Configuring your dynDNS Client¶
Here’s how to configure your client to send your IP address to our servers so that we can publish it in the DNS. Depending on your use case, one of the following options might be easier than the others.
To update your dynDNS IP address, there are several options:
Option 1: Use Your Router¶
For most folks, using the integrated dynDNS client of their router will be easiest. Here are two ways how to configure it.
Use your router’s deSEC provider¶
Some routers have support for deSEC out of the box, and you just need to select the right option (“deSEC”, “desec.io”, “dedyn”, or similar). For example, if you run a router with the OpenWRT operation system, watch out for the “desec.io” provider.
If your router does not have deSEC preconfigured, the configuration procedure will depend on the specific type of router which is why we can’t provide a tutorial for all of them. However, most of the time it boils down to enter the following details in your router configuration:
- Update Server
update.dedyn.io, or Update URL
- Username (the full name of the domain you want to update, e.g. yourname.dedyn.io)
- Hostname (same as your username)
- Token (long random string for authorization)
Advanced API users: The dynDNS token technically is a regular API token. You can also use the token to make requests to our REST API. (Currently, all tokens are equally powerful, i.e. a token used for dynDNS updates can also be used to perform other kinds of API operations. Token scoping is on our roadmap.)
There is a chance that your router already properly supports pushing its IPv6
address to us. If it does not, you can try to let our servers determine your
IPv6 address by using IPv6 to connect. To see if this method works for you,
modify the “Update Server” or “Update URL” setting in your router’s
Note that when using this update server, your IPv4 address will be deleted from the DNS, and your domain will operate in IPv6-only mode. (For an explanation why that is the case, see Determine IP addresses.) It is not possible to set up IPv4 and IPv6 by using both update servers in an alternating fashion.
To update both your IPv4 and IPv6 address at the same time, most routers need
to be configured with an update URL that provides both IP addresses via query string
provide placeholders for the respective addresses. To find out the placeholder names
for your router, please refer to the manual of your device.
Example: Fritz!Box Devices¶
For Fritz!Box devices, for example, the respective URL reads:
|Update URL 1||
|Domain Name 2||<your domain>.dedyn.io|
|Username 3||<your domain>.dedyn.io|
|Password 4||<your authorization token>|
- Note 1
- Note that the placeholders
<ip6addr>in the update URL must remain unchanged; your router will substitute them automatically. Furthermore, it is neither necessary nor recommended to use the placeholders
<passwd>as the Fritz!Box makes use of HTTP basic authentication, see IP Update Authentication.
- Note 2
- This entry is not used by deSEC - you only need to enter it as Fritz!Box mandates it
- Note 3
- Not your deSEC username! Instead, use the domain you want to update, see IP Update Authentication for details.
- Note 4
- A valid access token for the domain. Not you deSEC account password!
Option 2: Use ddclient¶
Automatic configuration (Debian-/Ubuntu-based systems)¶
If you’re on Debian, Ubuntu or any other Linux distribution that provides you with the ddclient package, you can use it to update your IP address with our servers. Note that depending on the ddclient version you are using, IPv6 support may be limited.
To install ddclient, run
sudo apt-get install ddclient. If a configuration
dialog does not appear automatically, use
sudo dpkg-reconfigure ddclient to
start the configuration process.
In the configuration process, select “other” dynamic DNS service provider, and
update.dedyn.io as the dynamic DNS server. Next, tell ddclient to use
the “dyndns2” protocol to perform updates. Afterwards, enter the username and
the token that you received during registration. Last, tell ddclient how to
detect your IP address, your domain name and the update interval.
Note: As of the time of this writing, ddclient does not use an encrypted
HTTPS connection by default. To enable it, open
/etc/ddclient.conf and add
ssl=yes above the
server= statement. We strongly recommend doing
so; otherwise, your credentials will be exposed during transmission.
Manual configuration (other systems)¶
After installing ddclient, you can start with a
file similar to this one, with the three placeholders replaced by your domain
name and your token:
protocol=dyndns2 # "use=cmd" and the curl command is one way of doing this; other ways exist use=cmd, cmd='curl https://checkipv4.dedyn.io/' ssl=yes server=update.dedyn.io login=[domain] password='[token]' [domain]
Hint: We have been told that in newer versions of ddclient, IPv6 can be
enabled by replacing
Unfortunately, there seems to be no documentation of the
usev6 setting, so
we don’t know if it is reliable. If you know more about this, please open an
issue or pull request at https://github.com/desec-io/desec-stack/.
To test your setup, run
sudo ddclient -force and see if everything works as