My home network has the typical configuration NAT behind a hardware firewall with a dynamic IP address provided by the ISP. I use DynDNS to have a fixed name that I can use anywhere on the internet to access the home network.

The Linksys WRT54G I use supports DynDNS updates, however, from some weeks ago, I started having issues with the updates. A cryptic error -1 wasn’t of much help.

To avoid the hassle of debugging what’s going on, I decided to give the responsibility of the updates to a Linux box inside my home network, instead of the router.

The software I used is ddclient, which is in the list of recommended clients for DynDNS. From version 3.7.0 ddclient supports SSL, so the password isn’t traveling in cleartext.

Installing ddclient in Gentoo Linux is a breeze: emerge -a ddclient

The configuration file /etc/ddclient/ddclient.conf is quite straightforward and the sample file installed should get you going right away. Mine now looks as follows.

daemon=300                              # check every 300 seconds
syslog=yes                              # log update msgs to syslog
#
## To obtain an IP address from Web status page (using the proxy if defined)
use=web, web=checkip.dyndns.com/, web-skip='IP Address'
login=yourlogin
password=yourpassword
protocol=dyndns2                                # default protocol
server=members.dyndns.com
ssl=yes
#mx=mx.for.your.host                            # default MX
#backupmx=yes|no                                # host is primary MX?
wildcard=yes

your.domain.net

To get there, I had to jump through some hoops, which I hope this post avoids you:
1. Do not use members.dyndns.org as the documentation states. Use .com
2. The ssl option doesn’t seem to work and it is not because IO::Socket::SSL is not installed, as hinted in the DynDNS FAQ and the ddclient FAQ — well, you DO need it installed but I’ve read the fine manual already and that was not my problem for sure.

I discover #1 after starting the ddclient daemon as usually in Gentoo /etc/init.d/ddclient start and discovering syslog errors like

Dec 17 03:24:50 host ddclient[9348]: WARNING:  cannot connect to members.dyndns.org:8245 socket: IO::Socket::SSL: connect: Connection timed out IO::Socket::INET configuration failederror:00000000:lib(0):func(0):reason(0)
Dec 17 03:24:50 host ddclient[9348]: FAILED:   your.domain.net: Could not connect to members.dyndns.org:8245.

It may be that I’m in China and dyndns.org is blocked from there. I don’t know. But you can check easily on any web browser. Browse to http://checkip.dyndns.com/ and you should get Current IP Address: 111.222.333.444. For me dyndns.com works.

Next it was the ssl issue. Fortunately, debugging ddclient is very easy. Stop the daemon /etc/init.d/ddclient stop and then run ddclient -daemon=0 -noquiet -debug from a terminal. Doing that I was able to see that even with the ssl=yes in the config file, the request was done using http. On the output of the command I was able to see

DEBUG:     nic_dyndns2_update -------------------
DEBUG:    proxy  =
DEBUG:    url    = http://members.dyndns.org/nic/update?system=dyndns&hostname=your.domain.net&myip=111.222.333.444&wildcard=ON
DEBUG:    server = members.dyndns.org

I changed the file /etc/init.d/ddclient — I know it is not recommended because any update to ddclient will overwrite the change. However, these days I’m always rushed and therefore less of a purist

The change was adding the -ssl switch in front of --exec /usr/sbin/ddclient to the start function, as seen below

start() {
        checkconfig || return 1
        ebegin "Starting ${SVCNAME}"
        start-stop-daemon \
                --start \
                --chuid ddclient \
                --exec /usr/sbin/ddclient -ssl \
                --name ddclient \
                --pidfile "${PIDFILE}" \
                -- -pid="${PIDFILE}"
        eend $?
}

I’d love to hear comments on a better way to get this problem fixed.