Remote access via DDNS abrupt failure after 1 year. No changes to configuration

petro · September 11, 2019, 1:45am

I’m having an odd issue that started mid day today and it’s beyond my abilities. Sometime between noon and 6pm, remote access stopped working via DDNS.

Nothing changed. No restart. No update to Home assistant. No update to DDNS. No update to NGINX. Public IP address hasn’t changed in a month. From what I can tell, nothing changed in my router. Everything has been working great for 12 months. Cert doesn’t require an update until december 9th.

Nothing in the DDNS hassio addon logs.
Nothing in the NGINX logs.

I have no clue where to look or what could be causing the issues.

Running ubuntu 18.04 desktop on a NUC.
Unifi gateway pro is the router.
Port forwarding 443 to 443 on the ip of HA for nginx, not really sure if that’s needed but I’ve always done it. Networking has never been my strong suit.

EDIT: I am getting one error in nginx

2019/09/10 21:55:38 [error] 16#16: *285 connect() failed (111: Connection refused) while connecting to upstream, client: xxxxxx, server: xxxx.duckdns.org, request: “GET /api/hassio_ingress/xxxxxxxxxxxxxxxx/ HTTP/1.1”, upstream: “http://172.30.32.1:8123/api/hassio_ingress/xxxxxxxx/”, host: “xxxx.duckdns.org”

Using the dev tools in chrome, I see this error multiple times:

resulted in a network error response: the promise was rejected

Any Ideas?

Edit again: It appears to work intermittently.

sparkydave · September 11, 2019, 1:48am

I did see a post regarding DuckDNS being down… related?

petro · September 11, 2019, 1:50am

I can access https://www.duckdns.org/, does it use different servers for dns routing? You have a link to this post?

Mutt · September 11, 2019, 2:19am

DuckDNS.org is hosted on AWS servers, I can’t see them being down for long
Which side of your mouth were you poking your tongue when it last worked ?

: - P

Forsee implies seeing in advance, how does that relate ?

EDIT: HEY ! Not Fair ! You changed the name of the thread. How did you do that ?

sparkydave · September 11, 2019, 4:25am

unfortunately not. I just remember scanning past it earlier today. It was a post from within the last 24 hours.

tom_l · September 11, 2019, 10:32am

Not this red-herring?

tom_l · September 11, 2019, 10:33am

~~Has your ISP implemented CGNAT without informing you?~~
EDIT: Not likely if you are getting intermittent access.

Mutt · September 11, 2019, 10:45am

“CGNAT” - Wash your mouth out with soap! (evil invention, for anyone wanting external access anyway)
Roll on full ip v6.0 !!!

daneboom · September 11, 2019, 11:06am

I don’t think we can yet say with confidence my query was a ‘red herring’. Last few days, at all times of day, my remote access has been up and down like a yo yo. Normally I get one of those alerts per fortnight or longer. It could be my ISP, of course, I haven’t yet found an uptime monitor to check with.

silvrr · September 11, 2019, 11:34am

When it isn’t working use your actual up address to test if the issue is with your setup or your ddns provider.

Https://734.45.76.123 for example.

Mutt · September 11, 2019, 11:47am

That is a dang good tip.
That would have been REALLY useful when I was trouble shooting my early set up ; - )))))

petro · September 11, 2019, 11:55am

Didn’t even think of that. I’ll test that next time.

petro · September 11, 2019, 11:59am

As an update, I spent the better part of 2 hours last night troubleshooting this issue. Ultimately ended back on the exact same configuration that worked for 1yr+ and it’s working again. Still unsure what caused the issues. In that 2 hours I did the following (all of which didn’t work):

Completely removed NGINX and configured DDNS & my router to forward the correct ports.
Restarted My nuc, gateway, and modem.
Debugged into the odd ingress errors that were popping up in my logs. Found nothing.

As I said before, I moved back to NGINX, DDNS and everything has been stable for about 8 hours. Not sure what the hell was going on.

Mutt · September 12, 2019, 1:51am

Actually, I’ve just tried this and it won’t let you, something about the security certificates not matching. The refusal was issued by nginx

silvrr · September 12, 2019, 3:54am

Yeah not sure what nginx response would be like but with duckdns/letsencrypt it will let you in. Chrome throws an warning page up but you can click around it. Is it your browser throwing a warning or it actually won’t connect?

Crhass · September 12, 2019, 5:58am

My experience is that with SSL setup in config.yaml, you can bypass the security warning and connect but with Nginx SSL proxy you can’t. If you change the server in the proxy settings to your IP address then you can. I want to configure the proxy to work with more than 1address but can’t find a way.

Mutt · September 12, 2019, 9:09am

I got the warning, I went to advanced to bypass the security but ultimately the connection was refused by nginx.
I was actually quite impressed by how slickly it was done

Mutt · September 12, 2019, 9:11am

Could you not provide (somewhere, I’m not sure where) an ‘alternate’ list, and write from this list to the config for the proxy, when you choose an alternate?
This is a bit out of my depth so what I’m suggesting is probably crap

Ambrogio · September 12, 2019, 9:29am

Hi, I’ve been experiencing issues with DuckDNS since about September 10 at 19:40 GMT+2. Basically DNS resolution to my duckdns domain seems to intermittently fails. I initially thought it was my internet connection but then i had a friend try some dig commands and it failed too.

Here’s how i tested:

dig mydomain.duckdns.org @resolver

Replace resolver with either 208.67.222.222, 8.8.8.8, 1.1.1.1 or whatever. I got mixed results: sometimes NOERROR with the actual IP, sometimes SERVFAIL with no IP. Sometimes an IP from a resolver and the old IP from another resolver.