DDNS - Dynamic Domain Name System =================================== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is DDNS?** DDNS stands for Dynamic Domain Name System. It is a service that automatically updates DNS records when a device’s IP address changes, allowing you to access your device using a consistent domain name, even if its IP address is dynamic. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is DDNS useful?** * You have a dynamic IP address from your ISP (common in home networks) * You want to remotely access your home server, CCTV, or IoT device * You don’t want to manually update DNS records every time your IP changes .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How it works (in simple steps):** * Device gets a new IP address – Usually assigned by the ISP via DHCP. * DDNS client detects the change- A small program running on your device or router notices new IP. * Client updates the DNS record – It contacts the DDNS provider and updates your domain name with the new IP. * Domain stays reachable – Anyone using your domain name is directed to the correct, updated IP address. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is DDNS used?** * Home servers – To host websites, game servers, or file sharing from home. * Remote access – For accessing security cameras, NAS devices, or routers. * IoT and smart home – To connect to devices that don’t have static IPs. * Small businesses – That need remote access without paying for static IPs. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does this protocol belong to?** * It interacts with DNS services, which are application-level protocols. * It uses HTTP, HTTPS, or proprietary APIs to update DNS records. * It provides a user-facing service that maps domain names to IP addresses dynamically. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is DDNS Windows specific?** * No. DDNS (Dynamic Domain Name System) is not Windows specific. * It works on multiple operating systems including Windows, Linux, macOS. * It is a network service protocol, independent of OS platforms. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is DDNS Linux specific?** * No. DDNS is not Linux specific. * It can be implemented on Linux servers, Windows servers, routers, and other network devices. * The service is platform-agnostic as it deals with domain name updates dynamically. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by DDNS?** * DDNS primarily uses: * UDP (User Datagram Protocol) for DNS queries and updates. * Sometimes TCP is used for larger DNS messages or zone transfers. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by DDNS?** * Standard DNS and DDNS use UDP port 53. * TCP port 53 is also used for DNS zone transfers and larger queries. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is DDNS using Client-Server model?** * Yes. * DDNS works on a client-server architecture. * The client (usually a device or software) sends dynamic updates to a DDNS server. * The server updates the DNS records accordingly. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`DDNS Version&RFC Details ` * :ref:`DDNS Basic Setup on Ubuntu using IPv4 ` * :ref:`DDNS Basic Setup on Ubuntu using IPv6 ` * :ref:`DDNS Protocol Packet Details ` * :ref:`DDNS Usecases ` * :ref:`DDNS Basic Features ` * :ref:`DDNS Feature : Dynamic IP Updates ` * :ref:`DDNS Feature : Real-Time DNS Mapping ` * :ref:`DDNS Feature : Remote Access Support ` * :ref:`DDNS Feature : Client Software Integration ` * :ref:`DDNS Feature : Authentication ` * :ref:`DDNS Feature : IPv4 and IPv6 Support ` * :ref:`DDNS Feature : Failover and Redundancy ` * :ref:`DDNS Feature : Integration with DHCP ` * :ref:`DDNS Feature : Custom Domain Support ` * :ref:`Reference links ` .. _DDNS_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _DDNS_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _DDNS_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _DDNS_step5: .. tab-set:: .. tab-item:: DDNS Version&RFC Details .. csv-table:: :file: ./DDNS/DDNS_Version_and_RFC_Details.csv :widths: 10,10,10,30 :header-rows: 1 .. _DDNS_step19: .. tab-set:: .. tab-item:: Test Case 1: TSIG Key Generation and DDNS Update **Verify that a TSIG key can be securely generated and used to perform authenticated dynamic DNS updates (add, delete, or modify DNS records) using `nsupdate`** **Server (Machine A) — BIND9 DNS Server Setup for DDNS** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Generate a TSIG key using `tsig-keygen` .. code-block:: shell test:~$ sudo tsig-keygen -a HMAC-SHA256 ddns-key.mydomain.com. key "ddns-key.mydomain.com." { algorithm hmac-sha256; secret "THIS_IS_YOUR_BASE64_SECRET_STRING_COPY_THIS"; }; * Step-3 : Configure BIND9 to use the TSIG key .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.keys .. code-block:: shell # Copy the key output from above here key "ddns-key.mydomain.com." { algorithm hmac-sha256; secret "THIS_IS_YOUR_BASE64_SECRET_STRING_COPY_THIS"; }; .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf # Include the key file in the main configuration include "/etc/bind/named.conf.keys"; * Step-4 : Configure DNS zones with `allow-update` .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "mydomain.com" { type master; file "/etc/bind/db.mydomain.com"; allow-update { key "ddns-key.mydomain.com."; }; // New: TSIG key for updates }; // If you want a reverse lookup zone as well zone "10.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192"; allow-update { key "ddns-key.mydomain.com."; }; // New: TSIG key for updates }; * Step-5 : Create or update zone files .. code-block:: shell test:~$ sudo nano /etc/bind/db.mydomain.com .. code-block:: text $TTL 86400 @ IN SOA ns1.mydomain.com. admin.mydomain.com. ( 2024010101 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 86400 ) ; Negative Cache TTL @ IN NS ns1.mydomain.com. ns1 IN A 192.168.10.100 ; Replace with your server's IP .. code-block:: shell test:~$ sudo nano /etc/bind/db.192 .. code-block:: shell $TTL 3600 @ IN SOA ns1.mydomain.com. admin.mydomain.com.( 2025061802;serial 3600 ;refresh 600 ;retry 604800 ;expire 3600 ;minimum TTL ) @ IN NS ns1.mydomain.com. 100 IN PTR ns1.mydomain.com. * Step-6 : Set ownership and permissions .. code-block:: shell test:~$ sudo chown bind:bind /etc/bind/db.mydomain.com test:~$ sudo chown bind:bind /etc/bind/db.192 test:~$ sudo chmod 644 /etc/bind/db.mydomain.com test:~$ sudo chmod 644 /etc/bind/db.192 * Step-7 : Check configuration and restart BIND9 .. code-block:: shell test:~$ sudo named-checkzone mydomain.com /etc/bind/db.mydomain.com test:~$ sudo named-checkzone 10.168.192.in-addr.arpa /etc/bind/db.192 test:~$ sudo ifconfig enp0s8 192.168.10.100 up test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 ● named.service - BIND Domain Name Server Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: enabled) Active: active (running) since Thu 2025-07-24 12:35:06 UTC; 2s ago Docs: man:named(8) Main PID: 1669 (named) Tasks: 1 (limit: 2267) Memory: 5.8M (peak: 6.2M) CPU: 48ms CGroup: /system.slice/named.service └─1669 /usr/sbin/named -f -u bind .