uses a simple nslookup query, the IP for a configured host will be that returned by the local dns server(dnsmasq by default). If you happen to have defined a static IP for a dyndns account for lookups from inside the LAN (eg: to allow mobile clients to go directly to your internal port-forwarded mail server - if currently on the local LAN), the IP returned by nslookup will always be the locally defined one in the dnsmasq. This will result in updates even if the real wan IP did not change and thus being blocked for abuse.
The simplest solution would be to specify the external DNS server for the nslookup query, but because of the bug (http://bugs.busybox.net/view.php?id=4024), that doesn't work currently.
I had to remove local static IP entries for dynamic dns hostnames, and add lan side DNAT and SNAT rules for now.

Logging for ddns_script

The verbose_echo function in dynamic_dns_functions.sh simply uses echo. I suggest changing it to logger, or make it configurable depending on the value of $verbose_mode, this way syslog logging could be toggled from the config file:

verbose_echo()
{
        if [ "$verbose_mode" = 1 ]
        then
-                echo $1
+                logger -t ddns $1
        fi
}

Attachments (0)

Change History (4)

comment:1 Changed 7 years ago by dirtyfreebooter <openwrt@…>

I also had the blocked for abuse situation happen to me because of empty "$current_ip" during a period of up-and-down cable connection due to some problem with Comcast.

comment:2 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

comment:3 Changed 3 years ago by chris5560

Fixed in ddns-scripts ver 2.0.0-1
During script start it sleeps 10 seconds for interfaces to fully come up
With new

option dns_server "google-public-dns-a.google.com"

you can set an extra dns server to use

Please close the ticket for me.
Christian

Last edited 3 years ago by chris5560 (previous) (diff)

comment:4 Changed 3 years ago by nbd

  • Resolution set to fixed
  • Status changed from new to closed

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.