Dynamic DNS for public IP address of the firewall

Dynamic DNSDomain Name System - A database enables the translation of hostnames to IP addresses and provides other domain related information. (DDNS) is a service providing automatic update of IP address in DNS record for the particular host name.

User can choose from several second level domains (DynDNS, no-ip.com or ChangeIP.com) and select a free host name for the domain (e.g. company.no-ip.com).

If Kerio Control enables cooperation with dynamic DNS, a request for update of the IP addressAn identifier assigned to devices connected to a TCP/IP network. in dynamic DNS is sent upon any change of the Internet interface's IP address (including switching between primary and secondary Internet connection. This keeps DNS record for the particular IP address up-to-date and mapped services may be accessed by the corresponding host name.

  1. Dynamic DNS records use very short time-to-live (TTL) and, therefore, they are kept in cache of other DNS servers or forwarders for a very short time. Probability that the client receives DNS response with an invalid (old) IP address is, therefore, very low.
  2. Some DDNS servers also allow concurrent update of more records. Wildcards are used for this purpose. For example, in DDNS there exist two host names, both linked to the public IP address of the firewall: fw.company.com and server.company.com. If the IP address is changed, it is therefore possible to send a single request for update of DNS records with name *.company.com. This requests starts update of DNS records of both names.

Configuring DDNS

  1. Create an account at the following DDNS provider: ChangeIP, DynDNS, or No-IP.
  2. In the administration interface, go to Remote Services > Dynamic DNS.
  3. Select option Automatically update dynamic DNS service records with the firewall's IP address.
  4. Select a DDNS provider.
  5. In the Update hostname field, type a DNS name. If DDNS supports wildcards, they can be used in the host name.
  6. Set username and password for access to updates of the dynamic record.
  7. If Kerio Control uses the multiple internet links mode (load ballancing or failover) you can choose how to identify IP addresses for your DDNS provider:
  • IP address configured on outgoing Internet interfaceKerio Control always sends the IP address from the Internet interface to the DDNS provider.
  • Detected public IP address — before sending the IP address to the DDNS provider, Kerio Control detects which IP address is used for access to the Internet.
  • IP address configured on interfaceKerio Control sends the IP address from the chosen interface to the DDNS provider. If you don't know which option is the best, switch to Detected public IP address.
  1. Click Apply.

Kerio Control should update the DDNS records automatically and all the mapped services should be accessible.

The IP address update is also shown in the DDNS provider administration interface.