Remote access via DDNS abrupt failure after 1 year. No changes to configuration

I’m having an odd issue that started mid day today and it’s beyond my abilities. Sometime between noon and 6pm, remote access stopped working via DDNS.

Nothing changed. No restart. No update to Home assistant. No update to DDNS. No update to NGINX. Public IP address hasn’t changed in a month. From what I can tell, nothing changed in my router. Everything has been working great for 12 months. Cert doesn’t require an update until december 9th.

Nothing in the DDNS hassio addon logs.
Nothing in the NGINX logs.

I have no clue where to look or what could be causing the issues.

Running ubuntu 18.04 desktop on a NUC.
Unifi gateway pro is the router.
Port forwarding 443 to 443 on the ip of HA for nginx, not really sure if that’s needed but I’ve always done it. Networking has never been my strong suit.

EDIT: I am getting one error in nginx

2019/09/10 21:55:38 [error] 16#16: *285 connect() failed (111: Connection refused) while connecting to upstream, client: xxxxxx, server: xxxx.duckdns.org, request: “GET /api/hassio_ingress/xxxxxxxxxxxxxxxx/ HTTP/1.1”, upstream: “http://172.30.32.1:8123/api/hassio_ingress/xxxxxxxx/”, host: “xxxx.duckdns.org

Using the dev tools in chrome, I see this error multiple times:

resulted in a network error response: the promise was rejected

Any Ideas?

Edit again: It appears to work intermittently.

1 Like

I did see a post regarding DuckDNS being down… related?

I can access https://www.duckdns.org/, does it use different servers for dns routing? You have a link to this post?

DuckDNS.org is hosted on AWS servers, I can’t see them being down for long
Which side of your mouth were you poking your tongue when it last worked ?

: - P

Forsee implies seeing in advance, how does that relate ?

EDIT: HEY ! Not Fair ! You changed the name of the thread. How did you do that ?

unfortunately not. I just remember scanning past it earlier today. It was a post from within the last 24 hours.

Not this red-herring?

Has your ISP implemented CGNAT without informing you?
EDIT: Not likely if you are getting intermittent access.

“CGNAT” - Wash your mouth out with soap! (evil invention, for anyone wanting external access anyway)
Roll on full ip v6.0 !!!

I don’t think we can yet say with confidence my query was a ‘red herring’. Last few days, at all times of day, my remote access has been up and down like a yo yo. Normally I get one of those alerts per fortnight or longer. It could be my ISP, of course, I haven’t yet found an uptime monitor to check with.

When it isn’t working use your actual up address to test if the issue is with your setup or your ddns provider.

Https://734.45.76.123 for example.

1 Like

That is a dang good tip.
That would have been REALLY useful when I was trouble shooting my early set up ; - )))))

Didn’t even think of that. I’ll test that next time.

As an update, I spent the better part of 2 hours last night troubleshooting this issue. Ultimately ended back on the exact same configuration that worked for 1yr+ and it’s working again. Still unsure what caused the issues. In that 2 hours I did the following (all of which didn’t work):

  1. Completely removed NGINX and configured DDNS & my router to forward the correct ports.
  2. Restarted My nuc, gateway, and modem.
  3. Debugged into the odd ingress errors that were popping up in my logs. Found nothing.

As I said before, I moved back to NGINX, DDNS and everything has been stable for about 8 hours. Not sure what the hell was going on.

Actually, I’ve just tried this and it won’t let you, something about the security certificates not matching. The refusal was issued by nginx

Yeah not sure what nginx response would be like but with duckdns/letsencrypt it will let you in. Chrome throws an warning page up but you can click around it. Is it your browser throwing a warning or it actually won’t connect?

My experience is that with SSL setup in config.yaml, you can bypass the security warning and connect but with Nginx SSL proxy you can’t. If you change the server in the proxy settings to your IP address then you can. I want to configure the proxy to work with more than 1address but can’t find a way.

I got the warning, I went to advanced to bypass the security but ultimately the connection was refused by nginx.
I was actually quite impressed by how slickly it was done

Could you not provide (somewhere, I’m not sure where) an ‘alternate’ list, and write from this list to the config for the proxy, when you choose an alternate?
This is a bit out of my depth so what I’m suggesting is probably crap

Hi, I’ve been experiencing issues with DuckDNS since about September 10 at 19:40 GMT+2. Basically DNS resolution to my duckdns domain seems to intermittently fails. I initially thought it was my internet connection but then i had a friend try some dig commands and it failed too.

Here’s how i tested:

dig mydomain.duckdns.org @resolver

Replace resolver with either 208.67.222.222, 8.8.8.8, 1.1.1.1 or whatever. I got mixed results: sometimes NOERROR with the actual IP, sometimes SERVFAIL with no IP. Sometimes an IP from a resolver and the old IP from another resolver.