pfSense

Marcos M wrote in #note-1:

It's likely too late for a fix in the upcoming release of CE/Plus however it could be included as part of a system patch afterwards.

You mean that it will be available through System patches from 2.9.0 version?

No it would be included in 2.9.0. It could be a system patch in 2.8.1 and 25.07.

Marcos M wrote in #note-2:

Applied in changeset 691852a2b79e60d06313538cb3910e98725034dd.

I came across this bug report because I encountered the same issue while running pfSense Plus 25.07.

We have a High Availability (HA) cluster configured with dual WAN failover and a failover group (Tier 1 + Tier 2) and CARP VIPs for the two WAN interfaces. The CARP VIPs are set as the Virtual IP in the Gateway priority configuration.

Before applying the patch (Revision 691852a2), both nodes would always use the interface’s IP address - rather than the CARP VIP - when updating the Dynamic DNS hostname.

After applying the patch:

• On the primary node, the Dynamic DNS hostname is now beeing correctly set to the CARP VIP.
• On the secondary node (in CARP BACKUP state), triggering a manual update of the Dynamic DNS hostname via "Save & Force Update" button still results in the interface's IP address being used instead of the CARP VIP.

My questions are:

• Is this intentional behavior?
• If so, could this cause issues? For example, the secondary node might still trigger an update automatically (I recall a forced update occurring after ~30 days if no update happened in that time).
• Or does the Dynamic DNS service on the secondary node effectively stay in a “standby” mode (only updating Dynamic DNS hostnames when in CARP MASTER state)?

Thanks for your time and for the great work on pfSense!

Greetings from Germany,

Flo

The CARP VIP is ignored when its in the BACKUP state hence why it falls back to the interface address. As far as I'm aware the DDNS service should never automatically run when the HA node is in the "backup" state.