Topic: Serious Problem W/ DYNDNS abuse!

[Jeff Utter]

Yeah, i recieved this e-mail from dyndns.org earlier stating they were deleting my accout due to abuse, here is the e-mail:

"hostname you had registered with Dynamic DNS Network Services
at dyndns.org, ****.dyndns.org, has been deleted from our systems.


This hostname has been deleted a week after being blocked for
abusive updates and not being unblocked by the support department.
Our policies forbid multiple successive updates from the same
IP address.


You can re-create this hostname at your convenience, and we suggest
that you re-examine your update procedures and read our abuse policy
at http://support.dyndns.org/dyndns/abuse.shtml.


If you do not use your NIC account any longer, please delete it
using the tools at http://members.dyndns.org/nic/delacct.  We regret
seeing you go."

Any help on resolving this issue, to stop the repeated updates, would be very gratefull.... i'm on cable, so it shouldnt' have to update that often... thanks.... oh, and i'm using the dyndns client thingie, built into e-smith... thanks

[Dan Brown]

Well, e-smith should run the dyndns update only when your IP address changes, and/or when you restart your server.  What do you get if you grep dyndns.org /var/log/messages*?

[Jeff Utter]

Yeesh, ya know.... i can't tell you.. it's so long, i can't scroll up enough to tell you anythign about the dyndns service.. it only tells about ftp logins and such to.. my dyndns.org name...

[Elissa]

This is from excessive rebooting.

[Franck PIERRE]

You should try that command line :
grep "dyndns.org: " /var/log/messages*
and send the result.

[Jeff Utter]

a.) it's not from excessive rebooting, i've rebooted like 3 times in the last week, AT MOST

b.) Here is part of that grep

"/var/log/messages:Jul 29 04:23:14 e-smith dyndns.org: ****.dyndns.org does no
t exist on the dyndns.org system.
/var/log/messages.1:Jul 21 18:56:14 e-smith dyndns.org: Update at **.**.**.** su
cceeded.
/var/log/messages.1:Jul 22 00:50:33 e-smith dyndns.org: IP Address **.**.**.** a
lready in database."
it repeats the last line.. maybe 10 times.. then the last one is this
/var/log/messages.1:Jul 25 17:17:46 e-smith dyndns.org: ****.dyndns.org is bl
ocked for abuse; contact support@dyndns.org to unblock.

Now, i can access my page, at ****.dyndns.org from an internal machine, i dont' know if that has to do w/ my e-smith gateway, caching the DNS.. or what... or maybe my dyndns name isnt' really blocked

[Dan Brown]

The reason you can access your system from the LAN is probably that your e-smith box is caching the DNS.  Somehow the ip-change event is getting triggered even when your IP address isn't actually changing, which is causing the system to update the dyndns.org records too frequently.

Reboots certainly could be causing this--I don't know the threshold for the number of non-updates before dyndns.org will block you for abuse, but three in a week can't help.  Other than that, I'm not sure what could be causing it--do you get your IP address via DHCP, perhaps?  I've heard that some ISPs do this even with static IPs...

[Jeff Utter]

Yeah... i get my ip w/ DHCP.. but... it only changes once a month... and some people have dialup... people on dialup.. connect to dyndns.org like 1-2 times daily... i'd really like to get to the bottom of this, and find out what is causing it to update. so much.

[Dan Brown]

dyndns.org doesn't particularly care how often you update, so long as it's an actual update (that is, the IP changed) each time.  In your case, I really don't know what's happening that's causing the update to be triggered.  Renewing the DHCP lease seems like the most obvious possibility, but I don't know how to go about checking that.

[Graeme Robinson]

It is weird because you will only get deregistered by dyndns if you update with the same IP address that it's already holding. If your actual IP is changing you can update as frequently as you like and dyndns will not complain, otherwise it wouldn't be fulfilling it's purpose.

E-smith knows this and never harasses the dyndns database with an update unless the IP has changed.  You can see this in the log files, at least I think that's what it is. Here's an example of a successful update and and a suppressed one:

bash-2.04$ sudo /bin/grep "dyndns" /var/log/messages |less
Jul 29 12:58:42 avanti dyndns.org: Update at 144.137.67.110 succeeded.
Jul 29 03:37:44 avanti named[1591]: suppressing duplicate notify ("graenet.dyndn
s.org" IN SOA)

[Dan Brown]

The problem here is that the e-smith system _is_ sending update requests, and the IP address _hasn't_ changed--you can see this from the log excerpts that Jeff has posted.  The only thing that should cause the system to send a dynamic DNS update is if something triggers the ip-change event.  I expect that whatever is triggering it is also in the log files, but I don't know what to look for at this point--again, dhcp is my only clue.  Maybe 'grep dhcp messages*' would yield something useful, when compared with the previous check.

[Richie Jarvis]

Just a dumb question on this front....

dyndns.org require you to send them an update ever 35 days - so why doesn't e-smith have functionality to send it every 30 days or something so that your account doesn't get deleted?

Thanks,

Richie

[Luke Drumm]

Alternatively, if your using a (mostly) static IP, why not change to their Static-IP service and dump the update client all together.

[CMG]

That's fine, Richie but only if your IP address doesn't change during that time.



Richie Jarvis wrote:
>
> Just a dumb question on this front....
>
> dyndns.org require you to send them an update ever 35 days -
> so why doesn't e-smith have functionality to send it every 30
> days or something so that your account doesn't get deleted?
>
> Thanks,
>
> Richie