ddns update request failing

Unanswered Question
Jan 6th, 2008
User Badges:

I've been trying to get HTTP ddns to function on cisco 871's with 12.4(9)T1 and 12.4(15)T1 advipservices.

Debug shows the update request (to zoneedit) sent with good syntax, and I've temp. turned off ACLs firewall and IPS to avoid any issues. The same update request URL sent via a browser updates fine, but from the IOS - no go.

The pertinent debug output follows:


HTTPDNSUPD: Call returned Response time out for update...(etc)

Is a response timeout indicative of any particular config error? Any suggestions for tweaking? I've been working on this for two days and it's making me crazy... There's a surprising lack of documentation out there - maybe it just works for everybody else...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
andychua.chua Mon, 01/07/2008 - 04:59
User Badges:

Hi, i belive cisco 871 have a same technic like 1700 or 1800, as long as ur IOS is up to date, it is able to use SDM configure for DDNS update, the update will be happen only if the interface IP change or u can configure as period update. i have suscessfull use it for my few customer, so far so good, last time i did find the artical at cisco website, try ur luck, else i can post the step here.

ncglass Mon, 01/07/2008 - 10:44
User Badges:

IOS is up to date: 12.4(9)T1 and 12.4(15)T1 advipservices


I used SDM to make the original config (which didn't work) and tweaked it by analyzing the output of some standalone dynamic update software.

As stated, the http URL that is generated by ddns as the update WILL work if it is pasted into the address bar of a browser, but when the IOS sends the same URL in the update, debug reports a response time out.

I've seen all of the info that Cisco and others have on setting up ddns, but there isn't much out there that will help troubleshoot it.

Since I've turned off all acl's and firewalls, and the router can resolve the hostname for zoneedit, I'm at a loss why the update isn't working...


andychua.chua Mon, 01/07/2008 - 19:40
User Badges:

before u ocnfigure using SDM to configure, make sure clear all the configuration for DDNS. first u need to go "additional task" add "DNS" , after add and enable, go "Dynamic DNS method" add in website that u register, username and password, then go "interface and connection" , "edit interface", select the interface that u want to update its IP, click "edit" , on "Dynamic DNS method" , choose "select and apply existing method" that u already configure. this havent finish, go router CLI, on that interface configuration (config-if)#ip ddns update hostname ABCD.dyndns.org enter and reload router. the IP will update to the hostname only interface IP change, if u want to periodic update, config t, ip ddns update method METHOD, type "interval maximum" 0 0 0 0 , day hour minute second. but the priodic update is not a recomend way, it will force dns server to block this hostname.

ncglass Wed, 01/09/2008 - 08:56
User Badges:

You've pretty well summarized how I originally set up ddns. Since the updates were failing with a Response time out, I've been trying to modify it to get it to work.

Here's the debug ip ddns update output:


904055: .Jan 8 00:52:16.768 PCTime: HTTPDNSUPD: URL = '[email protected]/auth/dynamic.html?host=mydomain.org&dnsto1.2.3.4&type=A&park=0')">http://mylogin:[email protected]/auth/dynamic.html?host=mydomain.org&dnsto1.2.3.4&type=A&park=0'

904056: .Jan 8 00:52:16.768 PCTime: HTTPDNSUPD: Sending request

904057: .Jan 8 00:52:34.952 PCTime: HTTPDNSUPD: Call returned Response time out

for update myhost.mydomain.org <=> 1.2.3.4


The ip ddns config:


ip ddns update method mine1

HTTP

add http://mylogin:[email protected]/auth/dynamic.html?host=mydomain.org&dnsto=&type=A&park=0


I've been trying to sort this out for a few days and just tonight I captured the update output from the IOS with Wireshark and compared it to the output of a standalone dynamic updating app (which works) from a PC on the lan using the same info. The only difference I could see in the actual packets is that HTTP in IOS sends "Connection: close\r\n", while HTTP in the app update sent "Connection: Keep-Alive\r\n". Otherwise, the two updates are pretty much identical - except the IOS update fails and the application updates work.

andychua.chua Thu, 01/10/2008 - 17:38
User Badges:

