How to Configure Dynamic DNS in OPNsense


Photo by kreatikar from Pixabay

If you have any software/services hosted on your home network that you wish to access remotely, you may have encountered a situation in which your public IP address changes periodically. Many ISPs do not assign static IP addresses to non-business accounts especially for IPv4 addresses because they are extremely limited and have technically been exhausted for some time now.

When your modem stays connected for a long period of time with an ISP, it is possible your IP address will not change very often. In my experience, that seems to be the case with Comcast. If you have an interruption of service/power or you turn off your modem for a while, you may end up receiving a new IP address when your old address expires.

To work around this issue, you can set up domain name using a dynamic DNS service so that your router or other device on the network can periodically update the DNS record for that domain name with your IP address. Whenever you use that domain name to access your home network, it should always have the correct up to date IP address for your network (unless you happen to connect in between the time your IP changes and your dynamic DNS client updates your IP).

There are a number of dynamic DNS services that are free, but you are limited to using a handful of generic domain names with those free services. Some of the services have an option where you can pay to use your own custom domain name if your registrar does not have a means to update DNS records automatically with a script or API. If your registrar has an API available, you can update the DNS record(s) via a dynamic DNS client without needing a 3rd party service to manage/update the DNS records. That feature is really nice because you do not need to pay for a domain name and pay for a dynamic DNS service that supports custom domain names. DreamHost and Cloudflare are two examples of domain registrars which have such an API.

Install the Dynamic DNS Plugin

Unlike some consumer routers which support dynamic DNS out of the box, OPNsense does not have dynamic DNS functionality installed by default, but this is easily remedied by installing the Dynamic DNS plugin. Go to “System > Firmware > Plugins” and click the “+” button for the os-ddclient plugin to install it.

Do not install the os-dyndns plugin since it is essentially old/deprecated if you are using OPNsense 22.1 or newer. The older plugin states you should install the newer os-ddclient plugin.

Once the plugin is installed, you will see the “Dynamic DNS” menu option under the “Services” menu. You will have to click to another page or refresh the page to see the new menu option.

OPNsense Dynamic DNS Menu

Configuring the Dynamic DNS Client

Go to the “Services > Dynamic DNS > Settings” page and click the “+” button in order to add a new dynamic DNS entry. The exact settings you will use will depend on which service you are using to update your DNS. You may have to look up what the values need to be for the ddclient which is being used by the Dynamic DNS plugin in order to properly configure the update client.

Click the “Enable” checkbox to enable the dynamic DNS once you save and apply the changes. For the “Service”, select your dynamic DNS provider or registrar that supports updating DNS records. In this example, I am using Cloudflare as the registrar. The “Username” needs to be the email address of your Cloudflare account. For the “Password”, use the “Global API key” which is located on the right side of the “Overview” page of your domain on Cloudflare.

For the “Zone” enter the domain name for the zone you wish to update. For the “Hostname(s)”, if you want to update the root of the domain, simply enter the domain name again. If you have subdomains, enter each subdomain. You may enter wildcard domains such as * if you have them configured with your DNS registrar. Multiple hostnames may be entered if you have several to update with the same IP address.

The “Check ip method” can be set to “Interface” if your router is directly connected to the Internet. “Force SSL” can be checked to securely update IP addresses. The “Interface to monitor” will mostly likely always be the WAN, but if you have more than one WAN interface, you can select the appropriate interface in the dropdown box. An option “Description” may be entered if you have several entries to add and you want to provide more details (the “Description” shows up on the main list on the “Dynamic DNS Settings” page).

When you are finished, you need to click “Save” and then “Apply” for changes to be applied. You should check the “Services > Dynamic DNS > Log File” page to see if the IP address update occurred successfully.

Setting the Update Interval and Other Advanced Settings

On the “Services > Dynamic DNS > Settings” page and the “General settings” tab, you can enable verbose logging by checking the “Verbose” option. This gives you more detailed information on the “Services > Dynamic DNS > Log File” page. If you wish to update IPv6 addresses, check the “Allow IPv6” option.

Finally, the “Interval” is a value you may wish to change. In my example below, I have set it for every 15 minutes (900 seconds). You may not want to check for an IP address update very often especially if some registrars prefer you do not do it too frequently so they do not get overwhelmed with lots of update requests from dynamic DNS clients.

In the old plugin, you had to schedule a cron job in order for updates to happen. However, with the new os-ddclient plugin, the update interval is simply set on the “General settings” tab so this simplifies the configuration process.

OPNsense Dynamic DNS Settings
comments powered by Disqus