Running into “429 Too Many Requests” for https://checkipv4.dedyn.io/

dynDNS at dedyn.io
1

Setup

I (try to) use the Docker/container image ddclient from Linuxserver.io.

Here the docker-compose.yml file (I use podman , but that should hardly matter.):

version: "3.7"

services:
  
  ddclient:
    image: linuxserver/ddclient
    restart: unless-stopped
    environment:
      - PUID=1004
      - PGID=1005
      - TZ=Europe/Berlin
    volumes:
      - ${HOME:?HOME variable missing}/ddclient-config:/config:ro,Z

Config:

protocol=dyndns2
use=cmd, cmd='curl https://checkipv4.dedyn.io/'
#use=if, if=eth0
ssl=yes

server=update.dedyn.io
login=***.dedyn.io
password='___password_here____'
****.dedyn.io

The problem

Manually checking it, I see I run into a rate-limiting of your deSEC servers:

$ curl https://checkipv4.dedyn.io/
<html>
<head><title>429 Too Many Requests</title></head>
<body bgcolor="white">
<center><h1>429 Too Many Requests</h1></center>
<hr><center>nginx</center>
</body>
</html>

I could now use/add a different IP server or e.g. follow the – BTW excellent – suggestion and use ddclient’s support for getting the public IP from Fritzbox devices without any external server query, but obviously this does not solve the root problem.

From the log output I get, ddclient just seems to retry getting the ip maybe once per second (1/s).

Tried solutions

Neither your doc nor the container image’s doc describe how to configure the retry interval of ddclient (or that this is required, at first).
There is a good reference of what imits apply, though I’m not sure what exactly applies here, given getting the IP address is not user-specific (no token is supplied there). Maybe it is actually user, but 2000 calls to your IP endpoint per day seem to be quite few…?

I tried using the command daemon_interval in the config file above (guidelines suggest that for the /etc/default/ddclient, which I obviously don’t want to modify inside the container – if it even has that file), but that is always regarded as an invalid parameter? Huh?

Question

So how can I avoid the rate limting?
How do I configure ddclient properly? Would this be a good addition for your doc?

2

Ah thew new key is apparently called daemon=300. That’s what you have to set for 5min intervals.

That’s also included by default in that image, but of course that’s overwritten if you supply your own configuration.

3

Hi rugk,

Great you found a solution with ddclient!

Allow me to comment here:

The rate limits stated in our docs apply to our API under https://desec.io/api/v1/. You ran into a different rate limit that we have configured on our web server when handling check-IP requests. (Those are answered directly by the web server and not processed by the API.)

That rate limit is 3 per minute, and the above link has a justification why that is so.*

If you query every 20 seconds, the effective daily limit is 4320/day. We think that users who believe there IP address might change more frequently/quickly shouldn’t be putting strain on our resources by issuing thousands of requests just to figure out when that is the case. In such advanced cases, they should be able to extract that information from their network equipment, or use other means (e.g. ask a DNS resolver for what IP it is seeing, or deploy a VM that echoes their IP without a rate limit).

*: Spoiler: We had a single user asking hundreds of thousands of times per day, more than there are seconds in a day.

Stay secure,
Peter

1 Like
4