Dynamic DNS from behind NAT

Tony Burton · Thu Nov 03, 2005 8:55 am

I would like to set up a dns-update client on my Mikrotik, which is behind a NAT gateway. The command line works fine when I do it manually.

How can I find the current public IP address of my gateway in a script?

Tony

Eugene · Thu Nov 03, 2005 10:53 am

Where should the script run?
On the client you have no way to get gateway's public IP address, unless some really strong magic is employed.

Tony Burton · Thu Nov 03, 2005 11:01 am

It can be done by checking the response from a web service such as http://www.whatismyip.com but I haven't worked out how to do this on RouterOS. There's nothing magic about it.

Eugene · Thu Nov 03, 2005 11:08 am

Sure, it's nothing magic in perl, but think of it in terms of RouterOS scripting

Tony Burton · Thu Nov 03, 2005 11:30 am

The commands from a bash shell would be:

> wget http://www.whatismyip.com
> grep displaycopy index.html | cut -d"'" -f2
> rm -f index.html

Any ideas how this could be done in RouterOS?

Eugene · Thu Nov 03, 2005 12:57 pm

I'd say it's impossible. You need some workaround for this. Do you have control over NAT gw? What OS does it run?

lastguru · Thu Nov 03, 2005 2:12 pm

I am known to be the greatest magician of 'em all

can your gateway have a dns name (any name, for example, literally "my.domain")? on any dns server, even in itself. the main point is to get it to reply its IP with dns protocol. if it is possible to do that, then make the MT resolve DNS through that host (you can configure it as a secondary dns).

to get the wanted IP, ping the dns address from the MT, then lookup the IP in the "/ip dns cache" table

Tony Burton · Fri Nov 04, 2005 10:44 pm

I am really after a generic solution that will work from behind any NAT. I have had some success with telnet:

> /system telnet ipid.shat.net 80

After establishing a connection I request the IP address page:

GET http://ipid.shat.net/iponly/ HTTP/1.0

Please note the extra line feed after the command.

This replies with the HTML of a web page containing my public IP address. Is there any way of parsing the address from the rest of the text?

changeip · Fri Nov 04, 2005 11:12 pm

Is the public IP not on the mikrotik at all? Not sure if you can't get your public ip because the mikrotik is behind another NAT other than itself.

Sam

Tony Burton · Fri Nov 04, 2005 11:22 pm

That's right, the Mikrotik router is behind another NAT gateway. Otherwise the solution would be really simple.

changeip · Fri Nov 04, 2005 11:24 pm

I'm trying to make a super sweet new process for detecting your IP address... you simply query a hostname and you always get your IP back. Of course you run into problems when you use a resolver but if you can query a dns server directly then it would help you.

Sam

Tony Burton · Sat Nov 05, 2005 12:01 am

Thanks Sam, your assistance is very much appreciated.

Tony

Tony Burton · Sat Nov 12, 2005 4:29 am

Hi Sam,

Have you made any progress on the new process for detecting my IP address?

Tony

changeip · Sat Nov 12, 2005 7:26 am

I have not yet... might be a few weeks as I'm trying to finish up the new client software first. I will post an update when I get something.

Thx

hecklertm · Mon Nov 21, 2005 5:49 pm

Have you considered trying to customize the login.html built into hotspot user authentication webservice so that the login page when accessed attempts to do a form post to a page on another webserver (normally this is done when you use an external authentication server). That other webserver's http logs should show originating ip address of the router in it when it made the request.

If you have a script on a server periodically browse to the router's hotspot login page, it will then kick off that form and thereby create another entry in the remote webservers http log, which can subsequently be checked by some other scripted means of your choice on that server and make necessary updates.... What do you think?

changeip · Mon Nov 21, 2005 7:59 pm

I think it might be easier for us to simply create a special IP record that when we see it come in we throw it out and detect your remote address ... ie, with /tool dns-update you send us ip as 127.0.0.99 and we throw that out and detect your remote it ... something like that . Let me think more about this and will setup something more formally.

