Hey! Listen! This post is part of a series on the Ubiquiti EdgeRouter Lite. Check them all out!
| Date | URL | Part |
|---|---|---|
| 2019-06-28 | Migrating away from the Ubiquiti EdgeRouter Lite | |
| 2019-02-03 | EdgeRouter CNAME records | |
| 2017-10-03 | Dyn DDNS on EdgeRouter | |
| 2017-04-25 | DuckDNS on EdgeRouter | |
| 2017-01-08 | Ubiquiti EdgeRouter serial console settings | |
| 2016-11-29 | Ubiquiti UniFi controller setup on Raspberry Pi 3 | |
| 2016-08-30 | EdgeRouter Lite Dnsmasq setup | |
| 2016-06-13 | EdgeRouter Lite software upgrade | |
| 2016-05-12 | EdgeRouter Lite OpenVPN setup | |
| 2016-04-29 | Ubiquiti EdgeRouter Lite setup |
Introduction
I’ve been using Dyn for my dynamic DNS for years. However, after the 2016 Dyn DDoS, I’ve decided to add a second dynamic DNS service provider, in case Dyn goes down again.
Choosing a provider
Some dynamic DNS service providers might offer more update methods or tutorials, but that’s where the differences end. Unless you’re a large client or have a very custom setup, the largest factor between providers is price. Dyn starts at $7/month, but I’m grandfathered into a $40/year plan.
For my second provider, I’ve chosen DuckDNS. DuckDNS was started by a redditor, they are pretty transparent, and best of all, the service is free. I’d still donate to them because I’d prefer to pay a couple of guys running a good service, rather than a corporation.
DuckDNS setup
Web setup
Head over to the DuckDNS website and setup an account. Interestingly, DuckDNS only offers oAuth logins (e.g., through Google, Facebook, Reddit, etc…). This is so they don’t have to worry about storing usernames/passwords themselves and can leave it to the professionals.
Next, enter your domain in the box and click Add domain. If the domain is available, it will be registered to your account. While you’re on this same screen, make note of your account token.
Router setup
EdgeOS only supports a handful of pre-configured DNS service providers by default (shown below).
ubnt@erl# set service dns dynamic interface eth0 service afraid dslreports easydns noip zoneedit dnspark dyndns namecheap sitelutions
To use DuckDNS, we need to setup a custom service provider. Substitute your interface, hostname, and password as needed.
set service dns dynamic interface eth0 service custom-duckdns set service dns dynamic interface eth0 service custom-duckdns host-name loganmarchione set service dns dynamic interface eth0 service custom-duckdns login nouser set service dns dynamic interface eth0 service custom-duckdns password your-token-here set service dns dynamic interface eth0 service custom-duckdns protocol dyndns2 set service dns dynamic interface eth0 service custom-duckdns server www.duckdns.org commit save exit
A couple notes on the options:
- the hostname is the prefix to your domain (e.g., loganmarchione.duckdns.org)
- the username is nouser (don’t use your account name)
- the password is your account token (that long string of numbers/letters)
Verify setup
Trigger a manual update. EdgeOS will only update the dynamic DNS provider when your IP address actually changes.
update dns dynamic interface eth0
You can show the status with the command below.
show dns dynamic status
Here, you can see the successful update.
interface : eth0 ip address : XX.XX.XX.XX host-name : loganmarchione last update : Tue Apr 25 22:13:09 2017 update-status: good
SSL settings
Also, just so you know, EdgeOS uses ddclient for the dynamic DNS updates. The configuration file is located at /etc/ddclient.conf, but there is a directory at /etc/ddclient with a configuration file for each interface. By default, ddclient is setup to use SSL, as shown below.
root@erl:~# grep ssl /etc/ddclient/ddclient_eth*.conf ssl=yes
Hope this helps!
