@lleachii @AndrewZ is correct, like I said I'm on main. The topic title says main. I said it worked (and still works) on 24.10. And now you're telling me you've been testing/checking on 24.10 all along, which is not where the issue lies. (Don't get me wrong, I appreciate the help. But this way it's a wild goose chase.)
I can't just install the 24.10 ipk on main since that uses apk now. Will see when I have the time if I can bisect. Will try rolling back to the 24.10 cURL release too.
My bad, I had no clue that meant the software branch (I was actually gonna edit that to remove). Sincere apologies, carry on.
_bernd
September 30, 2025, 8:58pm
23
In your defense this was my thoughts too. What is main and should I edit it...
_bernd:
What is main
'Main' is the base development code (i.e. that will one day be branched to create '25' and will then continue on as 'main').
_bernd:
and should I edit it...
No, I edited hence the misnomer "branch" (it's actually the root/trunk of the proverbial OpenWrt software tree).
stangri
September 30, 2025, 11:08pm
25
Have you considering changing user-agent in curl to match your browser: https://everything.curl.dev/http/modify/user-agent.html ?
_bernd
September 30, 2025, 11:33pm
26
@AndrewZ I tried your suggestion, but as you or lleachii guessed username and domain are the same.
Replacing domain with username doesn't change anything unfortunately, still 'badauth' returned.
"url": "http://[USERNAME]:[PASSWORD]@dyn.dns.he.net/nic/update?hostname=[DOMAIN]&myip=[IP]",
@stangri I will give that a shot, thanks.
If that doesn't solve it I will open a bug on GitHub, seems someone else on main also bumped into issues, with OVH this time though.
opened 04:24AM - 26 Sep 25 UTC
bug
### Package Name
dns-scripts
### Maintainer
@feckert
### OpenWrt Version
SN… APSHOT
### OpenWrt Target/Subtarget
rockchip/armv8
### Steps to Reproduce
1. Set this uci config
```
# Set curl
uci set ddns.global.use_curl=1
# Set OVH dyndns service update
uci set ddns.PRIMARY_SERVICE_IPV4_1=service
uci set ddns.PRIMARY_SERVICE_IPV4_1.enabled='1'
uci set ddns.PRIMARY_SERVICE_IPV4_1.service_name='ovh.com'
uci set ddns.PRIMARY_SERVICE_IPV4_1.use_ipv6='0'
uci set ddns.PRIMARY_SERVICE_IPV4_1.lookup_host='my-ovh.domain.com'
uci set ddns.PRIMARY_SERVICE_IPV4_1.domain='DOMAIN'
uci set ddns.PRIMARY_SERVICE_IPV4_1.username='USER'
uci set ddns.PRIMARY_SERVICE_IPV4_1.password='PASSWORD'
uci set ddns.PRIMARY_SERVICE_IPV4_1.ip_source='network'
uci set ddns.PRIMARY_SERVICE_IPV4_1.ip_network='wan'
uci set ddns.PRIMARY_SERVICE_IPV4_1.interface='wan'
uci set ddns.PRIMARY_SERVICE_IPV4_1.use_https='1'
uci set ddns.PRIMARY_SERVICE_IPV4_1.cacert='/etc/ssl/certs'
uci set ddns.PRIMARY_SERVICE_IPV4_1.check_unit='minutes'
uci set ddns.PRIMARY_SERVICE_IPV4_1.force_unit='minutes'
uci set ddns.PRIMARY_SERVICE_IPV4_1.retry_unit='seconds'
```
2. commit and reload
```
uci commit ddns
service ddns stop;
service ddns start;
```
3. The ddns script debug logs shows the DNS update failed due to unauthorized user (while the curl exit code is 0)
```
eval /usr/bin/curl -RsS -o /var/run/ddns/PRIMARY_SERVICE_IPV4_1.dat --stderr /var/run/ddns/PRIMARY_SERVICE_IPV4_1.err --interface pppoe-wan --capath /etc/ssl/certs --noproxy ''"'"'*'"'" ''"'"'https://USER:PASSWORD@dns.eu.ovhapis.com/nic/update?system=dyndns&hostname=DOMAIN&myip=IP'"'"
+ /usr/bin/curl -RsS -o /var/run/ddns/PRIMARY_SERVICE_IPV4_1.dat --stderr /var/run/ddns/PRIMARY_SERVICE_IPV4_1.err --interface pppoe-wan --capath /etc/ssl/certs --noproxy ''"'"'*'"'" ''"'"'https://USER:PASSWORD@dns.eu.ovhapis.com/nic/update?system=dyndns&hostname=DOMAIN&myip=IP'
+ __ERR=0
+ '[' 0 -eq 0 ]
+ return 0
+ cat /var/run/ddns/PRIMARY_SERVICE_IPV4_0.dat
+ write_log 7 'DDNS Provider answered:
{"class":"Client::Unauthorized","message":"Unauthorized"}'
```
**Curl:**
curl 8.15.0 (aarch64-openwrt-linux-gnu) libcurl/8.15.0 mbedTLS/3.6.4 nghttp2/1.66.0
Release-Date: 2025-07-16
Protocols: file ftp ftps http https mqtt
Features: alt-svc HSTS HTTP2 HTTPS-proxy IPv6 Largefile SSL threadsafe UnixSockets
### Actual Behaviour
The authentication to the server has [changed](https://help.ovhcloud.com/csm/en-ie-dns-dynhost?id=kb_article_view&sysparm_article=KB0051641). Here are the changes:
- USER@PASSWORD is not supported anymore and HTTP Basic Authorization must be used. While the doc did not state how to do the authentication, I confirmed the HTTP Basic authentication header allows one to submit an IP update.
