Dynv6 IPv6 zones update

[qdm12]

It seems their url went down (no more DNS entry). I'll remove it.

[cycl0ne]

Thx, another question, maybe i misconfigured something:

DynV6 DNS | ipv6 | Success (changed to 2a02:6d40:2654:9f00:211:32ff:feec:8507), 12m23s ago | 2a02:6d40:2654:9f00:211:32ff:feec:8507 | 2a02:6d40:2654:9f00:211:32ff:feec:8507, 2a02:6d40:2654:9f00:211:32ff:feec:8507, and 24 more

-- It says success alot, even when not changing IP. (i only have ipv6). And on the dynv6 its not updated. Can i active some logging to see what url it tries to open with which parameters?

Oh and while we are at it.. could it be possible to just update the provider path? Like: 2a02:6d40:2654:9f00::

The rest is calculated from dynv6.

[qdm12]

Can i active some logging to see what url it tries to open with which parameters?

Yes you can set the -e LOG_LEVEL=debug (actually just realised it's not documented, fixing it now!). It's mostly a bug on my side, but please let me know so I can fix it.

could it be possible to just update the provider path?

I don't fully understand, can you elaborate? Maybe are you referring to "provider_ip": true?

Thanks!

[cycl0ne]

yes, no problem: as i can see from the web frontend, you say: Success (changed to 2a02:6d40:2654:9f00:211:32ff:feec:8507), 8m40s ago

This is the full ipv6 Adress from the host where the docker is running. but in ipv6 world this whole adress is not necessary, since we have no nat table. so on the dynv6 website you configure it as follow: Zone: 2a02:6d40:2654::

and then you configure the hosts on the website: testing: ::b6 codes: ::12c

accessing then: testing.cycl0ne.dynv6.net -> will be 2a02:6d40:2654::b6, this is done by dynv6.

so it could be cool to give this as an option to dynupdater of yours: providerip: yes providerlength: 64

but to be 100% sure i will have a check on your debug how you contact the dynv6. normaly they truncate by themselves the providerpart.

Cheers!

[cycl0ne]

Ahh now i understand the output from your side: 2021/05/27 22:39:42 INFO IPv6 address of cycl0ne.dynv6.net is 2a02:6d40:2654:9f00:211:32ff:fe21:5485 and your IPv6 address is 2a02:6d40:2654:9f00:211:32ff:feec:8507

and why you try every 5 minutes to change the ip. ;-) As you can see the first 64bits are the same, so the ip hasnt changed. Maybe its from the flag: provider_ip : true

then the dynv6 takes the ip from the router/firewall which access the internet.

i will check.

[cycl0ne]

ok the dbug info is not so interessting. Im missing the url you call. I will try to install this project on my machine and have a look into the code. maybe i can help. another think noticed.. the 2a02:6d40:2654:9f00:211:32ff:feec:8507 -> is my fully "private" ipv6 with the mac adress included. maybe one should check the different "public/anonym" ip. which is on this card the: 2a02:6d40:2654:9f00::6b0

[cycl0ne]

Ok, after some installation i got the development system running and i had a look into the dynv6 code. Ok, i noticed, go is not my language on first sight ;-)

Ok the following has to be changed to get dynv6 good working on ipv4 and ipv6. (ipv4 can stay as you build it), but the ipv6 has to change a bit.

First of all a question, is your settings fixed? or can it be independently between each of your providers? Question ist, we only need the following for dynv6: zone token ipv6 ipv4 ipv6prefix

For ipv4 everything should work as it works at the moment.

ipv6 configurationpaths: Config 1: One System update (like IPv4): https://dynv6.com/api/update?zone=<zone>&token=<token>&ipv6=<ipv6>

Config 2: One System update & Zone update: https://dynv6.com/api/update?zone=<zone>&token=<token>&ipv6=<ipv6>/<prefix> This will update the hostname "zone" and also update the zone ipv6 exp: cycl0ne.dynv6.net : 2a02:6d40:2654:9f00:211:32ff:feec:8507 Zone: 2a02:6d40:2654:9f00::

Config 3: Zoneupdate (hosts are configured on webpage) no change in "zonehostname": https://dynv6.com/api/update?zone=<zone>&token=<token>&ipv6prefix=ipv6::/prefix cycl0ne.dynv6.net : stays as configured on page Zone: 2a02:6d40:2654:9f00::

hope i could explain all correctly ;-)

---

there are some options in dynv6 (AUTO) not sure if you want to use them, makes your logic a little more complex on one side but easier on another...

