ddclient response 'HTTP 426 Upgrade Required' (Debian stretch: ddclient 3.8.3-1.1, libio-socket-ssl-perl 2.044-1)
Trying to update OpenDNS IP using SSL (as per instructions from OpenDNS). Using ddclient 3.8.3-1.1, libio-socket-ssl-perl 2.044-1 (debian stretch) to update IP
I get response:
RECEIVE: HTTP/1.1 426 Upgrade Required
I tried changing the perl script header from HTTP/1.0 to HTTP/1.1 then I can connect, but then receive:
RECEIVE: HTTP/1.1 503 Service Unavailable
Please help!
-
Official comment
Hello Badgertastic, and rotblitz.
There was recent changes made to updates.opendns.com. In the off chance that you have have firewall rules set up that are whitelisting traffic to the domain based on it's IP, we recommend that you update these rules to allow the traffic based on the domain name instead. This is because we've changed the IP of the domain.
For details, please refer to our article https://support.umbrella.com/hc/en-us/articles/360021913032Comment actions -
See https://support.opendns.com/hc/en-us/community/posts/360041094672
A support ticket has been raised already. -
Hi rotblitz. Thanks for the response. I’m trying to use (for the first time) ddclient on Linux described here: https://support.opendns.com/hc/en-us/articles/227987727. Previously I was using OpenDNS Updater for Mac OS but I wanted to move the updater to my PiHole server.
The errors I posted are from the debug output, from the actual http GET request (IO::Socket Perl module)
I already use domain name and not IP. User credentials are in the auth headers, vs being passed in the URL.
Are you suggesting the author of ddclient need to update it? Is it the same issue described in the ticket?
Thnaks
-
Read the other thread again. I'm suggesting that something is wrong with updates.opendns.com. I have raised two support tickets, one for OpenDNS and one for Umbrella. You must wait until this issue has been fixed. For update needs see the options I listed in the other thread. I'm just a user like you and really cannot do more.
-
So all clients (Linux, MacOS and according to other post Windows) are failing.
I used Postman to test the GET to http://updates.opendns.com/nic/update?system=dyndns&hostname=<DOMAIN>&myip=<IP>
Replicating the headers used by ddclient, and it works. (200 OK, body: 'good <IP>').
So seems to me that protocol version issue as originally reported: HTTP/1.1 426 Upgrade Required
The 426 doesn't say what is supported.
EDIT: Postman to https actually fails. Using HTTP/1.1 returns:
upstream connect error or disconnect/reset before headers.
Same result I was seeing from ddclient with 1.1.
-
Christopher Stewart - I dont think this is the issue. I'm using domain name updates.opendns.com and I have no firewall restricting outbound http/ssl to it.
-
It would appear OpenDNS did make a change to their web servers which broke interoperability with ddclient
You can workaround this issue by modifying the DDClient 3.9.0 perl script (usually installed at "/usr/bin/ddclient").
Change this line from:
$request .= "/$url HTTP/1.0\n";
To:
$request .= "/$url HTTP/1.1\n";
-
Yes. Correct. For the record, there were 2 issues when I wrote original post.
1. ‘Upgrade Required’ is resolved by editing the script to use HTTP/1.1
2. ‘Service Unavailable” resolved by OpenDNS per rotblitz ticket (Same issue as ‘upstream connect error...’)
I guess we should inform ddclient author to fix issue 1 for everyone else. Maybe a bug report on his GitHub. I did raise ticket with OpenDNS but had no response.
-
There is a caveat when using ddclient in conjunction with other dynamic dns services (ie cloudflare api) when you hard code HTTP/1.1 for all requests. ddclient was unable to parse the HTTP/1.1 json response from api.cloudflare.com/client/v4
If you are in this scenario, I submitted a crude patch which selectively sends HTTP/1.1 to updates.opendns.com
https://sourceforge.net/p/ddclient/bugs/98/
I would strongly urge OpenDNS and Cisco Umbrella to invest development cycles on a proper solution to it's paid subscribers. I can only speculate how long, if at all, the down stream open source project your business depends on will implement one of these proper workaround to your entire user base. As it turns out, they are seeking new project ownership.
https://sourceforge.net/p/ddclient/mailman/message/36589979/
Or simply just re-enable HTTP/1.0 for you appear to be the only dynamic dns service that is mandating the HTTP/1.1 version change. How many deployments are still broken as a result of not noticing the updates had silently broke.
-
I received official reply on my ticket. Ddclient need to update their end.
I also noted the OpenDNS support article for ddclient has been removed. Previously: https://support.opendns.com/hc/en-us/articles/227987727
-
With CentOS 7.6 I get the "upstream connect error or disconnect/reset before headers" error with all of these methods:
- ddclient 3.8.3 (changed from HTTP/1.0 to HTTP/1.1 as described above)
- curl --user username:password https://updates.opendns.com/nic/update?hostname=<Network name>
- And just manually loading the update URL in Firefox or Chrome:
https://updates.opendns.com/nic/update?hostname=<Network name>
Are there any other Linux based automatic update methods I can try? I have a ticket open, but no reply yet.
FYI the OpenDNS ddclient support page is available in the Internet Archive here:
https://web.archive.org/web/20190214124325/https://support.opendns.com/hc/en-us/articles/227987727 -
Cisco Umbrella OpenDNS support team spoke loud and and clear on this issue. They do not care how many ddclient deployments they silently broke. Realistically, unless you are monitoring your logs, you probably have not realized their server side changes cased your client to stop updating
"Unfortunately we can't always maintain interoperability between our servers and all third party DDNS clients."
No, but you can fix it after you realized the mistake. Pulling the ddclient KB article further buries the root cause.
Our subscriptions renewals have already be reallocated with different vendor.
-
All the ways I try to update OpenDNS (ddclient, web browser, curl) fail with the same error. OpenDNS support tells me:
Due to a recent update updates.opendns.com requires HTTP 1.1 in order for a network identity update to be successful. ddclient uses HTTP 1.0 only so any attempt at using this tool fail.
DDClient is a third party application and as such we can not change or troubleshoot the product.
Using curl (7.33.0 or higher) you should be able to successfully update an IP addressUnfortunately my version of curl on CentOS 7.6 is older and it's not the easiest thing to update. I then asked support if there's a way I can just manually update my IP in OpenDNS instead. His reply surprised me:
Unfortunately, after the initial setup you would not be able to manually change the IP address.
Removing a network, and then adding a new network with the updated IP will work.Is there really no way to manually update your IP address short of deleting it and starting over from scratch? That seems bizarre to me, but I can't find an option to edit it.
-
"Is there really no way to manually update your IP address"
Sure, there is a really simple way. You send your updates through DNS-O-Matic instead of directly to OpenDNS.
See https://support.opendns.com/hc/en-us/community/posts/360042730712/comments/360004723011
This will work as long as DNS-O-Matic doesn't require HTTP 1.1 too.
After you configured OpenDNS as service at DNS-O-Matic, you can manually update OpenDNS at any time by visiting the usual update URL:
https://updates.dnsomatic.com/nic/update?hostname=all.dnsomatic.com
- or -
https://updates.dnsomatic.com/nic/update?hostname=OpenDNSnetworkLabelAnd no, you do not need to delete your dashboard network to create a new one. You can keep your existing one updated by updating manually at the dashboard (clicking the green arrows icon) or via browser URL, or automatically by sending your updates through DNS-O-Matic, e.g. by ddclient and the likes.
-
Thanks rotblitz, that exactly the info I needed! DNS-O-Matic looks like a really good solution.
Please sign in to leave a comment.
Comments
26 comments