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. **Client (Machine B) — DDNS Client Setup** * Step-1 : Configure the client's key file .. code-block:: shell test:~$ sudo mkdir -p /etc/bind/ test:~$ sudo nano /etc/bind/nsupdate.key key "ddns-key.mydomain.com." { algorithm hmac-sha256; secret "THIS_IS_YOUR_BASE64_SECRET_STRING_COPY_THIS"; }; test:~$ sudo chmod 600 /etc/bind/nsupdate.key * Step-2 : Configure the client's DNS resolver .. code-block:: shell test:~$ sudo ifconfig enp0s8 192.168.10.101 up test:~$ sudo nano /etc/resolv.conf nameserver 192.168.10.100 * Step-3 : Perform dynamic updates with `nsupdate` .. code-block:: shell test:~$ sudo nsupdate -k /etc/bind/nsupdate.key # Add a new A record server 192.168.10.100 zone mydomain.com. update add client1.mydomain.com. 3600 A 192.168.10.101 send quit # Add the corresponding reverse record test:~$ sudo nsupdate -k /etc/bind/nsupdate.key -v server 192.168.10.100 zone 10.168.192.in-addr.arpa. update add 101.10.168.192.in-addr.arpa. 3600 PTR client1.mydomain.com. send quit # To delete a record test:~$ sudo nsupdate -k /etc/bind/nsupdate.key server 192.168.10.100 zone mydomain.com. update delete client1.mydomain.com. A 192.168.10.101 send quit * Step-4 : Verify the new record with `dig` .. code-block:: shell test:~$ dig client1.mydomain.com * Step-5 : Wireshark Capture :download:`Download wireshark capture ` .. _DDNS_step20: .. tab-set:: .. tab-item:: Test Case 1: TSIG Key Generation and DDNS Update with IPv6 **Verify that a TSIG key can be securely generated and used to perform authenticated dynamic DNS updates (add or modify DNS records) for IPv6 using `nsupdate`** **Server (Machine A) — BIND9 DNS Server Setup for DDNS (IPv6)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Generate a TSIG key using `tsig-keygen` .. code-block:: shell test:~$ sudo tsig-keygen -a HMAC-SHA256 ddns-key.webserveripv6.com. key "ddns-key.webserveripv6.com." { algorithm hmac-sha256; secret "THIS_IS_YOUR_BASE64_SECRET_STRING_COPY_THIS"; }; * Step-3 : Configure BIND9 to use the TSIG key .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.keys .. code-block:: shell # Copy the key output from above here key "ddns-key.webserveripv6.com." { algorithm hmac-sha256; secret "THIS_IS_YOUR_BASE64_SECRET_STRING_COPY_THIS"; }; .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf # Include the key file in the main configuration include "/etc/bind/named.conf.keys"; * Step-4 : Configure DNS zones with `allow-update` .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "webserveripv6.com" { type master; file "/etc/bind/db.webserveripv6.com"; allow-update { key "ddns-key.webserveripv6.com."; }; // New: TSIG key for updates }; * Step-5 : Create or update zone files .. code-block:: shell test:~$ sudo nano /etc/bind/db.webserveripv6.com .. code-block:: shell $TTL 60 @ IN SOA ns.webserveripv6.com. root.webserveripv6.com. ( 2 ; Serial 60 ; Refresh 86400 ; Retry 2419200 ; Expire 60 ) ; Negative Cache TTL @ IN NS ns.webserveripv6.com. ns IN AAAA f8d8:7bbc:1295::1 @ IN AAAA f8d8:7bbc:1295::1 .. code-block:: shell * Step-6 : Set ownership and permissions .. code-block:: shell test:~$ sudo chown bind:bind /etc/bind/db.webserveripv6.com test:~$ sudo chmod 644 /etc/bind/db.webserveripv6.com * Step-7 : Configure the server's network interface and restart BIND9 .. code-block:: shell test:~$ sudo ip -6 addr add f8d8:7bbc:1295::1/64 dev wlp0s20f3 test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 ● named.service - BIND Domain Name Server Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: enabled) Active: active (running) since Thu 2025-07-24 12:35:06 UTC; 2s ago Docs: man:named(8) Main PID: 1669 (named) Tasks: 1 (limit: 2267) Memory: 5.8M (peak: 6.2M) CPU: 48ms CGroup: /system.slice/named.service └─1669 /usr/sbin/named -f -u bind .