Configure DNS or DDNS host name for WAN IP

There are two primary reasons to configure DNS/DDNS entries for a client:

  1. It looks prettier. Instead of connecting to a WAN IP (like 123.123.123.123) they can connect to a domain (like company-name.mynet.care).
  2. It's easier to fix when something changes. If all the clients point to a domain name, we can simply change where the domain points. This means that we won't have to touch every individual client to reconfigure them when there's a change.

This article uses a few keywords that you may not be familiar with in this context:

  • Client: Any end user "thing" that connects to the host name you configure. This could be a VPN client, Synology Drive Client, or just a web browser connecting to a specific locally hosted site.
  • DNS: Domain Name System. Simply put, a system that maps a domain name to an IP address. When you try to access google.com, for example, your computer asks its DNS Server "how do I get to google.com?" and the DNS server, if it knows, will say "google.com is at ###.###.###.###" (some IP address). If your DNS server doesn't know, it asks its DNS server - and so on, until eventually you either hit a DNS server that knows how to resolve the address or you hit the nameserver for that domain, which will give you the IP.
  • DDNS: Dynamic DNS. It's DNS, but with added functionality to easily update IP addresses when they change.
  • DNS Propagation: The time period it takes for a DNS record to be updated globally when its changed. DNS servers hold onto a cached version of the DNS record for a specified period of time (TTL, time to live) after which the record will be refreshed from the nameserver.
  • TTL: Time to live. How long an entry lives in DNS cache before getting refreshed. Defined in seconds, usually 14400 seconds (4 hours) or for DDNS servers 3600 seconds (1 hour).
  • Nameserver: The authoritative source for mapping domains to an IP. This is where you configure which domains point to which IPs. The changes are effective immediately, however it takes time for those changes to reach other DNS servers around the world. DNS propagation time is affected by the TTL on the nameserver and how frequently DNS servers update their cache.

Configure DNS Entry for locations with a static WAN IP

Locations with a static WAN IP should have a DNS entry set for them. Depending on the intended use case, you can choose between:

  1. company-name.mydrive.care: For access to Synology NAS setups
  2. company-name.clients.mynet.care: For access to "generic" setups like a VPN

To configure one, navigate to https://server.universitypccare.com:2083 and login with the cPanel account for the desired domain type (usernames are mydrivecare or mynetcare) - logins are in Bitwarden. If you don't have access to the logins in Bitwarden, it probably means that you aren't supposed to have access to them - if this is the case, work with a technician that does have access to accomplish this step.

  1. On the cPanel interface, click Zone Editor
  2. Click "A Record" on the desired domain (mydrive.care or mynet.care) in the list of domains
  3. Type the desired URL (i.e. company-name.clients.mynet.care) in the "Name" field
  4. Type the static WAN IP of the client in the "Address" field
  5. Click "Add An A Record" to save it
  6. Wait 5 minutes, try to ping the newly configured address. If the name is not able to be resolved, you'll have to wait longer - this process can take up to a couple of hours to propagate the DNS entry.
  7. If the ping result says something about "could not find host" or "unable to resolve" then the changes simply haven't propagated yet.
  8. If the ping result shows an IP address, but the ping fails - the DNS entry has been submitted and propagated but the end user device (the router, usually) is not set to accept pings. This ultimately shouldn't matter, as long as the service you're trying to expose is reachable.

Now that this is configured, instead of connecting clients to the public WAN IP you can connect them to the address you've configured. Anywhere in the relevant setup documentation that calls for the WAN IP can be substituted with the domain.

Configure DDNS Entry for locations without a static WAN IP

For customers that do not have a static WAN IP, but need to access a service hosted locally at their business, do one of two things:

  1. Convince them to pay their ISP for a static, because it makes this a lot easier.
  2. Setup a DDNS entry for them.

We use afraid.org for our DDNS service. Afraid is the nameserver for mynet.care. Clients are configured like "company-name.mynet.care". There are two steps to configuring a DDNS entry:

  1. Configure the entry
  2. Configure some way for that entry to be automatically updated

Step 1 is easy: login to afraid.org, go to the Subdomains menu option, and click "[ add ]" next to the "mynet.care" header. The only two fields that need to be changed are the hostname and the destination.

  1. Hostname: The subdomain for this client. Only put the part that goes before "mynet.care" i.e. "company-name".
  2. Destination: The customer's WAN IP.

Step 2 is situation dependent. You need to configure something on their local network to occasionally reach out to the afraid.org nameserver to say "this is currently my WAN IP" so that the DNS entry in afraid.org always points to the correct IP address in case it changes. We have a few options for this:

  1. Unifi Router or Console (UDM, UDM-Pro, USG, USG-Pro, UXG, etc): DDNS is natively supported in the controller. Set it up there.
  2. EdgeRouter: Configure a scheduled task (see below)
  3. Synology: Configure a scheduled task (see below)
  4. Other: If they don't have one of those three options, you've got to get creative. Ideally they will have some device that stays onsite and online at all times that can act as the host for the DDNS update. For example, this could be a workstation acting as a server, an actual server, another brand of NAS, etc. The Dynamic DNS menu option on afraid.org has several options that will work on various operating systems.

Unifi

Follow instructions here: https://help.ui.com/hc/en-us/articles/9203184738583-UniFi-Gateway-Dynamic-DNS

EdgeRouter

SSH into the EdgeRouter. I recommend using the portable version of Putty for Windows for this. (other versions here https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html)

Type the following:

  1. touch /config/user-data/updateDDNS.sh
  2. chmod 755 /config/user-data/updateDDNS.sh
  3. vi /config/user-data/updateDDNS.sh
  4. Press i
  5. Type curl -k address, where address is the "Direct URL" obtained in afraid.org Dynamic DNS menu for this domain
  6. Press Escape
  7. Type :wq and hit Enter
  8. configure
  9. set system task-scheduler task updateDDNS
  10. set system task-scheduler task updateDDNS crontab-spec "0,5,10,15,20,25,30,35,40,45,50,55 * * * *"
  11. set system task-scheduler task updateDDNS executable path "/config/user-data/updateDDNS.sh"
  12. commit
  13. save

Synology

Create a Schedule Task in the web GUI. The interval should be as often as possible (ideally multiple times per hour) and the command to run is curl -k address where address is the "Direct URL" obtained in afraid.org Dynamic DNS menu for this domain.

Discard
Save
Draft
Was this article helpful?
Edit Page New Page Revisions Page Settings

Previous Page

Left

Next Page

Right

On this page

Review Changes ← Back to Content
Message Status Space Raised By Last update on