dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
52708
mthoward
join:2005-10-12
Andover, MA

mthoward

Member

[Config] DynDNS.org on Cisco 871

I am trying to configure a Cisco 871 to perform updates at DynDNS.org when the WAN IP addr changes (via DHCP).

I am struggling (and drowning) with the Cisco documents.

Q: Does anyone have any experience setting up dyndns.org updates using Cisco IOS 12.3 or 12.4?

Thanks,
Miguel
BRABUS
join:2005-08-21
UAE

BRABUS

Member

mthoward,

Don't worry, you are not alone

I have the same problem.
Innuendo
Premium Member
join:2002-12-20

Innuendo to mthoward

Premium Member

to mthoward
mthoward,
Are you using the CLI or SDM?
mthoward
join:2005-10-12
Andover, MA

mthoward

Member

I have not found anything in SDM for managing ddns.

Therefore, I am using the CLI.

I have done some experiments trying to follow

»www.cisco.com/en/US/prod ··· 1ba.html

and

»www.cisco.com/en/US/prod ··· p1109464

I put in the following commands:

ip ddns update method DynDNS
HTTP
add ht tp://myUsername:secret@members.dyndns.org/nic/update?system=dyndns&hostname=testmth&myip=<a>
interval maximum 28 0 0 0
!

Note: I explicitly inserted a space in ht tp in this posting because the url-recognition code in the forum software was turning it into a URL. But this is not in my config.

My test entry at dyndns.org is not getting updated ...

Q: Do I need to explicitly put in something to kick-start the ddns updates?

I am not comfortable with the <a> designation that the examples use. It is supposed to substitute in an address, but ...

Q: Where is the assocation that identifies which interface should be used for the dyndns update?

They identify a maximum interval, but it is not clear to me how frequently they are going to update. The dyndns folks do not want people updating entries unless the IP addr has changed. Therefore, it seems to me that there should be a query URL in addition to an update URL. I am somewhat concerned that the Cisco will update unnecessarily ... and cause me headaches.

Thanks for your help.

Miguel
Innuendo
Premium Member
join:2002-12-20

Innuendo to mthoward

Premium Member

to mthoward
mthoward,
This is using SDM v2.2...

Click the Configure button in the toolbar along the top.

Click Additional Tasks along the left side.

Fifth item down in the list is Dynamic DNS Methods. Choose that and you can "Add" your Dynamic DNS information from there.

I_Route
Premium Member
join:2003-09-19
Merrimack, NH

4 edits

I_Route to mthoward

Premium Member

to mthoward
Under the interface you have to tell it to use the method "DynDNS", and the hostname to update.

I do not use this but got it working last night.
ip ddns update method DynDNS
HT TP
add ht tp: //usrnm|password@<s>/nic/update?system=dyndns&hostname=jforhan-cisco.homeip.net&myip=<a>
interval maximum 10 0 0 0

ip host members.dyndns.org 63.208.196.95

interface FastEthernet0/1
ip ddns update hostname jforhan-cisco.homeip.net
ip ddns update DynDNS host members.dyndns.org
ip address dhcp

The ip host entry populates the "s" in "less than and greater than signs" (POS posting software is code happy. Any way to turn this shit off? LOL) since I was getting DNS lookup timeout. Seems the code tries the update before the IP gets bound to the interface. I suppose you can not put a host entry and subsiquent resolutions would work fine.

I just hard coded the hostname since using DHCP will often change it and Adelphia uses the assigned address as part of the hostname, etc., etc.

The first update did not work however as it did not know where "members.dyndns.org" was. Also, it tries before the adress is actuall bound. Subsiquent updates worked fine.

I lowered the max interval from 28 days to just under the length of the DHCP lease I got from the ISP. In my case the lease is 12 hours. I set the interval to 10.

