How to Set Up Dynamic DNS on Your Breeze

How to Set Up Dynamic DNS on Your Breeze

Dynamic DNS (DDNS) automatically updates DNS records when your IP address changes. While your Breeze has a static IP, you may need DDNS for home labs, branch offices, or remote devices that connect to services running on your Breeze. This guide covers both running a DDNS update client and hosting your own DDNS server on your Breeze instance.

Understanding Dynamic DNS

Traditional DNS requires manual updates when an IP address changes. DDNS solves this by having a client automatically notify the DNS server of IP changes. The server then updates the A or AAAA record in real time, ensuring the hostname always resolves to the current IP address. This is essential for services behind residential connections where the ISP assigns dynamic IPs.

Option 1: Running a DDNS Client with nsupdate

If you run BIND on your Breeze, you can use TSIG-authenticated dynamic updates with nsupdate.

Generate a TSIG Key

tsig-keygen -a hmac-sha256 ddns-key > /etc/bind/ddns-key.conf

Configure BIND to Allow Updates

include "/etc/bind/ddns-key.conf";

zone "dyn.example.com" {
    type master;
    file "/var/lib/bind/db.dyn.example.com";
    allow-update { key "ddns-key"; };
    journal "/var/lib/bind/db.dyn.example.com.jnl";
};

Create the Update Script

On the remote client, create a script that detects the current public IP and sends an update:

#!/bin/bash
CURRENT_IP=$(curl -s https://api.ipify.org)
HOSTNAME="myhost.dyn.example.com"
SERVER="your-breeze-ip"

nsupdate -k /path/to/ddns-key.conf <<EOF
server $SERVER
zone dyn.example.com
update delete $HOSTNAME A
update add $HOSTNAME 300 A $CURRENT_IP
send
EOF

echo "Updated $HOSTNAME to $CURRENT_IP"

Automate with Cron

# Run every 5 minutes
*/5 * * * * /usr/local/bin/ddns-update.sh >> /var/log/ddns-update.log 2>&1

Option 2: Using ddclient

The ddclient tool supports many DDNS providers and is simpler to configure:

sudo apt install ddclient -y

Configure /etc/ddclient.conf:

daemon=300
syslog=yes
pid=/var/run/ddclient.pid
ssl=yes

use=web, web=https://api.ipify.org

protocol=dyndns2
server=your-breeze-ip
login=ddnsuser
password='your-secret'
myhost.dyn.example.com

Option 3: Self-Hosted DDNS with a Simple API

Create a lightweight HTTP endpoint on your Breeze that accepts authenticated update requests and writes to BIND:

• Set up a small PHP or Python script behind your web server
• Accept the client's IP from the request (or from the connecting IP)
• Validate an API token passed in the Authorization header
• Execute nsupdate to modify the DNS record
• Return a JSON response confirming the update

Security Considerations

• Always use TSIG keys or token-based authentication for updates
• Restrict allow-update to specific keys, never open it to IP ranges
• Set short TTLs (60-300 seconds) on dynamic records so changes propagate quickly
• Log all update attempts for auditing purposes
• Use HTTPS for any API-based update endpoints
• Consider rate-limiting update requests to prevent abuse

Testing

After configuring DDNS, verify it works:

# Check the current record
dig +short myhost.dyn.example.com @your-breeze-ip

# Force an update from the client
/usr/local/bin/ddns-update.sh

# Verify the change
dig +short myhost.dyn.example.com @your-breeze-ip