Dynamic DNS is used to automatically update the DNS record of a host which IP changes often.
This allows you to provide web services from a host at home behind your personal (V)DSL connection with a non-changing name. There are several providers for DDNS. I use SPDyn. The update of the DNS record is handled by a client like ddclient or directly by your router (e.g. Fritzbox). For IPv4 this is easy. The IP is always the external IP of the router which forwards ports to hosts on your local network. Since my ISP uses Dual-Stack and also provides me IPv6 I created an AAAA-record in the past pointing to the IPv6 address of my local host. When doing so I didn’t realise my ISP changes the IPv6 prefix with every reconnect. Because of this the IPv6 address of my local host changes quite regularly and the AAAA-record created got invalid. I noticed this due to an error when renewing a Let’s Encrypt certificate (post about acme-tiny).
If an AAAA-record is available Let’s Encrypt prefers it for validation of the domain (API Announcements). Because my AAAA-record was not valid anymore the renewal of the certificate threw an error:
Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying domain.com...
Traceback (most recent call last):
File "acme_tiny.py", line 199, in
main(sys.argv[1:])
File "acme_tiny.py", line 195, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File "acme_tiny.py", line 150, in get_crt
domain, challenge_status))
ValueError: domain.com challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'217.251.47.207', u'2003:86:2455:9c00:d1:3ff:fe81:bd3f'], u'url': u'http://domain.com/.well-known/acme-challenge/PDUNtwiHq5dncDrvs4V2NE9nSR9vLF2WhnAbX1jQ7f0', u'hostname': u'domain.com', u'addressesTried': [], u'addressUsed': u'2003:86:2455:9c00:d1:3ff:fe81:b46f', u'port': u'80'}], u'keyAuthorization': u'PDUNtwiHq5dncDrvs4V2NE9nSR9vLF2WhnAbX1jQ7f0.YW7Ac9LxjjuWvWzD542ZzSKxcFKDIdehVVzAuYA0vHI', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/-yjij3RP1r4YC_TkQrUemgjhfWI17pQZSjMZ8kr-Lps/1441804350', u'token': u'PDUNtwiHq5dncDrvs4V2NE9nSR9vLF2WhnAbX1jQ7f0', u'error': {u'status': 400, u'type': u'urn:acme:error:connection', u'detail': u'Fetching http://domain.com/.well-known/acme-challenge/PDUNtwiHq5dncDrvs4V2NE9nSR9vLF2WhnAbX1jQ7f0: Timeout'}, u'type': u'http-01'}
You can see the IPv6 address is used when looking at addressUsed. Because the address is invalid a timeout is reached.
To correct this and be able to access my local host via IPv6 in addition to the A-record for IPv4 the AAAA-record for IPv6 also has to be updated.