pfSense

Environment:
- pfSense CE 2.8.1
- Dynamic DNS Provider: DNS Made Easy

Issue:
Dynamic DNS updates fail when the Dynamic DNS password contains URL-reserved characters such as '&'.

The Dynamic DNS record is configured correctly and exists on the DNS Made Easy side.

Observed behavior:
pfSense reports authentication failures and the DDNS client status remains failed.

Example response:

Response Data: error-auth
phpDynDNS (<record-id>): (Error) Invalid username or password

Reproduction:

1. Create a Dynamic DNS-enabled A record in DNS Made Easy.
2. Set a Dynamic DNS password containing '&' or other URL-reserved characters.
3. Configure the record in pfSense Dynamic DNS using:
- DNS Made Easy provider
- Record ID
- Dynamic DNS password
4. Force update.

Result:
Update fails with error-auth.

Verification:
Using the same Record ID and Dynamic DNS password outside of pfSense succeeds when the password is URL-encoded.

Example:

curl -G \
--data-urlencode "id=<record-id>" \
--data-urlencode "password=<password>" \
--data-urlencode "ip=<address>" \
https://cp.dnsmadeeasy.com/servlet/updateip

The update succeeds immediately.

Expected:
pfSense should URL-encode Dynamic DNS credentials before constructing the update request.

Actual:
The password appears to be passed without proper URL encoding, causing authentication failures when reserved characters are present.

Workaround:
Use a password containing only URL-safe characters or update the record using an external script that URL-encodes parameters.