Configuring a Dynamic DNS Client

pfSense allows registration with many different dynamic DNS providers. The available providers may be viewed by clicking the Service Type selector. More information about the providers may be found by searching for their name to find their web site. Several offer a basic level service at no cost, and some offer additional premium services at a cost. There is also a Custom option that allows for a custom URL to accommodate an unsupported provider.

Select a provider, visit their website, register for an account, and setup a hostname. The procedures for this vary with each provider, but they all have instructions on their websites. After configuring a hostname with a provider, configure pfSense with matching settings.

Most providers have the same, or similar options. There are a few types with custom options that will be covered later in this section.

To configure a Dynamic DNS client:

  • Navigate to Services > Dynamic DNS

  • Click fa-plus Add to add a new entry

  • Configure the options as follows:

    Disable

    Check to disable the entry, or leave unchecked so it will be active.

    Service Type

    Select the dynamic DNS provider here.

    Interface to Monitor

    Select the interface that has the IP address to keep updated, such as WAN, or an OPTx interface. Selecting a gateway group for the interface allows the Dynamic DNS entry to switch between WANs so it can allow inbound Multi-WAN failover of services on this hostname.

    Hostname

    Enter the hostname created at the dynamic DNS provider. This is typically the complete fully qualified domain name, such as myhost.example.com, except for Namecheap where this is only the host portion of the address.

    Domain Name

    For Namecheap hosts, this box must be set to the domain part of the full hostname.

    MX

    An MX (Mail Exchanger) record is how Internet mail servers know where to deliver mail for a domain. Some dynamic DNS providers will let MX records be configured via the dynamic DNS client. If the chosen provider allows this, enter the host name of the mail server that will receive Internet mail for the dynamic DNS domain.

    Wildcards

    When wildcard DNS is enabled on a dynamic DNS name, all host name queries under the given domain will resolve to the IP address of the dynamic DNS host name. For example, if the host name is example.dyndns.org, enabling wildcard will make *.example.dyndns.org (a.example.dyndns.org, b.example.dyndns.org, etc.) resolve the same as example.dyndns.org.

    Verbose Logging

    Check this option to increase the logging for the Dynamic DNS update process, which is useful for troubleshooting update problems.

    Verify SSL Peer

    When checked, the SSL certificate of the DynDNS provider server will be validated. Some servers with self-signed certificates, or those using a less common CA, may require this to be set.

    Username

    Enter the username for the dynamic DNS provider. Provider-specific requirements:

    Namecheap, FreeDNS

    Leave blank

    Route 53

    Enter the Access Key ID

    GleSYS

    Enter the API user

    Custom

    The username is used with basic HTTP authentication and may be left blank.

    Password

    Enter the password for the dynamic DNS provider. Provider-specific requirements:

    Namecheap, FreeDNS

    This is the Authentication Token

    Route 53

    Enter the Secret Access Key

    GleSYS

    Enter the API Key

    DNSimple

    Enter the API Token

    Description

    A text field for reference.

  • Click Save

Providers with Extra or Different Settings

Some providers have special settings or certain fields that need to be set in a specific way that may not be obvious. The differences are outlined in this section.

Namecheap

As mentioned earlier in the settings above, Namecheap requires that the fully qualified domain name be split into the hostname part and domain name part in separate fields.

When setting up Dynamic DNS for a Namecheap domain, an authentication token is given by Namecheap. This goes in the Password field, and the Username field is left blank.

HE.net Tunnelbroker

The HE.net Tunnelbroker choice updates an IPv6 tunnel endpoint IP address when the WAN IP changes. The Hostname in this case is the Tunnel ID from HE.net.

Route 53

When using an Amazon Route 53 type, the Username is the Access Key ID provided by Amazon.

The following additional options are available when using Route 53:

Verify SSL Peer

Enable to verify the server certificate when using HTTPS

Zone ID

Received when creating the domain in Route 53. Must be filled in.

TTL

Time to Live for the DNS record.

Custom

The Custom Dynamic DNS type configures options that allow for updating otherwise unsupported services. When using the custom Dynamic DNS type, the Username and Password fields are sent using HTTP basic authentication.

The following additional options are available when using Custom:

Interface to send update from

Almost always the same as the Interface, but can be changed as needed.

Force IPv4 Resolving

When checked, the update host will only be resolved using IPv4

Verify SSL Peer

Enable to verify the server certificate when using HTTPS

Update URL

The URL given by the Dynamic DNS provider for updates. If the IP address must appear in the URL, enter it as %IP% and the real value will be substituted as needed.

Result Match

Defines expected output from the Dynamic DNS query. If it succeeds and matches the output given, then pfSense will know that the update was successful. If it does not match exactly, then it is assumed that the update failed. Leave empty to disable result checking.

DNSSimple

Verify SSL Peer

Enable to verify the server certificate when using HTTPS

Zone ID

Received when creating the domain.

TTL

Time to Live for the DNS record.