If you have create access-list, you may insert "access-list 102 permit tcp any eq www any" , if the server is members.dyndns.org, then "access-list 102 permit tcp 63.208.196.96 eq www any" outside to inside access-list.

andychua.chua Thu, 01/10/2008 - 17:42
User Badges:

If the access-list has been remove then see is it the ip name server have setup, can you post your ocnfiguration also?

ncglass Sat, 01/12/2008 - 12:33
User Badges:

It's hard to refer back to previous posts, so I'll post the whole problem (with some more detail) here:


I've changed my Westell modem from router to bridge mode to avoid double natting. Previously, I was using a dynamic dns updating app on a PC on the inside to update my domain dns servers, but with the new setup, it made more sense to use ip ddns to do the updates to zoneedit.

I've been trying to get HTTP ddns to function on a cisco 871 with 12.4(15)T1 advipservices.

Debug shows the update request (to zoneedit) sent with good syntax, and I've temp. turned off ACLs firewall and IPS to avoid any issues. The http URL that is generated by ddns as the update WILL work if it is copied from debug output and pasted into the address bar of a browser, but when the IOS sends the same URL in the update, debug reports a response time out.


The pertinent debug output follows:

(htxxtp=http)


904055: .Jan 8 00:52:16.768 PCTime: HTTPDNSUPD: URL ='htxxtp://mylogin:[email protected]/auth/dynamic.html?host=mydomain.org&dnsto1.2.3.4&type=A&park=0'

904056: .Jan 8 00:52:16.768 PCTime: HTTPDNSUPD: Sending request

904057: .Jan 8 00:52:34.952 PCTime: HTTPDNSUPD: Call returned Response time out

for update my host.my domain.org 1.2.3.4


The ip ddns config:


ip ddns update method mine1

HTTP

add htxxtp://mylogin:[email protected]/auth/dynamic.html?host=mydomain.org&dnsto=("a" variable)&type=A&park=0


I _know_ that the URL is resolving properly when it's sent, but I've also substituted the IP for zoneedit just to make sure that wasn't the issue.


I've been trying to sort this out for a few days and just tonight I captured the update output from the IOS with Wireshark and compared it to the output of a standalone dynamic updating app (which works) from a PC on the lan using the same info. About the only difference I could see in the actual packet is that HTTP in IOS sends "Connection: close\r\n", while HTTP in the app update sent "Connection: Keep-Alive\r\n"


I might be grasping at straws, but this is really starting to get me nuts... and SOMETHING is different. I saw a posting somewhere that stated that zoneedit couldn't be updated from the IOS (with no explanation), but cisco includes it as an option in the SDM, so...


I didn't include this part of the config earlier, but here's how I've got the ip ddns update statement on the Dialer 0 interface:


interface Dialer0

description $PPPoE link to ISP$

ip ddns update mine1

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1452

ip nat outside

ip virtual-reassembly

zone-member security out-zone

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username mylogin password mypass

ppp ipcp dns request

ppp ipcp address accept


I should have drawn a map of how the net is set up:


Westell (bridged)--- temp. hub ---- 871 --- LAN w/PC updating app

\

\

PC w/ Wireshark


When I sniffed the update outputs from both the IOS and the update app on the PC, I plugged into the hub to catch the output on the pppoe link. So, I know that there aren't any ACL or DNS issues - they're being sent. They are almost identical, but the one from the lan PC works and the IOS update doesn't... If anyone can dissect the actual packet captures to discover the reason why, I'll upload them.



andychua.chua Sun, 01/13/2008 - 19:09
User Badges:

dear frens, bellow is the result if using SDM to configure, only use SDM can correct configure the DDNS



ip name-server 202.188.0.133

ip name-server 202.188.1.5

ip ddns update method sdm_ddns1

HTTP

add [email protected]/nic/update?system=dyndns&hostname')">http://xxxxxx:[email protected]/nic/update?system=dyndns&hostname...

remove [email protected]/nic/update?system=dyndns&hostname')">http://xxxxxx:[email protected]/nic/update?system=dyndns&hostnam...

!


interface Dialer0

description *** For ADSL Dialup ***

ip ddns update hostname xxxx.dyndns.org

ip ddns update sdm_ddns1

Actions

This Discussion