Project

General

Profile

Actions

Todo #16905

closed

Encode Dynamic DNS credentials when passed as URL parameters

Added by Walter Holm 25 days ago. Updated 16 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Dynamic DNS
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
26.07
Release Notes:
Default

Description

Environment:
- pfSense CE 2.8.1
- Dynamic DNS Provider: DNS Made Easy

Issue:
Dynamic DNS updates fail when the Dynamic DNS password contains URL-reserved characters such as '&'.

The Dynamic DNS record is configured correctly and exists on the DNS Made Easy side.

Observed behavior:
pfSense reports authentication failures and the DDNS client status remains failed.

Example response:

Response Data: error-auth
phpDynDNS (<record-id>): (Error) Invalid username or password

Reproduction:

1. Create a Dynamic DNS-enabled A record in DNS Made Easy.
2. Set a Dynamic DNS password containing '&' or other URL-reserved characters.
3. Configure the record in pfSense Dynamic DNS using:
- DNS Made Easy provider
- Record ID
- Dynamic DNS password
4. Force update.

Result:
Update fails with error-auth.

Verification:
Using the same Record ID and Dynamic DNS password outside of pfSense succeeds when the password is URL-encoded.

Example:

curl -G \
--data-urlencode "id=<record-id>" \
--data-urlencode "password=<password>" \
--data-urlencode "ip=<address>" \
https://cp.dnsmadeeasy.com/servlet/updateip

The update succeeds immediately.

Expected:
pfSense should URL-encode Dynamic DNS credentials before constructing the update request.

Actual:
The password appears to be passed without proper URL encoding, causing authentication failures when reserved characters are present.

Workaround:
Use a password containing only URL-safe characters or update the record using an external script that URL-encodes parameters.

Actions #1

Updated by Marcos M 23 days ago

  • Tracker changed from Bug to Todo
  • Subject changed from DNS Made Easy Dynamic DNS updates fail when Dynamic DNS password contains URL-reserved characters to Encode Dynamic DNS credentials when passed as URL parameters
  • Status changed from New to Feedback
  • Assignee set to Marcos M
  • Target version set to 2.9.0
  • % Done changed from 0 to 100
  • Plus Target Version set to 26.07
  • Affected Version deleted (2.8.1)
  • Affected Architecture deleted (amd64)

Applied with 8977417fd32b0c5175c1d6c7ca6a898d16c86c2b. Patch: Show

Actions #2

Updated by Georgiy Tyutyunnik 16 days ago

  • Status changed from Feedback to Resolved

tested on:
2.8.1-RELEASE (amd64)
built on Wed May 13 19:43:00 UTC 2026
FreeBSD 15.0-CURRENT

patch fixes the issue

Actions

Also available in: Atom PDF