Dynamic DNS

Last updated

Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information.

Contents

The term is used to describe two different concepts. The first is "dynamic DNS updating" which refers to systems that are used to update traditional DNS records without manual editing. [1] These mechanisms use TSIG to provide security. The second kind of dynamic DNS permits lightweight and immediate updates often using an update client, which do not use the RFC   2136 standard for updating DNS records. These clients provide a persistent addressing method for devices that change their location, configuration or IP address frequently.

Background

In the initial stages of the Internet (ARPANET), addressing of hosts on the network was achieved by static translation tables that mapped hostnames to IP addresses. The tables were maintained manually in form of the host file. The Domain Name System brought a method of distributing the same address information automatically online through recursive queries to remote databases configured for each network, or domain. Even this DNS facility still used static lookup tables at each participating node. IP addresses, once assigned to a particular host, rarely changed and the mechanism was initially sufficient. However, the rapid growth of the Internet and the proliferation of personal computers in the workplace and in homes created the substantial burden for administrators of keeping track of assigned IP addresses and managing their address space. The Dynamic Host Configuration Protocol (DHCP) allowed enterprises and Internet service providers (ISPs) to assign addresses to computers automatically as they powered up. In addition, this helped conserve the address space available, since not all devices might be actively used at all times and addresses could be assigned as needed. This feature required that DNS servers be kept current automatically as well. The first implementations of dynamic DNS fulfilled this purpose: Host computers gained the feature to notify their respective DNS server of the address they had received from a DHCP server or through self-configuration. This protocol-based DNS update method was documented and standardized in IETF publication in 1997 [1] and has become a standard part of the DNS protocol (see also nsupdate program).

The explosive growth and proliferation of the Internet into homes brought a growing shortage of available IP addresses. DHCP became an important tool for ISPs as well to manage their address spaces for connecting home and small-business end-users with a single IP address each by implementing network address translation (NAT) at the customer-premises router. The private network behind these routers uses address space set aside for these purposes, [2] masqueraded by the NAT device. This, however, broke the end-to-end principle of Internet architecture and methods were required to allow private networks, with frequently changing external IP addresses, to discover their public address and insert it into the Domain Name System in order to participate in Internet communications properly. Today, numerous providers, called dynamic DNS service providers, offer such technology and services on the Internet.

Domain Name System

DNS is based on a distributed database that takes some time to update globally. When DNS was first introduced, the database was small and could be easily maintained by hand. As the system grew this task became difficult for any one site to handle, and a new management structure was introduced to spread out the updates among many domain name registrars. Registrars today offer end-user updating to their account information, typically using a web-based form, and the registrar then pushes out update information to other DNS servers.

Due to the distributed nature of the domain name systems and its registrars, updates to the global DNS may take hours to distribute. Thus DNS is only suitable for services that do not change their IP address very often, as is the case for most large services like Wikipedia. Smaller services, however, are generally much more likely to move from host to host over shorter periods of time. Servers being run on certain types of Internet service provider, cable modems in particular, are likely to change their IP address over very short periods of time, on the order of days or hours. Dynamic DNS is a system that addresses the problem of rapid updates.

Types

The term DDNS is used in two ways, which, while technically similar, have very different purposes and user populations. The first is standards-based DDNS, which uses an extension of the DNS protocol to ask for an update; this is often used for company laptops to register their address. The second is proprietary DDNS, usually a web-based protocol, normally a single HTTP fetch with username and password which then updates some DNS records (by some unspecified method); this is commonly used for a domestic computer to register itself by a publicly known name in order to be found by a wider group, for example as a games server or webcam.

End users of Internet access receive an allocation of IP addresses, often only a single address, by their Internet service provider. The assigned addresses may either be fixed (i.e. static), or may change from time to time, a situation called dynamic. Dynamic addresses are generally given only to residential customers and small businesses, as most enterprises specifically require static addresses.

Dynamic IP addresses present a problem if the customer wants to provide a service to other users on the Internet, such as a web service. As the IP address may change frequently, corresponding domain names must be quickly re-mapped in the DNS, to maintain accessibility using a well-known URL.

Many providers offer commercial or free Dynamic DNS service for this scenario. The automatic reconfiguration is generally implemented in the user's router or computer, which runs software to update the DDNS service. The communication between the user's equipment and the provider is not standardized, although a few standard web-based methods of updating have emerged over time.

