Regression #16326
open
Dynamic DNS does not use preferred VIP in Gateway Group
100%
Description
Since pfsense CE 2.8.0, Dynamic DNS only uses interface address to update remote DNS server, even if Virtual IP is set to a CARP IP in Gateway group configuration.
I have tested with 2.8.1, same behaviour.
It was perfectly working in 2.7.2 :-(
Link to forum for mopre details: https://forum.netgate.com/topic/197934/dynamic-dns-don-t-work-with-carp-ip
Related issues
Updated by Marcos M about 2 months ago
- Tracker changed from Bug to Regression
- Subject changed from Dynamic dns don't work with carp ip to Dynamic DNS does not use preferred VIP in Gateway Group
- Status changed from New to In Progress
- Assignee set to Marcos M
- Priority changed from High to Normal
- Target version set to 2.9.0
- Plus Target Version set to 25.11
- Affected Version changed from 2.8.x to 2.8.0
- Affected Architecture All added
- Affected Architecture deleted (
amd64)
It's likely too late for a fix in the upcoming release of CE/Plus however it could be included as part of a system patch afterwards.
Updated by Marcos M about 2 months ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset 691852a2b79e60d06313538cb3910e98725034dd.
Updated by Lionel Beard about 2 months ago
Marcos M wrote in #note-1:
It's likely too late for a fix in the upcoming release of CE/Plus however it could be included as part of a system patch afterwards.
You mean that it will be available through System patches from 2.9.0 version?
Updated by Steve Wheeler about 2 months ago
No it would be included in 2.9.0. It could be a system patch in 2.8.1 and 25.07.
Updated by Florian Harbecke about 1 month ago
Marcos M wrote in #note-2:
Applied in changeset 691852a2b79e60d06313538cb3910e98725034dd.
I came across this bug report because I encountered the same issue while running pfSense Plus 25.07.
We have a High Availability (HA) cluster configured with dual WAN failover and a failover group (Tier 1 + Tier 2) and CARP VIPs for the two WAN interfaces. The CARP VIPs are set as the Virtual IP in the Gateway priority configuration.
Before applying the patch (Revision 691852a2), both nodes would always use the interface’s IP address - rather than the CARP VIP - when updating the Dynamic DNS hostname.
After applying the patch:
- On the primary node, the Dynamic DNS hostname is now beeing correctly set to the CARP VIP.
- On the secondary node (in CARP BACKUP state), triggering a manual update of the Dynamic DNS hostname via "Save & Force Update" button still results in the interface's IP address being used instead of the CARP VIP.
My questions are:
- Is this intentional behavior?
- If so, could this cause issues? For example, the secondary node might still trigger an update automatically (I recall a forced update occurring after ~30 days if no update happened in that time).
- Or does the Dynamic DNS service on the secondary node effectively stay in a “standby” mode (only updating Dynamic DNS hostnames when in CARP MASTER state)?
Thanks for your time and for the great work on pfSense!
Greetings from Germany,
Flo
Updated by Marcos M about 1 month ago
The CARP VIP is ignored when its in the BACKUP state hence why it falls back to the interface address. As far as I'm aware the DDNS service should never automatically run when the HA node is in the "backup" state.
Updated by Marcos M 26 days ago
- Has duplicate Bug #16385: Dynamic DNS does not track the right IP when using GW groups and VIPs added