[qdm12]

Oh nice thanks! I was not aware of all these IPv6 facts going on. Shame on me, I'm mostly still stuck on IPv4. I'll dig into it today!

The debug logs doesn't show the URL called although it should be straight-forward to get it from the code. If you use that provider_ip option, it lets your DNS provider determine your IP address automatically (so doesn't send your IP to the http call). However, the program DNS Resolves your IP address and compares it with your public IP to determine if it has changed, so that mechanism needs fixing for IPv6 at the very least.

[cycl0ne]

Yes, i had to go to ipv6 since my provider here doesnt have any ipv4 adresses anymore. I get an ipv4 but this is a global nat adress.

For your system to get confused at my situation was:

i entered an ip v6 on the zone host name. And you checked your ip with the host check cycl0ne.dynv6.net and this was different. and then you updated the zone (not the zone host) and it was still wrong. ;-)

If you need more infos, just ask. ;-) Glad to help

[qdm12]

Sorry I think I will only be able to work on this tomorrow. But definitely some interesting stuff to fiddle with 😉 I'll ping you if I have any question... Or maybe it's time for me to use IPv6 😄

[qdm12]

Also from noip support:

It's resolved.

Thanks for letting us know.

So I'm keeping that url in the code

[cycl0ne]

If you go ipv6, check your firewall if it is not only capable, but also sufficient. Mine supports ipv6 but lacks some functions.

Normally this should work: (its the other way round from the dyndns thing) ::bc0 Ports: xxx, yyyy prot: udp, tcp

So the firewall extends the left from the provider ip. And here lacks mine this feature. I allways have to enter the full ip adress :-( Thus when ip is changed from provider i have to go to Firewall Settings and change it.

Trying to create a script maybe...

[qdm12]

Ok so trying to wrap my head around this, and have a few questions:

1. So is your public IP address only the first 64 bits (2a02:6d40:2654:9f00)? Would it be 2a02:6d40:2654:9f00:211: perhaps (including the 211)?
2. Would you foresee any case where comparing the first 64bits between your current public IP address and the AAAA record would not be enough?

A few things to note regarding changes:

• As I need a way to detect if the IPv6 address changed, I need to compare your public IP address obtained from IP echo services with the AAAA record
• I would like to fix this for all DNS providers, not just dynv6, so I would rather like to avoid depending on the ipv6prefix which seems like a particular feature to dynv6 🤔
• The script dynv6 suggests uses this to get the IPv6 address: https://gist.github.com/corny/7a07f5ac901844bd20c9#file-dynv6-sh-L19

Meanwhile, I'm still reading the IPv6 wikipedia page 😄

[cycl0ne]

Hi, yes this is where ipv6 gets complicated because we all have the ipv4 in head. ;-)

1) The provider gives you through dhcpv6 an ip "range" so the prefix from dynv6 should be common to all dyndns providers. No provider will give you only one adress, it is not supported anymore in ipv6 (afaik). this would otherwise result in a /1 prefix ;-) which makes no sense at all. (same as 255.255.255.255 in ipv4). So one could say the prefix is the "old" subnet mask.

dynv6 did it cleverly that they divided it into 2 parts.. the zone and the dyndns host. Making it for us super flexible. I can enter unlimeted hostnames and give the lower parts there and the uper parts are the dyn parts which can change. Not sure about others how they handle it. So in dynv6 i can enter: firewall ::bc0 diskstation ::e0f fileserver ::4f when you lookup the AAAA record you see the full adress then not only the user part (lower 64 bits).

