Netgate is offering COVID-19 aid for pfSense software users, learn more.
Configuring RFC 2136 Dynamic DNS updates¶
RFC 2136 Dynamic DNS registers a hostname on any DNS server supporting RFC 2136 style updates. This can be used to update DNS records on BIND and Windows Server DNS servers, amongst others.
RFC 2136 Dynamic DNS entries may be used at the same time as regular style Dynamic DNS service providers, and like those, any number of entries can be created. RFC 2136 will update the A record, and the AAAA record if IPv6 is configured on the monitored interface.
Configuring the server infrastructure for RFC 2136 Dynamic DNS hosting is beyond the scope of this book, but there is a basic how-to on the pfSense® documentation wiki that covers setting up BIND to handle RFC 2136 updates.
To configure an RFC 2136 Dynamic DNS client:
Navigate to Services > Dynamic DNS
Click the RFC 2136 tab
Click Add to add a new entry
Configure the options as follows:
Controls whether or not the entry is active. If it is unchecked, updates will not be performed for this entry.
The IP address on the chosen interface will be sent when performing the DNS update.
The fully qualified domain name (FQDN) of the dynamic DNS entry to update. For example,
The Time To Live for the DNS entry, in seconds. Higher values will be cached longer by other name servers, so lower values are better to be sure that DNS updates are picked up in a timely manner by other servers. Usually a value between
180seconds is reasonable, depending on how often the IP address changes.
- Key Name
The name of the key as specified in the DNS server configuration. For Host keys, this is typically the FQDN, so it would be identical to the value in the Hostname field. For Zone keys this would be the name of the DNS zone.
- Key Type
Can be one of Zone, Host or User. The type of key is determined by the server, so consult the server configuration or the DNS server administrator to determine the Key Type. Typically this is set to Host.
Contains the actual text of the key, e.g.
/0/4bxF9A08n/zke/vANyQ==. This value is generated by the DNS server or administrator.
The IP address or hostname of the DNS server to which updates are sent.
When unchecked, the DNS update is sent over UDP, when checked it uses TCP instead.
- Use Public IP
By default, the interface IP address is always sent to the name server for the DNS update. If this box is checked, when a private IP address is detected on the selected Interface, a check is done to determine what the actual public IP address is, and then that IP address is used for the DNS update.
- Record Type
Determines which record(s) will be updated for this entry. For the IPv4 address, use A, for IPv6, use AAAA, or choose Both.
A free-text description of the entry for reference.
As with the other Dynamic DNS types, RFC 2136 updates are performed only when an IP address change is detected, or once every 25 days.