Configuring a Dynamic DNS Client¶
pfSense® software supports Dynamic DNS to automatically update DNS providers when an interface address changes. This allows remote clients to reference a constant hostname instead of a dynamic IP address which could change over time.
This service is located in the GUI at Services > Dynamic DNS.
Choosing a Dynamic DNS Provider¶
pfSense software allows registration with many different dynamic DNS providers. The available providers may be viewed by clicking the Service Type selector. More information about the providers may be found by searching for their name to find their web site. Several offer a basic level service at no cost, and some offer additional premium services at a cost. There is also a Custom option that allows for a custom URL to accommodate an unsupported provider.
Select a provider, visit their website, register for an account, and setup a hostname. The procedures for this vary with each provider, but they all have instructions on their websites. After configuring a hostname with a provider, configure the firewall with matching settings.
Dynamic DNS Settings¶
Most providers have the same, or similar options. There are a few types with custom options that will be covered later in this section.
- Disable
Check to disable the entry, or leave unchecked so it will be active.
- Service Type
Select the dynamic DNS provider here.
- Interface to Monitor
Select the interface that has the IP address to keep updated, such as WAN, or an OPTx interface. Selecting a gateway group for the interface allows the Dynamic DNS entry to switch between WANs so it can allow inbound Multi-WAN failover of services on this hostname.
- Hostname
Enter the hostname created at the dynamic DNS provider. This is typically the complete fully qualified domain name, such as
myhost.example.com
, except for Namecheap where this is only the host portion of the address.- Domain Name
For Namecheap hosts, this box must be set to the domain part of the full hostname.
- MX
An MX (Mail Exchanger) record is how Internet mail servers know where to deliver mail for a domain. Some dynamic DNS providers will let MX records be configured via the dynamic DNS client. If the chosen provider allows this, enter the host name of the mail server that will receive Internet mail for the dynamic DNS domain.
- Wildcards
When wildcard DNS is enabled on a dynamic DNS name, all host name queries under the given domain will resolve to the IP address of the dynamic DNS host name. For example, if the host name is
example.dyndns.org
, enabling wildcard will make*.example.dyndns.org
(a.example.dyndns.org
,b.example.dyndns.org
, etc.) resolve the same asexample.dyndns.org
.- Verbose Logging
Check this option to increase the logging for the Dynamic DNS update process, which is useful for troubleshooting update problems.
- Verify SSL Peer
When checked, the SSL certificate of the DynDNS provider server will be validated. Some servers with self-signed certificates, or those using a less common CA, may require this to be set.
- Username
Enter the username for the dynamic DNS provider. Provider-specific requirements:
- Namecheap, FreeDNS
Leave blank
- Route 53
Enter the Access Key ID
- GleSYS
Enter the API user
- Custom
The username is used with basic HTTP authentication and may be left blank.
- Password
Enter the password for the dynamic DNS provider. Provider-specific requirements:
- Namecheap, FreeDNS
This is the Authentication Token
- Route 53
Enter the Secret Access Key
- GleSYS
Enter the API Key
- DNSimple
Enter the API Token
- Description
A text field for reference.
Providers with Extra or Different Settings¶
Some providers have special settings or certain fields that need to be set in a specific way that may not be obvious. The differences are outlined in this section.
Namecheap¶
As mentioned in the settings, Namecheap requires that the fully qualified domain name be split into the hostname part and domain name part in separate fields.
When setting up Dynamic DNS for a Namecheap domain, an authentication token is given by Namecheap. This goes in the Password field, and the Username field is left blank.
HE.net Tunnelbroker¶
The HE.net Tunnelbroker choice updates an IPv6 tunnel endpoint IP address when the WAN IP changes. The Hostname in this case is the Tunnel ID from HE.net.
Route 53¶
When using an Amazon Route 53 type, the Username is the Access Key ID provided by Amazon.
The following additional options are available when using Route 53:
- Verify SSL Peer
Enable to verify the server certificate when using HTTPS.
- Zone ID
Received when creating the domain in Route 53.
This field is required.
- TTL
Time to Live for the DNS record.
Custom¶
The Custom Dynamic DNS type configures options that allow for updating otherwise unsupported services. When using the custom Dynamic DNS type, the Username and Password fields are sent using HTTP basic authentication.
The following additional options are available when using Custom:
- Interface to send update from
Almost always the same as the Interface, but can be changed as needed.
- Force IPv4 Resolving
When checked, the update host will only be resolved using IPv4
- Verify SSL Peer
Enable to verify the server certificate when using HTTPS
- Update URL
The URL given by the Dynamic DNS provider for updates. If the IP address must appear in the URL, enter it as
%IP%
and the real value will be substituted as needed.- Result Match
Defines expected output from the Dynamic DNS query. If it succeeds and matches the output given, then the firewall will know that the update was successful. If it does not match exactly, then it is assumed that the update failed. Leave empty to disable result checking.
DNSSimple¶
- Verify SSL Peer
Enable to verify the server certificate when using HTTPS.
- Zone ID
Received when creating the domain.
- TTL
Time to Live for the DNS record.
Configuring a Dynamic DNS Entry¶
To configure a Dynamic DNS client:
Navigate to Services > Dynamic DNS
Click
Add to add a new entry
Configure the Dynamic DNS entry with general and provider-specific settings
Click Save