001018: Nov 2 06:19:56.823 EST: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (172.25.1.11)
C2651XM#
001019: Nov 2 06:23:48.708 EST: DYNDNSUPD: Adding DNS mapping for jforhan-cisco.homeip.net 68.232.199.168 server 63.208.196.95
001020: Nov 2 06:23:48.708 EST: HTTPDNS: Update add called for jforhan-cisco.homeip.net 68.232.199.168
001021: Nov 2 06:23:48.708 EST: HTTPDNSUPD: Session ID = 0x4F
001022: Nov 2 06:23:48.708 EST: HTTPDNSUPD: URL = 'http://username:password@63.208.196.95/nic/update?system=dyndns&hostname=jforhan-cisco.homeip.net&myip=68.232.199.168'
001023: Nov 2 06:23:48.708 EST: HTTPDNSUPD: Sending request
001024: Nov 2 06:23:48.800 EST: HTTPDNSUPD: Response for update jforhan-cisco.homeip.net 68.232.199.168

001025: Nov 2 06:23:48.800 EST: HTTPDNSUPD: DATA START

001026: Nov 2 06:23:48.800 EST: HTTPDNSUPD: DATA END, Status is Response data recieved, successfully
001027: Nov 2 06:23:48.800 EST: HTTPDNSUPD: Call returned SUCCESS for update jforhan-cisco.homeip.net 68.232.199.168
001028: Nov 2 06:23:48.804 EST: DYNDNSUPD: Another update completed (outstanding=0, total=0)
001029: Nov 2 06:23:48.804 EST: HTTPDNSUPD: Clearing all session 79 info

System image file is "flash:c2600-adventerprisek9-mz.124-4.9.T"

HTH

Later,
Jeff
mthoward
join:2005-10-12
Andover, MA

mthoward to Innuendo

Member

to Innuendo
Innuendo,

I upgraded to SDM v2.2.

I added a dyndns method

I then went into
Configure -> Interfaces and Connections -> FastEthernet4 -> Connection -> Dynamic DNS Method and chose the method

Everything looked OK and made sense to me ... but nothing got updated. :-(
mthoward

1 edit

mthoward to I_Route

Member

to I_Route
I_Route,

Separately, went into the CLI and blew away the config set up by SDM.

I then mimicked your config from above ... no joy.

I am not seeing any DYNDNS-related log entries in my log file.

I changed the max interval to once-per-minute ... no joy.

Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(2)T2, RELEASE SOFTWARE (fc3)
...
ip host members.dyndns.org 63.208.196.95
...
ip ddns update method DynDNS
HTTP
add ht tp://UUUUU:XXXXX@members.dyndns.org/nic/updatesystem=dyndns&hostname=<h>&myip=<a>
remove ht tp://UUUUU:XXXXX@members.dyndns.org/nic/updatesystem=dyndns&hostname=<h>&myip=<a>
interval maximum 0 0 1 0
!
...
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
ip ddns update hostname cisco871.dyndns.org
ip ddns update DynDNS
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
...

I am using
show logging
in order to view the log entries ...

Q: Is there another/better way to view the log entries?

Regardless, I am not seeing any entries related to ddns. If I temporarily unplug the ethernet cable for my FastEthernet4 (WAN) connection, then I see the line go down & back up, followed by DHCP assignment ... but nothing related to ddns

Thanks in advance,

Miguel
Innuendo
Premium Member
join:2002-12-20

Innuendo to mthoward

Premium Member

to mthoward
mthoward,
I haven't actually set up any Dynamic DNS functionality yet. Every time I think I'm going to explore that avenue Real Life comes along and interferes.

I_Route
Premium Member
join:2003-09-19
Merrimack, NH

I_Route to mthoward

Premium Member

to mthoward
Enable ddns update debugging:

Router#debug ip ddns update

Then either watch the parser (if using console) or issue "term mon" from an SSH/telnet session and you will see the debugs.

ne difference I noticed was you do not have the host option under your FE4 interface:

ip ddns update DynDNS host members.dyndns.org

I also hard coded the hostname I used at DynDNS.com in to the update and did not use the "h" option.

HTH

Later,
Jeff
mthoward
join:2005-10-12
Andover, MA

mthoward

Member

Thank you for showing me how to enable debugging of ddns.

I found that I did not have the question marks (?) in my URLs.

