Messages

1.: url = f"{self._api_base}/zones/{zone_id}/rrsets/{record_name}/{record_type}"
2(legacy): url = f"{self._api_base}/records/{record_id}"
3(working): url = f"{self._api_base}/zones/{zone_id}/rrsets/{record_name}/A/actions/set_records"


verify here:
https://github.com/opnsense/plugins/blob/master/dns/ddclient/src/opnsense/scripts/ddclient/lib/account/hetzner.py

legacy code is still in this python script, somewhere below

it is set to native and HetznerDNS not HetznerDNS legacy

it seems the ddclient hetznerDNS is using the wrong API endpoint when it comes to update an record that is already added. There is:

https://docs.hetzner.cloud/reference/cloud#tag/zone-rrsets/update_zone_rrset
Update an RRSet�Copy link
Updates an RRSet in the Zone.
(this is used by the script)

and there is:
https://docs.hetzner.cloud/reference/cloud#tag/zone-rrset-actions/set_zone_rrset_records
Set Records of an RRSet�Copy link
Overwrites the resource records (RRs) of an existing RRSet in the Zone.


debug log with the current script:

<163>1 2026-02-19T00:00:26+01:00 ddclient 93808 - [meta sequenceId="4"] Account 1d46bcb5-5b5c-408a-9d6b-dfeeb81a1cf4 [hetzner - Hetzner]  error updating record: HTTP 422 - {
    "error": {
        "code": "invalid_input",
        "message": "can't update records with this endpoint",
        "details": null
    }
}
<165>1 2026-02-19T00:00:26+01:00  ddclient 93808 - [meta sequenceId="5"] Account 1d46bcb5-5b5c-408a-9d6b-dfeeb81a1cf4 [hetzner - Hetzner]  not modified
<165>1 2026-02-19T00:00:56+01:00  ddclient 93808 - [meta sequenceId="6"] Account 1d46bcb5-5b5c-408a-9d6b-dfeeb81a1cf4 [hetzner - Hetzner]  executing
<165>1 2026-02-19T00:00:56+01:00  ddclient 93808 - [meta sequenceId="7"] Account 1d46bcb5-5b5c-408a-9d6b-dfeeb81a1cf4 [hetzner - Hetzner]  found zone ID for
<165>1 2026-02-19T00:00:56+01:00  ddclient 93808 - [meta sequenceId="8"] Account 1d46bcb5-5b5c-408a-9d6b-dfeeb81a1cf4 [hetzner - Hetzner]  updating (record: , type: A) to

Its obvious I guess, it says cant update record with this endpoint.

I changed the script now to:

    def _update_record(self, headers, zone_id, record_name, record_type, address):
        """Update existing record with new address"""
        url = f"{self._api_base}/zones/{zone_id}/rrsets/{record_name}/A/actions/set_records"

        data = {
            'records': [{'value': str(address)}],
            #'ttl': int(self.settings.get('ttl', 300))
        }

->>I had to comment out the ttl, because it gave "404" from the api and Im not sure how to properly set it.

Now debug log looks like this:
2026-02-19T11:29:49NoticeddclientAccount d8833bf7-d6f9-48d3-a1e9-8139e2e229fc [hetzner - Hetzner] not modified
}
}
]
}
"type": "zone"
"id": ,
{
"resources": [
"error": null,
"finished": null,
"started": "2026-02-19T10:29:49Z",
"progress": 0,
"command": "set_rrset_records",
"status": "running",
"id": ,
"action": {
2026-02-19T11:29:49ErrorddclientAccount d8833bf7-d6f9-48d3-a1e9-8139e2e229fc [hetzner - Hetzner] error updating record: HTTP 201 - {


it says "error" but and I can see inside the hetzner api console:

zone.rrset.set_records
System ?
 4 Minutes


before this change there was nothing.
could you fix this please?

The microcode update addon and a actual microcode update seems to have solved this. It survived 10 reboots in a row now after update.


Youre free to delete this post

Figured out that this not the root cause. Got second a DEC2770 device with the same issue, reproducable.
I can hear fans spinning up after uhub0: detached uhub1: detached, but nothing is happening anymore. Serial console is empty and device is not booting. Hard reset is needed, but after next reboot it stuck again without any output.

Could it be an bios issue? Is there a bios update available for thos dec2770's ?

Update from opnsense-25.7.11_9 to 26.1 stuck after first reboot:

[172/173] Reinstalling isc-dhcp44-server-4.4.3P1_2...
===> Creating groups
Using existing group 'dhcpd'
===> Creating users
Using existing user 'dhcpd'
[172/173] Extracting isc-dhcp44-server-4.4.3P1_2: .......... done
pkg-static: Fail to rename /usr/local/include/.pkgtemp.dhcpctl.h.1GjHmcNdNXp0 ->                                                                                  /usr/local/include/dhcpctl.h:No such file or directory
Rebooting now.
Waiting (max 60 seconds) for system process `vnlru' to stop... done
Waiting (max 60 seconds) for system process `syncer' to stop...
Syncing disks, vnodes remaining... 0 0 0 0 done
All buffers synced.
Uptime: 39s
uhub0: detached
uhub1: detached

ssh works however and interface config is also available.
I tried to reload all services, but did not help.

They decided to put remote elasticsearch option and log streaming behind a paywall.

25.7.7_4-amd64 fixed phase2 view


Thanks and regards

therese also a checkbox without description:

OPNsense 25.7.7_2-amd64
FreeBSD 14.3-RELEASE-p4
OpenSSL 3.0.18


Phase2 table is missing

I can only say thank you for your work as I made it to 110 active opnsense installations and it will be more in the future + we switched to official hardware from your store. I hope you enjoy the constant stream of sales.

Is it a FreeBSD or network adapter issue? Ive added the port directly via CLI with the same results

Got OPNsense 25.1.10-amd64, It was working once after configuration but hasnt outlived a firewall reboot.

Its part of the bridge:

member: igc2 flags=8<SPAN>
ifmaxaddr 0 port 3 priority 128 path cost 55

Got a weird error message when removing it:
opnsense   /usr/local/opnsense/scripts/interfaces/reconfigure_bridges.php: The command '/sbin/ifconfig 'bridge0' deletem 'igc2'' returned exit code '1', the output was 'ifconfig: BRDGDEL igc2: No such file or directory'

But interface is empty, traffic

perfect, thank you