This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!


Getting started with dynamic DNS

By Nathan Willis on July 19, 2006 (8:00:00 AM)

Share    Print    Comments   

Your ISP probably assigns your computer an IP address dynamically. It means one less thing for the both of you to think about, but it also puts you in a bind if you need to connect to your machine from the outside: you can't locate your PC amidst those of all the ISP's other customers. To overcome this obstacle, you can use dynamic DNS. Here's how to get started.

The crux of the issue is that the domain name system was created with fixed name-to-IP mapping in mind, back in the mid 1980s. IP addresses were static, so the mappings between host names and IP addresses were static, too. But the early 1990s saw the rise of dynamically assigned IP addresses, thanks to protocols like DHCP. Thus some IP addresses were constantly coming and going, but the nameserver records were not being refreshed to reflect the changes.

Luckily, the Internet Engineering Task Force (IETF) worked out a solution. RFC 2136 added a new UPDATE opcode with which administrators could dynamically push revisions to nameservers.

Before too long, a whole industry sprang up around the idea of hosting DNS records for computers plagued by dynamic IP addresses. That includes most of us on home broadband connections. Cable and DSL companies expect their customers to use their connection one-way: to surf the Web and download email (and of course the occasional file). For these connections, a dynamic IP address is fine -- you initiate the HTTP requests.

But if another computer needs to initiate a connection to your home PC, the other computer needs to have your PC's IP address to send the request. This would happen if you were running a Web server on your home PC (a hobby not all ISPs are thrilled about), or if you want to initiate SSH or VPN sessions from the road. Your ISP gives you an IP address from its private pool, but that address can change regularly (with every DHCP renewal) and unexpectedly (such as following a service outage). If the ISP gives you a hostname, it is usually awkward, like, and is just as likely to change as the IP address.

The host with the most

The solution is to choose your own hostname for your PC, set up a record for it with a dynamic DNS service provider, and set up your PC to check its own IP address regularly and send an update message to the dynamic DNS server when it changes. Then you can SSH to and be assured it will reach your PC.

Choosing which dynamic DNS provider to go with can be as confusing as picking a Web hosting provider -- there are so many out there, it is impossible to to research them all responsibly. Google's directory lists more than 50, and it only includes English-language services. As you go shopping, here are a few things to look for:

  • Sign up with a free service -- There are way too many of these companies to waste $10 a month on one service when identical service is free elsewhere.
  • Make sure there is a Linux client for the updater -- Dynamic DNS service requires your PC to periodically check its own IP address and contact the DNS server if it changes. Most dynamic DNS providers offer Mac, Windows, and Linux/Unix programs to perform this check. The Linux client is likely a straightforward Perl or bash script, and you could write or find your own, but my motto is not to waste time with businesses that don't support my operating system.
  • If you want to run a server, make sure the provider offers port redirects -- Many broadband ISPs take an unfriendly stance towards users who want to run a Web (or other) server on their connection -- usually via simplistic means such as blocking port 80. If that is your predicament, you can set up shop with a dynamic DNS provider that will not just redirect your server's hostname, but its port, too. So you can run your Web server on (in reality) but still access it with a simple
  • See if they will let you use your own domain -- Most companies offer you your choice of hostname records on their domains, e.g., There are frequently dozens to choose from. But if you already own your own domain, there are some advantages to setting up your dynamic hostname in that domain rather than the company's. For one, there is the cachet of advertising your own domain. Secondly, you are free to change dynamic DNS providers at any time. Thirdly, if you're like me, already paying what I consider to the exorbitant rate of $10 a year to own a domain name, you want it to work for you in more ways than one.

Before leaving the question of choosing a dynamic DNS service, there are a few other avenues to consider. First, if you pay for a Web hosting service already, check to see if they offer a dynamic DNS service as well. More and more do, since it costs them little extra in terms of administrative overhead.

Second, an increasing number of broadband routers ship with some manner of built-in support for dynamic DNS service. My Linksys WRT router, for instance, supports two popular dynamic DNS services ( and right in the firmware. Setting it up is menu-driven, and you may get NAT redirection handled at the same time.

Update clients and what they do

To set up your Linux PC to work with a dynamic DNS service, it is best to follow your provider's directions. The general idea is the same for all providers, though; you download and install a script from your provider. This may be a custom script or one of several third-party scripts.

One of the most popular scripts seems to be ddclient, which is even included in many modern Linux distributions. Ddclient began as a tool specific to's service, but has now expanded to support multiple dynamic DNS providers and niceties such as working with the dynamic DNS hardware routers mentioned above.

Ddclient reads its configuration from /etc/ddclient.conf. In this file you specify which service provider you are using and your account details for that service. Ddclient checks for changes to the local IP address upon several circumstances: on system startup, upon renewal of a local DHCP lease, upon initialization of a PPP session, and at regular intervals during normal system operation.

