Dynamic DNS Updates (“Dynamic DNS”, “DynDNS”, “DDNS”)
- [#dyndns]: Dynamic DNS (“DynDNS”, “DDNS”)
Dynamic DNS Updating involves a client reporting to a DNS server so that the DNS server may create an entry for the client. reserved names: Is there a way to reserve which names?
- Client machines reporting to a local DNS server (e.g. Windows workstations reporting to the DHCP and DNS server)
Official specifications: RFC 2136: Dynamic Updates in the Domain Name System (DNS UPDATE) provides information about updating DNS. Familiarity with DNS and RFC 2136 “is helpful and is assumed” by RFC 3007: Secure Domain Name System (DNS) Dynamic Update, which is an update of the older RFC 2137.
See also: http://en.wikipedia.org/wiki/Nsupdate
Perhaps related: RFC 2845: Secret Key Transaction Authentication for DNS (TSIG) has been updated by RFC 3645: Generic Security Service Algorithm for Secret Key Transaction Authentication for DNS (GSS-TSIG).
- Implementations in Microsoft Windows
Wikipedia's page on GSS-TSIG says the implementation of GSS-TSIG in Windows uses Secure Dynamic Update. Wikipedia's article on TSIG: section called “Alternatives to TSIG” identifies this as a modified GSS-TSIG. (Specifically, the text says “A modified GSS-TSIG - using the Windows Kerberos Server - was implemented by Microsoft Windows Active Directory servers and clients called Secure Dynamic Update.”)
Q317590: How to configure DNS dynamic update in Windows 2000 and Q816592: How to configure DNS dynamic update in Windows 2003. Both reference supporting functionality described by RFC 2136. Windows Server 2008: Eliminate manual updates of DNS records by configuring (secure) dynamic update also refernces RFC 2136 for dynamic updates. For secure dynamic updates, that document says “For Windows Server 2008, DNS update security is available only for zones that are integrated into Active Directory. After you integrate a zone, you can use the access control list (ACL) editing features that are available in the DNS snap-in to add or to remove users or groups from the ACL for a specific zone or for a resource record.” “Windows Server 2008?based DNS clients try to use nonsecure dynamic updates first.”
TechRepublic guide to DDNS says “Under Windows NT, DNS was static and had to be manually altered to make changes. With the advent of Windows 2000, many administrators were elated to hear that it contained a new feature called Dynamic DNS (DDNS).” So, no support for Win NT Server users.
- Networks reporting into another public, static DNS server on the Internet, so that a network with a dynamic IP address can be pointed to by the public DNS
- See the list of public Dynamic DNS servers
- [#updpddns]: Updating public Dynamic DNS servers
There are multiple ways to do this, and the exact method(s) supported may be dependent on exactly which public DNS server is being used. However, here are some generalized methods (so these methods may work with multiple providers).
One method may be to log into the provider's website and update information that way. The precise implementation is likely to vary based on the provider, so this may not be the easiest way to automate this.
Some providers may use a specific API, and many support for one or more such services is a common feature of firmware used by routers, including both official firmware and third party custom firmware. For some examples of third party custom firmware, see FreeDNS.afraid.org's list of IP clients.
There are some software clients which may support multiple services. Details on these are about to be provided. However, it may also be worthwhile to mention that smoe providers may provide their own software solutions, so those my be preferred if the goal is simply to get things to work with a specific provider and if the more generic options don't seem to work.
- Client Dynamic DNS software for Posix
- ddclient home page? SourceForge files related to ddclient DynDNS.com's guide to using DynDNS.com with ddclient says “Officially all "posix" style OSes are supported. This includes all Linux, Unix and BSD variants, including Apple's Mac OS X.”
- DynDNS.com's guide to using DynDNS.com with inadyn says is based on C, and “inadyn officially runs on Linux, Windows, Mac OS, and OpenBSD.” However, the web site mentions more, saying “Inadyn is known to work on” several Linux distributions, Win2K/XP, BSD, OpenDarwin x86, Solaris, Mac OS, OS/2, and “on ARM cpu” there are a couple other platforms mentioned: OpenWrt and ThreadX. Despite these claims that it works with OpenBSD, OpenBSD's package collection does not include this (with OpenBSD 4.7). DynDNS>com's guide to using DynDNS.com with inadyn: section about “Issues To Be Aware Of” describes some limitations such as supporting http but not https, and not supporting some features of the DynDNS.com update protocol such as the MX option.
- Client software for Windows
- Win2k/XP is mentinoed by inadyn (which also supports other platforms).
