rfc2136: Failed nsupdate breaks cache

perryflynn commented 5 days ago

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

[x] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
[x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
[x] The title contains the plugin to which this issue belongs

Describe the bug

Similar to #2752, updating my DynDNS Domain via the rfc2136 plugin does not work. I added some log lines to the plugin code and it looks like the update fails at rc.bootup because the internet connection is not established yet. Later on rc.newwanip the plugin reports the IP was not changed and the nsupdate call is skipped.

To Reproduce

Use pppoe connection
Create rfc2136 IPv4 entry for the pppoe interface
reboot

Expected behavior

The plugin should not create a cache file when the nsupdate fails and should retry the nsupdate when the router is finally online.

Relevant log files

2024-06-23T22:46:00 Error   opnsense    /usr/local/etc/rc.rfc2136: Dynamic DNS: Not updating ddns.example.com A record because the IP address has not changed.  
2024-06-23T22:38:43 Error   opnsense    /usr/local/etc/rc.newwanip: Dynamic DNS: result: 0; 
2024-06-23T22:38:43 Error   opnsense    /usr/local/etc/rc.newwanip: Dynamic DNS: update cmd: /usr/local/bin/nsupdate -k /var/etc/nsupdatekey1 -v /var/etc/nsupdatecmds1 
2024-06-23T22:38:43 Error   opnsense    /usr/local/etc/rc.newwanip: Dynamic DNS: update script: server ns1.dns42.de; update delete ddns.example.com. A; update add ddns.example.com. 60 A my.ip.add.ress; ; 
2024-06-23T22:38:43 Error   opnsense    /usr/local/etc/rc.newwanip: Dynamic DNS: updating cache file /var/cache/rfc2136_opt9_ddns.example.com_ns1.dns42.de.cache: my.ip.add.ress    
2024-06-23T22:37:08 Error   opnsense    /usr/local/etc/rc.bootup: Dynamic DNS: update failed, delete cache files    
2024-06-23T22:37:08 Error   opnsense    /usr/local/etc/rc.bootup: Dynamic DNS: result: ; Communication with my.dns.ser.ver#53 failed: operation canceled; could not reach any name server; 1;   
2024-06-23T22:37:08 Error   opnsense    /usr/local/etc/rc.bootup: Dynamic DNS: update cmd: /usr/local/bin/nsupdate -k /var/etc/nsupdatekey1 -v /var/etc/nsupdatecmds1   
2024-06-23T22:37:08 Error   opnsense    /usr/local/etc/rc.bootup: Dynamic DNS: update script: server ns1.dns42.de; update delete ddns.example.com. A; update add ddns.example.com. 60 A my.ip.add.ress; ;   
2024-06-23T22:37:08 Error   opnsense    /usr/local/etc/rc.bootup: Dynamic DNS: updating cache file /var/cache/rfc2136_opt9_ddns.example.com_ns1.dns42.de.cache: my.ip.add.ress

Additional context

My workaround is to delete the cache files when the exit code of the nsupdate command is not zero.

My change in /usr/local/etc/inc/plugins.inc.d/rfc2136.inc:

        if ($need_update) {
            @file_put_contents("/var/etc/nsupdatecmds{$i}", $upinst);
            unset($upinst);

            /* invoke nsupdate */
            $cmd = "/usr/local/bin/nsupdate -k {$keyfile}";
            if (isset($dnsupdate['usetcp'])) {
                $cmd .= " -v";
            }
            $cmd .= " /var/etc/nsupdatecmds{$i}";

            //mwexec_bg($cmd);
            $out = shell_exec($cmd." 2>&1; echo $?");
            $status = ((int)trim(end(explode("\n", trim($out)))));

            log_error("Dynamic DNS: update script: ".str_replace("\n", "; ", file_get_contents("/var/etc/nsupdatecmds".$i))>
            log_error("Dynamic DNS: update cmd: ".$cmd);
            log_error("Dynamic DNS: result: ".str_replace("\n", "; ", $out));

            if ($status > 0) {
                @unlink($cacheFile);
                @unlink($cacheFile6);
                log_error("Dynamic DNS: update failed, delete cache files");
            }

            unset($cmd);
            unser($out);
        }

Environment Software version used and hardware type if relevant. e.g.:

OPNsense 24.1.9_4-amd64 FreeBSD 13.2-RELEASE-p11 OpenSSL 3.0.14

Manufacturer: PC Engines Product Name: apu4

AdSchellevis commented 5 days ago

When possible, please open a pull-request. currently the nsupdate action seems to be backgrounded, if you make it blocking, it might stall the boot process. (with a pull-request we can review and offer feedback)

perryflynn commented 4 days ago

PR is opened.

perryflynn commented 2 days ago

@AdSchellevis ddclient also supports nsupdate. But as it looks like that protocol is not yet exposed to the OPNSense UI. Does it maybe make sense to replace the rfc2136 plugin with os-ddclient?

https://sourceforge.net/p/ddclient/wiki/protocols/#nsupdate

AdSchellevis commented 2 days ago

@perryflynn it might be worth a try if that works better, but my advise would be to first install ddclient (without our plugin package) and test it out. If it works as expected, just let me know what it needs so we can discuss how to implement it there.

opnsense / plugins

rfc2136: Failed nsupdate breaks cache #4055