What's new

Best way to do DDNS updates when behind another (DSL) router?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

iliyan

New Around Here
Hi,

My new awesome Asus RT-AC68U router, running Merlin 378.50, sits behind a DSL router. The DSL router is from Sky and only supports DynDNS as a DDNS service. So I must use the Asus router to do custom DDNS updates.

I want to use afraid.org as a DNS host, so this means writing a ddns-start script. I couldn't find much info about this script in README-merlin.txt and on the Wiki, but my assumption is that it is scalled whenever the WAN IP changes. But since the Asus router is behind another one, its WAN IP is a static 192.168.0.2 address, i.e. my not real internet address (Asuswrt even warns me about this). So it seems that I can't take advantage of this machinery.

My guess is that the next best way to do my custom dynamic DNS updates is via a cron job. Am I right? If so, what's the best reading resource to help me set this up and make it persistent when rebooting the router? Or is there an easier way?

Thanks much in advance. I love my new Asus router and Merlin :)
 
Last edited:
Thanks for your reply!

I'm not that much concerned about obtaining the external IP. I know this can be done in many ways. I'm more concerned about *when* the DDNS record will be updated. This should ideally happen when the external IP changes, but in my case the DSL router is responsible for that. So I dint't expect the Asu router to get notified when this occurs. The only solution I can thus think of is to check for external IP changes periodically. And I wonder what the best way to do this is.


Sent from my iPhone using Tapatalk
 
Are you running the RT-AC68U as a router or an Access Point?

Running a router behind a router (double NAT) is usually a bad idea.
 
Thanks for your reply!

I'm not that much concerned about obtaining the external IP. I know this can be done in many ways. I'm more concerned about *when* the DDNS record will be updated. This should ideally happen when the external IP changes, but in my case the DSL router is responsible for that. So I dint't expect the Asu router to get notified when this occurs. The only solution I can thus think of is to check for external IP changes periodically. And I wonder what the best way to do this is.


Sent from my iPhone using Tapatalk

Ah... cron seems like the only way then.

Unless you put your DSL router into bridge mode and let the Asus do the PPP authentication and routing. Then it will know when the WAN/DSL status changes.
 
Are you running the RT-AC68U as a router or an Access Point?



Running a router behind a router (double NAT) is usually a bad idea.


Well, I'm no networking expert, so forgive my ignorance in the terminology. I need to use DSL router, obviously, because that's how I get my internet connection. But I've connected the Asus router to the DSL one via a cable and have assigned a static IP internal to it and set forwarding for all ports. All my devices are connected to the Asus router.

Ah... cron seems like the only way then.

Unless you put your DSL router into bridge mode and let the Asus do the PPP authentication and routing. Then it will know when the WAN/DSL status changes.


Oh, that bridge mode sounds interesting! Any idea for a nice tutorial how to do this? I guess it depends on the DSL router, but some settings should also be tweaked on the Asus side?

By the way, my (shirtty) DSL router is from Sky (UK).
 
Last edited:
Well, I'm no networking expert, so forgive my ignorance in the terminology. I need to use DSL router, obviously, because that's how I get my internet connection. But I've connected the Asus router to the DSL one via a cable and have assigned a static IP internal to it and set forwarding for all ports. All my devices are connected to the Asus router.

Yes, you need your DSL modem but you do not need to use it's router capabilities if yuou have your own router.


In the Adminitration tab you will find an Operation Mode tab. With your current setup you should be using AP mode. Read about it before switching though.



Oh, that bridge mode sounds interesting! Any idea for a nice tutorial how to do this? I guess it depends on the DSL router, but some settings should also be tweaked on the Asus side?

By the way, my (shirtty) DSL router is from Sky (UK).

Lol. What a coincidence, my ISP is shirtty too! (though, they are definitely improving)


Bridge-mode can be tricky to trouble-shoot, if it does not work. I downloaded the manual for my ADSL modem and followed the directions. In my case, the easiest method was to find the QuickBridge button in the modem's GUI. DSLReports.com's forums are a great resource.



My point is that you do not need 2 routers. It would be best if you disabled the routing capabilities in one of the devices, either by bridging the modem or by configuring the RT-AC68U as an AP.
 
