ddclient response 'HTTP 426 Upgrade Required' (Debian stretch: ddclient 3.8.3-1.1, libio-socket-ssl-perl 2.044-1)
Trying to update OpenDNS IP using SSL (as per instructions from OpenDNS). Using ddclient 3.8.3-1.1, libio-socket-ssl-perl 2.044-1 (debian stretch) to update IP
I get response:
RECEIVE: HTTP/1.1 426 Upgrade Required
I tried changing the perl script header from HTTP/1.0 to HTTP/1.1 then I can connect, but then receive:
RECEIVE: HTTP/1.1 503 Service Unavailable
Please help!
-
Official comment
Hello Badgertastic, and rotblitz.
There was recent changes made to updates.opendns.com. In the off chance that you have have firewall rules set up that are whitelisting traffic to the domain based on it's IP, we recommend that you update these rules to allow the traffic based on the domain name instead. This is because we've changed the IP of the domain.
For details, please refer to our article https://support.umbrella.com/hc/en-us/articles/360021913032 -
See https://support.opendns.com/hc/en-us/community/posts/360041094672
A support ticket has been raised already. -
Hi rotblitz. Thanks for the response. I’m trying to use (for the first time) ddclient on Linux described here: https://support.opendns.com/hc/en-us/articles/227987727. Previously I was using OpenDNS Updater for Mac OS but I wanted to move the updater to my PiHole server.
The errors I posted are from the debug output, from the actual http GET request (IO::Socket Perl module)
I already use domain name and not IP. User credentials are in the auth headers, vs being passed in the URL.
Are you suggesting the author of ddclient need to update it? Is it the same issue described in the ticket?
Thnaks
-
Read the other thread again. I'm suggesting that something is wrong with updates.opendns.com. I have raised two support tickets, one for OpenDNS and one for Umbrella. You must wait until this issue has been fixed. For update needs see the options I listed in the other thread. I'm just a user like you and really cannot do more.
-
So all clients (Linux, MacOS and according to other post Windows) are failing.
I used Postman to test the GET to http://updates.opendns.com/nic/update?system=dyndns&hostname=<DOMAIN>&myip=<IP>
Replicating the headers used by ddclient, and it works. (200 OK, body: 'good <IP>').
So seems to me that protocol version issue as originally reported: HTTP/1.1 426 Upgrade Required
The 426 doesn't say what is supported.
EDIT: Postman to https actually fails. Using HTTP/1.1 returns:
upstream connect error or disconnect/reset before headers.
Same result I was seeing from ddclient with 1.1.
-
Christopher Stewart - I dont think this is the issue. I'm using domain name updates.opendns.com and I have no firewall restricting outbound http/ssl to it.
-
It would appear OpenDNS did make a change to their web servers which broke interoperability with ddclient
You can workaround this issue by modifying the DDClient 3.9.0 perl script (usually installed at "/usr/bin/ddclient").
Change this line from:
$request .= "/$url HTTP/1.0\n";
To:
$request .= "/$url HTTP/1.1\n";
-
Yes. Correct. For the record, there were 2 issues when I wrote original post.
1. ‘Upgrade Required’ is resolved by editing the script to use HTTP/1.1
2. ‘Service Unavailable” resolved by OpenDNS per rotblitz ticket (Same issue as ‘upstream connect error...’)
I guess we should inform ddclient author to fix issue 1 for everyone else. Maybe a bug report on his GitHub. I did raise ticket with OpenDNS but had no response.
-
There is a caveat when using ddclient in conjunction with other dynamic dns services (ie cloudflare api) when you hard code HTTP/1.1 for all requests. ddclient was unable to parse the HTTP/1.1 json response from api.cloudflare.com/client/v4
If you are in this scenario, I submitted a crude patch which selectively sends HTTP/1.1 to updates.opendns.com
https://sourceforge.net/p/ddclient/bugs/98/
I would strongly urge OpenDNS and Cisco Umbrella to invest development cycles on a proper solution to it's paid subscribers. I can only speculate how long, if at all, the down stream open source project your business depends on will implement one of these proper workaround to your entire user base. As it turns out, they are seeking new project ownership.
https://sourceforge.net/p/ddclient/mailman/message/36589979/
Or simply just re-enable HTTP/1.0 for you appear to be the only dynamic dns service that is mandating the HTTP/1.1 version change. How many deployments are still broken as a result of not noticing the updates had silently broke.
Please sign in to leave a comment.
Comments
16 comments