- [#pubddns]: Public Dynamic DNS servers
The FreeDNS (via HTTPS) site at afraid.org had “Free” listed under both Domains and Subdomains at http://www.technopagan.org/dynamic/ and is also one fo the oldest providers listed. Needs username and password and E-Mail address. https://freedns.afraid.org/dynamic/ Has many subdomains, some by third parties: https://freedns.afraid.org/signup/moreinfo/ mentions some of the admin's domains that were contributed for free public use: strangled.net and mooo.com and chickenkiller.com Viewing the registry and sorting by name shows others by the same owner: ignorelist.com and twilightparadox.com and jumpingcrab.com and crabdance.com. There are also tens of thousands of other domains that are owned by other parties, but which integrate with afriad.org. As they are third parties, they are in no way guaranteed by the administrators of afraid.org (as noted by https://freedns.afraid.org/faq/#13 ) Signing up: (unknown)
Using Dynamic DNS:
After signing up, make sure the URL being used is https://freedns.afraid.org and log in and go to Preferences to change a password. Then, for a simple Dynamic DNS setup, start by adding a Subdomain. Then go to the “Dynamic DNS” page. From there, find the subdomain and there should be a hyperlink that says “Direct URL” which shows a URL that can be used to update the dynamic DNS. (The URL starts out with “https://freedns.afraid.org/dynamic/update.php?” and that is followed by more characters that are likely somehow encoded.) Also, next to that should be a hyperlink called “Wget Script” which has a comment line (running
) with the domain name, and then runs “
” followed by the URL that the “Direct URL” hyperlink goes to.
wget-q --read-timeout=0.0 --waitretry=5 --tries=400 --background
This is supported by many routers, perhaps due to the DynDNS update API which is used by several companies (as noted by Wikipedia's page on DynDNS: section about third party usage). In at least some cases, this may be the only one. DynDNS.com is the centralized site with info: there are over 100 domains that end users can use with the DynDNS.com service (and end users may use their own custom domains when paying for the pro service).
DynDNS.com services comparison page says “DynDNS Free is free for life, however you must log in every 30 days to keep your account active.”
- Signing up
When signing up, choose a domain from the list. Options include dyndns.org, some other *.dyndns.org options, selfip.com and other selfip.* options, and many others that seem a bit less general and perhaps more esoteric, such as endoftheinternet.org. (Paying for DynDNS.com service enables use of the Premium domains for Dynamic DNS Pro accounts.
Then choose the service type. The standard type, which is for DynDNS to point to a network which handles requests, is the “Host with IP address” type. Other types include WebHop, which is essentially a URL redirecting service, and Offline Hostname, which continues to keep a name reserved but does not point the DNS requests to any location.
A valid E-Mail address must be provided as DyNDNS.com sends an E-Mail as part of the account-creation process.
- Either use one of the DynDNS.com Update Clients or log into the web site. One of the clients is the most recent version of inadyn that DynDNS.com has vetted (as described by the Using DynDNS.com with inadyn guide that DynDNS.com provides).
- A page about No-IP Free Dynamic DNS says “No-IP Free is intended for personal use only. Consider No-IP Enhanced or No-IP Plus Managed DNS for higher traffic sites or commercial use.”
- Mentioned by http://www.inatech.eu/inadyn/
- Mentioned on Wikipedia's page on Dynamic DNS: section called “Function” as an early example of being supported by a router. This site appears to charge for some services that others provide for free.
- Other providers
- Lists of other providers may be at:
- Offering dynamic DNS
- DnuDIP Dynamic DNS appears to be a solution.
- Transaction Signature (TSIG)
- DNS Software clients
- A whole lot of Internet-aware software
A lot of software can perform some types of
domain name lookups, generally by using a shared library. For example, using
can cause that program to show the resolved IP address that the software will attempt to contact. (The command can therefore be useful even if the communication is expected to fail, possibly due to a firewall that will block the traffic that is used by the program.)
command has the advantage of being deployed more widely than other alternatives. Both Unix and modern Microsoft Windows operating systems include an
command. There are two ways to effectively use
's interactive mode
- Using the
- Domain Information Groper (“dig”)
- http://en.wikipedia.org/wiki/Domain_Information_Groper says “Dig is part of the BIND domain name server software suite.” https://www.isc.org/software/bind/documentation/arm95#man.dig https://www.isc.org/software/bind/documentation/arm95#Bv9ARM.ch10
- D.J. Bernstein, creator of djbdns (which includes tinydns), has made some other DNS software including dnsq and dnsqr, the latter of which is recursive. Documentation is at the page for D.J. Bernstein's page on Command line tools to debug DNS configuration.
- Wikipdia's page on “host (Unix)” is about software that comes with BIND 9. (However, dig is more commonly used.)