2) Yes you have to get from the user the ip6prefix. I know that comcast in the US gives you a different prefix. in this case the 56bits. so from my assumptions you need the prefix from the user, to get it to work. (see: https://en.wikipedia.org/wiki/File:IPv6_Prefix_Assignment_Example-en.svg)

For the other points:

a) thats ok. since explained you know the prefix. b) no the ipv6prefix is common to all ipv6 configurations. its something similiar to the subnet mask in ipv4, see above c) from my understanding you just need to see that you dont get a FE80::/10 Adress, this is similiar to the "old" local 192.168.... which is not routed. From my point of understanding your Algorithm just has to check the following:

Is the IP Adress correct and no FE80: i get from the ETH card Get the IP Adress from ETH and strip the IPV6Prefix (so with my example 64 the first 8 bytes). lookup the AAAA host in DNS, strip the IPV6Prefix here too Compare the result with the other result, both identical = no ip change

Cheers.

Update: I just entered my router/firewall.. I have two IPV6 connectiono settings:

DHCPV6: Just as Parameter i have to set: Prefix Delegation Size

Static IP: Two Parameters: IpV6 Adress Prefix Length

[qdm12]

Sorry for the delay.

From my point of understanding your Algorithm just has to check the following:

Exactly what I was thinking! 👍

I'll add an ipv6prefix configuration option for all providers, if they want to use ipv6.

That way, we can zero out some of the trailing IPv6 bits when fetching your public IPv6 address and when resolving your domain's AAAA record. The comparison would then work, as you mention!

However, would it then be fine to just send to the DNS provider the IPv6 address with the bottom bits (depending on your ipv6 prefix) zeroed out?

Working on it now.

[qdm12]

Can you try pulling the latest image? I made changes in https://github.com/qdm12/ddns-updater/commit/d39ecd6fd31c167bdba0e38f2bd968197ee3841a

Now you should be able to specify -e IPV6_PREFIX=/64.

A few more questions:

1. How do you know your IPv6 prefix? Might be a good addition to the readme
2. Do you think it's alright to have the IPv6 prefix globally for all record settings (since it's used to mask the public IP address obtained)? Or would you see a use case to have it by record?

[cycl0ne]

Hi, to your first text: depending on the dynprovider. if they work like ipv4, you send him all without any more info. then he updates the name with the ip adress. If he is a "real" ipv6 dyndns like dynv6, they just need the left bits of the ip + prefix. since the right wont change in ipv6 (the ipv6 on a client is autoconfigured, you cant edit the ip adress and it is calculated by the mac adress which is unique) you can spoof the ipv6 adress by entering one manualy like mac adress in certain situations.

to the second text: I will fetch your version. 1) You ge tthe prefix from your provider. without it you cant configure the ipv6 info from him. 2) no globally should do the work. Maybe someone will come up with some sort of subnetting/subproviding, then it could be usefull, but i doubt they will use your tool for dyndns. Im just thinking of this scenario: i get /64 bits.. and divide it below.. then i would need at least 3 routers. 1 for the /64 and then below for /65, then i would need two dyndns clients..... and then we are at one prefix. so no, dont thing one should have it by record.

[cycl0ne]

2021/06/03 14:54:04 DEBUG IPv6 address of cycl0ne.dynv6.net is 2a02:6d40:2654:9f00:: and your IPv6 address is 2a02:6d40:2654:9f00::, skipping update

then i rebooted the router to get a new adress: 2021/06/03 15:04:03 INFO IPv6 address of cycl0ne.dynv6.net is 2a02:6d40:2654:9f00:: and your IPv6 address is 2a02:6d40:2678:6900:: 2021/06/03 15:04:03 INFO Updating record [domain: dynv6.net | host: cycl0ne | provider: DynV6] to use 2a02:6d40:2678:6900::

But on the ipdynv6 page: IPv4 Address not configured IPv6 Prefix 2a02:6d40:2654:9f00:: Last update 6 days ago

you should put some "DEBUG" Messages about what you call out to the provider. So it could be useful to see if there is an error in the http string.