Logan
This is very, very nice. Do you know if this will also work for the Edgerouter-X? This is the one I’m thinking of – https://www.amazon.com/Ubiquiti-EdgeRouter-Advanced-Gigabit-Ethernet/dp/B00YFJT29C/ref=sr_1_2?ie=UTF8&qid=1508851796&sr=8-2&keywords=edgerouter+x
I would think it would work on any EdgeMax device, since they all run the same OS.
Ok. Thanks. I will give it a try. Again, great guide!
Thanks, and good luck!
Thanks, worked fine.
Glad it worked!
Thanks! This worked for me with one tweak. If you are using a DSL (and maybe cable?) modem in bridge mode, the interface you want to use is pppoe0. Other than that it went very smoothly. Thanks for the article.
Good to know! Who is your ISP?
ER-X can work fine, however if you get “noconnect” instead of “good” when doing the command:
show dns dynamic status
then you have a known problem, resolution is to re-apply the current firmware (currently 1.9.7H4)(even if you already have it) which will populate a missing file – google “ER-X noconnect”, there are several posts about it.
Good to know, thanks!
And thank you for this fantastic guide.
Hello! thanks for the guide.
I’m trying to setup, but when I run:
“set service dns dynamic interface eth0 service” (or the other similar “set service…”
The answer is always the same:
Invalid command
With the other “set service…” the answer is the same.
Any idea?
Thanks in advance.
Are you in configure mode?
This worked great! Thank you.
I found that I didn’t have to run an update, it was already updated after the commit.
Good to know, thanks!
Thanks for a good guide
Glad to help!
Hi, many thanks for this guide! Work!
So, I have a question. How do create a .ovpn file for client with DuckDNS?
Many thanks.
What are you referring to? This guide is not about OpenVPN, just DDNS.
Hi I set up everything like you stated, but when i go to type the address into my browser, it does not load!
What could be the cause for this? Ubiquiti’s CLI is different than what I’m used to with my rPi haha
Address of what? Did you set the ERL to listen on the WAN interface? FYI – I would highly suggest against this, since it puts your router’s interface directly on the internet.
The “website” address I had set up to connect me to my router address is not loading the router log in. What would be a more secure method to route to my router do you think instead of making it a webpage accessible site via WAN?
You should setup a VPN server inside your network that you can connect to over that website address. Then, you will activate your VPN to get “inside” your network, then connect to your router over your router’s local IP (e.g., 192.168.1.1).
If you *really* want to connect to your router’s interface website over the internet, you’ll need to make sure you have the firewall set to allow that on the ERL.
Hi,
If the edge is behind isp router on DMZ mode, will he get the local ip or the wan ip?
Run this from the ERL command line and see.
curl https://canihazip.com/sLogan, same issue for me. When I run the curl command, I do get the proper ‘outside’ IP. But in DuckDNS, I get my DMZ IP as does show dns dynamic status. I’m using eth0 for my wan.
You must be behind NAT or something. Basically, right now, you’re telling DuckDNS to use the IP of eth0 as your DDNS IP. However, we need to tell DuckDNS to use the IP provided from an external website as your IP.
I don’t have it setup in my guide, but you need to use the “web” parameter in the web UI to set it up. Google something like “edgerouter dynamic dns web url” to get you started.
https://www.dynu.com/DynamicDNS/IPUpdateClient/Ubiquiti-EdgeRouter
https://community.ubnt.com/t5/UniFi-Routing-Switching/Dynamic-DNS-behind-double-NAT/m-p/1785564/highlight/true#M31450
Hello
This is how my dashboard looks like. https://1drv.ms/u/s!AlanozL3drB-gfkCfsZg8mFijq8zzw
I have tried to follow your guide and tried to set it up on both interface eth0 and switch0.1. But when I enter:
show dns dynamic status
I get some wierd time and date in repy.
https://1drv.ms/u/s!AlanozL3drB-gfkDOrC0Xhdgs0wTbg
can you please give me some advice on how to fix this?
Those links aren’t working for me.
