Skip to content

Dynamic DNS

t1n1wall includes a Dynamic DNS client that automatically updates DNS records when the WAN IP address changes. This is useful when the WAN address is dynamically assigned by the ISP and you need external hostnames to remain resolvable.

Web UI location

Services > Dynamic DNS

Two independent methods are supported: Traditional DynDNS-style providers and RFC 2136 TSIG-based updates.


Traditional Dynamic DNS

Supported providers

Provider Service type value
DynDNS (dynamic) dyndns
DynDNS (static) dyndns-static
DynDNS (custom) dyndns-custom
DHS dhs
ODS ods
DyNS dyns
HN.ORG hn
ZoneEdit zoneedit
GNUDip gnudip
easyDNS easydns
EZ-IP ezip
TZO tzo

Configuration

Field Notes
Enable Master toggle
Service type Select from the provider list above
Hostname The DNS name to update (e.g., myhome.dyndns.org)
Server Optional: custom update server hostname (uses provider default if blank)
Port Optional: custom port (uses provider default if blank)
MX record Optional: mail exchange hostname (not all providers support this)
Wildcard Enable wildcard DNS record for the hostname
Username Provider account username
Password Provider account password

Behaviour

The client monitors the WAN IP address. When a change is detected, it sends an update to the configured provider. On save, the provider cache is cleared to force an immediate update check.

The system must have a working DNS server configured (or DNS relay active) to resolve update server hostnames.


RFC 2136 Dynamic DNS

RFC 2136 is a DNS protocol extension allowing authenticated DNS updates directly to a nameserver using TSIG (Transaction SIGnature) key-based authentication. This is commonly used with BIND and other authoritative nameservers where you manage your own DNS infrastructure.

Configuration

Field Notes
Enable Master toggle (independent of traditional DynDNS)
Hostname DNS server that accepts RFC 2136 updates
TTL Time-to-live for the updated record (seconds, default 60)
Key name TSIG key identifier — must match the key configured on the DNS server
Key HMAC-MD5 key data (base64-encoded secret)
Use TCP Send update over TCP instead of UDP

The key name and key data must exactly match what is configured on the receiving nameserver. A mismatch results in authentication failure and the record will not be updated.