The grass is not always greener...
I will have to rant separately about my recent switch from pfSense to Ubiquiti's Unifi line of products for my home network. Suffice for now to mention that this post is to document (and complain) about some really odd decisions made within the Unifi line that seems amateur.
Overall Unifi has some neat concepts, but I warn those out there that are considering the same switch that I went through... a slicker interface is not always the better option.
The problem: Dynamic DNS
Most residential Internet connections have dynamic IPs. That is to say, unless you explicitly ask (and probably pay) for a static IP, your IP address can and will change at seemingly random times. It may change:
- When you reboot your modem
- When you hit your monthly data cap
- When you replace the router behind your modem (or overall spoof MAC addresses behind your modem)
- When your WAN's DHCP lease is up and the renewal doesn't allocate the previous IP
- When Comcast decides it is time to introduce a little
changechaos for kicks and giggles
When this happens, if you have a domain name that points to your WAN edge, you must remember to update your
AAAA, fancy you) record(s):
$ dig lolnope.us @18.104.22.168 ; <<>> DiG 9.10.6 <<>> lolnope.us ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18353 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1536 ;; QUESTION SECTION: ;lolnope.us. IN A ;; ANSWER SECTION: lolnope.us. 60 IN A 22.214.171.124 ;; Query time: 50 msec ;; SERVER: 126.96.36.199#53(188.8.131.52) ;; WHEN: Sun May 06 16:57:04 PDT 2018 ;; MSG SIZE rcvd: 55
Arecord shows my current IP to be
184.108.40.206. But this can change since I don't pay for a static IP.
The solution: Dynamic DNS
The solution proposed to address this problem is known as dynamic DNS, which is just a piece of code that runs locally whenever it detects an IP change. During the execution of this code, it records what the current, potentially dynamic, IP address is and pings the domain hosting service. It provides a username and password for the hosting service, and says (roughly):
Hey, I just saw that
lolnope.us's IP just changed to
220.127.116.11. Please update the
Arecord to point to
There are various protocols out there over which this exchange occurs, the most common I've come to see is dyndns. Google Domains happens to support dyndns, as does Unifi, but there is a limitation...
Because "lol, reasons"
Unifi doesn't allow more than one dyndns entry in the "Dynamic DNS" section of their UI. If you only have one domain that points to your WAN's IP, then this will do. However, if you have multiple domains that resolve to the
A record of your WAN IP, Unifi's GUI immediately blocks the ability to add a second dyndns entry:
DNS-O-Matic essentially acts as a dyndns proxy. You send a single dyndns update to DNS-O-Matic, and it will send updates to the various DDNS providers you're using:
This relieves Unifi's shortcoming in limiting you to a single dyndns "backend".
Make sure it works
The Unifi settings for this dyndns backend may seem strange:
Service: dyndns Hostname: all.dnsomatic.com Username: $USERNAME Password: $PASSWORD Server: updates.dnsomatic.com
Here we're telling
updates.dnsomatic.com, that all domains owned by
$PASSWORD should be updated to the IP reported by the USG. Once set, you can query the USG directly to see its status with DNS-O-Matic:
$ show dns dynamic status interface : eth0 ip address : 18.104.22.168 host-name : all.dnsomatic.com last update : Sat May 12 10:58:28 2018 update-status: good