Dynamic DNS (DDNS) Basic HowTo

About

The purpose of this document is to provide a basic DDNS use-case, showing some CLI examples.

For an overview of all available DDNS configuration settings please refer to configuration guide by following this link: DDNS Configuration Guide

Introduction

DDNS is a service offered by many Internet Service Providers (ISPs) to allow end-users to register a dynamic (DHCP/PPPoE/PPPoA) address with a DNS record.

DDNS service maps domain names to IP addresses and lets users access stations (routers) from internet. Whenever IP address associated with hostname changes, DDNS service takes care of such update.

          .-~~~-.                       .---------.
  .- ~ ~-(       )_ _                   |         |
 /                     ~ -.             |         |
|         Internet          \+----------+   R1    |
 \                         .'           |         |
   ~- . ____________ . -~               |         |
       |            |                   '---------'
       |            |
       |            |
  .----+----.  .----+------------.
  |  DDNS   |  |       NTP       |
  | Service |  |     Server      |
  | Provider|  | se.pool.ntp.org |
  |  (ISP)  |  |                 |
  '---------'  '-----------------'

Figure 1: Example network where router R1 is configured to connect to DDNS service provider in order to update its hostname. Synchronization with NTP peer is made in order to assure correct operation of WeOS' applications.

NTP configuration

In order to insure proper functionality of WeOS, correct time needs to be set. Below are the steps necessary for configuring NTP:

R1:/#> configure
R1:/config/#> ntp
R1:/config/ntp/#> peer se.pool.ntp.org
R1:/config/ntp/peer-se.pool.ntp.org/#> leave
R1:/#>

After some time (5 minutes approximately), R1 should be synchronized wiht se.pool.ntp.org which can be verified by the following adminexec command:

R1:/#> show ntp
NTP Client/Server running as PID: 1344
4/4 peers valid, clock synced, stratum 2

peer
   wt tl st  next  poll          offset       delay      jitter
193.182.111.12 from pool se.pool.ntp.org
    1 10  2   27s   33s        -0.803ms     6.181ms     0.790ms
192.36.143.130 from pool se.pool.ntp.org
 *  1 10  1   20s   32s        -1.131ms     5.989ms     0.140ms
91.209.0.19 from pool se.pool.ntp.org
    1 10  2   20s   30s        -0.043ms    12.596ms     0.178ms
91.209.0.17 from pool se.pool.ntp.org
    1 10  2   25s   31s        -0.319ms    13.189ms     0.117ms

The date/time in WeOS should now be in sync with remote peer, and can be verified by running:

R1:/#> time
Thu Apr 30 17:34:51 UTC 2020

For more details on how to configure NTP please have a look at: NTP Configuration Guide

Interface configuration

Configure the Router to obtain IP address from ISP through DHCP.

R1:/#> configure
R1:/config/#> iface eth1
R1:/config/iface-eth1/#> inet dhcp
R1:/config/iface-eth1/inet-dhcp/#> leave
R1:/#>

After successfull communication to ISP, IP address should be obtained. This can be verified with the following adminexec command:

R1:/#> show iface
INTERFACE         OPER  ADDRESS/LENGTH      SOURCE      MAC/PTP ADDRESS
eth1              UP    170.70.122.76/32    dhcp        52:54:00:12:34:57

Interface eth1 should now have IP address assigned to it.

For more details on how to configure Interface please have a look at: Interface Configuration Guide

Builtin provider configuration

Below is an example configuration of 2 builtin providers. For the sake of more extensive example, we will configure 2 instances of the same provider, in this case Freedns.

