Dynamic DNS¶
t1n1wall includes a Dynamic DNS client that automatically updates DNS records when the WAN IP address changes. This is useful when the WAN address is dynamically assigned by the ISP and you need external hostnames to remain resolvable.
Web UI location¶
Services > Dynamic DNS
Two independent methods are supported: Traditional DynDNS-style providers and RFC 2136 TSIG-based updates.
Traditional Dynamic DNS¶
Supported providers¶
| Provider | Service type value |
|---|---|
| DynDNS (dynamic) | dyndns |
| DynDNS (static) | dyndns-static |
| DynDNS (custom) | dyndns-custom |
| DHS | dhs |
| ODS | ods |
| DyNS | dyns |
| HN.ORG | hn |
| ZoneEdit | zoneedit |
| GNUDip | gnudip |
| easyDNS | easydns |
| EZ-IP | ezip |
| TZO | tzo |
Configuration¶
| Field | Notes |
|---|---|
| Enable | Master toggle |
| Service type | Select from the provider list above |
| Hostname | The DNS name to update (e.g., myhome.dyndns.org) |
| Server | Optional: custom update server hostname (uses provider default if blank) |
| Port | Optional: custom port (uses provider default if blank) |
| MX record | Optional: mail exchange hostname (not all providers support this) |
| Wildcard | Enable wildcard DNS record for the hostname |
| Username | Provider account username |
| Password | Provider account password |
Behaviour¶
The client monitors the WAN IP address. When a change is detected, it sends an update to the configured provider. On save, the provider cache is cleared to force an immediate update check.
The system must have a working DNS server configured (or DNS relay active) to resolve update server hostnames.
RFC 2136 Dynamic DNS¶
RFC 2136 is a DNS protocol extension allowing authenticated DNS updates directly to a nameserver using TSIG (Transaction SIGnature) key-based authentication. This is commonly used with BIND and other authoritative nameservers where you manage your own DNS infrastructure.
Configuration¶
| Field | Notes |
|---|---|
| Enable | Master toggle (independent of traditional DynDNS) |
| Hostname | DNS server that accepts RFC 2136 updates |
| TTL | Time-to-live for the updated record (seconds, default 60) |
| Key name | TSIG key identifier — must match the key configured on the DNS server |
| Key | HMAC-MD5 key data (base64-encoded secret) |
| Use TCP | Send update over TCP instead of UDP |
The key name and key data must exactly match what is configured on the receiving nameserver. A mismatch results in authentication failure and the record will not be updated.