Standards-based DDNS

The standardized method of dynamically updating domain name server records is prescribed by RFC   2136, commonly known as dynamic DNS update. The method described by RFC 2136 is a network protocol for use with managed DNS servers, and it includes a security mechanism. RFC 2136 supports all DNS record types, but often it is used only as an extension of the DHCP system, and in which the authorized DHCP servers register the client records in the DNS. This form of support for RFC 2136 is provided by a plethora of client and server software, including those that are components of most current operating systems. Support for RFC 2136 is also an integral part of many directory services, including LDAP and Windows' Active Directory domains.

Applications

In Microsoft Windows networks, dynamic DNS is an integral part of Active Directory, because domain controllers register their network service types in DNS so that other computers in the domain (or forest) can access them.

Increasing efforts to secure Internet communications today involve encryption of all dynamic updates via the public Internet, as these public dynamic DNS services have been abused increasingly to design security breaches. Standards-based methods within the DNSSEC protocol suite, such as TSIG, have been developed to secure DNS updates, but are not widely in use. Microsoft developed alternative technology (GSS-TSIG) based on Kerberos authentication.

Some free DNS server software systems, such as dnsmasq, support a dynamic update procedure that directly involves a built-in DHCP server. This server automatically updates or adds the DNS records as it assigns addresses, relieving the administrator of the task of specifically configuring dynamic updates.

DDNS for Internet access devices

Dynamic DNS providers offer a software client program that automates the discovery and registration of the client system's public IP addresses. The client program is executed on a computer or device in the private network. It connects to the DDNS provider's systems with a unique login name; the provider uses the name to link the discovered public IP address of the home network with a hostname in the domain name system. Depending on the provider, the hostname is registered within a domain owned by the provider, or within the customer's own domain name. These services can function by a number of mechanisms. Often they use an HTTP service request since even restrictive environments usually allow HTTP service. Most providers have an API similar to a first provider DynDNS (Dyn.com) so it's often called DynDNS2.

Many home networking modem/routers include client applications in their firmware, compatible with a variety of DDNS providers.

DDNS for security appliance manufacturers

Dynamic DNS is an expected feature or even requirement for IP-based security appliances like DVRs and IP cameras.[ citation needed ] Many options are available for today's manufacturer, and these include the use of existing DDNS services or the use of custom services hosted by the manufacturers themselves.

In almost all cases, a simple HTTP based update API is used as it allows for easy integration of a DDNS client into a device's firmware. There are several pre-made tools that can help ease the burden of server and client development, like MintDNS, [3] cURL and Inadyn. [4] Most web-based DDNS services use a standard user name and password security schema. This requires that a user first create an account at the DDNS server website and then configure the device to send updates to the DDNS server whenever an IP address change is detected.

Some device manufacturers go a step further by only allowing their DDNS Service to be used by the devices they manufacture, and also eliminate the need for user names and passwords altogether. Generally this is accomplished by encrypting the device's MAC address using an cryptographic algorithm kept secret on both the DDNS server and within the device's firmware. The resulting decryption or decryption failure is used to secure or deny updates. Resources for the development of custom DDNS services are generally limited and involve a full software development cycle to design and field a secure and robust DDNS server.

See also

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.

An Internet Protocol address is a numerical label such as 192.0.2.1 that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface identification, and location addressing.

<span class="mw-page-title-main">IPv6</span> Version 6 of the Internet Protocol

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and was intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, which subsequently ratified it as an Internet Standard on 14 July 2017.

A name server is a computer application that implements a network service for providing responses to queries against a directory service. It translates an often humanly meaningful, text-based identifier to a system-internal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request.

The Bootstrap Protocol (BOOTP) is a computer networking protocol used in Internet Protocol networks to automatically assign an IP address to network devices from a configuration server. The BOOTP was originally defined in RFC 951 published in 1985.

Zero-configuration networking (zeroconf) is a set of technologies that automatically creates a usable computer network based on the Internet Protocol Suite (TCP/IP) when computers or network peripherals are interconnected. It does not require manual operator intervention or special configuration servers. Without zeroconf, a network administrator must set up network services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), or configure each computer's network settings manually.

<span class="mw-page-title-main">Preboot Execution Environment</span> Standard for booting from a server

In computing, the Preboot eXecution Environment, PXE specification describes a standardized client–server environment that boots a software assembly, retrieved from a network, on PXE-enabled clients. On the client side it requires only a PXE-capable network interface controller (NIC), and uses a small set of industry-standard network protocols such as DHCP and TFTP.

<span class="mw-page-title-main">Captive portal</span> Web page displayed to new users of a network

A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other valid credentials that both the host and user agree to adhere by. Captive portals are used for a broad range of mobile and pedestrian broadband services – including cable and commercially provided Wi-Fi and home hotspots. A captive portal can also be used to provide access to enterprise or residential wired networks, such as apartment houses, hotel rooms, and business centers.

