Dynamic DNS on IOS
By stretch | Monday, December 28, 2009 at 3:02 a.m. UTC
One of the challenges in getting the community lab up and running was not having a reliable static IP address for public reachability (the lab is connected to the Internet via a home cable broadband connection for the time being). Rather than shell out an absurd amount of cash for a "business" plan with a static IP, I opted to make use of Dynamic DNS (DDNS).
For those unfamiliar with DDNS, it works like this:
- Register an account with a free or paid DDNS provider.
- Configure your CPE router (or workstation) to act as a DDNS client.
- A unique domain name is created by the DDNS provider, pointing to your current IP address.
- Whenever your router receives a new IP address from your ISP, the DDNS client notifies the DDNS server and your DNS record is updated with the new address.
Many SOHO network devices (Linksys, Netgear, etc.) ship with support for several popular DDNS providers. Cisco IOS also supports DDNS client capabilities. This article describes the configuration of DDNS as offered by DynDNS.com, but it can be adapted to suit any provider which supports updates via HTTP requests.
Configuring my Cisco 1811 demarcation router to work with DynDNS was pretty straightforward. (This example assumes DHCP has already been configured on the ISP-facing interface.) The first step is to define a DDNS update method:
Router(config)# ip ddns update method DynDNS Router(DDNS-update-method)# ? Dynamic DNS update method configuration commands: DDNS IETF standardized Dynamic DNS update HTTP Dynamic DNS update via HTTP based protocols default Set a command to its defaults exit Exit from DNS dynamic update method configuration mode internal Update internal IOS name cache interval Specify interval between DNS updates no Negate a command or set its defaults
DynDNS in the example above is an arbitrary unique name; this can be anything you want. Two update methods are available: IETF (defined in RFC 2136) and HTTP; most free providers seem to support HTTP updates, and that is the method used in this example.
Under the HTTP method configuration, specify the URI the router will use to contact the DDNS provider with a new IP address when a change occurs. (The URI shown here is valid only for DynDNS.)
Router(DDNS-update-method)# http Router(DDNS-HTTP)# add http://username:firstname.lastname@example.org/nic/update system=dyndns&hostname=<h>&myip=<a>
Note the two letters encased in angled brackets within the URI, <h> and <a>. These two special strings will be replaced with the router's hostname and interface IP address, respectively, when the HTTP request is made. Note that you'll need to insert a
ctrl-v immediately before the question mark in the URI to escape the character and avoid invoking context-sensitive help. Also note that the URI will typically include the login credentials of your DDNS account and as such should be treated as sensitive.
It may be a good idea (depending on your provider's terms of service) to configure a minimum update interval. This will force the router to issue a DDNS update request even when the address has not changed, so that the service provider knows that the account is still active. The interval is specified with four integers: days, hours, minutes, and seconds. The line below configures a minimum update interval of 24 days.
Router(DDNS-update-method)# interval minimum 24 0 0 0
The last item to configure is the ISP-facing interface. At a minimum, you'll simply need to apply the DDNS update method name to the interface. You'll probably also want to set an explicit hostname to be used for DDNS updates, instead of your router's actual hostname:
Router(config)# interface f0 Router(config-if)# ip ddns update hostname myname.dysndns.org Router(config-if)# ip ddns update DynDNS
debug ip ddns update can be used to watch DDNS updates take place when the interface acquires or reacquires an IP address.
About the Author
Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.
Posted in Remote Access
December 28, 2009 at 12:10 p.m. UTC
I had to enable the HTTP-Server to make the HTTP-DDNS-Client work. Not sure if that was a bug or a feature, I didn't investigate it any further but was reminded of that problem when reading your post.
December 28, 2009 at 12:46 p.m. UTC
One thing that absolutely needs to be implemented is a check, prior to the update, if the IP address has even changed.
If your link begins flapping and you continue to get the same ip address, Cisco's DynDNS implementation will send out updates en mass, causing DynDNS to block your hostname:
The hostname, dynip.packetlife.net, in account packetlife, has been blocked for abuse. This action has been taken due to the receipt of multiple updates originating from the same IP address.
December 28, 2009 at 1:39 p.m. UTC
@Karsten: That definitely sounds like a bug.
@lost-carrier: You can also define a maximum update interval, although it may be nontrivial to find an interval considered acceptable by your provider.
December 28, 2009 at 4:02 p.m. UTC
The "ip ddns update hostname" interface configuration command is only for IETF dynamic dns updtes, not HTTP updates used with providers like DynDNS.org.
December 28, 2009 at 4:24 p.m. UTC
@stretch: yes, but that's not the point. The point is, that the DynDNS Client need to check (via a dns lookup) whether the IP address actually changed.
What is an abusive update?
Any update which assigns the hostname to a new IP address is considered "good"; all other updates are considered unnecessary and therefore "abusive."
January 6, 2010 at 5:07 p.m. UTC
I ran into a bug where it was sending abusive updates to dyndns as mentioned above. So I had Cisco fix it. Bug ID CSCsi12020. 12.4(15)T releases should be ok.
February 11, 2011 at 3:50 a.m. UTC
thanks for a great info, I am getting this on debug
... status='Host name resolution failed', tid=0
Can you please help