I thought that I had checked that ... given the difficulty of entering question marks through the CLI (Ctl-V ?) ... but you can see in the listing above that they are not there updatesystem instead of update?system

My issues are getting slowly resolved ... but it is an arduous process.

Miguel

I_Route
Premium Member
join:2003-09-19
Merrimack, NH

I_Route

Premium Member

Oh, I thought you had the (?) in your config.

Do this:

1. Create a text file with the correct command line syntax for the four lines:

ip ddns update method DynDNS
HTTP
add ht tp://usename:password@<s>/nic/update?system=dyndns&hostname=YOURHOSTNAMEHERE&myip=<a>
interval maximum 10 0 0 0

2. Save the file as ddns.cfg or something you can remember

3. Place the file in your tftp root directory. (I use PumKin tftp server on my laptop. You can select where the files are served from)

4. On your router, copy from tftp to your running-config. Select your tftp server address and the file you created above. This will copy the entries from the text file to your running config and you will now have the (?) in the right place.

HTH

Later,
Jeff
mthoward
join:2005-10-12
Andover, MA

mthoward

Member

That is what I was trying to do when I uncovered another problem.

I cannot tftp the full config because it croaks upon seeing the rsa certificate data.

Your message says that when I do a copy tftp: running-config then it does not need to be a full config ... I did not realize that ... I have ordered 3 Cisco books.

I_Route
Premium Member
join:2003-09-19
Merrimack, NH

I_Route

Premium Member

That is correct. It will copy whatever is in the text file you tftp and it will NOT over-write the other portions of the config.

Perhaps you could come to our Boxborough facility for a tour one day. I travel allot but I am here occasionally......

Later,
Jeff
mthoward
join:2005-10-12
Andover, MA

mthoward

Member

I have convinced myself that DynDNS update does not work properly on a Cisco 871 running Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(2)T2, )

After getting my question-mark problem resolved, I saw that the DynDNS updates were happening. If I set the interval maximum to every 2 minutes using interval maximum 0 0 2 0 I observed that it would make the http call to update the entry.

I decided to do further testing to confirm that the updates were happening at the right times.

What I observed is that the DynDNS entry will get updated only after the interval maximum has expired. That is, if the DHCP ip address changes on the interface, it does not update the dyndns entry.

To watch the packets on the wire I plugged into a 10Mbit hub and used a linux system running ethereal to capture all the activity with members.dyndns.org

The unit does not update DynDNS under any of the following events:
* power on the unit
* interface FastEthernet 4 -> shutdown/no shutdown
* release/renew dhcp FastEthernet 4
* unplug the WAN connection

With all these tests I made sure that the DHCP server actually changed the IP address. The changed IP address did not trigger a DynDNS update.

The update did happen after exactly n minutes plus a few seconds ... where n is the number that I plugged into my interval maximum command.

I ran tests at 1 minute, 3 minutes, and 10 minutes.

This leads me to believe that the DynDNS update mechanism is flawed. The recommended interval configuration is interval maximum 28 0 0 0 which causes an update every 28 days. This is because DynDNS will flush you after 28 days. But you cannot make needless frequent updates of a non-changing IP address or their system will cut you off.

So, it seems to me that the DynDNS update implementation is flawed and effectively unusable.

Please tell me if you see flaws in my tests or in my understanding ... or if you have recommendations for other things I should try.

Thanks,
Miguel
davelaw
join:2003-07-23
Guilford, CT

davelaw to mthoward

Member

to mthoward
The fixed DDNS code for the 871 (and 831) should be posted in about a month

If I get a chance will post the bugid in next couple days

strugs
join:2000-11-01
Tinley Park, IL

strugs to mthoward

Member

to mthoward
Try setting your ddns on vlan1 instead of FastEthernet4.
Iv'e been using ddns on a Cisco 837, and now a Cisco 877, and haven't had any problems.

twojciac
join:2003-05-22
Sachse, TX

twojciac to mthoward

Member

to mthoward
BugID: CSCeg41935
Workaround: Use %3F in place of a ?
Hasn't been resolved yet...
mthoward
join:2005-10-12
Andover, MA

mthoward to davelaw

Member

to davelaw
said by davelaw:

The fixed DDNS code for the 871 (and 831) should be posted in about a month
Very good ... thanks
mthoward

mthoward to twojciac

Member

to twojciac
said by twojciac:

BugID: CSCeg41935
Workaround: Use %3F in place of a ?
Hasn't been resolved yet...
I believe that Cisco may be mistaken.

