pfSense DDNS via Cloudflare
I thought I had a handle on DDNS, but looking for help
All my entries went RED, yesterday without any change from my side. Upon noticing I went to Cloudflare dash and tried to drill into my Domain DNS entries and Cloudflare threw back an error saying it was having trouble accessing my entries...so I assumed an issue with CF, but didn't see any word of any major outage.
I waited a bit and was able to eventually get into my DNS entries from CF dashboard. I noticed that some IPs changed, so it appears my IP changed. I then I ran a Wha'ts My IP from my side to confirm the updated IP
After a bunch of forcing update and refreshing, 2 services in my DDNS went green and pulled the updated IP, but the rest stayed RED and were still stuck on the old IP
I did a bunch of refreshing and saving and RED entries went from holding the old IP, to N/A, to 0.0.0.0
What is confusing me is why Cloudflare still has the old IPs in their system.
Is this something I can forcefully update from their end?
This feels like a cache issue, but I don't know where/how to clear it from.
Any help is appreciated
7 Replies
so, i'm not really able to help but if they're all pointed to the same IP (or most), what I've done is designate one record to be the truth and then CNAME all of the others to it. Because cloudflare inherently does flattening when proxy is on, this doesn't change the public DNS records, and instead makes them all only require one record.
easier to keep one record updated rather than 20
thanks. that makes sense and I suppose I'll try that... I was trying to understand what happened here and if it's and if it's an issue with CF. I'm inclined to believe it is, because nothing changed from my end.
ok yeah you're suggestion is getting my services back up so much thanks for that. I wonder if CF made a change on their end?
not sure
when i set up opnsense ddns it didn't work well setting multiple domains
so i have a single domain, home-<hash>.domain.com and then cname all of the others
i remember someone else mentioned that option to me a while back, but I didnn't get there because I didn't need to since all was working fine. The odd thing is while all my services were RED I was still able to ping them via domain name 🤷♂️ oh well, this got the job done. thanks again
there's likely 3 layers of dns caching
- windows/linux
- pfsense (if you have unbound enabled)
- upstream dns (if unbound isn't enabled recursively)
hence why you could likely still ping them
looks like more reading in my future. wish i knew what trigged this though, but there's probably too many variables at this point. I use pihole with a windows server as backup DNS, but all was working without a hitch up to this point
ahhh gotcha
I have a pihole -> opnsense config myself
yeah, dealing with dns is not ever fun lol