Strange errors from DNS-O-Matic

Comments

40 comments

  • Avatar
    heutger

    Both still fail.

    0
    Comment actions Permalink
  • Avatar
    alexo

    DuckDns still fails, ticket is open, no action, no updates.

    ChangeIP still fails, ticket was closed without resolution.

    So far for "customer support".

     

    0
    Comment actions Permalink
  • Avatar
    adamlogan (Edited )

    I'm experiencing the same issue for No-IP, and DuckDNS as well. It works fine for free subdomains I registered on Afraid.org and dynu.com though, so strange.

    I disabled malware protection for a quick test, and pushed an update from the DDNS updater from my Synology DiskStation to DNS-O-Matic, finally updated the IP address to Duck DNS and without a similar error to what's been shared here already. Interestingly, NO-IP continued to get the same opendns malware errors. Perhaps it will be an intermittent on/off kind of thing like some of already described.

    Since I'm not using OpenDNS anymore, I guess it doesn't matter that Phishing is the only benefit I'd get from using OpenDNS if I were still using it. Regular slowdowns was enough for me to stop using OpenDNS.

    Update: I got the error with Duck DNS & NO-IP after pushing another manual update from Synology DDNS update client. I disabled all filters & protections. Ok then…

    0
    Comment actions Permalink
  • Avatar
    michelle_lee

    I ran into the same issue with DuckDNS.  I added www.duckdns.org to the NEVER BLOCK list in my openDNS Dashboard.  This fixed the manual update. 

    I have the DNSoMatic service running daily; I'll report back if that fixes those malware reports.

    0
    Comment actions Permalink
  • Avatar
    heutger

    michelle_lee That can't work as the OpenDNS dashboard is your dashboard. That's the issue, the stupid OpenDNS support staff doesn't understand. Their servers perform the update so it's the resolver used by their DNS-O-Matic scripts. So they may be required to whitelist DuckDNS. However it makes no sense at all to use a malware protected DNS server on a server running scripts and not active surfing the net. That could only result in false positives and wouldn't have any positive impact beside that, as it's a server and not a client. Malware, if any exist, should never be able to reach the server that way, otherwise, there is something completely wrong on server usage and may be looked at first.

    2
    Comment actions Permalink
  • Avatar
    michelle_lee

    Their servers perform the update so it's the resolver used by their DNS-O-Matic scripts. So they may be required to whitelist DuckDNS. However it makes no sense at all to use a malware protected DNS server on a server running scripts and not active surfing the net.

    You are correct; my longshot didn't help and I'm still getting the email reports similar to the example in the first post.

    Your explanation makes perfect sense.  DNS-O-Matic lists DuckDNS as a supported service, so in any case they should whitelist the www.duckdns.org subdomain that provides the Dynamic DNS service.  I can imagine that some of the DuckDNS subdomains may resolve to sites that have malware, but it seems just blocked the whole duckdns.org domain and hence this issue.

    0
    Comment actions Permalink
  • Avatar
    heutger

    And that's why it makes no sense to use malware protected DNS servers on a server system. It may make sense on client systems, however, their false-positive would also then block my legit DuckDNS address, so again a reason not to use their services (although I could whitelist then). However, I use my AdGuard Home (recently a Pi-Hole), so that's ways better than OpenDNS.

    0
    Comment actions Permalink
  • Avatar
    adamlogan

    Took me a couple minutes to figure out where the whitelist function was on the opendns dashboard, for anyone else wanting to play with this its Settings > Web Content Filtering > Manage Individual Domains > (Change drop down menu from "Always Block" to "Never Block" > add domain name & hit Add Domain button.

    Will tinker with it and see what behavior I get.

    I agree with what you said Heutger, domain filtering makes sense for clients but not for a DNS update service.

    0
    Comment actions Permalink
  • Avatar
    alexo

    Here's the latest communication from Cisco:

    Hello,

    I apologize, but we do not have an update for you regarding this issue. The free DNS-O-Matic service is no longer being supported, so I am afraid we will not be able to assist.

    <name redacted>
    Senior Technical Support Manager
    Cisco OpenDNS LLC.

    The writing was on the wall when Cisco purchased OpenDNS, but at least now it's official.

     

     

    0
    Comment actions Permalink
  • Avatar
    heutger

    I got a similar explanation, at that stage I got only response, that I should not push my request too hard as they won't then offer the free service to me anymore. It's as typical, money rules all and big enterprises also often get things worser: Look at Oracles Java API issues with Google, look at CentOS project getting unusable as of RedHat/IBMs new plans on how to (mis)use the CentOS project or now looking at Ciscos purchase of OpenDNS. However, I now disabled the two services and still use the remaining service until DNS-O-Matic will finally shutdown. From time to time, more and more services got unsupported, however, it's still usable for some services left.

    0
    Comment actions Permalink

Please sign in to leave a comment.