Thx,
Sam

hecklertm · Tue Nov 22, 2005 4:16 am

That should work as long as your tool logs the originating ip address of the computer which sent the update. It would be much easier and would stay within the scope the DDNS tool. Sounds like it has good potential.

changeip · Tue Nov 22, 2005 7:06 am

Until something else comes up better we have implemented a special ip to use; 127.0.0.255. When sending your Dynamic DNS updates you can send 127.0.0.255 and we will ignore that entry and default to your detected IP address. Please be aware that if you are going thru any proxyies or natted devices that we will see that machines IP. In most cases this is the expected result.

Another reason why ChangeIP.com ddns is better than the others : )

hecklertm · Tue Nov 22, 2005 7:42 am

Hey, that's' great! Thanks for adding it in. I bet it will come in handy for many people in time.

Tony Burton · Wed Nov 23, 2005 7:43 pm

Thanks for doing this Sam. I realise that it is an interim measure because you probably don't want people hitting your site every 5 minutes with an update using 127.0.0.255. Just how often will you allow updates using 127.0.0.255?

Tony

changeip · Wed Nov 23, 2005 7:45 pm

True - it is a temporary solution for the time being. I am working on making a DNS resolver solution, if I get this done over the holiday weekend I will let you know.

Thx,
Sam

Tony Burton · Wed Jan 04, 2006 8:56 am

Hi Sam, are you still working on this issue?

Tony

changeip · Wed Jan 04, 2006 11:02 am

Tony,

I have. I paid a coder at rentacoder.com to write me a patch for BIND that would create this magic hostname idea. I'll post some details about it shortly when I get it onto a production server. Basically you resolve a hostname and you should get your IP address (external) as the response.

Thx,
Sam

infomate · Wed Mar 22, 2006 10:18 am

HI guys,

Hope the solution comes up soon.. I also need to get this be able to access my MT behind a cable modem connection.

Thank you guys.

Robert S.

changeip · Wed Mar 22, 2006 10:57 am

We have completed a patch to our DNS infrastucture to allow this magical packet but it has not been rolled out yet. We need more testing to make sure its not going to cause problems down the road. This is on our list, but down low : ) I will post a followup here when there is a permanent solution, for now you can send your updates with 127.0.0.255 and we will detect that and replace it with your external IP.

Sam

infomate · Wed Mar 22, 2006 11:26 am

We will be waiting. This will be much anticipated.

Thank you very much

Robert S.

infomate · Wed Mar 22, 2006 11:50 am

My init script doesnt seem to update the changeip server. I have already changed the IP address to 127.0.0.255. This script worked before I changed it. clueless

Robert S.

:log message="ddnsInit: Creating Dynamic DNS update system."
:global u
:set u "infomate"
:global p
:set p "????????"
:global s
:set s "Mikrotik"
:global h
:set h "*1"
:global dhcpInterface
:set dhcpInterface [ /ip dhcp-client get interface ]
:log message=("ddnsInit: Found dhcp interface " . $dhcpInterface )
:global ddnsProxyEmail
:set ddnsProxyEmail "ddnsUpdate@ChangeIP.com"
:global ddnsFromEmail
:set ddnsFromEmail "infomate@?????????????.com"
:global ddnsSmtpServer
:set ddnsSmtpServer "204.16.170.20"
:global a
:set a "127.0.0.255"

Tony Burton · Wed Mar 22, 2006 11:56 am

Hi Robert,

My script works OK with 127.0.0.255, and it's just one command:

/tool dns-update name=account.changeip.net key-name=username key="password" address=127.0.0.255

infomate · Wed Mar 22, 2006 12:07 pm

I forgot to mention Im working on MT ver. 2.8.
I tried you suggestion but it came up with a error "missing value for argument dns-server"

Any ideas?

Robert S.

Tony Burton · Wed Mar 22, 2006 12:32 pm

Sorry Robert, but I haven't worked with 2.8. I'd really hate to echo the sentiments of MikroTik about upgrading, because I quite understand the problems associated with an upgrade of any OS.

infomate · Wed Mar 22, 2006 2:12 pm

Tony,

Thanks anyway!
More power to you.

Best regards,

Robert S.

Tony Burton · Mon Aug 07, 2006 5:43 am

Hi Sam,

Did you come up with a permanent solution for this one yet?

Tony

Dynamic DNS from behind NAT

Dynamic DNS from behind NAT

Who is online