Configuring Dynamic DNS¶
Dynamic DNS (DynDNS), found under Services > Dynamic DNS, will update an external provider with the current public IP address on the firewall. This keeps a constant DNS hostname, even if the IP address changes periodically. Whenever an interface changes in some way, DHCP lease renew, PPPoE logout/login, etc, the IP will be updated.
There are many free DynDNS services out there, and pfSense supports more than 15 different providers. In addition to the normal public services, pfSense also supports RFC 2136 DNS updates to DNS servers.
In currently supported versions of pfSense, the DynDNS client supports using multiple DynDNS and RFC 2136 clients. These can be used to update multiple services on the same interface, or multiple interfaces.
There are two tabs under Dynamic DNS, one for DynDNS providers, and one for RFC 2136 servers. Each tab has a list of currently configured clients, which reflects not only their configuration but also their status. Additional clients can be managed from these lists.
When editing a DynDNS client, first pick a DynDNS service provider, then choose Interface with the IP address to update. Enter a hostname, username, password, and description. Optionally, an MX record and wildcard support may be enabled depending on the provider.
When editing an RFC 2136 client, first pick the interface with the IP to update, enter a hostname, Time To Live (TTL) for the DNS record, Key name (which must match the setting on the server), Key type of Host, Zone, or User, an HMAC-MD5 key, the DNS server IP address, and a description. TCP transactions may optionally be used instead of UDP.
Free Supported Services¶
Most of these services offer paid services as well that come with additional benefits.
DNS-O-Matic is a service offered by OpenDNS to update multiple Dynamic DNS accounts using only one Dynamic DNS configuration on the firewall. It supports many dynamic DNS services including 2MyDNS, afraid.org, ChangeIP, CJB, DLinkDDNS, DNS Made Easy, DNS Park, DNSexit, DSL Reports Monitor, DtDNS, DynDNS, DynIP, dynsip.org, dynu, easyDNS, eeditDNS, eNom, EveryDNS, NameCheap, No-IP, ODS.org, OpenDNS, regfish, Security Space, Sitelutions, TZO, WorldWideDNS.net, xname, Yi.org, and ZoneEdit. If a service is required that is not supported natively by pfSense, DNS-O-Matic gives the ability to update these hostnames from pfSense.
FreeMyIP is a free dynamic DNS service for privacy-minded users. It doesn’t require your email address nor any other private information, and it doesn’t record IP address changes history. It provides comprehensive Help page with configurations for many types of network appliances, and it is under active development.
There are three options for Hurricane Electric. The “HE.net” option updates the IPv4 IP with their DNS service. “HE.net (v6)” does the same, except for IPv6. “HE.net Tunnelbroker” updates the tunnel endpoint IPv4 IP for their IPv6 tunnel broker service tunnelbroker.net.
To update an @ record, use @.yourdomain.com for the hostname.*
Amazon Route 53¶
Custom allows defining a custom URL to use for updates.
Paid Supported Services¶
The services listed here require payment of some sort to use the service. Some are a one time small donation, others require a monthly charge.
DHS offers dynamic DNS services for an initial $5 USD contribution for one hostname, plus $5 USD for each additional two hostnames.
DNS Made Easy¶
DNS Made Easy is a DNS hosting provider that also allows dynamic DNS services.
Seems there might be an issue using complex passwords, testing shows that letters and numbers only works without problems
- Use a “simple” password (alphanumeric), using the 15-byte maximum (for DNS Made Easy) to make things as secure as possible,
- You do not need a “business” account on DNS Made Easy; any account at all works fine,
- Enter the DNS ID for both the hostname and the username in the pfSense software.
DynDNS is a dynamic DNS provider offering service on numerous domains, as well as premium services for those needing more than basic dynamic DNS functionality. They discontinued their free offering in May 2014.
RFC 2136 is a way to securely update host or zone records in a name server using a DNS query directly, rather than a web-based update system that many others use.
RFC 2136 updates are also supported if access to a DNS server enabled for RFC2136 is available. To configure a DNS server for RFC 2136 server, see: RFC2136 Dynamic DNS.
RFC 2136 also supports IPv6 updates, which other web-based providers may not yet support.