Configuring Dynamic DNS in pfSense

pfSense DDNS

Adding a domain name at the Duck DNS website.

Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DNS configuration of its configured hostnames and/or addresses. The term is used to describe two separate concepts. The first is dynamic DNS updating, which refers to systems that are used to update traditional DNS records without manual editing; this mechanism is described in RFC 2136. The second permits lightweight and immediate updates, often using an update client. These clients provide a persistent addressing method for devices that change their location or IP addresses.

Most internet users who have consumer-grade internet access have a dynamic IP address, most likely assigned by their Internet service provider’s (ISP) DHCP server. These types of IP addresses pose a problem if the user wants to provide a service to other users on the Internet (e.g. a file server). DDNS provides a solution to this problem by providing a means of mapping a potentially rapidly changing IP address to a domain name without suffering the delay which it usually takes for a DNS change to propagate through the hierarchy of DNS servers.


Over the years, several companies and organizations have provided dynamic DNS capabilities. One such company, Dyndns (now called Dyn), provided a free domain name. In 2014, Dyn discontinued their free domain name service. They now charge $40 a year, which I still consider to be a reasonable price. But why pay for domain names when you can still get them for free? Duck DNS provides up to 5 free domain names (all subdomains of duckdns.org; e.g. mydomainname.duckdns.org) and is easy to configure with pfSense. In this article, I will outline the process.

Configuring Dynamic DNS: Creating a Duck DNS Domain Name

First, create a free account on Duck DNS. Once you have done this, scroll down to the domains section of the page. There will be an edit box for entering your domain name and a green add domain button. Enter a domain and press this button; if your domain isn’t taken already, you should see a page similar to the one shown in the screen capture in which your new domain is listed.

Next you need to install the Duck DNS client on your computer. The Windows version of the client can be downloaded from www.etx.ca and installed easily. The Linux version can be installed even more easily. You will need to install zenity, cron and curl first. Cron comes with most if not all Linux distros; zenity and curl can be installed with the apt-get command. There is a script you can download and execute which provides the same functionality as the Windows Duck DNS client. You will need to enter the domain you created in the first step in the Domain field and in the Token field you need to enter the token generated by Duck DNS for your domain. [This token can be found in the as part of the Update URL provided in the pfSense installation instructions on the Duck DNS website. The token is the part between token= and the ampersand.]

Configuring Dynamic DNS: Adding a DynDns Entry in pfSense

pfSense DDNS

Adding a DynDns entry in pfSense 2.2.4.

With Duck DNS configured and the client installed, now we can log into our pfSense box and configure DynDNS. From the pfSense menu, navigate to Services -> Dynamic DNS. There will be two tabs on the page: DynDns and RFC2136; select DynDns if it is not already selected. Press the plus button to the right of the table to add a new entry. For Service type, select Custom from the dropdown box. The Username and Password fields can be left blank. For the Update URL, you need to copy and paste the URL provided in the pfSense installation instructions on the Duck DNS webside. [You can find this instructions page by clicking on install on the menu at the top and then clicking on pfSense in the Routers section.] For Results Match, enter OK. Once these settings are entered, click on Save to save the changes.

Now the dynamic DNS configuration is complete, but since the whole point of setting up DDNS is to make services on your home network available to others, you are probably going to want to add an entry to the Network Address Translation (NAT) table to redirect incoming traffic to the node providing the service. You also need a corresponding firewall rule to allow the traffic through (NAT can create such a rule automatically). This is assuming that you didn’t already alter the NAT/firewall rules for the service you want to make available. One potential issue is that your ISP may block port 80 traffic, so if you want to set up your own web server, you may have to use a different port. [You can use NAT to redirect traffic from the port you selected to port 80.] If you cannot access the service you are trying to make available from the WAN side, you might want to try a different port and see if it works.


External Links:

Dynamic DNS on Wikipedia

Duck DNS website

 

Video: Configuring Dynamic DNS with pfSense

You may want to set up a domain name for your home or SOHO WAN IP. This video demonstrates how to do this. In this video I cover:

  • What DDNS is, why you might want to use it, and different methods of implementing DDNS
  • Configuring Duck DNS on the Duck DNS web site; downloading and installing the Duck DNS client
  • Configuring DDNS in pfSense and setting up NAT so we can access an Apache web server behind the firewall
  • Accessing a web site using the domain name I set up in the previous steps

Dynamic DNS Configuration in pfSense

Dynamic DNS Explained

Dyanmic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DNS configuration of its configured hostnames, addresses or other information. The term is used in two different ways. At the administrative levels of the Internet, “dynamic DNS updating” refers to systems that are used to update traditional DNS records without manual editing. But another type of dynamic DNS permits lightweight and immediate updates to its local database, often using a web-based mechanism. It is used to resolve a domain name to an IP address that may change frequently, thus providing a persistent addressing method for devices that change their location or configuration.

It is the latter type of DDNS in which we are interested. End users of Internet access receive an allocation of IP addresses, often only a single address, by their service providers. If you are a residential or small business customer, you will probably have an IP address assigned dynamically. Such dynamic IP addresses present a problem if the customer wants to provide a service to other users, such as a website. As the IP address may change frequently, corresponding domain names must be quickly re-mapped in the DNS servers to maintain accessibility using a well-known domain name. To this end, many providers offer commercial or free DDNS service for this scenario, with reconfiguration generally implemented in the user’s router or computer.


Dynamic DNS providers offer a software client program that automates the discovery and registration of the client system’s public IP addresses. The client program connects to the DDNS provider from the client’s private network and links the public IP address of the home network with a hostname. Depending on the provider, the hostname is registered with a domain owned by the provider or the customer’s own domain name. These services can function by a number of mechanisms. Often the use an HTTP service request. The provider might use RFC 2136 to update the DNS servers (more on RFC 2136 later). Many home networking modem/routers have clients for several DDNS providers built into their firmware, and pfSense is no exception, making it very easy to use DDNS with pfSense.

Configuring Dynamic DNS in pfSense

Dynamic DNS

Configuring the DDNS client in pfSense 2.0.

To enable DDNS in pfSense, first navigate to Services -> Dynamic DNS. If the “DynDNS” tab is not selected already, click on it. Press the “plus” button on the right side of the page to add a new DDNS client. At “Service type“, select a DDNS service provider from the dropdown box. At “Interface to monitor“, specify an interface (typically the WAN). At “Hostname“, specify the hostname (either one supplied by the provider or your own hostname) that you wish to associate with your network’s public IP. At “MX“, set your MX record if you need one (thus allowing you to configure your subdomain for email routing) and if your service supports it. At “Wildcards“, enable wildcards if desired. This is useful if the domain name specified is not a fully qualified domain name (FQDN); for example, if your DDNS address is myplace.dyndns.org and you enable wildcards, then x.myplace.dyndns.org will work as well (x is the wildcard). At “Username” and “Password“, specify your username (username is required for all types except Namecheap and FreeDNS) and password. At “Description“, enter an appropriate description. Then press the “Save” button to save the settings and, on the next page, press “Apply Changes” to apply the changes if necessary.

Dynamic DNS

If our DDNS service provider is not one of the pre-configured ones, we can still use pfSense to act as a client for the provider if it complies with RFC 2136.

To make sure everything is working go back to Services -> Dynamic DNS. If the cached IP is green then the hostname was successfully updated. It is also probably a good idea to ping the domain to make sure the domain name resolves to the correct IP address. Even with DDNS, it can take several minutes for the changes to propagate to other DNS servers. The client will automatically update the dynamic host each time the WAN IP changes or every 25 days. You probably want to make sure your client is connecting to the service, since some providers will remove inactive hosts if they have not been updated for 30 days.

This configuration will work in most cases; however, it is possible you may be using a DDNS service provider that is not on the list at “Service type“. If this is the case, you can still use pfSense to to connect to your DDNS provider as long as the provider adheres to the RFC 2136 standard. To enable this, navigate to Services -> Dynamic DNS as before, but select the RFC 2136 tab. Press the “plus” button to add a new entry. Specify the “Interface to monitor” and “Hostname” as outlined in the instructions for the “DynDNS” tab. You can also specify a time to live for data from our client at “TTL“. You must also specify a “Key Name” that matches the key name setting on the DNS server, a “Key type” (zone, host, or user), and an HMAC-MD5 “Key“. You must specify the server address at “Server“. Check the check box at “Protocol” if the DDNS provider uses TCP instead of UDP. At “Description“, enter an appropriate description. Then press the “Save” button to save the changes and “Apply changes” to apply changes if necessary.


External Links:

Dynamic DNS on Wikipedia

Dynamic DNS on doc.pfsense.org

RFC 2136 Dynamic DNS on doc.pfsense.org

How to Configure Dynamic DNS in pfSense at HubPages

© 2013 David Zientara. All rights reserved. Privacy Policy