Help: Unhealthy ip addresses do not match

[Wakanapi]

The container is unhealthy without any errors in the logs. But docker inspect: ERROR program is unhealthy: lookup IP addresses do not match: xx.xx.97.xx - xx.xx.96.xx

1. Is this urgent: Yes
2. DNS provider(s) you use: Cloudflare
3. Program version:

Running version latest built on 2024-02-04T14:45:13.409Z (commit 133956f)

4. What are you using to run the container: docker-compose
5. Extra information (optional)

Logs:

2024-02-10T00:29:44+01:00 INFO Found single setting to update record
2024-02-10T00:29:44+01:00 INFO Reading history from database: domain xxxxxx.com host @ ipv4
2024-02-10T00:29:44+01:00 INFO [backup] disabled
2024-02-10T00:29:44+01:00 INFO [healthcheck server] listening on 127.0.0.1:9999
2024-02-10T00:29:44+01:00 DEBUG configured to fetch IP: v4 or v6: false, v4: true, v6: false
2024-02-10T00:29:44+01:00 INFO [http server] listening on :8000
2024-02-10T00:29:45+01:00 INFO obtaining ipv4 address succeeded after 1 failed try
2024-02-10T00:29:44+01:00 DEBUG obtaining ipv4 address: try 1 of 3 failed: too many IP addresses: found 2 IPv4 addresses instead of 1
2024-02-10T00:29:45+01:00 DEBUG your public IP address are: v4 or v6: invalid IP, v4: xxxxxxx, v6: invalid IP
2024-02-10T00:29:45+01:00 INFO ipv4 address of xxxxx.com is **xx.xx.97.xx** and your ipv4 address  is xx.xx.xx.xx
2024-02-10T00:29:45+01:00 INFO Updating record [domain: xxxxx.com | host: @ | provider: cloudflare | ip: ipv4] to use xx.xx.xx.xx
2024-02-10T00:29:45+01:00 DEBUG GET https://api.cloudflare.com/client/v4/zones/xxxxx/dns_records?name=xxxx.com&page=1&per_page=1&type=A | headers: Content-Type: application/json; Accept: application/json; X-Auth-Email: xxxxx.com; X-Auth-Key: xxxxxx; User-Agent: DDNS-Updater quentin.mcgaw@gmail.com
2024-02-10T00:29:45+01:00 DEBUG 200 OK | headers: Cf-Ray: xxxxxx-MAD; Cf-Cache-Status: DYNAMIC; Set-Cookie: __cflb=xxxxx; SameSite=Lax; path=/; expires=Sat, 10-Feb-24 01:59:46 GMT; HttpOnly,__cfruid=xxxxx   1707521385; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None; Vary: Accept-Encoding; Date: Fri, 09 Feb 2024 23:29:45 GMT; Content-Type: application/json; Server: cloudflare | body: {"result":[{"id":"xxxxx","zone_id":"xxxxx","zone_name":"xxxxxxxx.com","name":"xxxxx","type":"A","content":"xx.xx.xx.xxx","proxiable":true,"proxied":true,"ttl":1,"locked":false,"meta":{"auto_added":false,"managed_by_apps":false,"managed_by_argo_tunnel":false,"source":"primary"},"comment":null,"tags":[],"created_on":"2024-01-27T00:02:22.481294Z","modified_on":"2024-02-04T22:14:10.748933Z"}],"success":true,"errors":[],"messages":[],"result_info":{"page":1,"per_page":1,"count":1,"total_count":1,"total_pages":1}}

Configuration file (remove your credentials!):

{
  "settings": [
    {
      "provider": "cloudflare",
      "zone_identifier": "xxxx",
      "domain": "xxxx.com",
      "host": "@",
      "ttl": 1,
      "email": "xxxx.com",
      "key": "xxxxxxxx",
      "ip_version": "ipv4"
    }
  ]
}

Host OS: ubuntu server

[qdm12]

What does your domain resolve to using for example nslookup? Maybe the ttl is still in effect so the dns cache returns the old ip address? 🤔

[Wakanapi]

What does your domain resolve to using for example nslookup? Maybe the ttl is still in effect so the dns cache returns the old ip address? 🤔

Thank you very much for your prompt response. I'm just starting out in this world and I don't really know what you mean. Even so, I will try to give you the information as best I can to help me resolve the matter. When I do an nslookup to my domain, I get this:

Server: 192.168.1.1 Address: 192.168.1.1#53

Non-authoritative answer: Name: xxxxxx.com same domain Address: xx.xx.96.x Name: xxxxx.com same domain Address: xx.xx.97.x Name: xxx.com Address: xxx:xx:xx0::x Name: xxxxxx.com Address: xxx:xx:xx1::x

I understand that it must be some configuration problem in my cloudflare website settings. How could I solve it?

[qdm12]

The error you previously mentioned ERROR program is unhealthy: lookup IP addresses do not match: xx.xx.97.xx - xx.xx.96.xx this is not the exact text you got, can you send the exact text (you can hide your IP with xx if you want, that's fine). It should be of the form ERROR program is unhealthy: lookup IP addresses do not match: xx.xx.xx.xx,yy.yy.yy.yy instead of zz.zz.zz.zz for xyz.com

You have two A records configured for your domain, but it may be a bug within ddns-updater since it is programmed to create a record if no record is found from Cloudflare. Although the line obtaining ipv4 address: try 1 of 3 failed: too many IP addresses: found 2 IPv4 addresses instead of 1 is strange, it seems you have 2 ipv4 addresses assigned? Can you check at for example https;//ipinfo.io/ip ?

Also what is your actual public IP address? xx.xx.96.x or xx.xx.97.x or something else or both?

[Wakanapi]

The full unhealthy error logs is this:

2024-02-10T01:22:32+01:00 ERROR program is unhealthy: lookup IP addresses do not match: xxx.xxx.97.x,xxx.xxx.96.x,xxxx:xxxx:xxxxx::x,xxxx:xxxxx:xxxxx::5 instead of real public ip for xxxxxxx.com
2024-02-10T01:22:32+01:00 INFO Shutdown successful

The strangest thing of all is that neither of those two IPs are the real public IP. I understand that this may be because the domain is proxied by cloudflare.

I'm looking for solutions and I just found that if proxied is off in cloudflare dns settings for my domain, container go healthy, the ip shown in nslookup is my real ip (I understand that this happens this way because it is not being proxied) . But if I activate the proxied options for my domain again, nslookup again gives me two ips for my domain and the container returns to unhealthy.

[qdm12]

Oh, easy if it's proxied. I thought it wasn't because you didn't have the "proxied": true setting in your config, check the Cloudflare documentation in docs/Cloudflare.md for more information. That should solve it. Feel free to comment if it doesn't.

[Wakanapi]

Oh, easy if it's proxied. I thought it wasn't because you didn't have the "proxied": true setting in your config, check the Cloudflare documentation in docs/Cloudflare.md for more information. That should solve it. Feel free to comment if it doesn't.

It was just that. I add the line proxy: true, and now its status is healthy. Thanks for this great help! You can give the problem solved.