DuckDNS on EdgeRouter

by

Hey! Listen! This post is part of a series on the Ubiquiti EdgeRouter Lite. Check them all out!

DateURLPart
2019-06-28Migrating away from the Ubiquiti EdgeRouter Lite
  • Migrated to a Netgate SG-1100
    		•
    2019-02-03EdgeRouter CNAME records
  • Setup CNAME records
    		•
    2017-10-03Dyn DDNS on EdgeRouter
  • Setup DynDNS
    		•
    2017-04-25DuckDNS on EdgeRouter
  • Setup DuckDNS
    		•
    2017-01-08Ubiquiti EdgeRouter serial console settings
  • Serial console settings
    		•
    2016-11-29Ubiquiti UniFi controller setup on Raspberry Pi 3
  • Install UniFi Controller
    		•
    2016-08-30EdgeRouter Lite Dnsmasq setup
  • Setup dnsmasq
    		•
    2016-06-13EdgeRouter Lite software upgrade
  • Firmware upgrade
    		•
    2016-05-12EdgeRouter Lite OpenVPN setup
  • OpenVPN server setup
    		•
    2016-04-29Ubiquiti EdgeRouter Lite setup
  • Initial setup
    		•

    Introduction

    I’ve been using Dyn for my dynamic DNS for years. However, after the 2016 Dyn DDoS, I’ve decided to add a second dynamic DNS service provider, in case Dyn goes down again.

    Choosing a provider

    Some dynamic DNS service providers might offer more update methods or tutorials, but that’s where the differences end. Unless you’re a large client or have a very custom setup, the largest factor between providers is price. Dyn starts at $7/month, but I’m grandfathered into a $40/year plan.

    For my second provider, I’ve chosen DuckDNS. DuckDNS was started by a redditor, they are pretty transparent, and best of all, the service is free. I’d still donate to them because I’d prefer to pay a couple of guys running a good service, rather than a corporation.

    DuckDNS setup

    Web setup

    Head over to the DuckDNS website and setup an account. Interestingly, DuckDNS only offers oAuth logins (e.g., through Google, Facebook, Reddit, etc…). This is so they don’t have to worry about storing usernames/passwords themselves and can leave it to the professionals.

    Next, enter your domain in the box and click Add domain. If the domain is available, it will be registered to your account. While you’re on this same screen, make note of your account token.

    Router setup

    EdgeOS only supports a handful of pre-configured DNS service providers by default (shown below).

    ubnt@erl# set service dns dynamic interface eth0 service
afraid       dslreports   easydns      noip         zoneedit
dnspark      dyndns       namecheap    sitelutions

    To use DuckDNS, we need to setup a custom service provider. Substitute your interface, hostname, and password as needed.

    set service dns dynamic interface eth0 service custom-duckdns
set service dns dynamic interface eth0 service custom-duckdns host-name loganmarchione
set service dns dynamic interface eth0 service custom-duckdns login nouser
set service dns dynamic interface eth0 service custom-duckdns password your-token-here
set service dns dynamic interface eth0 service custom-duckdns protocol dyndns2
set service dns dynamic interface eth0 service custom-duckdns server www.duckdns.org
commit
save
exit

    A couple notes on the options:

    • the hostname is the prefix to your domain (e.g., loganmarchione.duckdns.org)
    • the username is nouser (don’t use your account name)
    • the password is your account token (that long string of numbers/letters)

    Verify setup

    Trigger a manual update. EdgeOS will only update the dynamic DNS provider when your IP address actually changes.

    update dns dynamic interface eth0

    You can show the status with the command below.

    show dns dynamic status

    Here, you can see the successful update.

    interface    : eth0
ip address   : XX.XX.XX.XX
host-name    : loganmarchione
last update  : Tue Apr 25 22:13:09 2017
update-status: good

    SSL settings

    Also, just so you know, EdgeOS uses ddclient for the dynamic DNS updates. The configuration file is located at /etc/ddclient.conf, but there is a directory at /etc/ddclient with a configuration file for each interface. By default, ddclient is setup to use SSL, as shown below.

    root@erl:~# grep ssl /etc/ddclient/ddclient_eth*.conf
ssl=yes

     

    Hope this helps!

    Logan

    50 thoughts on “DuckDNS on EdgeRouter”

    3. Thanks! This worked for me with one tweak. If you are using a DSL (and maybe cable?) modem in bridge mode, the interface you want to use is pppoe0. Other than that it went very smoothly. Thanks for the article.

      Reply

    4. ER-X can work fine, however if you get “noconnect” instead of “good” when doing the command:
      show dns dynamic status

      then you have a known problem, resolution is to re-apply the current firmware (currently 1.9.7H4)(even if you already have it) which will populate a missing file – google “ER-X noconnect”, there are several posts about it.

      Reply

    6. Hello! thanks for the guide.

      I’m trying to setup, but when I run:
      “set service dns dynamic interface eth0 service” (or the other similar “set service…”

      The answer is always the same:
      Invalid command

      With the other “set service…” the answer is the same.

      Any idea?

      Thanks in advance.

      Reply

    7. This worked great! Thank you.

      I found that I didn’t have to run an update, it was already updated after the commit.

