The grass is not always greener...
I will have to rant separately about my recent switch from pfSense to Ubiquiti's Unifi line of products for my home network. Suffice for now to mention that this post is to document (and complain) about some really odd decisions made within the Unifi line that seems amateur.
Overall Unifi has some neat concepts, but I warn those out there that are considering the same switch that I went through... a slicker interface is not always the better option.
The problem: Dynamic DNS
Most residential Internet connections have dynamic IPs. That is to say, unless you explicitly ask (and probably pay) for a static IP, your IP address can and will change at seemingly random times. It may change:
- When you reboot your modem
- When you hit your monthly data cap
- When you replace the router behind your modem (or overall spoof MAC addresses behind your modem)
- When your WAN's DHCP lease is up and the renewal doesn't allocate the previous IP
- When Comcast decides it is time to introduce a little
changechaos for kicks and giggles
When this happens, if you have a domain name that points to your WAN edge, you must remember to update your A (or AAAA, fancy you) record(s):
$ dig lolnope.us @8.8.8.8
; <<>> DiG 9.10.6 <<>> lolnope.us
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18353
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1536
;; QUESTION SECTION:
;lolnope.us. IN A
;; ANSWER SECTION:
lolnope.us. 60 IN A 24.4.223.218
;; Query time: 50 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun May 06 16:57:04 PDT 2018
;; MSG SIZE rcvd: 55
My
Arecord shows my current IP to be24.4.223.218. But this can change since I don't pay for a static IP.
The solution: Dynamic DNS
The solution proposed to address this problem is known as dynamic DNS, which is just a piece of code that runs locally whenever it detects an IP change. During the execution of this code, it records what the current, potentially dynamic, IP address is and pings the domain hosting service. It provides a username and password for the hosting service, and says (roughly):
Hey, I just saw that
lolnope.us's IP just changed to123.123.123.123. Please update theArecord to point to123.123.123.123.
There are various protocols out there over which this exchange occurs, the most common I've come to see is dyndns. Google Domains happens to support dyndns, as does Unifi, but there is a limitation...
Because "lol, reasons"
Unifi doesn't allow more than one dyndns entry in the "Dynamic DNS" section of their UI. If you only have one domain that points to your WAN's IP, then this will do. However, if you have multiple domains that resolve to the A record of your WAN IP, Unifi's GUI immediately blocks the ability to add a second dyndns entry:
I've seen that there are ways to get around this by hacking on the Unifi backend -- modifying some JSON file(s) by hand12. But I also found out about DNS-O-Matic3.
DNS-O-Matic essentially acts as a dyndns proxy. You send a single dyndns update to DNS-O-Matic, and it will send updates to the various DDNS providers you're using:
This relieves Unifi's shortcoming in limiting you to a single dyndns "backend".
Make sure it works
The Unifi settings for this dyndns backend may seem strange:
Service: dyndns
Hostname: all.dnsomatic.com
Username: $USERNAME
Password: $PASSWORD
Server: updates.dnsomatic.com
Here we're telling updates.dnsomatic.com, that all domains owned by $USERNAME and $PASSWORD should be updated to the IP reported by the USG. Once set, you can query the USG directly to see its status with DNS-O-Matic:
$ show dns dynamic status
interface : eth0
ip address : 24.4.223.218
host-name : all.dnsomatic.com
last update : Sat May 12 10:58:28 2018
update-status: good
Ubiquiti forum post about manually setting multiple dyndns providers via the CLI ↩
Third-party blog post with helpful commands to set/get USG settings ↩
A Ubiquiti forum user mentioned DNS-O-Matic and how to use it. ↩