The computer file hosts is an operating system file that maps hostnames to IP addresses. It is a plain text file. Originally a file named HOSTS.TXT was manually maintained and made available via file sharing by Stanford Research Institute for the ARPANET membership, containing the hostnames and address of hosts as contributed for inclusion by member organizations. The Domain Name System, first described in 1983 and implemented in 1984, automated the publication process and provided instantaneous and dynamic hostname resolution in the rapidly growing network. In modern operating systems, the hosts file remains an alternative name resolution mechanism, configurable often as part of facilities such as the Name Service Switch as either the primary method or as a fallback method.

ipconfig Console application program

ipconfig is a console application program of some computer operating systems that displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. IPCONFIG

In computer networking, a network service is an application running at the network application layer and above, that provides data storage, manipulation, presentation, communication or other capability which is often implemented using a client–server or peer-to-peer architecture based on application layer network protocols.

In computer networks, a reverse DNS lookup or reverse DNS resolution (rDNS) is the querying technique of the Domain Name System (DNS) to determine the domain name associated with an IP address – the reverse of the usual "forward" DNS lookup of an IP address from a domain name. The process of reverse resolving of an IP address uses PTR records. rDNS involves searching domain name registry and registrar tables. The reverse DNS database of the Internet is rooted in the .arpa top-level domain.

IP address management (IPAM) is a methodology implemented in computer software for planning and managing the assignment and use of IP addresses and closely related resources of a computer network. It does not typically provide Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) services, but manages information for these components. Additional functionality, such as controlling reservations in DHCP and other data aggregation and reporting capabilities, is also common. Data tracked by an IPAM system may include information such as IP addresses in use, and the associated devices and users. Centralized collection of this information may support troubleshooting and abuse investigations.

This article presents a comparison of the features, platform support, and packaging of many independent implementations of Domain Name System (DNS) name server software.

The domain name .local is a special-use domain name reserved by the Internet Engineering Task Force (IETF) so that it may not be installed as a top-level domain in the Domain Name System (DNS) of the Internet. As such it is similar to the other special domain names, such as .localhost. However, .local has since been designated for use in link-local networking, in applications of multicast DNS (mDNS) and zero-configuration networking (zeroconf) so that DNS service may be established without local installations of conventional DNS infrastructure on local area networks.

The Dynamic Host Configuration Protocol version 6 (DHCPv6) is a network protocol for configuring Internet Protocol version 6 (IPv6) hosts with IP addresses, IP prefixes, default route, local segment MTU, and other configuration data required to operate in an IPv6 network. It is not just the IPv6 equivalent of the Dynamic Host Configuration Protocol for IPv4.

TSIG is a computer-networking protocol defined in RFC 2845. Primarily it enables the Domain Name System (DNS) to authenticate updates to a DNS database. It is most commonly used to update Dynamic DNS or a secondary/slave DNS server. TSIG uses shared secret keys and one-way hashing to provide a cryptographically secure means of authenticating each endpoint of a connection as being allowed to make or respond to a DNS update.

Vitalwerks Internet Solutions, LLC is a domain and host service provider. No-IP offers DNS services, DDNS, email, network monitoring and SSL certificates. Email services include POP3, SMTP, mail backup services, mail reflection and filtering.

Cisco Prime Network Registrar (CNR) is a Cisco software product that includes components for Domain Name System (DNS) services, Dynamic Host Configuration Protocol services, Trivial File Transfer Protocol (TFTP) services, and Simple Network Management Protocol functions. CNR provides a regional and local management structure and is supported on server hardware and software based on 32-bit and 64-bit architectures. This product is now called Cisco Prime Network Registrar.

References

  1. 1 2 S. Thomson; Y. Rekhter; J. Bound (April 1997). P. Vixie (ed.). Dynamic Updates in the Domain Name System (DNS UPDATE). Network Working Group. doi: 10.17487/RFC2136 . RFC 2136.Proposed Standard. Updates RFC  1035. Updated by RFC  3007, 4033, 4034 and 4035.
  2. Y. Rekhter; B. Moskowitz; D. Karrenberg; G. J. de Groot; E. Lear (February 1996). Address Allocation for Private Internets. Network Working Group. doi: 10.17487/RFC1918 . BCP 5. RFC 1918.Best Common Practice. Obsoletes RFC  1627 and 1597. Updated by RFC  6761.
  3. https://dynamic.domains/ [ bare URL ]
  4. "Internet Automated Dynamic DNS Client". GitHub .