[solved] dyndns updates are failing

silentsnake · 2014-04-06 20:05:08

Hey there,

I am using the Dyn.com dynamic DNS service with a custom (own) domain.
For updating the ip address i used to have a program called ddclient, but it stopped working a week ago or so. Since there were no updates or posts mentioning the problem, i thought it was the best to set up a plain VM and test it separately. Did not work either.
While searching the internet I have found a small script in AUR called "dyndns" with the same purpose as ddclient but it comes with less dependencies, so I have decided to use that client. Problem is, it is also not updating my ip.
At this point I was assuming something is wrong with the service, for example they changed API or something - because 2 clients, both tested on local machine and VM did not work correctly.

Since the dyndns script is very small I tried to debug it, even with very limited programming/bash skills.
I found the curl call that is presumingly updating the ip and called it directly without the silent flag.

[user@server ~]$ curl -u MYUSERNAME:MYPASSWORD "https://members.dyndns.org/nic/update?hostname=MYHOSTNAME&myip=MYIP&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG"

Following result was provided:

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

My current workaround was to add the -k option which "solved" the problem but I think this is not a very good solution at all. I assume with this option curl will accept self-signed certificates and will not check the identity of the server. With some DNS manipulation one could intercept the username/password and take over the domain. Truly not a very likely case, but I might think that there could be some better way. Maybe someone here is a bit more experienced that I am, especially with SSL stuff, could help me out?

Thanks!

Last edited by silentsnake (2014-04-10 15:06:35)

Slithery · 2014-04-06 20:11:36

Just a guess but it might have something to do with this...

https://mailman.archlinux.org/pipermail … 25977.html

silentsnake · 2014-04-08 22:02:52

Looks like your guess was right. ca-certificates-20140325-1 solved the problem. Thank you!

Inxsible · 2014-04-08 22:06:42

please mark your thread as solved

ewaller · 2014-04-08 22:10:52

One other thing. They have dropped their free service in its entirety. Be aware of that if you are using a free service and it breaks at the end of the month.

Last edited by ewaller (2014-04-10 15:15:05)

silentsnake · 2014-04-10 15:07:34

Thanks for the information, but I am using a paid subscription.

Marked the thread as solved, sorry for the delay.

Last edited by silentsnake (2014-04-10 15:07:47)

Arch Linux

#1 2014-04-06 20:05:08

[solved] dyndns updates are failing

#2 2014-04-06 20:11:36

Re: [solved] dyndns updates are failing

#3 2014-04-08 22:02:52

Re: [solved] dyndns updates are failing

#4 2014-04-08 22:06:42

Re: [solved] dyndns updates are failing

#5 2014-04-08 22:10:52

Re: [solved] dyndns updates are failing

#6 2014-04-10 15:07:34

Re: [solved] dyndns updates are failing

Board footer