When configuring your system for a dynamic DNS service, remember that you are treading through territory also covered by firewall and NAT issues, and that means that problems could be difficult to troubleshoot. If you find yourself stuck, the easiest approach is to ignore the dynamic DNS service first, and make sure that you have NAT and firewalling set up correctly -- you can do this by attempting to connect to your PC by its IP address -- which is ironic, if you stop to think about it. Most of the time a problem is not with the dynamic DNS service at all. Once you know that your firewall and NAT redirection are set up correctly, you can test your dynamic DNS entry with an Web-based lookup tool or the nslookup command. Don't rely on ping, though -- for security reasons many ISPs simply drop ping packets with generating a reply.

That is all it takes to get started. One final thought: the great thing about dynamic DNS is how fast it updates. If you signed up for an account at one of the free dynamic DNS providers when you started reading this article, you'd be connecting to your home PC remotely already.

Share    Print    Comments   


on Getting started with dynamic DNS

Note: Comments are owned by the poster. We are not responsible for their content.

Another solution

Posted by: Anonymous Coward on July 19, 2006 08:07 PM
The solution with port forwarding and dynamic DNS needs a provider gives you this option and your request isn't in a collision with the requests of other users. If your provider can't or doesn't want to offer this, you can try another solution:

If you have some friendly server outside in the real Internet (with real IP address) you can use ssh program for "tunneling" the traffic back to your PC. Check the option '-R' at man page of ssh. Of course the tunnel can accept ANY comunication, it is nothing about ssh only. The fun more is that you can have one Linux box, run several tunnels there and each tunnel can end at different machine at your home side (for example your girlfriend's windows machine).

The disadvantage of this solution is that you need an account at server with ssh server (and public IP address). The advantages are: you needn't contact provider, you needn't be a root or Administrator at any side and the last (but not least) is that you can easily switch it on and off and feel safe when it is off. NAT without port forwarding is better protection then any other FW<nobr> <wbr></nobr>:-)



My experience

Posted by: Anonymous Coward on July 19, 2006 09:22 PM
Ive been using for over a year now for obtaining dynamic IP for my home ssh server (using my own domain/subdomain name), combined with an HTTPS-based cron script that updates the IP regularly.

I'm in no way affiliated with the company, but I feel morally obliged to mention their name, since their service has been excellent so far.<nobr> <wbr></nobr>/coralsaw


It's quite easy

Posted by: Anonymous Coward on July 20, 2006 02:48 AM
I've been using ddclient with my SUSE box for several months now, tunnelling from work using Putty. I run my mp3 server, squid for web proxy, and even an NX server through my ssh tunnel, and it functions great. ddclient talks to DynDNS for me, and maintains my IP address.

I wish this article had gone into detail about Linksys router support though - I am currently port-forwarding at the router level manually - but that's what Google is for, right?


Yeah, its very good

Posted by: Anonymous Coward on July 20, 2006 06:11 AM
Yeah, dynamic DNS is very good, I like it a lot.
I've only used DynDNS though.

But its very nice if you have an webserver of an FTP server.


Missed the point with a home network

Posted by: Anonymous Coward on July 20, 2006 08:10 AM
You truly missed the point for most people with broadband home networks. They have as their firewall (and hence ip address) a wireless (or wired) router/switch. The tough part is how to figure out what the outside ip address of that is. If your computer is directly connected it is much easier. But that's an increasingly obsolete connection setup.


Re:Missed the point with a home network

Posted by: Anonymous Coward on July 20, 2006 12:34 PM
Just use the "use=web" option in the ddclient.conf file. It gets your real IP from the DynDNS website before it updates it.


Current IP Address:

Posted by: Anonymous Coward on July 20, 2006 11:41 PM
This is what I use to figure out my IP address:
I open a web browser and go to <a href="" title=""></a>

It is kinda hard to get a user to type in this URL when you tell it to them over the phone. I try to bookmark it for them ahead of time to make it easier.


Re:Current IP Address:

Posted by: Anonymous Coward on July 22, 2006 11:32 AM


DynDNS and SSL updates

Posted by: Anonymous Coward on July 21, 2006 02:24 AM
I would love to have my DynDNS account automatically update, but all the scripts I've tried so far have failed to established the SSL connection needed to initiate the update process. Is this a firewall issue? I'm able to connect to the port on the server, so I wouldn't think so. Has anyone else had this problem?


Getting started with dynamic DNS

Posted by: Anonymous [ip:] on September 06, 2007 10:51 PM
If you are using FreeBSD, <a href="">DNS Max</a> has a client in ports at just make install!


Getting started with dynamic DNS

Posted by: Anonymous [ip:] on October 29, 2007 11:10 AM

I am also using the dynamic DNS to run my webserver from home behind the rooter. My question for those with more experience in this scenario, is how do I manage to keep two web sites on my server ? I can register two domains with a dynamic DNS service but both of them will point to the same public IP ... the IP that is set up on the rooter. Remember I am behind a rooter!

Any idea is appreciated!



This story has been archived. Comments can no longer be posted.

Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya