Dynamic DNS or DDNS is a term used for the updating in real time of Internet Domain Name System (DNS) name servers to keep up to date the active DNS configuration of their configured hostnames, addresses and other information.
The term is used in two contexts which, while what they do in technical terms is similar, have very different purposes and traditional user populations.
Administrators who maintain the Internet, and those who are associated with domains, use networked devices, such as routers and computer systems using the Internet Protocol Suite, to keep DNS server information up to date for the proper functioning of the Internet, and uninterrupted access to devices and services whose numeric IP address may change. This process is dynamic DNS updating. The Secure DNS Update protocol discussed in RFC 2136 may be used.
Standard users of the Internet who connect to it via an Internet Service Provider (ISP) will be allocated a numeric IP address by the ISP; the address may either be stable ("static"), or may change from one session on the Internet to the next ("dynamic"). If it is necessary to be able to access the computer from another location, a numeric address is inconvenient to remember; an address which changes unpredictably makes connection impossible. For example, a user may need access to their home or office computer while travelling; if and only if its address is known it can be set up to be accessed over a VPN, or by a remote control program such as VNC server. This could be accomplished with a name server, but setting one up is a complex task or may be too time consuming. Instead there are a number of providers, free of charge or for payment, of what is called a Dynamic DNS service. The DDNS provider allocates a static hostname to the user; whenever the user is allocated a new IP address this is communicated to the DDNS provider by software (implementing RFC 2136 or other protocols) running on a computer or network device at that address; the provider distributes the association between the hostname and the address to the Internet's DNS servers so that they may resolve DNS queries. The ultimate result is that the traveller may communicate with his home at, say myname.ddnsservice.org instead of an unknown varying IP address; the host name is resolved to the current address of the home computer with a DNS query transparent to the user. The communication between the user's computer and the DDNS provider is not standardised, varying from one provider to another, although a few standard web-based methods of updating have emerged over time.
Contents |
The standardized method of dynamically updating nameserver records is prescribed by RFC 2136, commonly known as 'Dynamic DNS Update' or 'DDNS'. Unlike updates through a DDNS provider, RFC 2136 is a protocol in its own right, with its own security mechanisms, and for use with managed nameservers. While RFC 2136 supports all DNS record types (including zone and user), it is most commonly used for dynamic hosts. In this form it is used primarily as an extension of the DHCP system, and in which the authorized DHCP servers register the clients' records with the nameserver(s) (Windows servers are an exception: by default, Windows servers only register 'A' records and the DHCP clients are expected to register the reverse pointers). This form of support for RFC 2136 is provided by a plethora of client and server software, including those that are components of most current operating systems. Support for RFC 2136 is also an integral part of many directory services, including LDAP and Windows' Active Directory domains.
In the initial stages of the Internet (ARPANET) addressing of hosts on the network was achieved by static translation tables that mapped hostnames to IP addresses. The tables were maintained manually in form of the hosts file. The Domain Name System brought a method of distributing the same address information automatically online through recursive queries to remote databases configured for each network, or domain. Even this DNS facility still used static lookup tables at each participating node. IP addresses, once assigned to a particular host, rarely changed and the mechanism was initially sufficient. However, the rapid growth of the Internet and the proliferation of personal computers in the workplace and in homes created the substantial burden for administrators of keeping track of assigned IP addresses and managing their address space. The Dynamic Host Configuration Protocol (DHCP) allowed enterprises and Internet service providers (ISPs) to assign addresses to computers automatically as they powered up. In addition, this helped conserve the address space available, since not all devices might be actively used at all times and addresses could be assigned as needed. This feature required that DNS servers be kept current automatically as well. The first implementations of dynamic DNS fulfilled this purpose: Host computers gained the feature to notify their respective DNS server of the address they had received from a DHCP server or through self-configuration. This protocol-based DNS update method was documented and standardized in IETF publication RFC 2136 in 1997 and has become a standard part of the DNS protocol (see also nsupdate program).
The explosive growth and proliferation of the Internet into people's homes brought a growing shortage of available IP addresses. DHCP became an important tool for ISPs as well to manage their address spaces for connecting home and small-business end-users with a single IP address each by implementing network address translation (NAT) at the customer premise router. The private network behind these routers uses address space set aside for these purposes (RFC 1918), masqueraded by the NAT device. This, however, broke the end-to-end principle of Internet architecture and methods were required to allow private networks, with frequently changing external IP addresses, to discover their public address and insert it into the Domain Name System in order to participate in Internet communications more fully. Today, numerous providers, called Dynamic DNS service providers, offer such technology and services on the Internet.
In Microsoft Windows networks, dynamic DNS is an integral part of Active Directory, because domain controllers register their network service types in DNS so that other computers in the Domain (or Forest) can access them.
Increasing efforts to secure Internet communications today involve encryption of all dynamic updates via the public Internet, as these public dynamic DNS services have been abused increasingly to design security breaches. Standards-based methods within the DNSSEC protocol suite, such as TSIG, have been developed to secure DNS updates, but are not widely in use. Microsoft developed alternative technology (GSS-TSIG) based on Kerberos authentication.
Some freeware DNS server software supports a different dynamic update procedure. They have a built-in DHCP server which automatically updates or adds the DNS data internally with entries about addresses dynamically allotted by the DHCP server, without the user needing to configure dynamic updates. One such server is Dual DHCP DNS.
Dynamic DNS providers offer a software client program that automates the discovery and registration of the client system's public IP addresses. The client program is executed on a computer or device in the private network. It connects to the DDNS provider's systems with a unique login name; the provider uses the name to link the discovered public IP address of the home network with a hostname in the domain name system. Depending on the provider, the hostname is registered within a domain owned by the provider, or within the customer's own domain name. These services can function by a number of mechanisms. Often they use an HTTP service request since even restrictive environments usually allow HTTP service. The provider might use RFC 2136 to update the DNS servers.
Many home networking modem/routers have clients for several DDNS providers built into their firmware.