      Reply

    9. Hi, many thanks for this guide! Work!
      So, I have a question. How do create a .ovpn file for client with DuckDNS?

      Many thanks.

      Reply

    10. Hi I set up everything like you stated, but when i go to type the address into my browser, it does not load!

      What could be the cause for this? Ubiquiti’s CLI is different than what I’m used to with my rPi haha

      Reply

      • Address of what? Did you set the ERL to listen on the WAN interface? FYI – I would highly suggest against this, since it puts your router’s interface directly on the internet.

        Reply

        • The “website” address I had set up to connect me to my router address is not loading the router log in. What would be a more secure method to route to my router do you think instead of making it a webpage accessible site via WAN?

          Reply

          • You should setup a VPN server inside your network that you can connect to over that website address. Then, you will activate your VPN to get “inside” your network, then connect to your router over your router’s local IP (e.g., 192.168.1.1).

            If you *really* want to connect to your router’s interface website over the internet, you’ll need to make sure you have the firewall set to allow that on the ERL.

            Reply

          • The date and time is weird because Unix/Linux starts counting from 1/1/1970 (see this) and it has probably never updated successfully, so it’s counting from “zero”. What is the output of date on your EdgeRouter from the command line? Does it show the correct date/time?

            Which interface is your WAN interface? eth0? If so, you should have the DNS client setup on that interface, not switch0.1.

            What is the output of show service dns dynamic when in configure mode? Be sure to obfuscate any personal information. It should look similar to this.

             interface eth0 {
     service custom-duckdns {
         host-name yourhostname
         login nouser
         password your123account123token123
         protocol dyndns2
         server www.duckdns.org
     }
 }
            Reply

    14. Logan,

      Poking around with my new Edgerouter Lite and your guides have been invaluable. I thank you for that!

      Thought you would like to know that DuckDNS actually links to your page for a guide on how to setup DuckDNS on the Edgerouter. How neat is that? Looks like you appreciate each other more than you know.

      Anyhow, thanks!

      Reply

      • Glad to help!

        And yep, I noticed an uptick in traffic from there. Always good to share the knowledge!

        Reply

    15. If you have defined a WAN_LOCAL firewall ruleset with drop policy, do not forget to create an accept rule for “established/related”

      Reply

    16. Hello Logan,

      I am trying to set this up, however I am using a USG-Pro that is running Unify in a controller setup. Do you (or anyone else looking at this) got this working with USG-Pro?

      Other small question, in the config, how important is the “host-name”? because I have set that to what my router responds to internally.

      When setting all up using your very clear instructions I do not get an error, and config seems to be accepted, but when i do:
      admin@:~$ show dns dynamic status
      interface : eth2 <– this is my WAN facing interface set to DHCP so it gets the providers IP, no double NAT
      ip address : <– this stays empty
      host-name :
      last update : Thu Jan 1 01:00:00 1970 <– this stays at "the beginning of time" from a Unix perspective
      update-status: bad <– yep, this is what it is.

      I did reset my router as I did see a "date related issue" earlier, but that did not help.

      Many thanks for your thoughts,

      Wim,

      Reply

      • I don’t have a USG, but a quick Google came up with this.

        The “hostname” is the name you will use to reach your router from the outside. For example, it could be “wim.duckdns.org”. It does not need to be your router’s hostname, it can be anything.

        Reply

    18. How often will the IP get updated? Will the update happen automatically? Does a cron job need to run every few minutes? Thank you.

      Reply

      • According to the EdgeRouter documentation:

        By default, EdgeOS will only update Dynamic DNS when the IP address actually changes.

        I’m assuming it runs a cronjob or something similar in the background, but you don’t need to set it up yourself. Just setting up dynamic DNS will trigger these events.

        Reply

    19. I know this is dated but hope I can glean some nuggets from anyone still following this.

      I had this setup CPE–>(Static-ClassA-IP)WAN/eth0 [ edgemaxlite ] —>eth1-LAN

      Now I’m trying MiFi Router–>(Dynamic class B/C)WAN/eth0–> [edgemaxlite ] –>eth1-LAN

      My problem is the MiFi Router is essentially looked at (from my ISP perspective) as a cellphone , so IP is dynamic,
      also on it’s LAN interface, it will dynamically shift between 10…. and 192…. IPs on it’s DHCP server randomly everytime you toggle between bridgemode and the regular mode. This means my edgemaxlite needs to have it’s WAN/eth0 set to dhcp.

      I would like to set up a VPN server on the edgemaxlite and I think I would need duck dns(or other similar free service).
      Do you know if this is doable?

      If yes, what else would I need to configure as the vpn tab on my edge os interface seems to only mention peers(I assume these would be other similar devices forming a point to point link between two sites).

      If not, does anyone know how to set up a vpn server on a unifi app (the 1U unifi appliance, which I believe runs debian or ubuntu) as I have one in my LAN.

      Many thanks in advance.

      Reply

      • Glad it worked! I haven’t used an EdgeRouter in a while, so I’m glad this guide still holds up!

        Reply

    Leave a Comment

    This site uses Akismet to reduce spam. Learn how your comment data is processed.