ddclient response 'HTTP 426 Upgrade Required' (Debian stretch: ddclient 3.8.3-1.1, libio-socket-ssl-perl 2.044-1)

Comments

16 comments

  • Official comment
    Avatar
    Christopher Stewart

    Hello Badgertastic, and rotblitz.

    There was recent changes made to updates.opendns.com. In the off chance that you have have firewall rules set up that are whitelisting traffic to the domain based on it's IP, we recommend that you update these rules to allow the traffic based on the domain name instead. This is because we've changed the IP of the domain.

    For details, please refer to our article https://support.umbrella.com/hc/en-us/articles/360021913032

  • Avatar
    rotblitz (Edited )

    See https://support.opendns.com/hc/en-us/community/posts/360041094672 
    A support ticket has been raised already.

  • Avatar
    badgertastic

    Hi rotblitz. Thanks for the response. I’m trying to use (for the first time)  ddclient on Linux described here: https://support.opendns.com/hc/en-us/articles/227987727. Previously I was using OpenDNS Updater for Mac OS but I wanted to move the updater to my PiHole server. 

    The errors I posted are from the debug output, from the actual http GET request (IO::Socket Perl module)

    I already use domain name and not IP. User credentials are in the auth headers, vs being passed in the URL. 

    Are you suggesting the author of ddclient need to update it? Is it the same issue described in the ticket?

    Thnaks

  • Avatar
    rotblitz

    Read the other thread again.  I'm suggesting that something is wrong with updates.opendns.com.  I have raised two support tickets, one for OpenDNS and one for Umbrella.  You must wait until this issue has been fixed.  For update needs see the options I listed in the other thread.  I'm just a user like you and really cannot do more.

  • Avatar
    badgertastic

    I saw you updated the other post with my symptom. Definitely looks like something has changed at updates service. Mac client doesn’t work now either. 

  • Avatar
    badgertastic (Edited )

    So all clients (Linux, MacOS and according to other post Windows) are failing.

    I used Postman to test the GET to http://updates.opendns.com/nic/update?system=dyndns&hostname=<DOMAIN>&myip=<IP>

    Replicating the headers used by ddclient, and it works. (200 OK, body: 'good <IP>').

    So seems to me that protocol version issue as originally reported: HTTP/1.1 426 Upgrade Required

    The 426 doesn't say what is supported.

    EDIT: Postman to https actually fails. Using HTTP/1.1 returns:

    upstream connect error or disconnect/reset before headers.

    Same result I was seeing from ddclient with 1.1.

  • Avatar
    badgertastic

    Christopher Stewart - I dont think this is the issue. I'm using domain name updates.opendns.com and I have no firewall restricting outbound http/ssl to it.

  • Avatar
    rotblitz

    I got a reply to my ticket.  The developers are on the issue.

  • Avatar
    badgertastic

    HTTP/1.1 and SSL now working. 

    HTTP/1.0 and SSL not working. I guess Linux ddclient needs update if OpenDNS are not going to back out the update that causes the 426.

  • Avatar
    nic

    It would appear OpenDNS did make a change to their web servers which broke interoperability with ddclient

    You can workaround this issue by modifying the DDClient 3.9.0 perl script (usually installed at "/usr/bin/ddclient").

    Change this line from:

    $request .= "/$url HTTP/1.0\n";

    To:

    $request .= "/$url HTTP/1.1\n";

     

     

  • Avatar
    festifi

    I made this change (i.e. $request from HTTP/1.0 to HTTP/1.1) on my system (though I edited /usr/sbin/ddclient ) and ddclient is working again.

     

    Thanks

     

    nic

  • Avatar
    badgertastic

    Yes. Correct. For the record, there were 2 issues when I wrote original post.

    1. ‘Upgrade Required’ is resolved by editing the script to use HTTP/1.1 

    2. ‘Service Unavailable” resolved by OpenDNS per rotblitz ticket  (Same issue as ‘upstream connect error...’)

    I guess we should inform ddclient author to fix issue 1 for everyone else. Maybe a bug report on his GitHub. I did raise ticket with OpenDNS but had no response. 

  • Avatar
    joz1975

    Thanks for your posts. Do you guys happen to have know where the file I have to edit is located on a Raspberry Pi? Thanks.

  • Avatar
    festifi

    On linux based systems (like Rasp Pi), ddclient will typically be found at /usr/bin/ddclient or /usr/sbin/ddclient

  • Avatar
    joz1975

    Thanks this worked great. The location on a Rasp Pi is /usr/sbin/ddclient.

  • Avatar
    nic

    There is a caveat when using ddclient in conjunction with other dynamic dns services (ie cloudflare api) when you hard code HTTP/1.1 for all requests. ddclient was unable to parse the HTTP/1.1 json response from api.cloudflare.com/client/v4

    If you are in this scenario, I submitted a crude patch which selectively sends HTTP/1.1 to updates.opendns.com

    https://sourceforge.net/p/ddclient/bugs/98/

     

    I would strongly urge OpenDNS and Cisco Umbrella to invest development cycles on a proper solution to it's paid subscribers. I can only speculate how long, if at all, the down stream open source project your business depends on will implement one of these proper workaround to your entire user base. As it turns out, they are seeking new project ownership.

    https://sourceforge.net/p/ddclient/mailman/message/36589979/

     

    Or simply just re-enable HTTP/1.0 for you appear to be the only dynamic dns service that is mandating the HTTP/1.1 version change. How many deployments are still broken as a result of not noticing the updates had silently broke.

Please sign in to leave a comment.