Dynamic DNS
Encyclopedia
Dynamic DNS or DDNS is a term used for the updating in real time of Internet
Domain Name System
(DNS) name server
s to keep up to date the active DNS configuration of their configured hostnames, addresses and other information.
The term is used in two contexts which, while what they do in technical terms is similar, have very different purposes and user populations.
The technically expert people who maintain the Internet, and those who are associated with domains, use networked devices, such as routers and computer systems using the Internet Protocol Suite
, to keep DNS server information up to date for the proper functioning of the Internet, and uninterrupted access to devices and services whose numeric IP address
may change. This process is dynamic DNS updating. The Secure DNS Update protocol discussed in RFC 2136 may be used.
Non-expert users of the Internet who connect to it via an Internet Service Provider
(ISP) will be allocated a numeric IP address by the ISP; the address may either be stable ("static"), or may change from one session on the Internet to the next ("dynamic"). If it is necessary to be able to access the computer from another location, a numeric address is inconvenient to remember; an address which changes unpredictably makes connection impossible. For example, a user may need access to their home or office computer while travelling; if and only if its address is known it can be set up to be accessed over a VPN
, or by a remote control program such as VNC server. This could be accomplished with a name server
, but setting one up is a complex task for the non-expert. Instead there are a number of providers, free of charge or for payment, of what is called a Dynamic DNS service. The DDNS provider allocates a static hostname
to the user; whenever the user is allocated a new IP address this is communicated to the DDNS provider by proprietary software
running on a computer at that address; the provider distributes the association between the hostname and the address to the Internet's DNS servers so that they may resolve DNS queries. The ultimate result is that the traveller may communicate with his home at, say myname.ddnsservice.org instead of an unknown set of four varying numbers; the host name is resolved to the current address of the home computer with a DNS query invisible to the user. The communication between the user's computer and the DDNS provider is not standardised, varying from one provider to another.
s, including LDAP and Windows' Active Directory
domains.
) addressing of hosts on the network was achieved by static translation tables that mapped hostnames to IP address
es. The tables were maintained manually in form of the hosts file
. The Domain Name System
brought a method of distributing the same address information automatically online through recursive queries to remote databases configured for each network, or domain
. Even this DNS facility still used static lookup tables at each participating node. IP addresses, once assigned to a particular host, rarely changed and the mechanism was initially sufficient. However, the rapid growth of the Internet and the proliferation of personal computers in the workplace and in homes created the substantial burden for administrators of keeping track of assigned IP addresses and managing their address space
. The Dynamic Host Configuration Protocol
(DHCP) allowed enterprises and Internet service provider
s (ISPs) to assign addresses to computers automatically as they powered up. In addition, this helped conserve the address space available, since not all devices might be actively used at all times and addresses could be assigned as needed. This feature required that DNS servers be kept current automatically as well. The first implementations of dynamic DNS fulfilled this purpose: Host computers gained the feature to notify their respective DNS server of the address they had received from a DHCP server or through self-configuration. This protocol-based DNS update method was documented and standardized in IETF publication RFC 2136 in 1997 and has become a standard part of the DNS protocol (see also nsupdate
program).
The explosive growth and proliferation of the Internet into people's homes brought a growing shortage of available IP addresses. DHCP became an important tool for ISPs as well to manage their address spaces for connecting home and small-business end-users with a single IP address each by implementing network address translation
(NAT) at the customer premise router. The private network
behind these routers uses address space set aside for these purposes (RFC 1918), masqueraded by the NAT device. This, however, broke the end-to-end principle
of Internet architecture and methods were required to allow private networks, with frequently changing external IP addresses, to discover their public address and insert it into the Domain Name System in order to participate in Internet communications more fully. Today, numerous providers, called Dynamic DNS service providers, offer such technology and services on the Internet.
networks, dynamic DNS is an integral part of Active Directory
, because domain controller
s register their network service types
in DNS so that other computers in the Domain (or Forest) can access them.
