2
0
mirror of https://github.com/opnsense/docs synced 2024-11-15 06:12:58 +00:00
opensense-docs/source/manual/dynamic_dns.rst
2023-05-31 17:24:10 +02:00

95 lines
6.2 KiB
ReStructuredText

====================================================
Dynamic DNS
====================================================
In order to update dns registations when the local IP address changes, a Dynamic DNS service provider can be used.
Our `os-ddclient` plugin offers support for various services using the `ddclient <https://ddclient.net/>`__
software.
Prerequisites
---------------------------
Before installing and using this plugin, make sure to register an account with one of the supported services.
Installation
---------------------------
Installation of this plugin is rather easy, go to :menuselection:`System --> Firmware --> Plugins` and search for **os-ddclient**,
use the [+] button to install it.
Next go to :menuselection:`Services --> Dynamic DNS --> Settings` to configure one or more Dynamic DNS services.
General settings
---------------------------
The general settings tab offers access to general options used by all configured dynamic dns services on this firewall.
By default the service is enabled after installation,
======================= =======================================================================================================================================================================
Option Description
======================= =======================================================================================================================================================================
Enable Enable the client
Interval The number of seconds address changes will be queried
Backend Select the backend to use, either ddclient or the new OPNsense implementation
======================= =======================================================================================================================================================================
.. Note::
With :code:`ddlient` developments sunsetting [`* <https://github.com/ddclient/ddclient/issues/528>`__] we decided to offer an alternative written
in python. Selecting the OPNsense backend changes the implementation. If your service is supported, we do advice to try out the
new implementation.
Accounts
---------------------------
In the primary tab you can register one or more dynamic dns providers which will be used to update dns registrations
using an api call over http(s) to the selected service.
.. Note::
The local IP address used for this firewall will be obtained by querying one of the selected providers. Since ddclient
currently doesn't support dual stack (IPv4+IPv6) opertion, make sure to either select an IPv4 or IPV6 address
provider in the settings tab.
======================= =======================================================================================================================================================================
Option Description
======================= =======================================================================================================================================================================
Enable Enable this rule (allows turning entries off without removing them).
Service The provider of your Dynamic DNS Service.
resourceId A pointer to the service to be updated, currently only relevant for Azure
Username Login or user name to use, could be empty for token based authentication
Password Password or security token to use
Hostname Enter the fully qualified domain names to update via the selected service. For example: *myhost.dyndns.org*
Check ip method Service to query the current IP address
Check ip timeout How long to wait before the checkip process times out
Force SSL Choose to use HTTP or HTTPS, but only for selected services. Most services only support HTTPS nowadays.
Interface to monitor Interface to collect an address from when choosing "Interface" as check ip method, or source interface used to connect to the check ip service
Description A description to easily identify this rule in the overview.
======================= =======================================================================================================================================================================
Provider-specific configuration
-------------------------------------
Cloudflare
```````````````````````````
For accounts with Cloudflare as provider, there is an additional option **Zone**, which should be set as the name of the zone containing the host to be updated, not its zone ID.
Cloudflare accepts authorization with the global token with the options
======================= =======================================================================================================================================================================
Option Value
======================= =======================================================================================================================================================================
Username The email of the Cloudflare account.
Password Global API Key.
======================= =======================================================================================================================================================================
Using an API token is recommended for security reasons, with ``Permissions`` :menuselection:`Zone --> DNS --> Edit` and ``Zone Resources`` :menuselection:`Include --> Specific zone --> zone with the host`, and the account options
======================= =======================================================================================================================================================================
Option Value
======================= =======================================================================================================================================================================
Username token
Password API token.
======================= =======================================================================================================================================================================