pfSense: Configure Dynamic DNS for EasyDNS
How-To: pfSense
Dynamic DNS records are used when you don’t have a statically assigned public IP address. Therefore you need a way to dynamically update your DNS records, if your current public IP changes often.
How Dynamic DNS works
DDNS, short for Dynamic Domain Name Service, requires a software on the host machine that either have the public IP address assigned or are being NATed. The software monitors the public IP address for changes. When the address changes, the software contacts the DDNS service through some API magic to update your account with the new IP address for those specific records. The software could be running on a server, virtual machine or inside a docker container, but it’s more convenient to use the firewall’s built-in service.
DDNS exists both for IPv4 and IPv6, but the latter is perhaps less commonly used due to IPv6 addresses doesn’t need to be NATed. One use case could be if the the server is behind a reverse proxy.
Setting up DDNS for a specific service provider varies a little. Thanks to community support, pfSense have a pre-configured list of most of the service-providers you could possible have, so you don’t have to specify too much custom information:
I happen to have EasyDNS as my DDNS provider.
EasyDNS configuration
Setting up dynamic DNS records with EasyDNS was quite confusing at first, until I realized I wasn’t paying enough. Make sure you have at least a standard plan to be able to configure dynamic DNS records. After upgrading to standard, it was very easy to configure.
Note: EasyDNS might not be the cheapest solution, but their services are great and integrate well with pfSense. Also, they align with my principles of privacy and free speech. That is why I recently transferred my domains to EasyDNS.
Configure a DYN record
On the landing page, click dns to edit your DNS records for your domain
Then click +ADD and choose DYN Record.
Enter the hostname of the service that you want to have a record for. You can manually enter your current Public IP address right there, but the point is to have it automatically updated.
You can set the DNS TTL to 5 or 10 minutes for faster updating of caches.
Note: both IPv4 and IPv6 are supported by the same record type. You only need to create one record per hostname though; the records will automatically be added when adding more than one address family in pfSense.
Lastly, click the Settings button in the right corner of the DNS editor to find your DYN auth token. Note it down somewhere because that is the password used by pfSense.
pfSense Configuration
Configure IP Checker
This service should only be necessary if the pfSense firewall’s WAN interface is behind NAT. It is basically just a webpage displaying the current public IPv4 address.
Source: https://docs.netgate.com/pfsense/en/latest/services/dyndns/check-services.html
In my experience however, It seems like DynDNS records updates quicker if you have configured a custom IP Checker, even though it doesn’t make any sense. EasyDNS unfortunately doesn’t have one, but there are many other free tools out there. I still use my previous DNS providers service for this (it’s also free).
Go Services > Dynamic DNS > Check IP Services and add following:
Enable: True
Name: LoopiaCheckIP
Verify SSL/TLS Peer: True
Description: Loopia DynDNS Check IP
Note: no username or password is required.
Configure Dynamic DNS
Go to Services > Dynamic DNS. You should land on the tab called Dynamic DNS Clients. Click Add.
Type:
EasyDNS for IPv4
EasyDNS (v6) for IPv6
Interface to monitor: The interface with the public IP. Most likely the WAN interface
Username: your EasyDNS username
Password: your DYN auth Token
Click Save. Down below are my DynDNS records:
Note: If it is your first time adding a record, it might take a while before the Cached IP turns to green. Try waiting a day to see if it turns green. Consecutive entries will turn green immediately after configuration (at least they do for me).
Special Mention
I want to thank EasyDNS for sponsoring the TRIGGERnometry podcast. Otherwise I would still not know you existed.