|
[Config] DynDNS.org on Cisco 871I am trying to configure a Cisco 871 to perform updates at DynDNS.org when the WAN IP addr changes (via DHCP).
I am struggling (and drowning) with the Cisco documents.
Q: Does anyone have any experience setting up dyndns.org updates using Cisco IOS 12.3 or 12.4?
Thanks, Miguel |
|
|
BRABUS
Member
2005-Nov-1 8:15 pm
mthoward, Don't worry, you are not alone I have the same problem. |
|
|
to mthoward
mthoward, Are you using the CLI or SDM? |
|
|
I have not found anything in SDM for managing ddns. Therefore, I am using the CLI. I have done some experiments trying to follow » www.cisco.com/en/US/prod ··· 1ba.htmland » www.cisco.com/en/US/prod ··· p1109464I put in the following commands: ip ddns update method DynDNS HTTP add ht tp://myUsername:secret@members.dyndns.org/nic/update?system=dyndns&hostname=testmth&myip=<a> interval maximum 28 0 0 0 ! Note: I explicitly inserted a space in ht tp in this posting because the url-recognition code in the forum software was turning it into a URL. But this is not in my config.My test entry at dyndns.org is not getting updated ... Q: Do I need to explicitly put in something to kick-start the ddns updates? I am not comfortable with the <a> designation that the examples use. It is supposed to substitute in an address, but ... Q: Where is the assocation that identifies which interface should be used for the dyndns update? They identify a maximum interval, but it is not clear to me how frequently they are going to update. The dyndns folks do not want people updating entries unless the IP addr has changed. Therefore, it seems to me that there should be a query URL in addition to an update URL. I am somewhat concerned that the Cisco will update unnecessarily ... and cause me headaches. Thanks for your help. Miguel |
|
|
to mthoward
mthoward, This is using SDM v2.2...
Click the Configure button in the toolbar along the top.
Click Additional Tasks along the left side.
Fifth item down in the list is Dynamic DNS Methods. Choose that and you can "Add" your Dynamic DNS information from there. |
|
I_Route Premium Member join:2003-09-19 Merrimack, NH 4 edits |
to mthoward
Under the interface you have to tell it to use the method "DynDNS", and the hostname to update. I do not use this but got it working last night. ip ddns update method DynDNS HT TP add ht tp: //usrnm|password@<s>/nic/update?system=dyndns&hostname=jforhan-cisco.homeip.net&myip=<a> interval maximum 10 0 0 0 ip host members.dyndns.org 63.208.196.95 interface FastEthernet0/1 ip ddns update hostname jforhan-cisco.homeip.net ip ddns update DynDNS host members.dyndns.org ip address dhcp The ip host entry populates the "s" in "less than and greater than signs" (POS posting software is code happy. Any way to turn this shit off? LOL) since I was getting DNS lookup timeout. Seems the code tries the update before the IP gets bound to the interface. I suppose you can not put a host entry and subsiquent resolutions would work fine. I just hard coded the hostname since using DHCP will often change it and Adelphia uses the assigned address as part of the hostname, etc., etc. The first update did not work however as it did not know where "members.dyndns.org" was. Also, it tries before the adress is actuall bound. Subsiquent updates worked fine. I lowered the max interval from 28 days to just under the length of the DHCP lease I got from the ISP. In my case the lease is 12 hours. I set the interval to 10. 001018: Nov 2 06:19:56.823 EST: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (172.25.1.11) C2651XM# 001019: Nov 2 06:23:48.708 EST: DYNDNSUPD: Adding DNS mapping for jforhan-cisco.homeip.net 68.232.199.168 server 63.208.196.95 001020: Nov 2 06:23:48.708 EST: HTTPDNS: Update add called for jforhan-cisco.homeip.net 68.232.199.168 001021: Nov 2 06:23:48.708 EST: HTTPDNSUPD: Session ID = 0x4F 001022: Nov 2 06:23:48.708 EST: HTTPDNSUPD: URL = 'http://username:password@63.208.196.95/nic/update?system=dyndns&hostname=jforhan-cisco.homeip.net&myip=68.232.199.168' 001023: Nov 2 06:23:48.708 EST: HTTPDNSUPD: Sending request 001024: Nov 2 06:23:48.800 EST: HTTPDNSUPD: Response for update jforhan-cisco.homeip.net 68.232.199.168 001025: Nov 2 06:23:48.800 EST: HTTPDNSUPD: DATA START 001026: Nov 2 06:23:48.800 EST: HTTPDNSUPD: DATA END, Status is Response data recieved, successfully 001027: Nov 2 06:23:48.800 EST: HTTPDNSUPD: Call returned SUCCESS for update jforhan-cisco.homeip.net 68.232.199.168 001028: Nov 2 06:23:48.804 EST: DYNDNSUPD: Another update completed (outstanding=0, total=0) 001029: Nov 2 06:23:48.804 EST: HTTPDNSUPD: Clearing all session 79 info System image file is "flash:c2600-adventerprisek9-mz.124-4.9.T" HTH Later, Jeff |
|
|
to Innuendo
Innuendo,
I upgraded to SDM v2.2.