Cheers

[qdm12]

You ge tthe prefix from your provider

By provider you mean your ISP, not dynv6 right? Just to be sure.

no globally should do the work

Cool 👍 Someone can always ask later if they need it

skipping update

Nice, so that part works

But on the ipdynv6 page

I'm still not sending the ipv6prefix to dynv6, only the masked out ipv6 address for now. Maybe that's the piece missing?

you should put some "DEBUG" Messages about what you call out to the provider

I've added debug logs for request URLs and bodies sent for all providers in https://github.com/qdm12/ddns-updater/commit/cc670b393962d4dad836c0f3ae05fc452c3bd9f3 hopefully that can help you try things out. Note headers are not included in the debug logs, but I don't think they are used in dynv6 anyway.

[cycl0ne]

Yes with provider i mean the ISP. I will checkout and try the new version.

[cycl0ne]

Ok tested your new version. The String is correct, but we had a misunderstanding here. explained later.

https://ipv6.dynv6.com/api/update?token=TOKEN&zone=cycl0ne.dynv6.net -> Response: Adress unchanged, but i have a different Address.

i manually changed it to: https://ipv6.dynv6.com/api/update?token=TOKEN&zone=cycl0ne.dynv6.net&ipv6=2a02:6d40:2678:6900::/64 -> Response: adresses updated (old was manually changed to ::6901::)

---

while writing this i checked their API. you and i have not understand they workings correctly in the naming :-)

So: https://ipv6.dynv6.com/api/update?token=TOKEN&zone=cycl0ne.dynv6.net changes the AAAA not the Zone itself. So all other domain names stay unchanged. This is of course "dumb" if we only send the first 64bit parts. the AAAA is changed to: 2a02:6d40:2678:6900:: which corresponds to: 2a02:6d40:2678:6900::0 -> NETWORK SEGMENT.. ;-)

https://ipv6.dynv6.com/api/update?token=TOKEN&zone=cycl0ne.dynv6.net&ipv6=2a02:6d40:2678:6900::/64 changes AAAA and the Zone (/64) Same here like above but with zone changes.

and sending: https://ipv6.dynv6.com/api/update?token=TOKEN&zone=cycl0ne.dynv6.net&ipv6prefix=64

changes only the ZONE, all AAAA are updated if set with ::ip and the zone is taken from the actual IP only the first 64bits.

--

So to come to a conclusion, we have different scenarios, the user has to tell you:

a) Single domain name change: https://ipv6.dynv6.com/api/update?token=TOKEN&zone=ZONE

zone is not stripped by the prefix. zone is not changed, but the AAAA Record for zone is updated with the IPV6 we are coming from.

b) Single domain name change + zone update: https://ipv6.dynv6.com/api/update?token=TOKEN&zone=ZONE&ipv6=IPV6/PREFIX

Zone is updated and the AAAA Record is updated. (ipv6 is the full ipv6 adress, not stripped by you)

c) Just Zone update, let dynv6 handle all: https://ipv6.dynv6.com/api/update?token=TOKEN&zone=ZONE&ipv6prefix=IPV6/PREFIX

Only zone is changed, no AAAA record.

Cheers C.

[qdm12]

Thanks for the detailed research!

Sorry for the long delay, I'm back at it now. I'm a bit slow on that one since it might require quite a lot of changes.

Two questions:

1. When you say Only zone is changed, no AAAA record, what do you mean? If the AAAA record isn't changed, what record is changed? Or is it just changing the IPv6 prefix for that host.domain.com?
2. For the url https://ipv6.dynv6.com/api/update?token=TOKEN&zone=ZONE&ipv6prefix=IPV6/PREFIX I guess IPV6/PREFIX should just be PREFIX right?