Increasing efforts to secure Internet communications today involve encryption of all dynamic updates via the public Internet, as these public dynamic DNS services have been abused increasingly to design security breaches. Standards-based methods within the DNSSEC
protocol suite, such as TSIG
, have been developed to secure DNS updates, but are not widely in use.
Microsoft developed alternative technology (GSS-TSIG
) based on Kerberos authentication.
Some freeware
DNS server software supports a different dynamic update procedure. They have a built-in DHCP server which automatically updates or adds the DNS data internally with entries about addresses dynamically allotted by the DHCP server, without the user needing to configure dynamic updates. One such server is Dual DHCP DNS.
program that automates the discovery and registration of the client system's public IP addresses. The client program is executed on a computer or device in the private network. It connects to the DDSN provider's systems with a unique login name; the provider uses the name to link the discovered public IP address of the home network with a hostname in the domain name system. Depending on the provider, the hostname is registered within a domain owned by the provider, or within the customer's own domain name. These services can function by a number of mechanisms. Often they use an HTTP service request since even restrictive environments usually allow HTTP service. The provider might use RFC 2136 to update the DNS servers.
Many home networking modem/routers
have clients for several DDNS providers built into their firmware
. An early example is the 1999 UMAX UGate-3000, which supported the TZO.COM dynamic DNS service.
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
Domain Name System
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
(DNS) name server
Name server
In computing, a name server is a program or computer server that implements a name-service protocol. It maps a human-recognizable identifier to a system-internal, often numeric, identification or addressing component....
s to keep up to date the active DNS configuration of their configured hostnames, addresses and other information.
The term is used in two contexts which, while what they do in technical terms is similar, have very different purposes and user populations.
The technically expert people who maintain the Internet, and those who are associated with domains, use networked devices, such as routers and computer systems using the Internet Protocol Suite
Internet protocol suite
The Internet protocol suite is the set of communications protocols used for the Internet and other similar networks. It is commonly known as TCP/IP from its most important protocols: Transmission Control Protocol and Internet Protocol , which were the first networking protocols defined in this...
, to keep DNS server information up to date for the proper functioning of the Internet, and uninterrupted access to devices and services whose numeric IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
may change. This process is dynamic DNS updating. The Secure DNS Update protocol discussed in RFC 2136 may be used.
Non-expert users of the Internet who connect to it via an Internet Service Provider
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
(ISP) will be allocated a numeric IP address by the ISP; the address may either be stable ("static"), or may change from one session on the Internet to the next ("dynamic"). If it is necessary to be able to access the computer from another location, a numeric address is inconvenient to remember; an address which changes unpredictably makes connection impossible. For example, a user may need access to their home or office computer while travelling; if and only if its address is known it can be set up to be accessed over a VPN
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
, or by a remote control program such as VNC server. This could be accomplished with a name server
Name server
In computing, a name server is a program or computer server that implements a name-service protocol. It maps a human-recognizable identifier to a system-internal, often numeric, identification or addressing component....
, but setting one up is a complex task for the non-expert. Instead there are a number of providers, free of charge or for payment, of what is called a Dynamic DNS service. The DDNS provider allocates a static hostname
Hostname
A hostname is a label that is assigned to a device connected to a computer network and that is used to identify the device in various forms of electronic communication such as the World Wide Web, e-mail or Usenet...
to the user; whenever the user is allocated a new IP address this is communicated to the DDNS provider by proprietary software
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...
running on a computer at that address; the provider distributes the association between the hostname and the address to the Internet's DNS servers so that they may resolve DNS queries. The ultimate result is that the traveller may communicate with his home at, say myname.ddnsservice.org instead of an unknown set of four varying numbers; the host name is resolved to the current address of the home computer with a DNS query invisible to the user. The communication between the user's computer and the DDNS provider is not standardised, varying from one provider to another.