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. **Client (Machine B) — DDNS Client Setup(IPv6)** * Step-1 : Configure the client's key file .. code-block:: shell test:~$ sudo mkdir -p /etc/bind/ test:~$ sudo nano /etc/bind/nsupdate.key key "ddns-key.webserveripv6.com." { algorithm hmac-sha256; secret "THIS_IS_YOUR_BASE64_SECRET_STRING_COPY_THIS"; }; test:~$ sudo chmod 600 /etc/bind/nsupdate.key * Step-2 : Configure the client's DNS resolver .. code-block:: shell test:~$ sudo ip -6 addr add f8d8:7bbc:1295::10/64 dev wlp0s20f3 test:~$ sudo nano /etc/resolv.conf nameserver f8d8:7bbc:1295::1 * Step-3 : Perform a dynamic update for a new AAAA record with `nsupdate` .. code-block:: shell test:~$ sudo nsupdate -k /etc/bind/nsupdate.key # Add a new AAAA record server f8d8:7bbc:1295::1 zone webserveripv6.com. update add client1.webserveripv6.com. 3600 AAAA f8d8:7bbc:1295::10 send quit * Step-4 : Verify the new record with `dig` .. code-block:: shell test:~$ dig client1.webserveripv6.com * Step-5 : Wireshark Capture :download:`Download wireshark capture ` .. tab-item:: Test Case 2: TSIG Key Generation and DDNS Update (Delete) **verify that a TSIG key can be securely generated and used to perform authenticated dynamic DNS updates for AAAA records (IPv6 addresses) using `nsupdate`, including deleting a record** **Server (Machine A) — BIND9 DNS Server Setup for DDNS (IPv6)** * Step-1 : Install BIND9 on Ubuntu .. code-block:: shell test:~$ sudo apt update test:~$ sudo apt install bind9 bind9utils bind9-doc * Step-2 : Generate a TSIG key using `tsig-keygen` .. code-block:: shell test:~$ sudo tsig-keygen -a HMAC-SHA256 ddns-key.webserveripv6.com. key "ddns-key.webserveripv6.com." { algorithm hmac-sha256; secret "THIS_IS_YOUR_BASE64_SECRET_STRING_COPY_THIS"; }; * Step-3 : Configure BIND9 to use the TSIG key .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.keys .. code-block:: shell # Copy the key output from above here key "ddns-key.webserveripv6.com." { algorithm hmac-sha256; secret "THIS_IS_YOUR_BASE64_SECRET_STRING_COPY_THIS"; }; .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf # Include the key file in the main configuration include "/etc/bind/named.conf.keys"; * Step-4 : Configure DNS zones with `allow-update` .. code-block:: shell test:~$ sudo nano /etc/bind/named.conf.local .. code-block:: shell zone "webserveripv6.com" { type master; file "/etc/bind/db.webserveripv6.com"; allow-update { key "ddns-key.webserveripv6.com."; }; // New: TSIG key for updates }; * Step-5 : Create or update zone files .. code-block:: shell test:~$ sudo nano /etc/bind/db.webserveripv6.com .. code-block:: shell $TTL 60 @ IN SOA ns.webserveripv6.com. root.webserveripv6.com. ( 2 ; Serial 60 ; Refresh 86400 ; Retry 2419200 ; Expire 60 ) ; Negative Cache TTL @ IN NS ns.webserveripv6.com. ns IN AAAA f8d8:7bbc:1295::1 @ IN AAAA f8d8:7bbc:1295::1 .. code-block:: shell * Step-6 : Set ownership and permissions .. code-block:: shell test:~$ sudo chown bind:bind /etc/bind/db.webserveripv6.com test:~$ sudo chmod 644 /etc/bind/db.webserveripv6.com * Step-7 : Configure the server's network interface and restart BIND9 .. code-block:: shell test:~$ sudo ip -6 addr add f8d8:7bbc:1295::1/64 dev wlp0s20f3 test:~$ sudo systemctl restart bind9 test:~$ sudo systemctl status bind9 ● named.service - BIND Domain Name Server Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: enabled) Active: active (running) since Thu 2025-07-24 12:35:06 UTC; 2s ago Docs: man:named(8) Main PID: 1669 (named) Tasks: 1 (limit: 2267) Memory: 5.8M (peak: 6.2M) CPU: 48ms CGroup: /system.slice/named.service └─1669 /usr/sbin/named -f -u bind .. note:: * Ensure that the BIND9 service is running without errors. If there are issues, check the logs with ``sudo journalctl -u bind9``. **Client (Machine B) — DDNS Client Setup(IPv6)** * Step-1 : Configure the client's key file .. code-block:: shell test:~$ sudo mkdir -p /etc/bind/ test:~$ sudo nano /etc/bind/nsupdate.key key "ddns-key.webserveripv6.com." { algorithm hmac-sha256; secret "THIS_IS_YOUR_BASE64_SECRET_STRING_COPY_THIS"; }; test:~$ sudo chmod 600 /etc/bind/nsupdate.key * Step-2 : Configure the client's DNS resolver .. code-block:: shell test:~$ sudo ip -6 addr add f8d8:7bbc:1295::10/64 dev wlp0s20f3 test:~$ sudo nano /etc/resolv.conf nameserver f8d8:7bbc:1295::1 * Step-3 : Perform a dynamic update for a new AAAA record with `nsupdate` .. code-block:: shell test:~$ sudo nsupdate -k /etc/bind/nsupdate.key # Add a add AAAA record server f8d8:7bbc:1295::1 zone webserveripv6.com. update add client1.webserveripv6.com. 3600 AAAA f8d8:7bbc:1295::12 send quit * Step-4 : Verify the new record with `dig` .. code-block:: shell test:~$ dig client1.webserveripv6.com * Step-5 : Delete the AAAA record dynamically .. code-block:: shell test:~$ sudo nsupdate -k /etc/bind/nsupdate.key server f8d8:7bbc:1295::1 zone webserveripv6.com. update delete client1.webserveripv6.com. AAAA f8d8:7bbc:1295::12 send quit * Step-6 : Verify the deletion with dig .. code-block:: shell test:~$ dig client1.webserveripv6.com * Step-7 : Wireshark Capture :download:`Download wireshark capture ` .. _DDNS_step6: .. tab-set:: .. tab-item:: DDNS Protocol Packet Details **Update Request Packet** .. csv-table:: :file: ./DDNS/DDNS_packetdetails1.csv :widths: 10,20,30,10 :header-rows: 1 **Update Response Packet** .. csv-table:: :file: ./DDNS/DDNS_packetdetails2.csv :widths: 10,20,30,10 :header-rows: 1 .. _DDNS_step7: .. tab-set:: .. tab-item:: DDNS Usecases .. csv-table:: :file: ./DDNS/DDNS_Use_Cases.csv :widths: 10,20,30 :header-rows: 1 .. _DDNS_step8: .. tab-set:: .. tab-item:: DDNS Basic Features .. csv-table:: :file: ./DDNS/DDNS_Basic_Features.csv :widths: 10,10,30 :header-rows: 1 .. _DDNS_step9: .. tab-set:: .. tab-item:: DDNS Feature : Dynamic IP Updates **Dynamic IP Updates - Testcases** .. csv-table:: :file: ./DDNS/DDNS_Feature1_Dynamic_IP_Updates_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DDNS_step10: .. tab-set:: .. tab-item:: DDNS Feature : Real-Time DNS Mapping **Real-Time DNS Mapping - Testcases** .. csv-table:: :file: ./DDNS/DDNS_Feature2_Real_Time_DNS_Mapping_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DDNS_step11: .. tab-set:: .. tab-item:: DDNS Feature : Remote Access Support **Remote Access Support - Testcases** .. csv-table:: :file: ./DDNS/DDNS_Feature3_Remote_Access_Support_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DDNS_step12: .. tab-set:: .. tab-item:: DDNS Feature : Client Software Integration **Client Software Integration - Testcases** .. csv-table:: :file: ./DDNS/DDNS_Feature4_Client_Software_Integration_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DDNS_step13: .. tab-set:: .. tab-item:: DDNS Feature : Authentication **Authentication - Testcases** .. csv-table:: :file: ./DDNS/DDNS_Feature5_Authentication_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DDNS_step14: .. tab-set:: .. tab-item:: DDNS Feature : IPv4 and IPv6 Support **IPv4 and IPv6 Support - Testcases** .. csv-table:: :file: ./DDNS/DDNS_Feature6_IPv4_and_IPv6_Support_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DDNS_step15: .. tab-set:: .. tab-item:: DDNS Feature : Failover and Redundancy **Failover and Redundancy - Testcases** .. csv-table:: :file: ./DDNS/DDNS_Feature7_Failover_and_Redundancy_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DDNS_step16: .. tab-set:: .. tab-item:: DDNS Feature : Integration with DHCP **Integration with DHCP - Testcases** .. csv-table:: :file: ./DDNS/DDNS_Feature8_Integration_with_DHCP_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DDNS_step17: .. tab-set:: .. tab-item:: DDNS Feature : Custom Domain Support **Custom Domain Support - Testcases** .. csv-table:: :file: ./DDNS/DDNS_Feature9_Custom_Domain_Support_Test_Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DDNS_step18: .. tab-set:: .. tab-item:: Reference links * Reference links