[cycl0ne]

1) in dynv6 speech ZONE = the upper parts of the IPv6 Address. They then calculate the whole rest of the given AAAA records. It gets confusing, since people will enter a ZONE Name and an AAAA Name (like i also did ;) ) So Zone is just the name of your whole bunch of dyndns entries.

2) No, entering this URL: https://ipv6.dynv6.com/api/update?token=TOKEN&zone=cycl0ne.dynv6.net&ipv6prefix=64

will result in an "invalid IPv6 address" reply.

thats logical, since they dont know the ip you want to give them just the prefix. they could do an auto lookup maybe from which ip you are coming.

[qdm12]

Ok thanks for clarifying. Sorry I am still kind of confused 😆

1. Can you confirm public IPv6 comparison should still do
   1. DNS resolve your host.domain.com, take the IPv6 address, mask it with the prefix you have set
   2. Get your public IPv6 address, mask it with the prefix you have set
   3. Compare the two, only update if they differ
2. You say ZONE = the upper parts of the IPv6 Address and Zone is just the name of your whole bunch of dyndns entries so is it a name (cycl0ne.dynv6.net?) or the upper part of the IPv6 address (without the masked bottom part)?
3. Whenever sending the IPv6 address to dynv6, it should be sent without mask right?
4. Only zone is changed, no AAAA record. this confuses me too 😄 But maybe 2. can explain.

[cycl0ne]

Maybe some Screenshot from the dynv6 interface helps:

This is the "zone" page. As you can see, the ZONE for ipv4 is the normal dyn address. Since you work with NAT in ipv4 For ipv6 its the ipv6 adress stripped down to the prefix. since in ipv6 no nat and direct access to all.

Then we come to the DNS page (called Records). Here you can modify your own DNS from dynv6. Here you can enter the AAAA and A, the MX etc. to what it should respond. in ipv6 you enter the ip adress of your machine with ::ip so only the lower bits. since the upper bits from the zone are automatically calculated.

1. you actual comparison works perfect. It tells me at the moment: Up to date (no IP change for 8d), 172h35m51s ago
2. see pictures and explanations
3. It depends on the scenario:
   1. The ddns-update user just wants to update the device which runs your program to be dyn updated, then you send the ip without the mask and update the AAAA not the zone https://ipv6.dynv6.com/api/update?token=TOKEN&zone=ZONE where ZONE is one of the entries in my 2nd picture
   2. The ddns-update user wants to update all machines connected to the internet to be dyn updated. Then you update the zone with the ip adress and you include the mask with it. https://ipv6.dynv6.com/api/update?token=TOKEN&zone=ZONE&ipv6prefix=IPV6/PREFIX where ZONE is the zone name in the first picture
   3. would be a mixture of both (but i dont know why a user would do something strange): https://ipv6.dynv6.com/api/update?token=TOKEN&zone=ZONE&ipv6=IPV6/PREFIX where ZONE is one entry in the second picture. BUT also the zone from first picture will be changed.

You can catch me on discord: Cycl0n3#0471

[cycl0ne]

for 3.i) the user only wants to update the device itself, not the complete zone in this scenario

Interessting for the 3.i) is, that you dont need to give dynv6 an ip.. it takes the one you come from. So maybe 3.iii) is interessting if you dont give the prefix.. so you update the AAAA without the zone. I will check

[noltedennis]

Hi,

I hope it is okay to jump in here - I am experiencing the exact problem that @cycl0ne is describing.

Currently, as far as I understood, the URL is called as https://ipv6.dynv6.com/api/update?token=TOKEN&zone=ZONE&ipv6=IPV6MASKED, which does not work as I intend it to. One major reason is that while the IPs are acquired a mask is applied and hence any device information that goes beyond the value defined as IPV6_PREFIX is lost before the updater is invoked.