Here is what I am using if you decide or can not get bridge to work,

Files in the /jffs/scripts folder:

services-start
Code:
#!/bin/sh

/usr/sbin/cru a ScheduledReboot "0 7 * * * reboot"
/usr/sbin/cru a ScheduledDDNS "5 1,3,5,7,9,11,13,15,17,19,21,23 * * * /jffs/scripts/up.sh"

up.sh
Code:
#!/bin/sh

while [ ! -n  "`ifconfig | grep tun11`" ]; do
    sleep 1
    done

    SERVICE="dnsomatic"
    USER="username"
    PASS="password"
    HOST="all.dnsomatic.com"
    IP=$(wget -qO - http://icanhazip.com)

    ez-ipupdate -S $SERVICE -u $USER:$PASS -h $HOST -a $IP

    exit 0

This works for me, gets my wan ip, updates noip, runs every 2 hours regardless if I am using the vpn or not. I know there is a easier way to simplfy the chron job then how I did it. lol As you can see I also have my router set to reboot everyday @7. You may want to del that line. ps don't forget to chmod the scripts like me.

edit:fixed typo in code /jffs/scipts/up.sh to /jffs/scripts/up.sh
 
Last edited:
Thanks for all the helpful replies, guys!

I ended up creating a cron job that updates the DDNS records every hour. I use afraid.org which provides you with a simple URL that you just need to access and it automatically get the IP from the request and updates the host.

@Cake, I see you've added the "cru" commands in an init-start script, which according to the doc is executed "right after jffs is mounted, before any of the services get started". It works fine (rebotted the router to test), but I wonder if your approach with "services-start" is better.
 
Thanks for all the helpful replies, guys!

I ended up creating a cron job that updates the DDNS records every hour. I use afraid.org which provides you with a simple URL that you just need to access and it automatically get the IP from the request and updates the host.

@Cake, I see you've added the "cru" commands in an init-start script, which according to the doc is executed "right after jffs is mounted, before any of the services get started". It works fine (rebotted the router to test), but I wonder if your approach with "services-start" is better.

Updating every hour will most likely result in the DDNS provider banning your account. You should check if the IP has changed before forcing an update.
 
Updating every hour will most likely result in the DDNS provider banning your account. You should check if the IP has changed before forcing an update.

Good point, Merlin! I thought about this but went the lazy way. I now realize that it'd be much more efficient to store the external IP in a shell variable, check every 10 min or so if it's changed, and only then performing the DDNS update if necessary.
 
Good point, Merlin! I thought about this but went the lazy way. I now realize that it'd be much more efficient to store the external IP in a shell variable, check every 10 min or so if it's changed, and only then performing the DDNS update if necessary.

Correct. Or, you can store it in a temporary nvram value if you want it to be available between each cron run of your script. Just don't do a "commit" to ensure it only gets written to the RAM copy of nvram rather than have the flash overwritten every time. Use something like "wan_last_ip" as a variable name.
 
I would like to do as RMerlin suggests, I just don't know how. I am good with functions in spreadsheets, so maybe I will take some time one of these days; learn scripting for linux. In light of the every hour is too much I will change mine to update 4 times a day then. I did try to use the new ddns-update script in jffs folder, but my log was filling up fast with stuff related to it, so I went back to old faithful rather then spend half a day troubleshooting. Thank you RMerlin for all your time making the firmware better. Salute
 
I have the same set up. I am using my rt-ac68u behind a huawei 4g router.
Currently i have a dmz forwarding all my traffic from router 1 which is connected to the wan going through to my rt-ac68u.

It works, but not great. I also have the ip address problem noted above, but luckily i have a sticky ip, so its not the end of the world.

I can not get my NEST thermostat to work correctly. I am wondering if i set up a cron job it would resolve some of my issues.

Is anyone able to advise or give me a link so that i can set my router up like what has been done in log 8 above. I have a dnsomatic account, so i think it is just the cron that needs doing.

If i telnet into my router, this is the output i have.


ASUSWRT-Merlin RT-AC68U_3.0.0.4 Sat Dec 27 18:21:23 UTC 2014

myusername@RT-AC68U:/tmp/home/root#
 
hmmm, Is the Ethernet wire coming from your huawei router plugged into the wan port of your Asus router? I am just asking because I haven't needed to use dmz at all, I am double NAT'd as well. I could post you a example/screen shot of the settings in my wan section. To be honest reading on the internet everybody says its bad idea, but I like it a little, a bit more security I think.

To use scripts, you need to log into your router (Asus) go into the Administration, then system tab of your Asus router, and put everything under the jffs section to yes. Then reboot your router.

When you telnet into your router like you mentioned type:
cd /jffs/scripts

Then type:
vi services-start
Hit the insert key and paste from example you find, you may wish to modify it to meet your needs, also I had to google vi to figure out how it works. When finished hit escape key, then type: :x (hit enter)
Do the same for up.sh
vi up.sh
Press insert key and paste contents. Don't use windows text editor unless its notepad++ or similar.
When your finished, and still in telnet or putty (ssh) type: chmod a+rx /jffs/scripts/*
Also make sure to your script starts with shebang aka:
#!/bin/sh

I am a newbie, I hope this helps you. I should have thrown windows out along time ago, and stuck with linux. Wish i was more proficient.
 