I am not sure that RFC 1738 for URLs allows a hex-encoded value in this context ... question marks are special as part of search & form submissions.

Regardless, constructing the URL using %3F instead of ? does not work with DynDNS ... I tried it earlier and I just tested it again using:

»members.dyndns.org/nic/u ··· =4.5.6.7

The workaround is that the CLI (at least under 12.4) does allow one to press Ctl-v ? in order to get around the CLI/? problem.
mthoward

mthoward to strugs

Member

to strugs
said by strugs:

Try setting your ddns on vlan1 instead of FastEthernet4.
Iv'e been using ddns on a Cisco 837, and now a Cisco 877, and haven't had any problems.
I do not understand ...

My Vlan1 is on FastEthernet1 ... which is on the inside ... and the IP addr is fixed.

So, I don't understand how/when that would update DynDNS.

twojciac
join:2003-05-22
Sachse, TX

twojciac to mthoward

Member

to mthoward
The Ctrl-V workaround will only work on your running config. The bug is that it doesn't get saved properly, where a %3F would. It's being worked on right now...

strugs
join:2000-11-01
Tinley Park, IL

strugs to mthoward

Member

to mthoward
I tftp'd my config to a PC, then added the line with the "?' in a text editor, the tftp'd it back to router.
Worked fine.
Innuendo
Premium Member
join:2002-12-20

Innuendo to mthoward

Premium Member

to mthoward
mthoward,
I notice you are running an older IOS version. Have you tried the latest, 12.4.4T as well?
mthoward
join:2005-10-12
Andover, MA

mthoward to twojciac

Member

to twojciac
said by twojciac:

The Ctrl-V workaround will only work on your running config. The bug is that it doesn't get saved properly,
OK
said by twojciac:

where a %3F would. It's being worked on right now...
Per my previous message, note that %3F does not work with DynDNS.org ... although it might work with some other http-based ddns services.

Miguel
mthoward

mthoward to Innuendo

Member

to Innuendo
said by Innuendo:

mthoward,
I notice you are running an older IOS version. Have you tried the latest, 12.4.4T as well?
I tried downloading 12.4.4T last nite.

After filling out all the crypto/export forms it popped a http auth dialog box and would not let me access the file ... I guess I do not have enough credentials.

I was going to ask someone at my company to download it for me this week ... although I hate to be bugging them just to download firmware for me.

Given that twojciac says that Cisco is fixing these things as we speak, then perhaps I should wait.

Miguel
mthoward

mthoward to davelaw

Member

to davelaw
said by davelaw:

The fixed DDNS code for the 871 (and 831) should be posted in about a month

If I get a chance will post the bugid in next couple days
Q: Is there any mechanism whereby I could be a beta tester for that code?

Miguel
Innuendo
Premium Member
join:2002-12-20

Innuendo to mthoward

Premium Member

to mthoward
mthoward,
Very odd...maybe you answered one of the export questions wrong. I downloaded it right away and don't have any special credentials other than a SmartNet contract.
mthoward
join:2005-10-12
Andover, MA

mthoward

Member

said by Innuendo:

I downloaded it right away and don't have any special credentials other than a SmartNet contract.
I had tried to download with my personal account ... no SmartNet contract ... still learning.

Using the company's login credentials (which have SmartNet) I was successfully able to download.
Innuendo
Premium Member
join:2002-12-20

Innuendo

Premium Member

mthoward,
Oh, well, that explains it...no downloads allowed without a valid SmartNet contract.

I feel compelled to point out, though, that what you did was technically illegal. You're only allowed to download IOS images for hardware you don't have coverage on.