July 19, 2006

Getting started with dynamic DNS

Author: Nathan Willis

Your ISP probably assigns your computer an IP address dynamically. It means one less thing for the both of you to think about, but it also puts you in a bind if you need to connect to your machine from the outside: you can't locate your PC amidst those of all the ISP's other customers. To overcome this obstacle, you can use dynamic DNS. Here's how to get started.

The crux of the issue is that the domain name system was created with fixed name-to-IP mapping in mind, back in the mid 1980s. IP addresses were static, so the mappings between host names and IP addresses were static, too. But the early 1990s saw the rise of dynamically assigned IP addresses, thanks to protocols like DHCP. Thus some IP addresses were constantly coming and going, but the nameserver records were not being refreshed to reflect the changes.

Luckily, the Internet Engineering Task Force (IETF) worked out a solution. RFC 2136 added a new UPDATE opcode with which administrators could dynamically push revisions to nameservers.

Before too long, a whole industry sprang up around the idea of hosting DNS records for computers plagued by dynamic IP addresses. That includes most of us on home broadband connections. Cable and DSL companies expect their customers to use their connection one-way: to surf the Web and download email (and of course the occasional file). For these connections, a dynamic IP address is fine -- you initiate the HTTP requests.

But if another computer needs to initiate a connection to your home PC, the other computer needs to have your PC's IP address to send the request. This would happen if you were running a Web server on your home PC (a hobby not all ISPs are thrilled about), or if you want to initiate SSH or VPN sessions from the road. Your ISP gives you an IP address from its private pool, but that address can change regularly (with every DHCP renewal) and unexpectedly (such as following a service outage). If the ISP gives you a hostname, it is usually awkward, like dsl1234.south.mo.fastsamsdiscountbroadband.com, and is just as likely to change as the IP address.

The host with the most

The solution is to choose your own hostname for your PC, set up a record for it with a dynamic DNS service provider, and set up your PC to check its own IP address regularly and send an update message to the dynamic DNS server when it changes. Then you can SSH to myhost.unclenatesdomain.org and be assured it will reach your PC.

Choosing which dynamic DNS provider to go with can be as confusing as picking a Web hosting provider -- there are so many out there, it is impossible to to research them all responsibly. Google's directory lists more than 50, and it only includes English-language services. As you go shopping, here are a few things to look for:

  • Sign up with a free service -- There are way too many of these companies to waste $10 a month on one service when identical service is free elsewhere.
  • Make sure there is a Linux client for the updater -- Dynamic DNS service requires your PC to periodically check its own IP address and contact the DNS server if it changes. Most dynamic DNS providers offer Mac, Windows, and Linux/Unix programs to perform this check. The Linux client is likely a straightforward Perl or bash script, and you could write or find your own, but my motto is not to waste time with businesses that don't support my operating system.
  • If you want to run a server, make sure the provider offers port redirects -- Many broadband ISPs take an unfriendly stance towards users who want to run a Web (or other) server on their connection -- usually via simplistic means such as blocking port 80. If that is your predicament, you can set up shop with a dynamic DNS provider that will not just redirect your server's hostname, but its port, too. So you can run your Web server on (in reality) http://dsl-001.central.cox.com:43490/ but still access it with a simple http://www.beaniebabies4ever.org.
  • See if they will let you use your own domain -- Most companies offer you your choice of hostname records on their domains, e.g., hosthostname.our-dynamic-domains.net. There are frequently dozens to choose from. But if you already own your own domain, there are some advantages to setting up your dynamic hostname in that domain rather than the company's. For one, there is the cachet of advertising your own domain. Secondly, you are free to change dynamic DNS providers at any time. Thirdly, if you're like me, already paying what I consider to the exorbitant rate of $10 a year to own a domain name, you want it to work for you in more ways than one.

Before leaving the question of choosing a dynamic DNS service, there are a few other avenues to consider. First, if you pay for a Web hosting service already, check to see if they offer a dynamic DNS service as well. More and more do, since it costs them little extra in terms of administrative overhead.

Second, an increasing number of broadband routers ship with some manner of built-in support for dynamic DNS service. My Linksys WRT router, for instance, supports two popular dynamic DNS services (DynDNS.com and TZO.com) right in the firmware. Setting it up is menu-driven, and you may get NAT redirection handled at the same time.

Update clients and what they do

To set up your Linux PC to work with a dynamic DNS service, it is best to follow your provider's directions. The general idea is the same for all providers, though; you download and install a script from your provider. This may be a custom script or one of several third-party scripts.

One of the most popular scripts seems to be ddclient, which is even included in many modern Linux distributions. Ddclient began as a tool specific to DynDNS.com's service, but has now expanded to support multiple dynamic DNS providers and niceties such as working with the dynamic DNS hardware routers mentioned above.

Ddclient reads its configuration from /etc/ddclient.conf. In this file you specify which service provider you are using and your account details for that service. Ddclient checks for changes to the local IP address upon several circumstances: on system startup, upon renewal of a local DHCP lease, upon initialization of a PPP session, and at regular intervals during normal system operation.

When configuring your system for a dynamic DNS service, remember that you are treading through territory also covered by firewall and NAT issues, and that means that problems could be difficult to troubleshoot. If you find yourself stuck, the easiest approach is to ignore the dynamic DNS service first, and make sure that you have NAT and firewalling set up correctly -- you can do this by attempting to connect to your PC by its IP address -- which is ironic, if you stop to think about it. Most of the time a problem is not with the dynamic DNS service at all. Once you know that your firewall and NAT redirection are set up correctly, you can test your dynamic DNS entry with an Web-based lookup tool or the nslookup command. Don't rely on ping, though -- for security reasons many ISPs simply drop ping packets with generating a reply.

That is all it takes to get started. One final thought: the great thing about dynamic DNS is how fast it updates. If you signed up for an account at one of the free dynamic DNS providers when you started reading this article, you'd be connecting to your home PC remotely already.