Caddy - desec plugin - error writing RRSets

nanoprobe · March 3, 2025, 12:36pm

Hi there!

I have setup Caddy (opnsense plugin) with mysubdom.dedyn.io.
For this the Caddy desec DNS plugin is used.

In my setup it is required that the A record of mysubdom.dedyn.io gets updated by Caddy when the public IP address of my router (opnsense) changes.

However, in the logs I see the following error:

"logger":"dynamic_dns","msg":"failed setting DNS record(s) with new IP address(es)","zone":"mysubdom.dedyn.io","error":"writing RRSets: unexpected status code 400: [{},{},{\"type\":[\"Cannot modify NS records for this domain.\"]}]"

Full log:

2025-03-03T12:23:37	Informational	caddy	"info","ts":"2025-03-03T12:23:37Z","logger":"dynamic_dns","msg":"finished updating DNS","current_ips":["95.222.112.200"]}	
2025-03-03T12:23:37	Error	caddy	"error","ts":"2025-03-03T12:23:37Z","logger":"dynamic_dns","msg":"failed setting DNS record(s) with new IP address(es)","zone":"mysubdom.dedyn.io","error":"writing RRSets: unexpected status code 400: [{},{},{\"type\":[\"Cannot modify NS records for this domain.\"]}]"}	
2025-03-03T12:23:36	Informational	caddy	"info","ts":"2025-03-03T12:23:36Z","logger":"dynamic_dns","msg":"updating DNS record","zone":"mysubdom.dedyn.io","type":"A","name":"@","value":"95.222.112.200","ttl":0}	
2025-03-03T12:23:36	Debug	caddy	"debug","ts":"2025-03-03T12:23:36Z","logger":"dynamic_dns.ip_sources.interface","msg":"lookup","ip":["95.222.112.200"]}	
2025-03-03T12:23:36	Debug	caddy	"debug","ts":"2025-03-03T12:23:36Z","logger":"dynamic_dns","msg":"looked up current IPs from DNS","lastIPs":{"mysubdom.dedyn.io":{"A":["95.222.112.201"],"AAAA":[""]}}}	
2025-03-03T12:23:36	Informational	caddy	"info","ts":"2025-03-03T12:23:36Z","logger":"dynamic_dns","msg":"domain not found in DNS","domain":"mysubdom.dedyn.io","type":"AAAA"}	
2025-03-03T12:23:36	Debug	caddy	"debug","ts":"2025-03-03T12:23:36Z","logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"@","zone":"mysubdom.dedyn.io","value":"95.222.112.201"}

Now I wonder where the issue is located?
In Caddy, the Caddy desec plugin or libdns/desec provider?

It is clear that the NS records of mysubdom.dedyn.io must not be modified and tried to be updated.
So I wonder why this happens and if it is a bug in one of the mentioned software components.

Any idea?
Thanks!

Relevant part of the Caddyfile:

dynamic_dns {
		provider desec {
			token <mytoken>
		}
		domains {
			mysubdom.dedyn.io @
		}
		ip_source interface vtnet0
		check_interval 60s
		versions ipv4
	}