Sorry, try these:
https://1drv.ms/u/s!AlanozL3drB-gfkOmE7JY4p0S0q_BQ
https://1drv.ms/u/s!AlanozL3drB-gfkQ5vYjI3RCJYrIbw
The date and time is weird because Unix/Linux starts counting from 1/1/1970 (see this) and it has probably never updated successfully, so it’s counting from “zero”. What is the output of
dateon your EdgeRouter from the command line? Does it show the correct date/time?Which interface is your WAN interface? eth0? If so, you should have the DNS client setup on that interface, not switch0.1.
What is the output of
show service dns dynamicwhen inconfiguremode? Be sure to obfuscate any personal information. It should look similar to this.interface eth0 { service custom-duckdns { host-name yourhostname login nouser password your123account123token123 protocol dyndns2 server www.duckdns.org } }Sorry for troubling you, I did a reset of my router and now it works! Thanks for the effort! And thanks for the great guide!
No worries, glad it’s working!
Your the best!
Thanks!
Logan,
Poking around with my new Edgerouter Lite and your guides have been invaluable. I thank you for that!
Thought you would like to know that DuckDNS actually links to your page for a guide on how to setup DuckDNS on the Edgerouter. How neat is that? Looks like you appreciate each other more than you know.
Anyhow, thanks!
Glad to help!
And yep, I noticed an uptick in traffic from there. Always good to share the knowledge!
If you have defined a WAN_LOCAL firewall ruleset with drop policy, do not forget to create an accept rule for “established/related”
Hello Logan,
I am trying to set this up, however I am using a USG-Pro that is running Unify in a controller setup. Do you (or anyone else looking at this) got this working with USG-Pro?
Other small question, in the config, how important is the “host-name”? because I have set that to what my router responds to internally.
When setting all up using your very clear instructions I do not get an error, and config seems to be accepted, but when i do:
admin@:~$ show dns dynamic status
interface : eth2 <– this is my WAN facing interface set to DHCP so it gets the providers IP, no double NAT
ip address : <– this stays empty
host-name :
last update : Thu Jan 1 01:00:00 1970 <– this stays at "the beginning of time" from a Unix perspective
update-status: bad <– yep, this is what it is.
I did reset my router as I did see a "date related issue" earlier, but that did not help.
Many thanks for your thoughts,
Wim,
I don’t have a USG, but a quick Google came up with this.
The “hostname” is the name you will use to reach your router from the outside. For example, it could be “wim.duckdns.org”. It does not need to be your router’s hostname, it can be anything.
Thanks Logan this worked amazing
Glad to help!
How often will the IP get updated? Will the update happen automatically? Does a cron job need to run every few minutes? Thank you.
According to the EdgeRouter documentation:
I’m assuming it runs a cronjob or something similar in the background, but you don’t need to set it up yourself. Just setting up dynamic DNS will trigger these events.
I know this is dated but hope I can glean some nuggets from anyone still following this.
I had this setup CPE–>(Static-ClassA-IP)WAN/eth0 [ edgemaxlite ] —>eth1-LAN
Now I’m trying MiFi Router–>(Dynamic class B/C)WAN/eth0–> [edgemaxlite ] –>eth1-LAN
My problem is the MiFi Router is essentially looked at (from my ISP perspective) as a cellphone , so IP is dynamic,
also on it’s LAN interface, it will dynamically shift between 10…. and 192…. IPs on it’s DHCP server randomly everytime you toggle between bridgemode and the regular mode. This means my edgemaxlite needs to have it’s WAN/eth0 set to dhcp.
I would like to set up a VPN server on the edgemaxlite and I think I would need duck dns(or other similar free service).
Do you know if this is doable?
If yes, what else would I need to configure as the vpn tab on my edge os interface seems to only mention peers(I assume these would be other similar devices forming a point to point link between two sites).
If not, does anyone know how to set up a vpn server on a unifi app (the 1U unifi appliance, which I believe runs debian or ubuntu) as I have one in my LAN.
Many thanks in advance.
I don’t use an EdgeRouter anymore, so I really can’t be of much help. I would try asking on the Ubiquiti subreddit or the forums.