I went to resurrect my dynamic DNS configuration on my OpenWrt router. The idea was sparked from a reader comment, so I wanted to follow-up on using nsupdate.info with OpenWrt for a DIY Dynamic DNS setup.
Before I began, I thought I should see if there’s a newer OpenWrt version my router can run. I always start on the Supported Devices page of the wiki, but on this visit I was treated to a warning:
If you read the 4/32 warning, the crux of the matter is that there may not be enough RAM to run OpenWrt without crashing. And the small flash area means possibly not having enough room to install LuCI, the web interface, and the packages to access LuCI via HTTPS. Also, there’s this:
Continue reading “Dynamic DNS with OpenWrt 19.07 and nsupdate.info”
Previous versions of OpenWrt (such as earlier versions of 17.01.x, 15.05.x “Chaos Calmer” and prior) contain now-known security vulnerabilities in the kernel, wireless implementation, and/or application code. […] In many cases, these known vulnerabilities are being actively targeted, potentially including by advanced, likely state-sponsored or state-affiliated actor or actors.
Ugh, I was using one of those older versions, and now I’m paranoid (as I should be) that my router could be used as a tool by nation-states to do their bidding. Nicely, there’s a link on the supported devices page titled “I want to buy a router which is supported by OpenWrt.” It links to their supported hardware table, pre-filtered by units that can run the latest stable version of OpenWrt – 19.07.4 at time of writing.
I spent some time browsing this list compared to what was available at my local Micro Center. I tried to find one that had the best OpenWrt support with the fewest known issues, and landed on the TP-Link C7 AC1750 for $70. If I like this one after a month or so, I’m going to buy another for better coverage.
OpenWrt ddns-scripts install
With the hardware choice out of the way, I installed OpenWrt 19.07.4. Then I needed to add support for Dynamic DNS. Go to System -> Software in the Web UI (LuCI). Click Update lists…, then type
ddns in the filter input and press <Enter> to filter the list. The packages to install to use nsupdate.info are
luci-i18n-ddns-en (or whatever language package you need):
Installing those will also install their dependencies, such as the base
luci-app-ddns. Once they’re installed, reboot your router and you’ll have a Services -> Dynamic DNS menu.
You might see the menu before rebooting, but you’ll likely get this error if you try to visit it:
/usr/lib/lua/luci/controller/ddns.lua:116: attempt to index field '?' (a nil value)
Rebooting should take care of it. Then on the new Dynamic DNS page, you may see a Hints notification like this:
Following it will lead you to a hints page and let you know you need to install a couple more packages:
bind-host. Follow the same installation process as above. After they’re installed, the Hints section will go away.
The only configuration you have to do at your DNS provider is add a
CNAME record for the domain you want to use:
your.domain.com CNAME yourdomain.nsupdate.info
Then when you go to nsupdate.info, on the Overview page click Add Host and put in the subdomain (example:
yourdomain from above) in the Name field, then select
nsupdate.info under Domain:
Conveniently, after creating your new host entry, nsupdate.info will print your update secret and include specific configuration parameters for OpenWrt:
You can use the configuration info from nsupdate.info, but it’s just as easy to paste the info into the LuCI panel. It’s worth noting that you only need to generate one host and host secret at nsupdate.info, but you’ll have two separate configurations in OpenWrt for IPv4 and IPv6.
In OpenWrt’s Dynamic DNS page, click Edit on the
myddns_ipv4 row. The first thing you’ll want to do is update the DDNS Service provider to
nsupdate.info and click Change provider:
Only then can you enter all of the information from nsupdate.info:
Enter your nsupdate.info FQDN in all of these fields:
- Lookup Hostname
Then put your secret in the Password field. Check both Enabled and Use HTTP Secure, then add
/etc/ssl/certs to Path to CA-Certificate. Click Save & Apply, then repeat the same process with the same info for the other
From the Dynamic DNS overview page in OpenWrt, click the Start buttons for each row under Process ID Start / Stop. This only needs to be done once when you’re done configuring Dynamic DNS.
Starting the Dynamic DNS process in OpenWrt should trigger your first update at nsupdate.info. You can see it easily on the Overview page:
If it all worked, your IPv4 and IPv6 address should be updated, hopefully with a green TLS indicator noting that it was done securely. If there are any problems, the numbers under Faults will increase – C for Client, S for Server.
If there are problems, you can see API messages on nsupdate.info by clicking on your hostname to get further details. You can also view detailed logs in OpenWrt by clicking Edit on the
myddns_ipv6 rows. Then click the Log File Viewer tab and click the Read / Reread Log File button.
I was able to configure this in under an hour, hopefully you find it useful. Let me know if you have any troubles getting things to work.