Dynamic DNS is a great tool for being able to keep one or more services that rely on a specific DNS name record being accurate. In most cases, DDNS is useful for something like your home ISP IP address which is often dynamic or "sticky". Unless provided (or you pay for the priviledge), residenital ISP broadbrand plans don't usually offer static IP.
DD-WRT includes DDNS (inadyn), but there is one problem. It's very old. DD-WRT includes the version 1.96-ADV
. While having older software isn't ideal there is one key area that is a potential security issue. SSL support. The standard DDNS implementation in DD-WRT means you are sending your DNS update request over plaintext. This is bad. Being able to sniff credentials for your chosen DNS provider over the wire means you are wide open to someone being able to intercept and modify the request. In addition, the crendentials used may also be tied to a service multiple services. While it would require some effort and engineering, it is none the less an attack vector.
Unlike OpenWRT, DD-WRT doesn't have the same extendability options with the likes of opkg
out of the box. Fortunately, the Entware project allows you to provide similar extenability that OpenWRT has, with packages that are compiled with a compatible toolchain that works on DD-WRT.
This guide assumes you have installed Entware. If you haven't. Go ahead and read this guide.
Once Entware is installed, its very to install inadyn
with opkg
.
opkg install inadyn
This will install the inadyn package to /opt. It will provide a service script and defaults to the following for configuration and paths:
--cache-dir
-/opt/var/cache/inadyn
--config
-/opt/etc/inadyn.conf
--pidfile
-/opt/var/run/inadyn.pid
The Entware version of inadyn has been compiled with some defaults relating to /opt. By default inadyn
will look for the config file at /opt/etc/inadyn.conf
. This doesn't exist after installing, but you can simply create the file with:
touch /opt/etc/inadyn.conf
Unlike the DD-WRT built in version, your going to need to manually add in the configuration, as the NVRAM variables won't be compatible given the version differences.
First you need to establish if you can use the built in provider setup or need to use a custom provider. A detailed list of configuration examples can be found on the inadyn GitHub.
Place the required config into /opt/etc/inadyn.conf
One benefit of Entware is you get service scripts to run compatible programs. inadyn
includes its own at /opt/etc/init.d/S52inadyn
. Because of the way inadyn
has been built for Entware, a lot of the paths for the configuration file, cache etc are already pointing at /opt and unless you need to, you don't need to specify them in ARGS
. One argument you may wish to add is the log level, when first setting up, in order to make sure the DNS request are working.
I added --loglevel debug
to the ARGS
variable. You can switch this to more quieter values such as info
, notice*
, err
, none
once you are happy with the setup.
If you have been using the built in DD-WRT inadyn
setup, you'll first need to stop the service and disable it to prevent the DD-WRT version from running.
nvram set ddns_enable=0
nvram commit
stopservice ddns
You can start the Entware inadyn
version with:
/opt/etc/init.d/S52inadyn start
You should also add the Entware inadyn service script to your .rc_startup
, so it is started on boot.
By default the newer version of inadyn
use SSL by default, so this is much more secure and provides protection from any sniffing or MITM attack. If you have previously been sending your DDNS crendentials over plaintext, consider changing the password, as they should be considered compromised.