After enough screwing around, I finally just configured DynDNS updating on an old Linksys WRT610N running DD-WRT. For some reason DD-WRT is smart enough to obtain your public IP, while Asus can't seem to figure that one out. Another option would be to use an old Android phone without a contract. Servers Ultimate has a DDNS updater client that works through a double NAT just fine. I'm sure there are countless other apps that do as well. I'm not entirely certain why it's a bad idea to be double NAT, except for performance issues perhaps, but I can tell you that some folks have little choice in the matter. I have Verizon Fios and their lousy ActionTech doesn't allow bridge mode. Additionally, the DDNS updater in that doorstop doesn't work with DynDNS anymore (as of maybe 18 months ago). I think Dyn made some kind of change and Verizon/ActionTech didn't see fit to update their DDNS routine.
 
After enough screwing around, I finally just configured DynDNS updating on an old Linksys WRT610N running DD-WRT. For some reason DD-WRT is smart enough to obtain your public IP, while Asus can't seem to figure that one out. Another option would be to use an old Android phone without a contract. Servers Ultimate has a DDNS updater client that works through a double NAT just fine. I'm sure there are countless other apps that do as well. I'm not entirely certain why it's a bad idea to be double NAT, except for performance issues perhaps, but I can tell you that some folks have little choice in the matter. I have Verizon Fios and their lousy ActionTech doesn't allow bridge mode. Additionally, the DDNS updater in that doorstop doesn't work with DynDNS anymore (as of maybe 18 months ago). I think Dyn made some kind of change and Verizon/ActionTech didn't see fit to update their DDNS routine.

FIOS did break DynDNS but there is a fix for it. I got it working again on my Actiontec. Unfortunately I don't remember what I had to do. If I can find the details again I will post them.

Also also being on FIOS I have run double NATed behind the Actiontec using my ASUS and have run my ASUS as the only router and didn't see any change in performance.

I am running Tomato on my ASUS router which is currently double NATed and Tomat0 has the feature allowing my ASUS to pull the actual WAN public IP.
 
Correct. Or, you can store it in a temporary nvram value if you want it to be available between each cron run of your script. Just don't do a "commit" to ensure it only gets written to the RAM copy of nvram rather than have the flash overwritten every time. Use something like "wan_last_ip" as a variable name.
Hi Merlin, is there a templated script that you can offer up? I'm a script idiot, so whatever you can give us that will automatically check for an ip change would be appreciated. Thanks
 
Hi Merlin, is there a templated script that you can offer up? I'm a script idiot, so whatever you can give us that will automatically check for an ip change would be appreciated. Thanks

This script is for Google DNS. Most of them are similar. Change the Google URL to the URL for your DDNS service. It also assumes you have entware (or entware-ng) installed for the root certs so SSL works. If you don't have the root certs installed and don't want to, you can add --no-check-certificate to the wget command to connect to your provider insecurely.

Create a file called /jffs/scripts/dns-update.sh with this in it. Chmod it 700. Add it to cron with this command "cru a dnsupdate 0 * * * * /jffs/scripts/dns-update-ip.sh"

Code:
#!/bin/sh

/usr/bin/logger -t $(basename $0) "started [$@]"

# Define these variables for your system
username=YOUR USERNAME
password=YOUR PASSWORD
hostname=YOUR DOMAIN NAME

# Define path to certs so HTTPS works in wget
# Certificates are installed using 'opkg install ca-certificates'
export SSL_CERT_DIR=/opt/etc/ssl/certs

# Get our public IP address from ICanHazIP.com
# Force use of IPv4 since IPv6 might be broken
ip=`wget -4 -q http://icanhazip.com -O -`

# Compare IP address in DNS to current one
dns_ip=`nslookup $hostname 8.8.8.8|grep ^Address|grep -v 8.8.8.8|grep -v ::1|awk -F: '{print $2}'|awk '{print $1}'`
if [ "$dns_ip" = "$ip" ]; then
    /usr/bin/logger -t $(basename $0) "completed, no change [$@]"
    exit 0
fi

# Make sure we use SSL enabled wget
# the wget in the flash has ssl now (hmmm...) so no need for this anymore
#wget=/opt/bin/wget
wget=/usr/sbin/wget

# Register our new IPv4 address with Google
# Force use of IPv4 since we know for sure IPv6 tunnel is broken now
$wget -4 -q "https://$username:$password@domains.google.com/nic/update?hostname=$hostname&ip=$ip" -O /tmp/g.log

/usr/bin/logger -t $(basename $0) "Updated IP to $ip [$@]"
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top