I added a dyndns method
I then went into Configure -> Interfaces and Connections -> FastEthernet4 -> Connection -> Dynamic DNS Method and chose the method
Everything looked OK and made sense to me ... but nothing got updated. :-( |
|
mthoward 1 edit |
to I_Route
I_Route, Separately, went into the CLI and blew away the config set up by SDM. I then mimicked your config from above ... no joy. I am not seeing any DYNDNS-related log entries in my log file. I changed the max interval to once-per-minute ... no joy. Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(2)T2, RELEASE SOFTWARE (fc3) ... ip host members.dyndns.org 63.208.196.95 ... ip ddns update method DynDNS HTTP add ht tp://UUUUU:XXXXX@members.dyndns.org/nic/updatesystem=dyndns&hostname=<h>&myip=<a> remove ht tp://UUUUU:XXXXX@members.dyndns.org/nic/updatesystem=dyndns&hostname=<h>&myip=<a> interval maximum 0 0 1 0 ! ... interface FastEthernet4 description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$ ip ddns update hostname cisco871.dyndns.org ip ddns update DynDNS ip address dhcp client-id FastEthernet4 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect DEFAULT100 out ip virtual-reassembly ip route-cache flow duplex auto speed auto ! ... I am using show logging in order to view the log entries ... Q: Is there another/better way to view the log entries? Regardless, I am not seeing any entries related to ddns. If I temporarily unplug the ethernet cable for my FastEthernet4 (WAN) connection, then I see the line go down & back up, followed by DHCP assignment ... but nothing related to ddns Thanks in advance, Miguel |
|
|
to mthoward
mthoward, I haven't actually set up any Dynamic DNS functionality yet. Every time I think I'm going to explore that avenue Real Life comes along and interferes. |
|
I_Route Premium Member join:2003-09-19 Merrimack, NH |
to mthoward
Enable ddns update debugging:
Router#debug ip ddns update
Then either watch the parser (if using console) or issue "term mon" from an SSH/telnet session and you will see the debugs.
ne difference I noticed was you do not have the host option under your FE4 interface:
ip ddns update DynDNS host members.dyndns.org
I also hard coded the hostname I used at DynDNS.com in to the update and did not use the "h" option.
HTH
Later, Jeff |
|
|
Thank you for showing me how to enable debugging of ddns.
I found that I did not have the question marks (?) in my URLs.
I thought that I had checked that ... given the difficulty of entering question marks through the CLI (Ctl-V ?) ... but you can see in the listing above that they are not there updatesystem instead of update?system
My issues are getting slowly resolved ... but it is an arduous process.
Miguel |
|
I_Route Premium Member join:2003-09-19 Merrimack, NH |
I_Route
Premium Member
2005-Nov-4 2:40 pm
Oh, I thought you had the (?) in your config. Do this: 1. Create a text file with the correct command line syntax for the four lines: ip ddns update method DynDNS HTTP add ht tp://usename:password@<s>/nic/update?system=dyndns&hostname=YOURHOSTNAMEHERE&myip=<a> interval maximum 10 0 0 0 2. Save the file as ddns.cfg or something you can remember 3. Place the file in your tftp root directory. (I use PumKin tftp server on my laptop. You can select where the files are served from) 4. On your router, copy from tftp to your running-config. Select your tftp server address and the file you created above. This will copy the entries from the text file to your running config and you will now have the (?) in the right place. HTH Later, Jeff |
|
|
That is what I was trying to do when I uncovered another problem.
I cannot tftp the full config because it croaks upon seeing the rsa certificate data.
Your message says that when I do a copy tftp: running-config then it does not need to be a full config ... I did not realize that ... I have ordered 3 Cisco books. |
|
I_Route Premium Member join:2003-09-19 Merrimack, NH |
I_Route
Premium Member
2005-Nov-4 3:27 pm
That is correct. It will copy whatever is in the text file you tftp and it will NOT over-write the other portions of the config.
Perhaps you could come to our Boxborough facility for a tour one day. I travel allot but I am here occasionally......
Later, Jeff |
|
|
I have convinced myself that DynDNS update does not work properly on a Cisco 871 running Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(2)T2, )
After getting my question-mark problem resolved, I saw that the DynDNS updates were happening. If I set the interval maximum to every 2 minutes using interval maximum 0 0 2 0 I observed that it would make the http call to update the entry.
I decided to do further testing to confirm that the updates were happening at the right times.
What I observed is that the DynDNS entry will get updated only after the interval maximum has expired. That is, if the DHCP ip address changes on the interface, it does not update the dyndns entry.
