NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Updating multiple hosts with no-ip
Hello all, Juste purchase the Orbi AX6000. I have setup the dynamic DNS with no-ip and it works fine. The problem is that you can only add 1 host to update and i have more than 1. Is there a way aro...
Perhaps no-ip gets confused if there are multiple apps updating the DDNS entries? (router and PC?) If no-ip provides an explanation, please post it.
The forum constantly exposes me to topics that I had never thought much about. It is sort of 'cool' to have different DNS entries for specific servers. The only application I use regularly is OpenVPN and that is on the router itself.
Well i never used the DUC and router at the same time. I removed the DUC before experimenting with the router. It is true than no-ip do not recommend to use multiple update clients at the same time.
This was their response to my problem
"
Hello,
Thank you for contacting No-IP Support. My name is Christian, and I will be happy to assist you.
Something may be blocking the Dynamic Update Client (DUC) which is typically a hardware firewall. If you have one, it needs to not be blocking the DUC and also not blocking ports 80, 443, 8245, and 8253.
Alternatively, you can certainly have your Netgear router update all desired hostnames with the groups feature. Groups will allow you to create sub accounts and separate credentials for each one of your users so they can update their hostnames without knowing your No-IP account credentials. Please note: not all routers will accept the "groups" format for the credentials.
Here is a guide to Groups
https://www.noip.com/support/knowledgebase/can-i-limit-which-hostnames-the-update-client-can-see-and-update/
After that response i decided to install the DUC on another computer (a laptop that if not always on) the DUC worked on the laptop and the hosts were getting updated. The issue is surely on my computer but i can't put my finger on it.
For now it works from the router. I think it's better that way for me.
jazzboypro wrote:
not be blocking the DUC and also not blocking ports 80, 443, 8245, and 8253.
.....
the DUC worked on the laptop and the hosts were getting updated. The issue is surely on my computer but i can't put my finger on it.
Thanks for attaching no-ip's explanation. Wish he had been more specific about which 'direction' in terms of the firewall. If no-ip DUC actually requires connections on port 80 and 443 from the internet, that would imply that you cannot host servers on those ports (because port forwarding goes only to one device, if no-ip DUC is using port 443, then you can't run a web server on port 443.). On the other hand, if DUC connects to no-ip.com on port 443 but uses port 8245 to update no-ip.com. Also notice that he mentioned port 8253 when internet searches for "what ports does DUC use?" does not mention it.
It's all very confusing because the laptop worked when you had not forwarded any ports at all, correct?
Windows firewall has separate rules for private and public IP spaces. Maybe the PC and the laptop have different firewall rules?
That business about Groups is also interesting. The Netgear router could possibly handle that, except that it appears to another "paid" service. (I did not look up the cost.)
You are correct, the DUC worked on the laptop without configuring any outbound rule on the router or Windows firewall. The computer runs Windows 10 and the laptop runs Windows 11. None of those computers has firewall rules. I kind of assume that he meant an inbound rule having the DUC computer as the destination. I did make such a rule to test but the problem remains. I have since removed that rule.
I do have a paid subscription to no-ip. I also had a group containing the 3 hosts. There is no place in the router to configure a group name to update. The group is just a container in which you put hosts for administrative purposes it's not a host per say. The DUC client can be configure to update all the hosts in a group but the router does not seem to have that capability.
This was my answer to them:
Hello Christian,
Thanks for helping out. I am not blocking any ports and certainly not 80 and 443 since i have no problem accessing the internet so do you mean i need an inbound port forwarding rule to allow these ports to access the computer where the DUC is installed ?
I do have a group containing my three hosts however i don't see how i can configure my router to update the group"
They have not responded yet
jazzboypro wrote:
None of those computers has firewall rules.
My experience is that every version of Windows includes the Windows Firewall.
99.9% of software that user's install do not require permission to allow access into the computer. Since installing software requires administrative rights, either the installer just adds programs to the Firewall exceptions or pops up a message asking if the user agrees. Windows Firewall has separate rules for private IP networks and public IP networks, and it is really common for the Firewall to allow some programs to accept connections from the LAN, but not the internet. Here's a sample from one of my desktops:
It appears that Windows is not exactly precise about removing Firewall rules when software is uninstalled. (If it's gone, who cares?)
jazzboypro wrote:
There is no place in the router to configure a group name to update. The group is just a container in which you put hosts for administrative purposes it's not a host per say. The DUC client can be configure to update all the hosts in a group but the router does not seem to have that capability.
The instructions from no-ip seemed to indicate that rather than the host DDNS name, users are supposed to enter the Group name, perhaps having to substitute for the colon character:
In both computers the windows firewall is controlled by the antivirus software. The computer uses Avast (paid subscription) and this is the configuration for DUC. Notice that the allowed ports are the ones mentioned by the No-ip support guy. So as far as i can see the DUC is allowed both ways.
The laptop uses Mcafee for the antivirus (Paid subscription) and this is the configuration. So as far as i can see the DUC is also allowed both ways.
The DUC installation does not have a popup to configure windows firewall exceptions. The installations are done under administrative privileges.
In the router the groupename:username format works for the username and the password is the one assigned to the group however putting the group name in the host field generates an error when applying the settings.
Wonder how "Smart Lock" differs from "Net Guard"?
(I have vanilla Windows 10 Firewall on my desktop.)
Did you try that gimmick of using escape characters instead of the colon?
Yes i have tried the escape characters but it still did not worked. My take on "Smart Lock" and "Net Guard" is that it tries to figure out what the application is trying to change on the the local computers and either allow it or block it (i have no evidence on that)
But even on the laptop i encountered another problem. The DUC works as long as my VPN client is off. When i turn on the VPN clients the DUC picks up the VPN provider address and updates the hosts with that address. When this happens my port forwarding rules do not work and my internal devices are no more reachable from the Internet. I don't know if there is a way around that apart from using the VPN feature of the router.
That sounds correct. DUC asks, "what is my public IP address?" and the VPN software says, "THIS is your public IP address."
Two totally in compatible concepts. (DDNS & VPN)
What a day! (at least you have the router mapping one DDNS to itself, which "gets the job done" but is not the desired result.
Yeah i figured that DDNS client & VPN client running on the same computer would be a problem. The end result is pretty much the same in terms of usability. When i think of it it's probably better the way it is now. I don't have to worry about maintaining another software on my computer and i get to keep using my VPN client. Indeed what a day but in the end it works and i learned a few things in the process.