I noticed some odd behavior with how the built-in DDNS client handles errors.
I use Cloudflare to manage the public DNS for several of my domains. I recently changed the email address associated with my account. I didn't think to update the account email address in my Sophos XG firewall, and the DDNS updates (obviously) began failing. The error message was not quite accurate and not particularly helpful.
Summary: Dynamic DNS failures are not accurately/correctly logged.
Product: SFVH (SFOS 19.0.1 MR-1-Build365)
Feature Impacted: DDNS Update
Severity: Minimal
How to Reproduce:
Set up Dynamic DNS using Cloudflare as service provider and confirm that the IP address is being updated properly. Then, in the Cloudflare dashboard, change your account email address. Dynamic DNS updates will fail, and the observed error will show up in the system log.
Observed Behavior:
The system log showed "DDNS update for host [sub.domain.com] was Failed. Last Updated with IP 0.0.0.0. Failure Reason: noconnect
Desired Behavior:
The system log should accurately explain the error; the information shown is not accurate and could impede/delay attempts at troubleshooting.
- The IP address was not last updated with IP 0.0.0.0.
- The failure reason should should be more explicit as well - "noconnect" indicates an issue reaching the Cloudflare servers, when in fact the error was with authentication.
Ideally, the error should read "DDNS update for host [sub.domain.com] failed. Failure Reason: Bad Authentication"
This thread was automatically locked due to age.