To watch the packets on the wire I plugged into a 10Mbit hub and used a linux system running ethereal to capture all the activity with members.dyndns.org
The unit does not update DynDNS under any of the following events: * power on the unit * interface FastEthernet 4 -> shutdown/no shutdown * release/renew dhcp FastEthernet 4 * unplug the WAN connection
With all these tests I made sure that the DHCP server actually changed the IP address. The changed IP address did not trigger a DynDNS update.
The update did happen after exactly n minutes plus a few seconds ... where n is the number that I plugged into my interval maximum command.
I ran tests at 1 minute, 3 minutes, and 10 minutes.
This leads me to believe that the DynDNS update mechanism is flawed. The recommended interval configuration is interval maximum 28 0 0 0 which causes an update every 28 days. This is because DynDNS will flush you after 28 days. But you cannot make needless frequent updates of a non-changing IP address or their system will cut you off.
So, it seems to me that the DynDNS update implementation is flawed and effectively unusable.
Please tell me if you see flaws in my tests or in my understanding ... or if you have recommendations for other things I should try.
Thanks, Miguel |
|
|
|
to mthoward
The fixed DDNS code for the 871 (and 831) should be posted in about a month
If I get a chance will post the bugid in next couple days |
|
strugs join:2000-11-01 Tinley Park, IL |
to mthoward
Try setting your ddns on vlan1 instead of FastEthernet4. Iv'e been using ddns on a Cisco 837, and now a Cisco 877, and haven't had any problems. |
|
|
to mthoward
BugID: CSCeg41935 Workaround: Use %3F in place of a ? Hasn't been resolved yet... |
|
|
to davelaw
said by davelaw:The fixed DDNS code for the 871 (and 831) should be posted in about a month Very good ... thanks |
|
mthoward |
to twojciac
said by twojciac:BugID: CSCeg41935 Workaround: Use %3F in place of a ? Hasn't been resolved yet... I believe that Cisco may be mistaken. I am not sure that RFC 1738 for URLs allows a hex-encoded value in this context ... question marks are special as part of search & form submissions. Regardless, constructing the URL using %3F instead of ? does not work with DynDNS ... I tried it earlier and I just tested it again using: » members.dyndns.org/nic/u ··· =4.5.6.7The workaround is that the CLI (at least under 12.4) does allow one to press Ctl-v ? in order to get around the CLI/? problem. |
|
mthoward |
to strugs
said by strugs:Try setting your ddns on vlan1 instead of FastEthernet4. Iv'e been using ddns on a Cisco 837, and now a Cisco 877, and haven't had any problems. I do not understand ... My Vlan1 is on FastEthernet1 ... which is on the inside ... and the IP addr is fixed. So, I don't understand how/when that would update DynDNS. |
|
|
to mthoward
The Ctrl-V workaround will only work on your running config. The bug is that it doesn't get saved properly, where a %3F would. It's being worked on right now... |
|
strugs join:2000-11-01 Tinley Park, IL |
to mthoward
I tftp'd my config to a PC, then added the line with the "?' in a text editor, the tftp'd it back to router. Worked fine. |
|
|
to mthoward
mthoward, I notice you are running an older IOS version. Have you tried the latest, 12.4.4T as well? |
|
|
to twojciac
said by twojciac:The Ctrl-V workaround will only work on your running config. The bug is that it doesn't get saved properly, OK said by twojciac:where a %3F would. It's being worked on right now... Per my previous message, note that %3F does not work with DynDNS.org ... although it might work with some other http-based ddns services. Miguel |
|
mthoward |
to Innuendo
said by Innuendo:mthoward, I notice you are running an older IOS version. Have you tried the latest, 12.4.4T as well? I tried downloading 12.4.4T last nite. After filling out all the crypto/export forms it popped a http auth dialog box and would not let me access the file ... I guess I do not have enough credentials. I was going to ask someone at my company to download it for me this week ... although I hate to be bugging them just to download firmware for me. Given that twojciac says that Cisco is fixing these things as we speak, then perhaps I should wait. Miguel |
|
mthoward |
to davelaw
said by davelaw:The fixed DDNS code for the 871 (and 831) should be posted in about a month If I get a chance will post the bugid in next couple days Q: Is there any mechanism whereby I could be a beta tester for that code? Miguel |
|
|
to mthoward
mthoward, Very odd...maybe you answered one of the export questions wrong. I downloaded it right away and don't have any special credentials other than a SmartNet contract. |
|
|
said by Innuendo:I downloaded it right away and don't have any special credentials other than a SmartNet contract. I had tried to download with my personal account ... no SmartNet contract ... still learning. Using the company's login credentials (which have SmartNet) I was successfully able to download. |
|
|
Innuendo
Premium Member
2005-Nov-7 8:09 pm
mthoward, Oh, well, that explains it...no downloads allowed without a valid SmartNet contract.
I feel compelled to point out, though, that what you did was technically illegal. You're only allowed to download IOS images for hardware you don't have coverage on. |
|