Username/Password Authentication Failed

bicycle · August 30, 2025, 11:26pm

Hello, let me start by saying I am very new to this sort of thing.

I am trying to set up dynamic dns on my openwrt router with the hope that I will be able to remotely access my home server. I have set everything up according to the instructions but the log is giving me the below. Is there something I have missed?

204224 : Username/Password Authentication Failed.
204224 WARN : Transfer failed - retry 14/0 in 60 seconds
204324 : #> /usr/bin/wget --hsts-file=/tmp/.wget-hsts -nv -t 1 -O /var/run/ddns/TrueNAS.dat -o /var/run/ddns/TrueNAS.err --no-proxy ‘https://update.dedyn.io/update?username=SUBDOMAIN.dedyn.io&password=MYPASSWORD&hostname=MYHOSTNAME&myipv4=XX.XX.XXX.XXX&myipv6=preserve’

Bruce5051 · August 30, 2025, 11:55pm

Hello @bicycle,

From IP Update API — deSEC DNS API documentation the examples I see this shown

Basic authentication with forced use of IPv4 (while preserving the IPv6 address from the DNS):

curl --ipv4 "https://update.dedyn.io/?hostname=<your domain>&myipv6=preserve" \
  --header "Authorization: Token <your token secret>"

I do not see the parameter username= being use.

fiwswe · August 31, 2025, 1:24am

@Bruce5051 Looks to me as if the OpenWRT desec.io config is at fault.

However, the use of the username parameter is allowed (though discouraged).

It might be better to change the desec.io config to:

{
	"name": "desec.io",
	"ipv4": {
		"url": "https://[USERNAME]:[PASSWORD]@update.dedyn.io/update?hostname=[DOMAIN]&myipv4=[IP]&myipv6=preserve",
		"answer": "good|nochg"
	},
	"ipv6": {
		"url": "https://[USERNAME]:[PASSWORD]@update.dedyn.io/update?hostname=[DOMAIN]&myipv6=[IP]&myipv4=preserve",
		"answer": "good|nochg"
	}
}

But I don’t use OpenWRT and can’t test if this works as expected.

@bicycle Make sure that your [PASSWORD] is your token value (not the token id). This value is only shown once when creating the token and can not be reconstructed later. If you missed noting it down, create a new token and try again.

HTH
fiwswe

geolr · March 26, 2026, 8:57pm

Hi,

seems like I hit the same issue.

My OpenWrt router has also another dyndns service enabled.

Success came once I disabled this and only had desec.io active based on the predefined setup.

If someone in the know can comment if changes should me made, like removal of update? I could try to send a pull request (github newbie…) Maybe also the responses.

github.com/openwrt/packages

net/ddns-scripts/files/usr/share/ddns/default/desec.io.json

master

{
	"name": "desec.io",
	"ipv4": {
		"url": "https://update.dedyn.io/update?username=[USERNAME]&password=[PASSWORD]&hostname=[DOMAIN]&myipv4=[IP]&myipv6=preserve",
		"answer": "good|nochg"
	},
	"ipv6": {
		"url": "https://update.dedyn.io/update?username=[USERNAME]&password=[PASSWORD]&hostname=[DOMAIN]&myipv6=[IP]&myipv4=preserve",
		"answer": "good|nochg"
	}
}

fiwswe · March 27, 2026, 3:32am

According to the documentation there is no /update endpoint. So the URLs should be changed to https://update.dedyn.io/?…

HTH
fiwswe

peter · March 27, 2026, 7:43am

It may not be obvious from the documentation, but it says:

An IP update is performed by sending a GET request to update.dedyn.io

Looking closely, this instruction does not require any particular URL path; in particular, it requires neither / nor /update.

In fact, it’s our nginx configuration that forwards any requests for that hostname to the relevant API endpoint.

Stay secure,
Peter

geolr · March 27, 2026, 2:10pm

Hi, thanks for input.
There is definitly a risk of me making a mess… (github newbie and all)

But here is what I tried:
Comparing openwrt:master…geolr:patch-1 · openwrt/packages
Any other changes that should be done before a pull-request?
Thought about maybe the values for answer?

edit: seems like this is already sent as pull-request… hoping for the best