RFC 2136 dynamic DNS update
The standardized method of dynamically updating nameserver records is prescribed by RFC 2136, commonly known as 'Dynamic DNS Update' or 'DDNS'. Unlike updates through a DDNS provider, RFC 2136 is a protocol in its own right, with its own security mechanisms, and for use with managed nameservers. While RFC 2136 supports all DNS record types (including zone and user), it is most commonly used for dynamic hosts. In this form it is used primarily as an extension of the DHCP system, and in which the authorized DHCP servers register the clients' records with the nameserver(s) (Windows servers are an exception: by default, Windows servers only register 'A' records and the DHCP clients are expected to register the reverse pointers). This form of support for RFC 2136 is provided by a plethora of client and server software, including those that are components of most current operating systems. Support for RFC 2136 is also an integral part of many directory serviceDirectory service
A directory service is the software system that stores, organizes and provides access to information in a directory. In software engineering, a directory is a map between names and values. It allows the lookup of values given a name, similar to a dictionary...
s, including LDAP and Windows' Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
domains.
History
In the initial stages of the Internet (ARPANETARPANET
The Advanced Research Projects Agency Network , was the world's first operational packet switching network and the core network of a set that came to compose the global Internet...
) addressing of hosts on the network was achieved by static translation tables that mapped hostnames to IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
es. The tables were maintained manually in form of the hosts file
Hosts file
The hosts file is a computer file used in an operating system to map hostnames to IP addresses. The hosts file is a plain-text file and is conventionally named hosts.-Purpose:...
. The Domain Name System
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
brought a method of distributing the same address information automatically online through recursive queries to remote databases configured for each network, or domain
Domain name
A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....
. Even this DNS facility still used static lookup tables at each participating node. IP addresses, once assigned to a particular host, rarely changed and the mechanism was initially sufficient. However, the rapid growth of the Internet and the proliferation of personal computers in the workplace and in homes created the substantial burden for administrators of keeping track of assigned IP addresses and managing their address space
Address space
In computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity.- Overview :...
. The Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
The Dynamic Host Configuration Protocol is a network configuration protocol for hosts on Internet Protocol networks. Computers that are connected to IP networks must be configured before they can communicate with other hosts. The most essential information needed is an IP address, and a default...
(DHCP) allowed enterprises and Internet service provider
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
s (ISPs) to assign addresses to computers automatically as they powered up. In addition, this helped conserve the address space available, since not all devices might be actively used at all times and addresses could be assigned as needed. This feature required that DNS servers be kept current automatically as well. The first implementations of dynamic DNS fulfilled this purpose: Host computers gained the feature to notify their respective DNS server of the address they had received from a DHCP server or through self-configuration. This protocol-based DNS update method was documented and standardized in IETF publication RFC 2136 in 1997 and has become a standard part of the DNS protocol (see also nsupdate
Nsupdate
nsupdate is a computer network maintenance utility used by network administrators to request the name server of a DNS zone to update its database...
program).
The explosive growth and proliferation of the Internet into people's homes brought a growing shortage of available IP addresses. DHCP became an important tool for ISPs as well to manage their address spaces for connecting home and small-business end-users with a single IP address each by implementing network address translation
Network address translation
In computer networking, network address translation is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device....
(NAT) at the customer premise router. The private network
Private network
In the Internet addressing architecture, a private network is a network that uses private IP address space, following the standards set by RFC 1918 and RFC 4193. These addresses are commonly used for home, office, and enterprise local area networks , when globally routable addresses are not...
behind these routers uses address space set aside for these purposes (RFC 1918), masqueraded by the NAT device. This, however, broke the end-to-end principle
End-to-end principle
The end-to-end principle is a classic design principle of computer networking which states that application specific functions ought to reside in the end hosts of a network rather than in intermediary nodes, provided they can be implemented "completely and correctly" in the end hosts...
of Internet architecture and methods were required to allow private networks, with frequently changing external IP addresses, to discover their public address and insert it into the Domain Name System in order to participate in Internet communications more fully. Today, numerous providers, called Dynamic DNS service providers, offer such technology and services on the Internet.