I haven't tested the other IPv6 providers, but the three feasible update cases I can think of are the ones mentioned by @cycl0ne:

1. Update the device only (cf. 3.i above)
2. Update the zone only (cf. 3.ii above)
3. Update the zone and the device (cf. 3.iii above)

The current implementation for IPv6 only has the potential to work correctly for providers that offer case 2, where devices can be manually registered via an alternative way. However, I cannot see it working correctly for cases 1 and 3, because the relevant information is dropped even before the updater.

I did some very quick and rough testing, with unclean code and by just disabling all providers except dynv6, but I'll attach the patch file for that. However, I believe that the updater interface must be touched and it might be nice to somehow generalize the idea of the three cases rather then requiring each provider to provide a custom implementation.

I'd be willing to spent some time on this issue in the upcoming weeks if you haven't already made significant progress that is not posted here. I'm a beginner in Go and have not programmed in a while, so I'd probably need a couple of code reviews. Let me know if you would be okay with that or whether you'd prefer to steer the changes yourself. In any case, I can offer IPv6 testing for the free providers, but will not be able to test IPv4 implementations due to restrictions imposed by my provider.

Cheers, Dennis

PS: My test settings currently are below. I found that the provider_ip must be off for my quick and dirty implementation due to the chosen API access.

export IPV6_PREFIX=/59 export CONFIG='{"settings":[{"provider": "dynv6","domain": "home.denolte.com","host": "@","token": "","ip_version": "ipv6","provider_ip": false}]}' export LOG_LEVEL=debug export PUBLICIP_FETCHERS=http

Attachments: Patch - 20211014_ddns_updater_ipv6.txt

[qdm12]

Not 100% sure this solves this issue entirely, but I spotted some ugliness in some ipv6 regexes I was using, and that was removing the last 4 bytes of ipv6 addresses. It's now fixed in 954dffd3a78751061c01e0f9135086a306f57dc2 for the latest image and future release v2.6.0, maybe have a go at it?

[halo-apps]

I met the same problem: 2023/9/6 23:41:39 2023/09/06 15:41:39 ERROR Get "http://ip1.dynupdate6.no-ip.com": context deadline exceeded

[qdm12]

⚠️ PR #611 adds a json parameter ipv6_suffix for each setting, and also removes the IPV6_PREFIX option. To replace IPV6_PREFIX=/64, set "ipv6_suffix": "0:0:0:0:0:0:0:0/64" in each of your configuration settings in your json file.

"ipv6_suffix" is the IPv6 interface identifier suffix to use. It can be for example 0:0:0:0:72ad:8fbb:a54e:bedd/64. If left empty, it defaults to no suffix and the raw public IPv6 address obtained is used in the record updating.

A few extra examples:

• if your public IPv6 address is found as 1:2:3:4:5:6:7:8, and ipv6_suffix is set to 0:0:0:0:a:b:c:d/64, the update mechanism treats the public IP address as 1:2:3:4:a:b:c:d everywhere. This can be useful to update another machine/adapter for a certain record.
• if your public IPv6 address is found as 1:2:3:4:5:6:7:8, and ipv6_suffix is set to 0:0:0:0:0:0:0:0/64, the update mechanism treats the public IP address as 1:2:3:4:0:0:0:0. This can be useful to prevent repetitive updates without the isp routing ipv6 portion changing.

Now, back the 3 cases we are concerned about, I believe this should solve case 1 right?? On the other hand, I don't feel like case 2 and 3 are really necessary? I get the efficiency to update a zone and all its records at once, but flattening everything and update each record one by one should do the same right? (less efficient, but more standard/exportable to other providers).

[s3734303]

I tried suffix only update config

{ "provider": "dynv6", "domain": "<subdomain>.<domain>", "token":<token>,"ip_version": "ipv6", "ipv6_suffix": "0:0:0:0:[suffix]/64" }

return

INFO Updating record [domain: <domain> | owner: <subdomain> | provider: dynv6 | ip: ipv6] to use [prefix]:[suffix]
ERROR HTTP status is not valid: 404: zone not found

I think it mistake subdomain + zone with actual zone because updating with no subdomain works