R1:/#> configure
R1:/config/#> ip
R1:/config/ip/#> ddns
R1:/config/ip/ddns/#> provider-id 1
R1:/config/ip/ddns/provider-1/#> provider freedns
R1:/config/ip/ddns/provider-1/#> hostname myhostname.org
R1:/config/ip/ddns/provider-1/#> username myusername
R1:/config/ip/ddns/provider-1/#> password mypassword
R1:/config/ip/ddns/provider-1/#> end
R1:/config/ip/ddns/#> provider-id 2
R1:/config/ip/ddns/provider-2/#> provider freedns
R1:/config/ip/ddns/provider-2/#> hostname anotherhost.com
R1:/config/ip/ddns/provider-2/#> username root toor
R1:/config/ip/ddns/provider-2/#> leave
R1:/#>

Verification of the status for our host entries (myhostname.org & anotherhost.com) can be done via adminexec command shown below:

Server:/#> show ip ddns
HOSTNAME                       STATUS
myhostname.org                 170.70.122.76
anotherhost.com                193.28.25.75

On success, configured hostnames should be shown with respective IP address.

Notice that by default SSL option is enabled in DDNS configuration, which means that HTTPS protocol is used for communication with providers.

By default ca-store option is set to auto - meaning that only built-in certificates (those shipped with WeOS) are used.

To check exactly what certificates are used and their expiery date one may run the following command:

Server:/#> show cert all
TYPE     HASH     EXPIRES     NAME
CA-auto  a94d09e5 Dec 31 2030 ACCVRAIZ1
CA-auto  cd8c0d63 Jan  1 2030 N/A
CA-auto  930ac5d2 Sep 22 2030 Actalis Authentication Root CA
CA-auto  157753a5 May 30 2020 AddTrust External CA Root
CA-auto  2b349938 Dec 31 2030 AffirmTrust Commercial
CA-auto  93bc0acc Dec 31 2030 AffirmTrust Networking
CA-auto  b727005e Dec 31 2040 AffirmTrust Premium
CA-auto  9c8dfbd4 Dec 31 2040 AffirmTrust Premium ECC
CA-auto  ce5e74ef Jan 17 2038 Amazon Root CA 1
CA-auto  6d41d539 May 26 2040 Amazon Root CA 2
CA-auto  8cb5ee0f May 26 2040 Amazon Root CA 3
CA-auto  de6d66f3 May 26 2040 Amazon Root CA 4
--More-- (17% of 10619 bytes)

If user wishes to use his own CA certificates for DDNS, he may achieve this by importing those certificates first with the help of cert command, and then setting ca-store option inside DDNS context to local:

R1:/#> configure
R1:/config/#> ip
R1:/config/ip/#> ddns
R1:/config/ip/ddns/#> ca-store local
R1:/config/ip/ddns/#> leave
R1:/#>

For more details on how to manage certificates please have a look at: Certificate Management Guide

Custom provider configuration

Below is an example DDNS configuration of custom provider with custom checkip server. Notice that SSL is explicitely disabled for both checkip and ddns provider in this particular example. This is simply to show that not all providers allow communication over HTTPS protocol, but disabling ssl option will handle such case.

Default IP address check interval is 43200 seconds (12 hours), but let’s suppose that our provider allows more often checks, such as 12000 seconds.

R1:/#> configure
R1:/config/#> ip
R1:/config/ip/#> ddns
R1:/config/ip/ddns/#> interval 12000
R1:/config/ip/ddns/#> provider-id 5
R1:/config/ip/ddns/provider-5/#> custom twodns
R1:/config/ip/ddns/provider-5/#> server twodns.de /
R1:/config/ip/ddns/provider-5/#> no ssl
R1:/config/ip/ddns/provider-5/#> checkip-server checkmyip.org /checkip
R1:/config/ip/ddns/provider-5/#> no checkip-ssl
R1:/config/ip/ddns/provider-5/#> hostname myhostname1.org myhostname2.org
R1:/config/ip/ddns/provider-5/#> username myusername
R1:/config/ip/ddns/provider-5/#> password mypassword
R1:/config/ip/ddns/provider-5/#> leave
R1:/#>

Verification of status for specified host entries can be done via adminexec command shown below:

Server:/#> show ip ddns
HOSTNAME                       STATUS
myhostname1.org                184.10.10.20
myhostname2.org                184.10.10.20

On success, configured hostnames should be shown with respective IP addresses.