Function
In Microsoft WindowsMicrosoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
networks, dynamic DNS is an integral part of Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
, because domain controller
Domain controller
On Windows Server Systems, a domain controller is a server that responds to security authentication requests within the Windows Server domain...
s register their network service types
SRV record
A Service record is a specification of data in the Domain Name System defining the location, i.e. the hostname and port number, of servers for specified services. It is defined in RFC 2782, and its type code is 33...
in DNS so that other computers in the Domain (or Forest) can access them.
Increasing efforts to secure Internet communications today involve encryption of all dynamic updates via the public Internet, as these public dynamic DNS services have been abused increasingly to design security breaches. Standards-based methods within the DNSSEC
DNSSEC
The Domain Name System Security Extensions is a suite of Internet Engineering Task Force specifications for securing certain kinds of information provided by the Domain Name System as used on Internet Protocol networks...
protocol suite, such as TSIG
TSIG
TSIG is a computer networking protocol definedin RFC 2845. It is used primarily by the Domain Name System to provide a means of authenticating updates to a Dynamic DNS database, although it can also be used between servers and for regular queries...
, have been developed to secure DNS updates, but are not widely in use.
Microsoft developed alternative technology (GSS-TSIG
Generic Security Service Algorithm for Secret Key Transaction
GSS-TSIG is an extension to the TSIG DNS authentication protocol for secure key exchange. It is a GSS-API algorithm which uses Kerberos for passing security tokens to provide authentication, integrity and confidentiality.GSS-TSIG uses a mechanism like SPNEGO with Kerberos or NTLM...
) based on Kerberos authentication.
Some freeware
Freeware
Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...
DNS server software supports a different dynamic update procedure. They have a built-in DHCP server which automatically updates or adds the DNS data internally with entries about addresses dynamically allotted by the DHCP server, without the user needing to configure dynamic updates. One such server is Dual DHCP DNS.
DDNS for ISP users
Dynamic DNS providers offer a software clientClient (computing)
A client is an application or system that accesses a service made available by a server. The server is often on another computer system, in which case the client accesses the service by way of a network....
program that automates the discovery and registration of the client system's public IP addresses. The client program is executed on a computer or device in the private network. It connects to the DDSN provider's systems with a unique login name; the provider uses the name to link the discovered public IP address of the home network with a hostname in the domain name system. Depending on the provider, the hostname is registered within a domain owned by the provider, or within the customer's own domain name. These services can function by a number of mechanisms. Often they use an HTTP service request since even restrictive environments usually allow HTTP service. The provider might use RFC 2136 to update the DNS servers.
Many home networking modem/routers
Residential gateway
A residential gateway is a home networking device, used as a gateway to connect devices in the home to the Internet or other WAN.It is an umbrella term, used to cover multi-function networking computer appliances used in homes, which may combine a DSL or cable modem, a firewall, a consumer-grade...
have clients for several DDNS providers built into their firmware
Firmware
In electronic systems and computing, firmware is a term often used to denote the fixed, usually rather small, programs and/or data structures that internally control various electronic devices...
. An early example is the 1999 UMAX UGate-3000, which supported the TZO.COM dynamic DNS service.
See also
- Domain Name SystemDomain name systemThe Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
(DNS) - DNS hosting serviceDNS hosting serviceA DNS hosting service is a service that runs Domain Name System servers. Most, but not all, domain name registrars include DNS hosting service with registration. Free DNS hosting services also exist...
- Name serverName serverIn computing, a name server is a program or computer server that implements a name-service protocol. It maps a human-recognizable identifier to a system-internal, often numeric, identification or addressing component....
- Fast-flux DNS
- Comparison of DNS server softwareComparison of DNS server softwareThis article presents a comparison of the features, platform support, and packaging of independent implementations of Domain Name System name server software.- Servers compared :...
External links
- Dynamic DNS Providers
- Understanding Dynamic Update in Windows Server 2008 Help
- Domain Name System on Microsoft TechNet