### Fix guidance
EDIT: I went the custom script route as curl -u 'xxx:bbb' --basic never sent an HTTP Basic header with the default curl client.
The fix will require to create a custom script for ovh.com. Alternatively add HTTP Basic authentication to the `do_transfer` function, the following needs should be enough:
- Add wget support for HTTP Basic auth with `wget --user FOO --password BAR`
- Add curl supports HTTP Basic auth with `curl -u 'FOO:BAR' --basic`
- ufetch-client: no idea.
- Add a new option in uci /etc/config/ddns `use_http_basic_auth_authentication` (default: false), to use the "user / password params" as part of HTTP Basic auth for each HTTP client software.
### Confirmation Checklist
- [x] The package is maintained in this repository.
- [x] I understand that issues related to [the base OpenWrt repository](https://github.com/openwrt/openwrt/issues) or [LuCI repository](https://github.com/openwrt/luci/issues) will be closed.
- [x] I am reporting an issue for OpenWrt, not an unsupported fork.
Nope, even when forcing a user agent it refuses, unfortunately.
> GET /nic/update?hostname=[host]&myip=[ip] HTTP/1.1
> Host: dyn.dns.he.net
> Accept: */*
> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
>
< HTTP/1.1 401 Authorization Required
< Date: Fri, 03 Oct 2025 19:39:36 GMT
< Server: dns.he.net v0.0.1
< Email: DNS Administrator <dnsadmin@he.net>
< Cache-Control: no-cache, must-revalidate
< Expires: Sat, 03 Oct 2026 19:39:36 GMT
< WWW-Authenticate: Basic realm="Dynamic DNS Update Access"
< Content-Length: 7
< Content-Type: text/html
<
> GET /nic/update?hostname=[host]&myip=[ip] HTTP/1.1
> Host: dyn.dns.he.net
> Accept: */*
> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
>
< HTTP/1.1 401 Authorization Required
< Date: Fri, 03 Oct 2025 19:39:36 GMT
< Server: dns.he.net v0.0.1
< Email: DNS Administrator <dnsadmin@he.net>
< Cache-Control: no-cache, must-revalidate
< Expires: Sat, 03 Oct 2026 19:39:36 GMT
< WWW-Authenticate: Basic realm="Dynamic DNS Update Access"
< Content-Length: 7
< Content-Type: text/html
Issue created .
There is no refusal in the above example.
I went through Hurricane Electric's documentation . Changing the IPv4 URL to this makes updating work again:
"https://dyn.dns.he.net/nic/update?hostname=[DOMAIN]&password=[PASSWORD]&myip=[IP]",
I'm not sure if it's desired security wise since it skips basic HTTP auth. Their ' Authentication and Updating using a POST' works as well, but that's not a single URL and adds POST data, not sure how to work that cleanly into the JSON. It seems set up to just accept a single value for the URL.
Anyway, I got it back working, and hopefully someone more skilled can come up with a fix now. Also added it to the bug report.
Note that you don't need to use https there.
I know, but that's how they have it on their site.
Ignore that, for OpenWrt json file it's not needed, "s" will be added automatically within the script.
im totally aware what a git branch is but I would have not linked that to the threads topic at first sight...